type client responses

2026-05-13 07:42:40 +00:00 · 2026-04-22 13:54:17 -07:00
562 changed files with 7756 additions and 34227 deletions
--- a/.bazelrc
+++ b/.bazelrc
@@ -29,13 +29,10 @@ common:linux --test_env=PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin
 common:macos --test_env=PATH=/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin

 # Pass through some env vars Windows needs to use powershell?
+common:windows --test_env=PATH
 common:windows --test_env=SYSTEMROOT
 common:windows --test_env=COMSPEC
 common:windows --test_env=WINDIR
-# Rust's libtest harness runs test bodies on std-spawned threads. The default
-# 2 MiB stack can be too small for large async test futures on Windows CI; see
-# https://github.com/openai/codex/pull/19067 for the motivating failure.
-common --test_env=RUST_MIN_STACK=8388608 # 8 MiB

 common --test_output=errors
 common --bes_results_url=https://app.buildbuddy.io/invocation/
--- a/.codespellignore
+++ b/.codespellignore
@@ -1,6 +1,5 @@
 iTerm
 iTerm2
 psuedo
-SOM
 te
 TE
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,2 +1 @@
 codex-rs/app-server-protocol/schema/** linguist-generated
-codex-rs/hooks/schema/generated/** linguist-generated
--- a/.github/actions/macos-code-sign/codex.entitlements.plist
+++ b/.github/actions/macos-code-sign/codex.entitlements.plist
@@ -2,15 +2,7 @@
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
-	<key>com.apple.application-identifier</key>
-	<string>2DC432GLL2.com.openai.codex</string>
-	<key>com.apple.developer.team-identifier</key>
-	<string>2DC432GLL2</string>
 	<key>com.apple.security.cs.allow-jit</key>
 	<true/>
-	<key>keychain-access-groups</key>
-	<array>
-		<string>2DC432GLL2.com.openai.codex</string>
-	</array>
 </dict>
 </plist>
--- a/.github/actions/setup-bazel-ci/action.yml
+++ b/.github/actions/setup-bazel-ci/action.yml
@@ -122,11 +122,6 @@ runs:
          }
        }

-    - name: Compute cache-stable Windows Bazel PATH
-      if: runner.os == 'Windows'
-      shell: pwsh
-      run: ./.github/scripts/compute-bazel-windows-path.ps1
-
    - name: Enable Git long paths (Windows)
      if: runner.os == 'Windows'
      shell: pwsh
--- a/.github/scripts/compute-bazel-windows-path.ps1
+++ b/.github/scripts/compute-bazel-windows-path.ps1
@@ -1,105 +0,0 @@
-<#
-BuildBuddy cache keys include the action and test environment, so Bazel should
-not inherit the full hosted-runner PATH on Windows. That PATH includes volatile
-tool entries, such as Maven, that can change independently of this repo and
-cause avoidable cache misses.
-
-This script derives a smaller, cache-stable PATH that keeps the Windows
-toolchain entries Bazel-backed CI tasks need: MSVC and Windows SDK paths, Git,
-PowerShell, Node, Python, DotSlash, and the standard Windows system
-directories.
-`setup-bazel-ci` runs this after exporting the MSVC environment, and the script
-publishes the result via `GITHUB_ENV` as `CODEX_BAZEL_WINDOWS_PATH` so later
-steps can pass that explicit PATH to Bazel.
-#>
-
-$stablePathEntries = New-Object System.Collections.Generic.List[string]
-$seenEntries = [System.Collections.Generic.HashSet[string]]::new([System.StringComparer]::OrdinalIgnoreCase)
-$windowsAppsPath = if ([string]::IsNullOrWhiteSpace($env:LOCALAPPDATA)) {
-  $null
-} else {
-  "$($env:LOCALAPPDATA)\Microsoft\WindowsApps"
-}
-$windowsDir = if ($env:WINDIR) {
-  $env:WINDIR
-} elseif ($env:SystemRoot) {
-  $env:SystemRoot
-} else {
-  $null
-}
-
-function Add-StablePathEntry {
-  param([string]$PathEntry)
-
-  if ([string]::IsNullOrWhiteSpace($PathEntry)) {
-    return
-  }
-
-  if ($seenEntries.Add($PathEntry)) {
-    [void]$stablePathEntries.Add($PathEntry)
-  }
-}
-
-foreach ($pathEntry in ($env:PATH -split ';')) {
-  if ([string]::IsNullOrWhiteSpace($pathEntry)) {
-    continue
-  }
-
-  if (
-    $pathEntry -like '*Microsoft Visual Studio*' -or
-    $pathEntry -like '*Windows Kits*' -or
-    $pathEntry -like '*Microsoft SDKs*' -or
-    $pathEntry -like 'C:\Program Files\Git\*' -or
-    $pathEntry -like 'C:\Program Files\PowerShell\*' -or
-    $pathEntry -like 'C:\hostedtoolcache\windows\node\*' -or
-    $pathEntry -like 'C:\hostedtoolcache\windows\Python\*' -or
-    $pathEntry -eq 'D:\a\_temp\install-dotslash\bin' -or
-    ($windowsDir -and ($pathEntry -eq $windowsDir -or $pathEntry -like "${windowsDir}\*"))
-  ) {
-    Add-StablePathEntry $pathEntry
-  }
-}
-
-$gitCommand = Get-Command git -ErrorAction SilentlyContinue
-if ($gitCommand) {
-  Add-StablePathEntry (Split-Path $gitCommand.Source -Parent)
-}
-
-$nodeCommand = Get-Command node -ErrorAction SilentlyContinue
-if ($nodeCommand) {
-  Add-StablePathEntry (Split-Path $nodeCommand.Source -Parent)
-}
-
-$python3Command = Get-Command python3 -ErrorAction SilentlyContinue
-if ($python3Command) {
-  Add-StablePathEntry (Split-Path $python3Command.Source -Parent)
-}
-
-$pythonCommand = Get-Command python -ErrorAction SilentlyContinue
-if ($pythonCommand) {
-  Add-StablePathEntry (Split-Path $pythonCommand.Source -Parent)
-}
-
-$pwshCommand = Get-Command pwsh -ErrorAction SilentlyContinue
-if ($pwshCommand) {
-  Add-StablePathEntry (Split-Path $pwshCommand.Source -Parent)
-}
-
-if ($windowsAppsPath) {
-  Add-StablePathEntry $windowsAppsPath
-}
-
-if ($stablePathEntries.Count -eq 0) {
-  throw 'Failed to derive cache-stable Windows PATH.'
-}
-
-if ([string]::IsNullOrWhiteSpace($env:GITHUB_ENV)) {
-  throw 'GITHUB_ENV must be set.'
-}
-
-$stablePath = $stablePathEntries -join ';'
-Write-Host 'Derived CODEX_BAZEL_WINDOWS_PATH entries:'
-foreach ($pathEntry in $stablePathEntries) {
-  Write-Host "  $pathEntry"
-}
-"CODEX_BAZEL_WINDOWS_PATH=$stablePath" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
--- a/.github/scripts/run-bazel-ci.sh
+++ b/.github/scripts/run-bazel-ci.sh
@@ -306,6 +306,7 @@ if [[ "${RUNNER_OS:-}" == "Windows" ]]; then
    INCLUDE
    LIB
    LIBPATH
+    PATH
    UCRTVersion
    UniversalCRTSdkDir
    VCINSTALLDIR
@@ -322,17 +323,6 @@ if [[ "${RUNNER_OS:-}" == "Windows" ]]; then
      post_config_bazel_args+=("--action_env=${env_var}" "--host_action_env=${env_var}")
    fi
  done
-
-  if [[ -z "${CODEX_BAZEL_WINDOWS_PATH:-}" ]]; then
-    echo "CODEX_BAZEL_WINDOWS_PATH must be set for Windows Bazel CI." >&2
-    exit 1
-  fi
-
-  post_config_bazel_args+=(
-    "--action_env=PATH=${CODEX_BAZEL_WINDOWS_PATH}"
-    "--host_action_env=PATH=${CODEX_BAZEL_WINDOWS_PATH}"
-    "--test_env=PATH=${CODEX_BAZEL_WINDOWS_PATH}"
-  )
 fi

 bazel_console_log="$(mktemp)"
--- a/.github/workflows/rust-ci-full.yml
+++ b/.github/workflows/rust-ci-full.yml
@@ -76,8 +76,6 @@ jobs:
      - name: Test argument comment lint package
        working-directory: tools/argument-comment-lint
        run: cargo test
-        env:
-          RUST_MIN_STACK: "8388608" # 8 MiB

  argument_comment_lint_prebuilt:
    name: Argument comment lint - ${{ matrix.name }}
@@ -673,7 +671,6 @@ jobs:
        run: cargo nextest run --no-fail-fast --target ${{ matrix.target }} --cargo-profile ci-test --timings
        env:
          RUST_BACKTRACE: 1
-          RUST_MIN_STACK: "8388608" # 8 MiB
          NEXTEST_STATUS_LEVEL: leak

      - name: Upload Cargo timings (nextest)
--- a/.github/workflows/rust-ci.yml
+++ b/.github/workflows/rust-ci.yml
@@ -131,8 +131,6 @@ jobs:
      - name: Test argument comment lint package
        working-directory: tools/argument-comment-lint
        run: cargo test
-        env:
-          RUST_MIN_STACK: "8388608" # 8 MiB

  argument_comment_lint_prebuilt:
    name: Argument comment lint - ${{ matrix.name }}
--- a/MODULE.bazel.lock
+++ b/MODULE.bazel.lock
--- a/codex-rs/.cargo/audit.toml
+++ b/codex-rs/.cargo/audit.toml
@@ -6,4 +6,5 @@ ignore = [
    "RUSTSEC-2024-0436", # paste 1.0.15 via starlark/ratatui; upstream crate is unmaintained
    "RUSTSEC-2024-0320", # yaml-rust via syntect; remove when syntect drops or updates it
    "RUSTSEC-2025-0141", # bincode via syntect; remove when syntect drops or updates it
+    "RUSTSEC-2026-0097", # rand 0.8.5 via age/codex-secrets and zbus/keyring; remove when transitive deps move to rand >=0.9.3
 ]
--- a/codex-rs/Cargo.lock
+++ b/codex-rs/Cargo.lock
@@ -929,9 +929,9 @@ dependencies = [

 [[package]]
 name = "aws-smithy-async"
-version = "1.2.14"
+version = "1.2.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2ffcaf626bdda484571968400c326a244598634dc75fd451325a54ad1a59acfc"
+checksum = "9ee19095c7c4dda59f1697d028ce704c24b2d33c6718790c7f1d5a3015b4107c"
 dependencies = [
 "futures-util",
 "pin-project-lite",
@@ -961,9 +961,9 @@ dependencies = [

 [[package]]
 name = "aws-smithy-http-client"
-version = "1.1.12"
+version = "1.1.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6a2f165a7feee6f263028b899d0a181987f4fa7179a6411a32a439fba7c5f769"
+checksum = "59e62db736db19c488966c8d787f52e6270be565727236fd5579eaa301e7bc4a"
 dependencies = [
 "aws-smithy-async",
 "aws-smithy-runtime-api",
@@ -1013,9 +1013,9 @@ dependencies = [

 [[package]]
 name = "aws-smithy-runtime"
-version = "1.9.5"
+version = "1.9.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a392db6c583ea4a912538afb86b7be7c5d8887d91604f50eb55c262ee1b4a5f5"
+checksum = "65fda37911905ea4d3141a01364bc5509a0f32ae3f3b22d6e330c0abfb62d247"
 dependencies = [
 "aws-smithy-async",
 "aws-smithy-http",
@@ -1037,12 +1037,11 @@ dependencies = [

 [[package]]
 name = "aws-smithy-runtime-api"
-version = "1.12.0"
+version = "1.9.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b71a13df6ada0aafbf21a73bdfcdf9324cfa9df77d96b8446045be3cde61b42e"
+checksum = "ab0d43d899f9e508300e587bf582ba54c27a452dd0a9ea294690669138ae14a2"
 dependencies = [
 "aws-smithy-async",
- "aws-smithy-runtime-api-macros",
 "aws-smithy-types",
 "bytes",
 "http 0.2.12",
@@ -1053,22 +1052,11 @@ dependencies = [
 "zeroize",
 ]

-[[package]]
-name = "aws-smithy-runtime-api-macros"
-version = "1.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8d7396fd9500589e62e460e987ecb671bad374934e55ec3b5f498cc7a8a8a7b7"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.114",
-]
-
 [[package]]
 name = "aws-smithy-types"
-version = "1.4.7"
+version = "1.3.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9d73dbfbaa8e4bc57b9045137680b958d274823509a360abfd8e1d514d40c95c"
+checksum = "905cb13a9895626d49cf2ced759b062d913834c7482c38e49557eac4e6193f01"
 dependencies = [
 "base64-simd",
 "bytes",
@@ -1760,7 +1748,6 @@ dependencies = [
 "ed25519-dalek",
 "pretty_assertions",
 "rand 0.9.3",
- "reqwest",
 "serde",
 "serde_json",
 "sha2",
@@ -1859,6 +1846,7 @@ dependencies = [
 "codex-model-provider-info",
 "codex-models-manager",
 "codex-otel",
+ "codex-plugin",
 "codex-protocol",
 "codex-rmcp-client",
 "codex-rollout",
@@ -1867,7 +1855,6 @@ dependencies = [
 "codex-state",
 "codex-thread-store",
 "codex-tools",
- "codex-uds",
 "codex-utils-absolute-path",
 "codex-utils-cargo-bin",
 "codex-utils-cli",
@@ -2103,7 +2090,6 @@ dependencies = [
 "codex-cloud-tasks",
 "codex-config",
 "codex-core",
- "codex-core-plugins",
 "codex-exec",
 "codex-exec-server",
 "codex-execpolicy",
@@ -2294,7 +2280,6 @@ dependencies = [
 "libc",
 "multimap",
 "pretty_assertions",
- "prost 0.14.3",
 "schemars 0.8.22",
 "serde",
 "serde_json",
@@ -2303,12 +2288,8 @@ dependencies = [
 "tempfile",
 "thiserror 2.0.18",
 "tokio",
- "tokio-stream",
 "toml 0.9.11+spec-1.1.0",
 "toml_edit 0.24.0+spec-1.1.0",
- "tonic",
- "tonic-prost",
- "tonic-prost-build",
 "tracing",
 "wildmatch",
 "winapi-util",
@@ -2368,7 +2349,6 @@ dependencies = [
 "codex-response-debug-context",
 "codex-rmcp-client",
 "codex-rollout",
- "codex-rollout-trace",
 "codex-sandboxing",
 "codex-secrets",
 "codex-shell-command",
@@ -2445,6 +2425,7 @@ dependencies = [
 "whoami",
 "windows-sys 0.52.0",
 "wiremock",
+ "zip 2.4.2",
 "zstd 0.13.3",
 ]

@@ -2452,7 +2433,6 @@ dependencies = [
 name = "codex-core-plugins"
 version = "0.0.0"
 dependencies = [
- "anyhow",
 "chrono",
 "codex-app-server-protocol",
 "codex-config",
@@ -2460,13 +2440,11 @@ dependencies = [
 "codex-exec-server",
 "codex-git-utils",
 "codex-login",
- "codex-otel",
 "codex-plugin",
 "codex-protocol",
 "codex-utils-absolute-path",
 "codex-utils-plugins",
 "dirs",
- "libc",
 "pretty_assertions",
 "reqwest",
 "serde",
@@ -2477,8 +2455,6 @@ dependencies = [
 "toml 0.9.11+spec-1.1.0",
 "tracing",
 "url",
- "wiremock",
- "zip 2.4.2",
 ]

 [[package]]
@@ -2589,9 +2565,7 @@ dependencies = [
 "arc-swap",
 "async-trait",
 "base64 0.22.1",
- "bytes",
 "codex-app-server-protocol",
- "codex-client",
 "codex-config",
 "codex-protocol",
 "codex-sandboxing",
@@ -2601,7 +2575,6 @@ dependencies = [
 "ctor 0.6.3",
 "futures",
 "pretty_assertions",
- "reqwest",
 "serde",
 "serde_json",
 "serial_test",
@@ -2610,7 +2583,6 @@ dependencies = [
 "thiserror 2.0.18",
 "tokio",
 "tokio-tungstenite",
- "tokio-util",
 "tracing",
 "uuid",
 ]
@@ -2810,7 +2782,6 @@ dependencies = [
 "async-trait",
 "base64 0.22.1",
 "chrono",
- "codex-agent-identity",
 "codex-app-server-protocol",
 "codex-client",
 "codex-config",
@@ -2920,6 +2891,7 @@ dependencies = [
 "codex-protocol",
 "http 1.4.0",
 "pretty_assertions",
+ "tokio",
 ]

 [[package]]
@@ -3153,7 +3125,6 @@ version = "0.0.0"
 dependencies = [
 "anyhow",
 "axum",
- "bytes",
 "codex-client",
 "codex-config",
 "codex-exec-server",
@@ -3213,14 +3184,11 @@ name = "codex-rollout-trace"
 version = "0.0.0"
 dependencies = [
 "anyhow",
- "codex-code-mode",
 "codex-protocol",
 "pretty_assertions",
 "serde",
 "serde_json",
 "tempfile",
- "tracing",
- "uuid",
 ]

 [[package]]
@@ -3387,7 +3355,6 @@ dependencies = [
 "tonic",
 "tonic-prost",
 "tonic-prost-build",
- "tracing",
 "uuid",
 ]

@@ -3427,7 +3394,6 @@ dependencies = [
 "codex-cloud-requirements",
 "codex-config",
 "codex-connectors",
- "codex-core-plugins",
 "codex-core-skills",
 "codex-exec-server",
 "codex-features",
@@ -8657,7 +8623,7 @@ version = "5.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "51e219e79014df21a225b1860a479e2dcd7cbd9130f4defd4bd0e191ea31d67d"
 dependencies = [
- "base64 0.21.7",
+ "base64 0.22.1",
 "chrono",
 "getrandom 0.2.17",
 "http 1.4.0",
@@ -9125,7 +9091,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7d8fae84b431384b68627d0f9b3b1245fcf9f46f6c0e3dc902e9dce64edd1967"
 dependencies = [
 "libc",
- "windows-sys 0.45.0",
+ "windows-sys 0.61.2",
 ]

 [[package]]
@@ -10794,9 +10760,9 @@ dependencies = [

 [[package]]
 name = "rustls-webpki"
-version = "0.103.13"
+version = "0.103.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "61c429a8649f110dddef65e2a5ad240f747e85f7758a6bccc7e5777bd33f756e"
+checksum = "8279bb85272c9f10811ae6a6c547ff594d6a7f3c6c6b02ee9726d1d0dcfcdd06"
 dependencies = [
 "aws-lc-rs",
 "ring",
@@ -13759,7 +13725,7 @@ version = "0.1.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22"
 dependencies = [
- "windows-sys 0.48.0",
+ "windows-sys 0.61.2",
 ]

 [[package]]
--- a/codex-rs/Cargo.toml
+++ b/codex-rs/Cargo.toml
@@ -113,7 +113,6 @@ license = "Apache-2.0"
 # Internal
 app_test_support = { path = "app-server/tests/common" }
 codex-analytics = { path = "analytics" }
-codex-agent-identity = { path = "agent-identity" }
 codex-ansi-escape = { path = "ansi-escape" }
 codex-api = { path = "codex-api" }
 codex-aws-auth = { path = "aws-auth" }
@@ -169,7 +168,6 @@ codex-responses-api-proxy = { path = "responses-api-proxy" }
 codex-response-debug-context = { path = "response-debug-context" }
 codex-rmcp-client = { path = "rmcp-client" }
 codex-rollout = { path = "rollout" }
-codex-rollout-trace = { path = "rollout-trace" }
 codex-sandboxing = { path = "sandboxing" }
 codex-secrets = { path = "secrets" }
 codex-shell-command = { path = "shell-command" }
--- a/codex-rs/agent-identity/Cargo.toml
+++ b/codex-rs/agent-identity/Cargo.toml
@@ -20,7 +20,6 @@ codex-protocol = { workspace = true }
 crypto_box = { workspace = true }
 ed25519-dalek = { workspace = true }
 rand = { workspace = true }
-reqwest = { workspace = true, features = ["json"] }
 serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true }
 sha2 = { workspace = true }
--- a/codex-rs/agent-identity/src/lib.rs
+++ b/codex-rs/agent-identity/src/lib.rs
@@ -1,5 +1,4 @@
 use std::collections::BTreeMap;
-use std::time::Duration;

 use anyhow::Context;
 use anyhow::Result;
@@ -22,8 +21,6 @@ use serde::Serialize;
 use sha2::Digest as _;
 use sha2::Sha512;

-const AGENT_TASK_REGISTRATION_TIMEOUT: Duration = Duration::from_secs(30);
-
 /// Stored key material for a registered agent identity.
 #[derive(Clone, Copy, Debug, PartialEq, Eq)]
 pub struct AgentIdentityKey<'a> {
@@ -58,24 +55,6 @@ struct AgentAssertionEnvelope {
    signature: String,
 }

-#[derive(Serialize)]
-struct RegisterTaskRequest {
-    timestamp: String,
-    signature: String,
-}
-
-#[derive(Deserialize)]
-struct RegisterTaskResponse {
-    #[serde(default)]
-    task_id: Option<String>,
-    #[serde(default, rename = "taskId")]
-    task_id_camel: Option<String>,
-    #[serde(default)]
-    encrypted_task_id: Option<String>,
-    #[serde(default, rename = "encryptedTaskId")]
-    encrypted_task_id_camel: Option<String>,
-}
-
 pub fn authorization_header_for_agent_task(
    key: AgentIdentityKey<'_>,
    target: AgentTaskAuthorizationTarget<'_>,
@@ -107,50 +86,6 @@ pub fn sign_task_registration_payload(
    Ok(BASE64_STANDARD.encode(signing_key.sign(payload.as_bytes()).to_bytes()))
 }

-pub async fn register_agent_task(
-    client: &reqwest::Client,
-    chatgpt_base_url: &str,
-    key: AgentIdentityKey<'_>,
-) -> Result<String> {
-    let timestamp = Utc::now().to_rfc3339_opts(SecondsFormat::Secs, true);
-    let request = RegisterTaskRequest {
-        signature: sign_task_registration_payload(key, &timestamp)?,
-        timestamp,
-    };
-
-    let response = client
-        .post(agent_task_registration_url(
-            chatgpt_base_url,
-            key.agent_runtime_id,
-        ))
-        .timeout(AGENT_TASK_REGISTRATION_TIMEOUT)
-        .json(&request)
-        .send()
-        .await
-        .context("failed to register agent task")?
-        .error_for_status()
-        .context("failed to register agent task")?
-        .json()
-        .await
-        .context("failed to decode agent task registration response")?;
-
-    task_id_from_register_task_response(key, response)
-}
-
-fn task_id_from_register_task_response(
-    key: AgentIdentityKey<'_>,
-    response: RegisterTaskResponse,
-) -> Result<String> {
-    if let Some(task_id) = response.task_id.or(response.task_id_camel) {
-        return Ok(task_id);
-    }
-    let encrypted_task_id = response
-        .encrypted_task_id
-        .or(response.encrypted_task_id_camel)
-        .context("agent task registration response omitted task id")?;
-    decrypt_task_id_response(key, &encrypted_task_id)
-}
-
 pub fn decrypt_task_id_response(
    key: AgentIdentityKey<'_>,
    encrypted_task_id: &str,
--- a/codex-rs/analytics/src/analytics_client_tests.rs
+++ b/codex-rs/analytics/src/analytics_client_tests.rs
@@ -65,12 +65,13 @@ use codex_app_server_protocol::InitializeCapabilities;
 use codex_app_server_protocol::InitializeParams;
 use codex_app_server_protocol::JSONRPCErrorError;
 use codex_app_server_protocol::NonSteerableTurnKind;
-use codex_app_server_protocol::PermissionProfile as AppServerPermissionProfile;
 use codex_app_server_protocol::RequestId;
 use codex_app_server_protocol::SandboxPolicy as AppServerSandboxPolicy;
 use codex_app_server_protocol::ServerNotification;
 use codex_app_server_protocol::SessionSource as AppServerSessionSource;
 use codex_app_server_protocol::Thread;
+use codex_app_server_protocol::ThreadArchiveParams;
+use codex_app_server_protocol::ThreadArchiveResponse;
 use codex_app_server_protocol::ThreadResumeResponse;
 use codex_app_server_protocol::ThreadStartResponse;
 use codex_app_server_protocol::ThreadStatus as AppServerThreadStatus;
@@ -92,7 +93,6 @@ use codex_plugin::PluginTelemetryMetadata;
 use codex_protocol::approvals::NetworkApprovalProtocol;
 use codex_protocol::config_types::ApprovalsReviewer;
 use codex_protocol::config_types::ModeKind;
-use codex_protocol::models::PermissionProfile as CorePermissionProfile;
 use codex_protocol::protocol::AskForApproval;
 use codex_protocol::protocol::HookEventName;
 use codex_protocol::protocol::HookRunStatus;
@@ -154,20 +154,11 @@ fn sample_thread_start_response(thread_id: &str, ephemeral: bool, model: &str) -
            approval_policy: AppServerAskForApproval::OnFailure,
            approvals_reviewer: AppServerApprovalsReviewer::User,
            sandbox: AppServerSandboxPolicy::DangerFullAccess,
-            permission_profile: Some(sample_permission_profile()),
            reasoning_effort: None,
        },
    }
 }

-fn sample_permission_profile() -> AppServerPermissionProfile {
-    CorePermissionProfile::from_legacy_sandbox_policy(
-        &SandboxPolicy::DangerFullAccess,
-        &test_path_buf("/tmp"),
-    )
-    .into()
-}
-
 fn sample_app_server_client_metadata() -> CodexAppServerClientMetadata {
    CodexAppServerClientMetadata {
        product_client_id: DEFAULT_ORIGINATOR.to_string(),
@@ -214,7 +205,6 @@ fn sample_thread_resume_response_with_source(
            approval_policy: AppServerAskForApproval::OnFailure,
            approvals_reviewer: AppServerApprovalsReviewer::User,
            sandbox: AppServerSandboxPolicy::DangerFullAccess,
-            permission_profile: Some(sample_permission_profile()),
            reasoning_effort: None,
        },
    }
@@ -324,7 +314,7 @@ fn sample_turn_resolved_config(turn_id: &str) -> TurnResolvedConfigFact {
        reasoning_summary: None,
        service_tier: None,
        approval_policy: AskForApproval::OnRequest,
-        approvals_reviewer: ApprovalsReviewer::AutoReview,
+        approvals_reviewer: ApprovalsReviewer::GuardianSubagent,
        sandbox_network_access: true,
        collaboration_mode: ModeKind::Plan,
        personality: None,
@@ -955,6 +945,64 @@ async fn initialize_caches_client_and_thread_lifecycle_publishes_once_initialize
    );
 }

+#[tokio::test]
+async fn unrelated_client_requests_are_ignored_by_reducer() {
+    let mut reducer = AnalyticsReducer::default();
+    let mut events = Vec::new();
+
+    reducer
+        .ingest(
+            AnalyticsFact::Request {
+                connection_id: 7,
+                request_id: RequestId::Integer(3),
+                request: Box::new(ClientRequest::ThreadArchive {
+                    request_id: RequestId::Integer(3),
+                    params: ThreadArchiveParams {
+                        thread_id: "thread-2".to_string(),
+                    },
+                }),
+            },
+            &mut events,
+        )
+        .await;
+    reducer
+        .ingest(
+            AnalyticsFact::Response {
+                connection_id: 7,
+                response: Box::new(sample_turn_start_response("turn-2", /*request_id*/ 3)),
+            },
+            &mut events,
+        )
+        .await;
+
+    assert!(
+        events.is_empty(),
+        "unrelated requests must not create pending turn state"
+    );
+}
+
+#[tokio::test]
+async fn unrelated_client_responses_are_ignored_by_reducer() {
+    let mut reducer = AnalyticsReducer::default();
+    let mut events = Vec::new();
+
+    ingest_initialize(&mut reducer, &mut events).await;
+    reducer
+        .ingest(
+            AnalyticsFact::Response {
+                connection_id: 7,
+                response: Box::new(ClientResponse::ThreadArchive {
+                    request_id: RequestId::Integer(9),
+                    response: ThreadArchiveResponse {},
+                }),
+            },
+            &mut events,
+        )
+        .await;
+
+    assert!(events.is_empty());
+}
+
 #[tokio::test]
 async fn compaction_event_ingests_custom_fact() {
    let mut reducer = AnalyticsReducer::default();
@@ -1334,7 +1382,7 @@ fn subagent_thread_started_other_serializes_explicit_parent_thread_id() {
        },
    ));

-    let payload = serde_json::to_value(&event).expect("serialize auto-review subagent event");
+    let payload = serde_json::to_value(&event).expect("serialize guardian subagent event");
    assert_eq!(payload["event_params"]["subagent_source"], "guardian");
    assert_eq!(
        payload["event_params"]["parent_thread_id"],
@@ -1758,7 +1806,7 @@ fn turn_event_serializes_expected_shape() {
            reasoning_summary: Some("detailed".to_string()),
            service_tier: "flex".to_string(),
            approval_policy: "on-request".to_string(),
-            approvals_reviewer: "auto_review".to_string(),
+            approvals_reviewer: "guardian_subagent".to_string(),
            sandbox_network_access: true,
            collaboration_mode: Some("plan"),
            personality: Some("pragmatic".to_string()),
@@ -1819,7 +1867,7 @@ fn turn_event_serializes_expected_shape() {
                "reasoning_summary": "detailed",
                "service_tier": "flex",
                "approval_policy": "on-request",
-                "approvals_reviewer": "auto_review",
+                "approvals_reviewer": "guardian_subagent",
                "sandbox_network_access": true,
                "collaboration_mode": "plan",
                "personality": "pragmatic",
--- a/codex-rs/analytics/src/client.rs
+++ b/codex-rs/analytics/src/client.rs
@@ -1,6 +1,5 @@
 use crate::events::AppServerRpcTransport;
-use crate::events::GuardianReviewAnalyticsResult;
-use crate::events::GuardianReviewTrackContext;
+use crate::events::GuardianReviewEventParams;
 use crate::events::TrackEventRequest;
 use crate::events::TrackEventsRequest;
 use crate::events::current_runtime_metadata;
@@ -23,6 +22,7 @@ use crate::facts::TurnTokenUsageFact;
 use crate::reducer::AnalyticsReducer;
 use codex_app_server_protocol::ClientRequest;
 use codex_app_server_protocol::ClientResponse;
+use codex_app_server_protocol::ClientResponsePayload;
 use codex_app_server_protocol::InitializeParams;
 use codex_app_server_protocol::JSONRPCErrorError;
 use codex_app_server_protocol::RequestId;
@@ -124,6 +124,18 @@ impl AnalyticsEventsClient {
        }
    }

+    pub fn disabled() -> Self {
+        let (sender, _receiver) = mpsc::channel(1);
+        Self {
+            queue: AnalyticsEventsQueue {
+                sender,
+                app_used_emitted_keys: Arc::new(Mutex::new(HashSet::new())),
+                plugin_used_emitted_keys: Arc::new(Mutex::new(HashSet::new())),
+            },
+            analytics_enabled: Some(false),
+        }
+    }
+
    pub fn track_skill_invocations(
        &self,
        tracking: TrackEventsContext,
@@ -162,13 +174,9 @@ impl AnalyticsEventsClient {
        ));
    }

-    pub fn track_guardian_review(
-        &self,
-        tracking: &GuardianReviewTrackContext,
-        result: GuardianReviewAnalyticsResult,
-    ) {
+    pub fn track_guardian_review(&self, input: GuardianReviewEventParams) {
        self.record_fact(AnalyticsFact::Custom(CustomAnalyticsFact::GuardianReview(
-            Box::new(tracking.event_params(result)),
+            Box::new(input),
        )));
    }

@@ -281,6 +289,19 @@ impl AnalyticsEventsClient {
        });
    }

+    pub fn track_response_payload(
+        &self,
+        connection_id: u64,
+        request_id: RequestId,
+        response: Box<ClientResponsePayload>,
+    ) {
+        self.record_fact(AnalyticsFact::ResponsePayload {
+            connection_id,
+            request_id,
+            response,
+        });
+    }
+
    pub fn track_error_response(
        &self,
        connection_id: u64,
--- a/codex-rs/analytics/src/events.rs
+++ b/codex-rs/analytics/src/events.rs
@@ -1,5 +1,3 @@
-use std::time::Instant;
-
 use crate::facts::AppInvocation;
 use crate::facts::CodexCompactionEvent;
 use crate::facts::CompactionImplementation;
@@ -18,7 +16,6 @@ use crate::facts::TurnStatus;
 use crate::facts::TurnSteerRejectionReason;
 use crate::facts::TurnSteerResult;
 use crate::facts::TurnSubmissionType;
-use crate::now_unix_seconds;
 use codex_app_server_protocol::CodexErrorInfo;
 use codex_login::default_client::originator;
 use codex_plugin::PluginTelemetryMetadata;
@@ -33,7 +30,6 @@ use codex_protocol::protocol::HookEventName;
 use codex_protocol::protocol::HookRunStatus;
 use codex_protocol::protocol::HookSource;
 use codex_protocol::protocol::SubAgentSource;
-use codex_protocol::protocol::TokenUsage;
 use serde::Serialize;

 #[derive(Clone, Copy, Debug, Serialize)]
@@ -204,7 +200,6 @@ pub enum GuardianReviewedAction {
        connector_name: Option<String>,
        tool_title: Option<String>,
    },
-    RequestPermissions {},
 }

 #[derive(Clone, Serialize)]
@@ -240,142 +235,6 @@ pub struct GuardianReviewEventParams {
    pub total_tokens: Option<i64>,
 }

-pub struct GuardianReviewTrackContext {
-    thread_id: String,
-    turn_id: String,
-    review_id: String,
-    target_item_id: Option<String>,
-    approval_request_source: GuardianApprovalRequestSource,
-    reviewed_action: GuardianReviewedAction,
-    review_timeout_ms: u64,
-    started_at: u64,
-    started_instant: Instant,
-}
-
-impl GuardianReviewTrackContext {
-    pub fn new(
-        thread_id: String,
-        turn_id: String,
-        review_id: String,
-        target_item_id: Option<String>,
-        approval_request_source: GuardianApprovalRequestSource,
-        reviewed_action: GuardianReviewedAction,
-        review_timeout_ms: u64,
-    ) -> Self {
-        Self {
-            thread_id,
-            turn_id,
-            review_id,
-            target_item_id,
-            approval_request_source,
-            reviewed_action,
-            review_timeout_ms,
-            started_at: now_unix_seconds(),
-            started_instant: Instant::now(),
-        }
-    }
-
-    pub(crate) fn event_params(
-        &self,
-        result: GuardianReviewAnalyticsResult,
-    ) -> GuardianReviewEventParams {
-        GuardianReviewEventParams {
-            thread_id: self.thread_id.clone(),
-            turn_id: self.turn_id.clone(),
-            review_id: self.review_id.clone(),
-            target_item_id: self.target_item_id.clone(),
-            approval_request_source: self.approval_request_source,
-            reviewed_action: self.reviewed_action.clone(),
-            reviewed_action_truncated: result.reviewed_action_truncated,
-            decision: result.decision,
-            terminal_status: result.terminal_status,
-            failure_reason: result.failure_reason,
-            risk_level: result.risk_level,
-            user_authorization: result.user_authorization,
-            outcome: result.outcome,
-            guardian_thread_id: result.guardian_thread_id,
-            guardian_session_kind: result.guardian_session_kind,
-            guardian_model: result.guardian_model,
-            guardian_reasoning_effort: result.guardian_reasoning_effort,
-            had_prior_review_context: result.had_prior_review_context,
-            review_timeout_ms: self.review_timeout_ms,
-            // TODO(rhan-oai): plumb nested Guardian review session tool-call counts.
-            tool_call_count: None,
-            time_to_first_token_ms: result.time_to_first_token_ms,
-            completion_latency_ms: Some(self.started_instant.elapsed().as_millis() as u64),
-            started_at: self.started_at,
-            completed_at: Some(now_unix_seconds()),
-            input_tokens: result.token_usage.as_ref().map(|usage| usage.input_tokens),
-            cached_input_tokens: result
-                .token_usage
-                .as_ref()
-                .map(|usage| usage.cached_input_tokens),
-            output_tokens: result.token_usage.as_ref().map(|usage| usage.output_tokens),
-            reasoning_output_tokens: result
-                .token_usage
-                .as_ref()
-                .map(|usage| usage.reasoning_output_tokens),
-            total_tokens: result.token_usage.as_ref().map(|usage| usage.total_tokens),
-        }
-    }
-}
-
-#[derive(Debug)]
-pub struct GuardianReviewAnalyticsResult {
-    pub decision: GuardianReviewDecision,
-    pub terminal_status: GuardianReviewTerminalStatus,
-    pub failure_reason: Option<GuardianReviewFailureReason>,
-    pub risk_level: Option<GuardianRiskLevel>,
-    pub user_authorization: Option<GuardianUserAuthorization>,
-    pub outcome: Option<GuardianAssessmentOutcome>,
-    pub guardian_thread_id: Option<String>,
-    pub guardian_session_kind: Option<GuardianReviewSessionKind>,
-    pub guardian_model: Option<String>,
-    pub guardian_reasoning_effort: Option<String>,
-    pub had_prior_review_context: Option<bool>,
-    pub reviewed_action_truncated: bool,
-    pub token_usage: Option<TokenUsage>,
-    pub time_to_first_token_ms: Option<u64>,
-}
-
-impl GuardianReviewAnalyticsResult {
-    pub fn without_session() -> Self {
-        Self {
-            decision: GuardianReviewDecision::Denied,
-            terminal_status: GuardianReviewTerminalStatus::FailedClosed,
-            failure_reason: None,
-            risk_level: None,
-            user_authorization: None,
-            outcome: None,
-            guardian_thread_id: None,
-            guardian_session_kind: None,
-            guardian_model: None,
-            guardian_reasoning_effort: None,
-            had_prior_review_context: None,
-            reviewed_action_truncated: false,
-            token_usage: None,
-            time_to_first_token_ms: None,
-        }
-    }
-
-    pub fn from_session(
-        guardian_thread_id: String,
-        guardian_session_kind: GuardianReviewSessionKind,
-        guardian_model: String,
-        guardian_reasoning_effort: Option<String>,
-        had_prior_review_context: bool,
-    ) -> Self {
-        Self {
-            guardian_thread_id: Some(guardian_thread_id),
-            guardian_session_kind: Some(guardian_session_kind),
-            guardian_model: Some(guardian_model),
-            guardian_reasoning_effort,
-            had_prior_review_context: Some(had_prior_review_context),
-            ..Self::without_session()
-        }
-    }
-}
-
 #[derive(Serialize)]
 pub(crate) struct GuardianReviewEventPayload {
    pub(crate) app_server_client: CodexAppServerClientMetadata,
--- a/codex-rs/analytics/src/facts.rs
+++ b/codex-rs/analytics/src/facts.rs
@@ -3,6 +3,7 @@ use crate::events::CodexRuntimeMetadata;
 use crate::events::GuardianReviewEventParams;
 use codex_app_server_protocol::ClientRequest;
 use codex_app_server_protocol::ClientResponse;
+use codex_app_server_protocol::ClientResponsePayload;
 use codex_app_server_protocol::InitializeParams;
 use codex_app_server_protocol::JSONRPCErrorError;
 use codex_app_server_protocol::RequestId;
@@ -280,6 +281,11 @@ pub(crate) enum AnalyticsFact {
        connection_id: u64,
        response: Box<ClientResponse>,
    },
+    ResponsePayload {
+        connection_id: u64,
+        request_id: RequestId,
+        response: Box<ClientResponsePayload>,
+    },
    ErrorResponse {
        connection_id: u64,
        request_id: RequestId,
--- a/codex-rs/analytics/src/lib.rs
+++ b/codex-rs/analytics/src/lib.rs
@@ -9,13 +9,11 @@ use std::time::UNIX_EPOCH;
 pub use client::AnalyticsEventsClient;
 pub use events::AppServerRpcTransport;
 pub use events::GuardianApprovalRequestSource;
-pub use events::GuardianReviewAnalyticsResult;
 pub use events::GuardianReviewDecision;
 pub use events::GuardianReviewEventParams;
 pub use events::GuardianReviewFailureReason;
 pub use events::GuardianReviewSessionKind;
 pub use events::GuardianReviewTerminalStatus;
-pub use events::GuardianReviewTrackContext;
 pub use events::GuardianReviewedAction;
 pub use facts::AnalyticsJsonRpcError;
 pub use facts::AppInvocation;
--- a/codex-rs/analytics/src/reducer.rs
+++ b/codex-rs/analytics/src/reducer.rs
@@ -184,6 +184,15 @@ impl AnalyticsReducer {
            } => {
                self.ingest_response(connection_id, *response, out);
            }
+            AnalyticsFact::ResponsePayload {
+                connection_id,
+                request_id,
+                response,
+            } => {
+                if let Some(response) = response.into_client_response(request_id) {
+                    self.ingest_response(connection_id, response, out);
+                }
+            }
            AnalyticsFact::ErrorResponse {
                connection_id,
                request_id,
--- a/codex-rs/app-server-client/src/lib.rs
+++ b/codex-rs/app-server-client/src/lib.rs
@@ -42,8 +42,6 @@ use codex_app_server_protocol::ServerNotification;
 use codex_app_server_protocol::ServerRequest;
 use codex_arg0::Arg0DispatchPaths;
 use codex_config::NoopThreadConfigLoader;
-use codex_config::RemoteThreadConfigLoader;
-use codex_config::ThreadConfigLoader;
 use codex_core::config::Config;
 use codex_core::config_loader::CloudRequirementsLoader;
 use codex_core::config_loader::LoaderOverrides;
@@ -100,7 +98,7 @@ pub mod legacy_core {
    }

    pub mod plugins {
-        pub use codex_core::plugins::PluginsManager;
+        pub use codex_core::plugins::*;
    }

    pub mod review_format {
@@ -359,13 +357,6 @@ pub struct InProcessClientStartArgs {
    pub channel_capacity: usize,
 }

-fn configured_thread_config_loader(config: &Config) -> Arc<dyn ThreadConfigLoader> {
-    match config.experimental_thread_config_endpoint.as_deref() {
-        Some(endpoint) => Arc::new(RemoteThreadConfigLoader::new(endpoint)),
-        None => Arc::new(NoopThreadConfigLoader),
-    }
-}
-
 impl InProcessClientStartArgs {
    /// Builds initialize params from caller-provided metadata.
    pub fn initialize_params(&self) -> InitializeParams {
@@ -390,14 +381,13 @@ impl InProcessClientStartArgs {

    fn into_runtime_start_args(self) -> InProcessStartArgs {
        let initialize = self.initialize_params();
-        let thread_config_loader = configured_thread_config_loader(&self.config);
        InProcessStartArgs {
            arg0_paths: self.arg0_paths,
            config: self.config,
            cli_overrides: self.cli_overrides,
            loader_overrides: self.loader_overrides,
            cloud_requirements: self.cloud_requirements,
-            thread_config_loader,
+            thread_config_loader: Arc::new(NoopThreadConfigLoader),
            feedback: self.feedback,
            log_db: self.log_db,
            environment_manager: self.environment_manager,
@@ -2023,42 +2013,6 @@ mod tests {
        );
    }

-    #[tokio::test]
-    async fn runtime_start_args_use_remote_thread_config_loader_when_configured() {
-        let mut config = build_test_config().await;
-        config.experimental_thread_config_endpoint = Some("not-a-valid-endpoint".to_string());
-
-        let runtime_args = InProcessClientStartArgs {
-            arg0_paths: Arg0DispatchPaths::default(),
-            config: Arc::new(config),
-            cli_overrides: Vec::new(),
-            loader_overrides: LoaderOverrides::default(),
-            cloud_requirements: CloudRequirementsLoader::default(),
-            feedback: CodexFeedback::new(),
-            log_db: None,
-            environment_manager: Arc::new(EnvironmentManager::default_for_tests()),
-            config_warnings: Vec::new(),
-            session_source: SessionSource::Exec,
-            enable_codex_api_key_env: false,
-            client_name: "codex-app-server-client-test".to_string(),
-            client_version: "0.0.0-test".to_string(),
-            experimental_api: true,
-            opt_out_notification_methods: Vec::new(),
-            channel_capacity: DEFAULT_IN_PROCESS_CHANNEL_CAPACITY,
-        }
-        .into_runtime_start_args();
-
-        let err = runtime_args
-            .thread_config_loader
-            .load(Default::default())
-            .await
-            .expect_err("configured remote loader should try to connect");
-        assert_eq!(
-            err.code(),
-            codex_config::ThreadConfigLoadErrorCode::RequestFailed
-        );
-    }
-
    #[tokio::test]
    async fn shutdown_completes_promptly_without_retained_managers() {
        let client = start_test_client(SessionSource::Cli).await;
--- a/codex-rs/app-server-client/src/remote.rs
+++ b/codex-rs/app-server-client/src/remote.rs
@@ -20,6 +20,7 @@ use crate::RequestResult;
 use crate::SHUTDOWN_TIMEOUT;
 use crate::TypedRequestError;
 use crate::request_method_name;
+use crate::server_notification_requires_delivery;
 use codex_app_server_protocol::ClientInfo;
 use codex_app_server_protocol::ClientNotification;
 use codex_app_server_protocol::ClientRequest;
@@ -125,7 +126,7 @@ enum RemoteClientCommand {

 pub struct RemoteAppServerClient {
    command_tx: mpsc::Sender<RemoteClientCommand>,
-    event_rx: mpsc::UnboundedReceiver<AppServerEvent>,
+    event_rx: mpsc::Receiver<AppServerEvent>,
    pending_events: VecDeque<AppServerEvent>,
    worker_handle: tokio::task::JoinHandle<()>,
 }
@@ -194,10 +195,11 @@ impl RemoteAppServerClient {
        .await?;

        let (command_tx, mut command_rx) = mpsc::channel::<RemoteClientCommand>(channel_capacity);
-        let (event_tx, event_rx) = mpsc::unbounded_channel::<AppServerEvent>();
+        let (event_tx, event_rx) = mpsc::channel::<AppServerEvent>(channel_capacity);
        let worker_handle = tokio::spawn(async move {
            let mut pending_requests =
                HashMap::<RequestId, oneshot::Sender<IoResult<RequestResult>>>::new();
+            let mut skipped_events = 0usize;
            loop {
                tokio::select! {
                    command = command_rx.recv() => {
@@ -229,12 +231,15 @@ impl RemoteAppServerClient {
                                    }
                                    let _ = deliver_event(
                                        &event_tx,
+                                        &mut skipped_events,
                                        AppServerEvent::Disconnected {
                                            message: format!(
                                                "remote app server at `{websocket_url}` write failed: {err_message}"
                                            ),
                                        },
-                                    );
+                                        &mut stream,
+                                    )
+                                    .await;
                                    break;
                                }
                            }
@@ -311,8 +316,11 @@ impl RemoteAppServerClient {
                                            app_server_event_from_notification(notification)
                                            && let Err(err) = deliver_event(
                                                &event_tx,
+                                                &mut skipped_events,
                                                event,
+                                                &mut stream,
                                            )
+                                            .await
                                            {
                                                warn!(%err, "failed to deliver remote app-server event");
                                                break;
@@ -325,8 +333,11 @@ impl RemoteAppServerClient {
                                            Ok(request) => {
                                                if let Err(err) = deliver_event(
                                                    &event_tx,
+                                                    &mut skipped_events,
                                                    AppServerEvent::ServerRequest(request),
+                                                    &mut stream,
                                                )
+                                                .await
                                                {
                                                    warn!(%err, "failed to deliver remote app-server server request");
                                                    break;
@@ -353,12 +364,15 @@ impl RemoteAppServerClient {
                                                    let err_message = reject_err.to_string();
                                                    let _ = deliver_event(
                                                        &event_tx,
+                                                        &mut skipped_events,
                                                        AppServerEvent::Disconnected {
                                                            message: format!(
                                                                "remote app server at `{websocket_url}` write failed: {err_message}"
                                                            ),
                                                        },
-                                                    );
+                                                        &mut stream,
+                                                    )
+                                                    .await;
                                                    break;
                                                }
                                            }
@@ -367,12 +381,15 @@ impl RemoteAppServerClient {
                                    Err(err) => {
                                        let _ = deliver_event(
                                            &event_tx,
+                                            &mut skipped_events,
                                            AppServerEvent::Disconnected {
                                                message: format!(
                                                    "remote app server at `{websocket_url}` sent invalid JSON-RPC: {err}"
                                                ),
                                            },
-                                        );
+                                            &mut stream,
+                                        )
+                                        .await;
                                        break;
                                    }
                                }
@@ -385,12 +402,15 @@ impl RemoteAppServerClient {
                                    .unwrap_or_else(|| "connection closed".to_string());
                                let _ = deliver_event(
                                    &event_tx,
+                                    &mut skipped_events,
                                    AppServerEvent::Disconnected {
                                        message: format!(
                                            "remote app server at `{websocket_url}` disconnected: {reason}"
                                        ),
                                    },
-                                );
+                                    &mut stream,
+                                )
+                                .await;
                                break;
                            }
                            Some(Ok(Message::Binary(_)))
@@ -400,23 +420,29 @@ impl RemoteAppServerClient {
                            Some(Err(err)) => {
                                let _ = deliver_event(
                                    &event_tx,
+                                    &mut skipped_events,
                                    AppServerEvent::Disconnected {
                                        message: format!(
                                            "remote app server at `{websocket_url}` transport failed: {err}"
                                        ),
                                    },
-                                );
+                                    &mut stream,
+                                )
+                                .await;
                                break;
                            }
                            None => {
                                let _ = deliver_event(
                                    &event_tx,
+                                    &mut skipped_events,
                                    AppServerEvent::Disconnected {
                                        message: format!(
                                            "remote app server at `{websocket_url}` closed the connection"
                                        ),
                                    },
-                                );
+                                    &mut stream,
+                                )
+                                .await;
                                break;
                            }
                        }
@@ -775,16 +801,100 @@ fn app_server_event_from_notification(notification: JSONRPCNotification) -> Opti
    }
 }

-fn deliver_event(
-    event_tx: &mpsc::UnboundedSender<AppServerEvent>,
+async fn deliver_event(
+    event_tx: &mpsc::Sender<AppServerEvent>,
+    skipped_events: &mut usize,
    event: AppServerEvent,
+    stream: &mut WebSocketStream<MaybeTlsStream<TcpStream>>,
 ) -> IoResult<()> {
-    event_tx.send(event).map_err(|_| {
-        IoError::new(
+    if *skipped_events > 0 {
+        if event_requires_delivery(&event) {
+            if event_tx
+                .send(AppServerEvent::Lagged {
+                    skipped: *skipped_events,
+                })
+                .await
+                .is_err()
+            {
+                return Err(IoError::new(
+                    ErrorKind::BrokenPipe,
+                    "remote app-server event consumer channel is closed",
+                ));
+            }
+            *skipped_events = 0;
+        } else {
+            match event_tx.try_send(AppServerEvent::Lagged {
+                skipped: *skipped_events,
+            }) {
+                Ok(()) => *skipped_events = 0,
+                Err(mpsc::error::TrySendError::Full(_)) => {
+                    *skipped_events = (*skipped_events).saturating_add(1);
+                    reject_if_server_request_dropped(stream, &event).await?;
+                    return Ok(());
+                }
+                Err(mpsc::error::TrySendError::Closed(_)) => {
+                    return Err(IoError::new(
+                        ErrorKind::BrokenPipe,
+                        "remote app-server event consumer channel is closed",
+                    ));
+                }
+            }
+        }
+    }
+
+    if event_requires_delivery(&event) {
+        event_tx.send(event).await.map_err(|_| {
+            IoError::new(
+                ErrorKind::BrokenPipe,
+                "remote app-server event consumer channel is closed",
+            )
+        })?;
+        return Ok(());
+    }
+
+    match event_tx.try_send(event) {
+        Ok(()) => Ok(()),
+        Err(mpsc::error::TrySendError::Full(event)) => {
+            *skipped_events = (*skipped_events).saturating_add(1);
+            reject_if_server_request_dropped(stream, &event).await
+        }
+        Err(mpsc::error::TrySendError::Closed(_)) => Err(IoError::new(
            ErrorKind::BrokenPipe,
            "remote app-server event consumer channel is closed",
-        )
-    })
+        )),
+    }
+}
+
+async fn reject_if_server_request_dropped(
+    stream: &mut WebSocketStream<MaybeTlsStream<TcpStream>>,
+    event: &AppServerEvent,
+) -> IoResult<()> {
+    let AppServerEvent::ServerRequest(request) = event else {
+        return Ok(());
+    };
+    write_jsonrpc_message(
+        stream,
+        JSONRPCMessage::Error(JSONRPCError {
+            error: JSONRPCErrorError {
+                code: -32001,
+                message: "remote app-server event queue is full".to_string(),
+                data: None,
+            },
+            id: request.id().clone(),
+        }),
+        "<remote-app-server>",
+    )
+    .await
+}
+
+fn event_requires_delivery(event: &AppServerEvent) -> bool {
+    match event {
+        AppServerEvent::ServerNotification(notification) => {
+            server_notification_requires_delivery(notification)
+        }
+        AppServerEvent::Disconnected { .. } => true,
+        AppServerEvent::Lagged { .. } | AppServerEvent::ServerRequest(_) => false,
+    }
 }

 fn request_id_from_client_request(request: &ClientRequest) -> RequestId {
@@ -830,14 +940,47 @@ async fn write_jsonrpc_message(
            ))
        })
 }
+
 #[cfg(test)]
 mod tests {
    use super::*;

+    #[test]
+    fn event_requires_delivery_marks_transcript_and_disconnect_events() {
+        assert!(event_requires_delivery(
+            &AppServerEvent::ServerNotification(ServerNotification::AgentMessageDelta(
+                codex_app_server_protocol::AgentMessageDeltaNotification {
+                    thread_id: "thread".to_string(),
+                    turn_id: "turn".to_string(),
+                    item_id: "item".to_string(),
+                    delta: "hello".to_string(),
+                },
+            ),)
+        ));
+        assert!(event_requires_delivery(
+            &AppServerEvent::ServerNotification(ServerNotification::ItemCompleted(
+                codex_app_server_protocol::ItemCompletedNotification {
+                    thread_id: "thread".to_string(),
+                    turn_id: "turn".to_string(),
+                    item: codex_app_server_protocol::ThreadItem::Plan {
+                        id: "item".to_string(),
+                        text: "step".to_string(),
+                    },
+                }
+            ),)
+        ));
+        assert!(event_requires_delivery(&AppServerEvent::Disconnected {
+            message: "closed".to_string(),
+        }));
+        assert!(!event_requires_delivery(&AppServerEvent::Lagged {
+            skipped: 1
+        }));
+    }
+
    #[tokio::test]
    async fn shutdown_tolerates_worker_exit_after_command_is_queued() {
        let (command_tx, mut command_rx) = mpsc::channel(1);
-        let (_event_tx, event_rx) = mpsc::unbounded_channel::<AppServerEvent>();
+        let (_event_tx, event_rx) = mpsc::channel(1);
        let worker_handle = tokio::spawn(async move {
            let _ = command_rx.recv().await;
        });
--- a/codex-rs/app-server-protocol/schema/json/ClientRequest.json
+++ b/codex-rs/app-server-protocol/schema/json/ClientRequest.json
@@ -13,10 +13,9 @@
      "type": "string"
    },
    "ApprovalsReviewer": {
-      "description": "Configures who approval requests are routed to for review. Examples include sandbox escapes, blocked network access, MCP approval prompts, and ARC escalations. Defaults to `user`. `auto_review` uses a carefully prompted subagent to gather relevant context and apply a risk-based decision framework before approving or denying the request. The legacy value `guardian_subagent` is accepted for compatibility.",
+      "description": "Configures who approval requests are routed to for review. Examples include sandbox escapes, blocked network access, MCP approval prompts, and ARC escalations. Defaults to `user`. `guardian_subagent` uses a carefully prompted subagent to gather relevant context and apply a risk-based decision framework before approving or denying the request.",
      "enum": [
        "user",
-        "auto_review",
        "guardian_subagent"
      ],
      "type": "string"
@@ -218,17 +217,6 @@
            "null"
          ]
        },
-        "permissionProfile": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PermissionProfile"
-            },
-            {
-              "type": "null"
-            }
-          ],
-          "description": "Optional full permissions profile for this command.\n\nDefaults to the user's configured permissions when omitted. Cannot be combined with `sandboxPolicy`."
-        },
        "processId": {
          "description": "Optional client-supplied, connection-scoped process id.\n\nRequired for `tty`, `streamStdin`, `streamStdoutStderr`, and follow-up `command/exec/write`, `command/exec/resize`, and `command/exec/terminate` calls. When omitted, buffered execution gets an internal id that is not exposed to the client.",
          "type": [
@@ -245,7 +233,7 @@
              "type": "null"
            }
          ],
-          "description": "Optional sandbox policy for this command.\n\nUses the same shape as thread/turn execution sandbox configuration and defaults to the user's configured policy when omitted. Cannot be combined with `permissionProfile`."
+          "description": "Optional sandbox policy for this command.\n\nUses the same shape as thread/turn execution sandbox configuration and defaults to the user's configured policy when omitted."
        },
        "size": {
          "anyOf": [
@@ -909,217 +897,6 @@
      ],
      "type": "object"
    },
-    "FileSystemAccessMode": {
-      "enum": [
-        "read",
-        "write",
-        "none"
-      ],
-      "type": "string"
-    },
-    "FileSystemPath": {
-      "oneOf": [
-        {
-          "properties": {
-            "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
-            },
-            "type": {
-              "enum": [
-                "path"
-              ],
-              "title": "PathFileSystemPathType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "path",
-            "type"
-          ],
-          "title": "PathFileSystemPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "pattern": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "glob_pattern"
-              ],
-              "title": "GlobPatternFileSystemPathType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "pattern",
-            "type"
-          ],
-          "title": "GlobPatternFileSystemPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "type": {
-              "enum": [
-                "special"
-              ],
-              "title": "SpecialFileSystemPathType",
-              "type": "string"
-            },
-            "value": {
-              "$ref": "#/definitions/FileSystemSpecialPath"
-            }
-          },
-          "required": [
-            "type",
-            "value"
-          ],
-          "title": "SpecialFileSystemPath",
-          "type": "object"
-        }
-      ]
-    },
-    "FileSystemSandboxEntry": {
-      "properties": {
-        "access": {
-          "$ref": "#/definitions/FileSystemAccessMode"
-        },
-        "path": {
-          "$ref": "#/definitions/FileSystemPath"
-        }
-      },
-      "required": [
-        "access",
-        "path"
-      ],
-      "type": "object"
-    },
-    "FileSystemSpecialPath": {
-      "oneOf": [
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "root"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "RootFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "minimal"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "MinimalFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "current_working_directory"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "CurrentWorkingDirectoryFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "project_roots"
-              ],
-              "type": "string"
-            },
-            "subpath": {
-              "type": [
-                "string",
-                "null"
-              ]
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "KindFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "tmpdir"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "TmpdirFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "slash_tmp"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "SlashTmpFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "unknown"
-              ],
-              "type": "string"
-            },
-            "path": {
-              "type": "string"
-            },
-            "subpath": {
-              "type": [
-                "string",
-                "null"
-              ]
-            }
-          },
-          "required": [
-            "kind",
-            "path"
-          ],
-          "type": "object"
-        }
-      ]
-    },
    "FsCopyParams": {
      "description": "Copy a file or directory tree on the host filesystem.",
      "properties": {
@@ -1721,17 +1498,6 @@
      ],
      "type": "object"
    },
-    "MarketplaceUpgradeParams": {
-      "properties": {
-        "marketplaceName": {
-          "type": [
-            "string",
-            "null"
-          ]
-        }
-      },
-      "type": "object"
-    },
    "McpResourceReadParams": {
      "properties": {
        "server": {
@@ -1891,64 +1657,6 @@
      ],
      "type": "string"
    },
-    "PermissionProfile": {
-      "properties": {
-        "fileSystem": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PermissionProfileFileSystemPermissions"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
-        "network": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        }
-      },
-      "type": "object"
-    },
-    "PermissionProfileFileSystemPermissions": {
-      "properties": {
-        "entries": {
-          "items": {
-            "$ref": "#/definitions/FileSystemSandboxEntry"
-          },
-          "type": "array"
-        },
-        "globScanMaxDepth": {
-          "format": "uint",
-          "minimum": 1.0,
-          "type": [
-            "integer",
-            "null"
-          ]
-        }
-      },
-      "required": [
-        "entries"
-      ],
-      "type": "object"
-    },
-    "PermissionProfileNetworkPermissions": {
-      "properties": {
-        "enabled": {
-          "type": [
-            "boolean",
-            "null"
-          ]
-        }
-      },
-      "type": "object"
-    },
    "Personality": {
      "enum": [
        "none",
@@ -3234,21 +2942,6 @@
      ],
      "type": "object"
    },
-    "ThreadApproveGuardianDeniedActionParams": {
-      "properties": {
-        "event": {
-          "description": "Serialized `codex_protocol::protocol::GuardianAssessmentEvent`."
-        },
-        "threadId": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "event",
-        "threadId"
-      ],
-      "type": "object"
-    },
    "ThreadArchiveParams": {
      "properties": {
        "threadId": {
@@ -3323,10 +3016,6 @@
        "ephemeral": {
          "type": "boolean"
        },
-        "excludeTurns": {
-          "description": "When true, return only thread metadata and live fork state without populating `thread.turns`. This is useful when the client plans to call `thread/turns/list` immediately after forking.",
-          "type": "boolean"
-        },
        "model": {
          "description": "Configuration overrides for the forked thread, if any.",
          "type": [
@@ -3340,17 +3029,6 @@
            "null"
          ]
        },
-        "permissionProfile": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PermissionProfile"
-            },
-            {
-              "type": "null"
-            }
-          ],
-          "description": "Full permissions override for the forked thread. Cannot be combined with `sandbox`."
-        },
        "sandbox": {
          "anyOf": [
            {
@@ -3404,19 +3082,6 @@
      ],
      "type": "object"
    },
-    "ThreadListCwdFilter": {
-      "anyOf": [
-        {
-          "type": "string"
-        },
-        {
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      ]
-    },
    "ThreadListParams": {
      "properties": {
        "archived": {
@@ -3434,15 +3099,11 @@
          ]
        },
        "cwd": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/ThreadListCwdFilter"
-            },
-            {
-              "type": "null"
-            }
-          ],
-          "description": "Optional cwd filter or filters; when set, only threads whose session cwd exactly matches one of these paths are returned."
+          "description": "Optional cwd filter; when set, only threads whose session cwd exactly matches this path are returned.",
+          "type": [
+            "string",
+            "null"
+          ]
        },
        "limit": {
          "description": "Optional page size; defaults to a reasonable server-side value.",
@@ -3501,10 +3162,6 @@
            "array",
            "null"
          ]
-        },
-        "useStateDbOnly": {
-          "description": "If true, return from the state DB without scanning JSONL rollouts to repair thread metadata. Omitted or false preserves scan-and-repair behavior.",
-          "type": "boolean"
        }
      },
      "type": "object"
@@ -3730,10 +3387,6 @@
            "null"
          ]
        },
-        "excludeTurns": {
-          "description": "When true, return only thread metadata and live-resume state without populating `thread.turns`. This is useful when the client plans to call `thread/turns/list` immediately after resuming.",
-          "type": "boolean"
-        },
        "model": {
          "description": "Configuration overrides for the resumed thread, if any.",
          "type": [
@@ -3747,17 +3400,6 @@
            "null"
          ]
        },
-        "permissionProfile": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PermissionProfile"
-            },
-            {
-              "type": "null"
-            }
-          ],
-          "description": "Full permissions override for the resumed thread. Cannot be combined with `sandbox`."
-        },
        "personality": {
          "anyOf": [
            {
@@ -3941,17 +3583,6 @@
            "null"
          ]
        },
-        "permissionProfile": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PermissionProfile"
-            },
-            {
-              "type": "null"
-            }
-          ],
-          "description": "Full permissions override for this thread. Cannot be combined with `sandbox`."
-        },
        "personality": {
          "anyOf": [
            {
@@ -4163,17 +3794,6 @@
        "outputSchema": {
          "description": "Optional JSON Schema used to constrain the final assistant message for this turn."
        },
-        "permissionProfile": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PermissionProfile"
-            },
-            {
-              "type": "null"
-            }
-          ],
-          "description": "Override the full permissions profile for this turn and subsequent turns. Cannot be combined with `sandboxPolicy`."
-        },
        "personality": {
          "anyOf": [
            {
@@ -4674,30 +4294,6 @@
      "title": "Thread/shellCommandRequest",
      "type": "object"
    },
-    {
-      "properties": {
-        "id": {
-          "$ref": "#/definitions/RequestId"
-        },
-        "method": {
-          "enum": [
-            "thread/approveGuardianDeniedAction"
-          ],
-          "title": "Thread/approveGuardianDeniedActionRequestMethod",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "#/definitions/ThreadApproveGuardianDeniedActionParams"
-        }
-      },
-      "required": [
-        "id",
-        "method",
-        "params"
-      ],
-      "title": "Thread/approveGuardianDeniedActionRequest",
-      "type": "object"
-    },
    {
      "properties": {
        "id": {
@@ -4915,30 +4511,6 @@
      "title": "Marketplace/removeRequest",
      "type": "object"
    },
-    {
-      "properties": {
-        "id": {
-          "$ref": "#/definitions/RequestId"
-        },
-        "method": {
-          "enum": [
-            "marketplace/upgrade"
-          ],
-          "title": "Marketplace/upgradeRequestMethod",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "#/definitions/MarketplaceUpgradeParams"
-        }
-      },
-      "required": [
-        "id",
-        "method",
-        "params"
-      ],
-      "title": "Marketplace/upgradeRequest",
-      "type": "object"
-    },
    {
      "properties": {
        "id": {
--- a/codex-rs/app-server-protocol/schema/json/CommandExecutionRequestApprovalParams.json
+++ b/codex-rs/app-server-protocol/schema/json/CommandExecutionRequestApprovalParams.json
@@ -25,7 +25,6 @@
          ]
        },
        "read": {
-          "description": "This will be removed in favor of `entries`.",
          "items": {
            "$ref": "#/definitions/AbsolutePathBuf"
          },
@@ -35,7 +34,6 @@
          ]
        },
        "write": {
-          "description": "This will be removed in favor of `entries`.",
          "items": {
            "$ref": "#/definitions/AbsolutePathBuf"
          },
--- a/codex-rs/app-server-protocol/schema/json/PermissionsRequestApprovalParams.json
+++ b/codex-rs/app-server-protocol/schema/json/PermissionsRequestApprovalParams.json
@@ -25,7 +25,6 @@
          ]
        },
        "read": {
-          "description": "This will be removed in favor of `entries`.",
          "items": {
            "$ref": "#/definitions/AbsolutePathBuf"
          },
@@ -35,7 +34,6 @@
          ]
        },
        "write": {
-          "description": "This will be removed in favor of `entries`.",
          "items": {
            "$ref": "#/definitions/AbsolutePathBuf"
          },
--- a/codex-rs/app-server-protocol/schema/json/PermissionsRequestApprovalResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/PermissionsRequestApprovalResponse.json
@@ -25,7 +25,6 @@
          ]
        },
        "read": {
-          "description": "This will be removed in favor of `entries`.",
          "items": {
            "$ref": "#/definitions/AbsolutePathBuf"
          },
@@ -35,7 +34,6 @@
          ]
        },
        "write": {
-          "description": "This will be removed in favor of `entries`.",
          "items": {
            "$ref": "#/definitions/AbsolutePathBuf"
          },
@@ -313,13 +311,6 @@
        }
      ],
      "default": "turn"
-    },
-    "strictAutoReview": {
-      "description": "Review every subsequent command in this turn before normal sandboxed execution.",
-      "type": [
-        "boolean",
-        "null"
-      ]
    }
  },
  "required": [
--- a/codex-rs/app-server-protocol/schema/json/ServerNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/ServerNotification.json
@@ -84,7 +84,6 @@
          ]
        },
        "read": {
-          "description": "This will be removed in favor of `entries`.",
          "items": {
            "$ref": "#/definitions/AbsolutePathBuf"
          },
@@ -94,7 +93,6 @@
          ]
        },
        "write": {
-          "description": "This will be removed in favor of `entries`.",
          "items": {
            "$ref": "#/definitions/AbsolutePathBuf"
          },
@@ -438,13 +436,6 @@
            "chatgptAuthTokens"
          ],
          "type": "string"
-        },
-        {
-          "description": "Programmatic Codex auth backed by a registered Agent Identity.",
-          "enum": [
-            "agentIdentity"
-          ],
-          "type": "string"
        }
      ]
    },
@@ -482,7 +473,6 @@
            "contextWindowExceeded",
            "usageLimitExceeded",
            "serverOverloaded",
-            "cyberPolicy",
            "internalServerError",
            "unauthorized",
            "badRequest",
@@ -1707,23 +1697,6 @@
      ],
      "type": "string"
    },
-    "GuardianWarningNotification": {
-      "properties": {
-        "message": {
-          "description": "Concise guardian warning message for the user.",
-          "type": "string"
-        },
-        "threadId": {
-          "description": "Thread target for the guardian warning.",
-          "type": "string"
-        }
-      },
-      "required": [
-        "message",
-        "threadId"
-      ],
-      "type": "object"
-    },
    "HookCompletedNotification": {
      "properties": {
        "run": {
@@ -2263,34 +2236,6 @@
      ],
      "type": "object"
    },
-    "ModelVerification": {
-      "enum": [
-        "trustedAccessForCyber"
-      ],
-      "type": "string"
-    },
-    "ModelVerificationNotification": {
-      "properties": {
-        "threadId": {
-          "type": "string"
-        },
-        "turnId": {
-          "type": "string"
-        },
-        "verifications": {
-          "items": {
-            "$ref": "#/definitions/ModelVerification"
-          },
-          "type": "array"
-        }
-      },
-      "required": [
-        "threadId",
-        "turnId",
-        "verifications"
-      ],
-      "type": "object"
-    },
    "NetworkApprovalProtocol": {
      "enum": [
        "http",
@@ -5370,26 +5315,6 @@
      "title": "Model/reroutedNotification",
      "type": "object"
    },
-    {
-      "properties": {
-        "method": {
-          "enum": [
-            "model/verification"
-          ],
-          "title": "Model/verificationNotificationMethod",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "#/definitions/ModelVerificationNotification"
-        }
-      },
-      "required": [
-        "method",
-        "params"
-      ],
-      "title": "Model/verificationNotification",
-      "type": "object"
-    },
    {
      "properties": {
        "method": {
@@ -5410,26 +5335,6 @@
      "title": "WarningNotification",
      "type": "object"
    },
-    {
-      "properties": {
-        "method": {
-          "enum": [
-            "guardianWarning"
-          ],
-          "title": "GuardianWarningNotificationMethod",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "#/definitions/GuardianWarningNotification"
-        }
-      },
-      "required": [
-        "method",
-        "params"
-      ],
-      "title": "GuardianWarningNotification",
-      "type": "object"
-    },
    {
      "properties": {
        "method": {
--- a/codex-rs/app-server-protocol/schema/json/ServerRequest.json
+++ b/codex-rs/app-server-protocol/schema/json/ServerRequest.json
@@ -25,7 +25,6 @@
          ]
        },
        "read": {
-          "description": "This will be removed in favor of `entries`.",
          "items": {
            "$ref": "#/definitions/AbsolutePathBuf"
          },
@@ -35,7 +34,6 @@
          ]
        },
        "write": {
-          "description": "This will be removed in favor of `entries`.",
          "items": {
            "$ref": "#/definitions/AbsolutePathBuf"
          },
--- a/codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.schemas.json
+++ b/codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.schemas.json
@@ -448,30 +448,6 @@
          "title": "Thread/shellCommandRequest",
          "type": "object"
        },
-        {
-          "properties": {
-            "id": {
-              "$ref": "#/definitions/v2/RequestId"
-            },
-            "method": {
-              "enum": [
-                "thread/approveGuardianDeniedAction"
-              ],
-              "title": "Thread/approveGuardianDeniedActionRequestMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/v2/ThreadApproveGuardianDeniedActionParams"
-            }
-          },
-          "required": [
-            "id",
-            "method",
-            "params"
-          ],
-          "title": "Thread/approveGuardianDeniedActionRequest",
-          "type": "object"
-        },
        {
          "properties": {
            "id": {
@@ -689,30 +665,6 @@
          "title": "Marketplace/removeRequest",
          "type": "object"
        },
-        {
-          "properties": {
-            "id": {
-              "$ref": "#/definitions/v2/RequestId"
-            },
-            "method": {
-              "enum": [
-                "marketplace/upgrade"
-              ],
-              "title": "Marketplace/upgradeRequestMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/v2/MarketplaceUpgradeParams"
-            }
-          },
-          "required": [
-            "id",
-            "method",
-            "params"
-          ],
-          "title": "Marketplace/upgradeRequest",
-          "type": "object"
-        },
        {
          "properties": {
            "id": {
@@ -3525,13 +3477,6 @@
            }
          ],
          "default": "turn"
-        },
-        "strictAutoReview": {
-          "description": "Review every subsequent command in this turn before normal sandboxed execution.",
-          "type": [
-            "boolean",
-            "null"
-          ]
        }
      },
      "required": [
@@ -4448,26 +4393,6 @@
          "title": "Model/reroutedNotification",
          "type": "object"
        },
-        {
-          "properties": {
-            "method": {
-              "enum": [
-                "model/verification"
-              ],
-              "title": "Model/verificationNotificationMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/v2/ModelVerificationNotification"
-            }
-          },
-          "required": [
-            "method",
-            "params"
-          ],
-          "title": "Model/verificationNotification",
-          "type": "object"
-        },
        {
          "properties": {
            "method": {
@@ -4488,26 +4413,6 @@
          "title": "WarningNotification",
          "type": "object"
        },
-        {
-          "properties": {
-            "method": {
-              "enum": [
-                "guardianWarning"
-              ],
-              "title": "GuardianWarningNotificationMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/v2/GuardianWarningNotification"
-            }
-          },
-          "required": [
-            "method",
-            "params"
-          ],
-          "title": "GuardianWarningNotification",
-          "type": "object"
-        },
        {
          "properties": {
            "method": {
@@ -5322,7 +5227,6 @@
            ]
          },
          "read": {
-            "description": "This will be removed in favor of `entries`.",
            "items": {
              "$ref": "#/definitions/v2/AbsolutePathBuf"
            },
@@ -5332,7 +5236,6 @@
            ]
          },
          "write": {
-            "description": "This will be removed in favor of `entries`.",
            "items": {
              "$ref": "#/definitions/v2/AbsolutePathBuf"
            },
@@ -5781,10 +5684,9 @@
        "type": "object"
      },
      "ApprovalsReviewer": {
-        "description": "Configures who approval requests are routed to for review. Examples include sandbox escapes, blocked network access, MCP approval prompts, and ARC escalations. Defaults to `user`. `auto_review` uses a carefully prompted subagent to gather relevant context and apply a risk-based decision framework before approving or denying the request. The legacy value `guardian_subagent` is accepted for compatibility.",
+        "description": "Configures who approval requests are routed to for review. Examples include sandbox escapes, blocked network access, MCP approval prompts, and ARC escalations. Defaults to `user`. `guardian_subagent` uses a carefully prompted subagent to gather relevant context and apply a risk-based decision framework before approving or denying the request.",
        "enum": [
          "user",
-          "auto_review",
          "guardian_subagent"
        ],
        "type": "string"
@@ -5954,13 +5856,6 @@
              "chatgptAuthTokens"
            ],
            "type": "string"
-          },
-          {
-            "description": "Programmatic Codex auth backed by a registered Agent Identity.",
-            "enum": [
-              "agentIdentity"
-            ],
-            "type": "string"
          }
        ]
      },
@@ -6031,7 +5926,6 @@
              "contextWindowExceeded",
              "usageLimitExceeded",
              "serverOverloaded",
-              "cyberPolicy",
              "internalServerError",
              "unauthorized",
              "badRequest",
@@ -6479,17 +6373,6 @@
              "null"
            ]
          },
-          "permissionProfile": {
-            "anyOf": [
-              {
-                "$ref": "#/definitions/v2/PermissionProfile"
-              },
-              {
-                "type": "null"
-              }
-            ],
-            "description": "Optional full permissions profile for this command.\n\nDefaults to the user's configured permissions when omitted. Cannot be combined with `sandboxPolicy`."
-          },
          "processId": {
            "description": "Optional client-supplied, connection-scoped process id.\n\nRequired for `tty`, `streamStdin`, `streamStdoutStderr`, and follow-up `command/exec/write`, `command/exec/resize`, and `command/exec/terminate` calls. When omitted, buffered execution gets an internal id that is not exposed to the client.",
            "type": [
@@ -6506,7 +6389,7 @@
                "type": "null"
              }
            ],
-            "description": "Optional sandbox policy for this command.\n\nUses the same shape as thread/turn execution sandbox configuration and defaults to the user's configured policy when omitted. Cannot be combined with `permissionProfile`."
+            "description": "Optional sandbox policy for this command.\n\nUses the same shape as thread/turn execution sandbox configuration and defaults to the user's configured policy when omitted."
          },
          "size": {
            "anyOf": [
@@ -7383,100 +7266,6 @@
        "title": "ConfigWriteResponse",
        "type": "object"
      },
-      "ConfiguredHookHandler": {
-        "oneOf": [
-          {
-            "properties": {
-              "async": {
-                "type": "boolean"
-              },
-              "command": {
-                "type": "string"
-              },
-              "statusMessage": {
-                "type": [
-                  "string",
-                  "null"
-                ]
-              },
-              "timeoutSec": {
-                "format": "uint64",
-                "minimum": 0.0,
-                "type": [
-                  "integer",
-                  "null"
-                ]
-              },
-              "type": {
-                "enum": [
-                  "command"
-                ],
-                "title": "CommandConfiguredHookHandlerType",
-                "type": "string"
-              }
-            },
-            "required": [
-              "async",
-              "command",
-              "type"
-            ],
-            "title": "CommandConfiguredHookHandler",
-            "type": "object"
-          },
-          {
-            "properties": {
-              "type": {
-                "enum": [
-                  "prompt"
-                ],
-                "title": "PromptConfiguredHookHandlerType",
-                "type": "string"
-              }
-            },
-            "required": [
-              "type"
-            ],
-            "title": "PromptConfiguredHookHandler",
-            "type": "object"
-          },
-          {
-            "properties": {
-              "type": {
-                "enum": [
-                  "agent"
-                ],
-                "title": "AgentConfiguredHookHandlerType",
-                "type": "string"
-              }
-            },
-            "required": [
-              "type"
-            ],
-            "title": "AgentConfiguredHookHandler",
-            "type": "object"
-          }
-        ]
-      },
-      "ConfiguredHookMatcherGroup": {
-        "properties": {
-          "hooks": {
-            "items": {
-              "$ref": "#/definitions/v2/ConfiguredHookHandler"
-            },
-            "type": "array"
-          },
-          "matcher": {
-            "type": [
-              "string",
-              "null"
-            ]
-          }
-        },
-        "required": [
-          "hooks"
-        ],
-        "type": "object"
-      },
      "ContentItem": {
        "oneOf": [
          {
@@ -9468,25 +9257,6 @@
        ],
        "type": "string"
      },
-      "GuardianWarningNotification": {
-        "$schema": "http://json-schema.org/draft-07/schema#",
-        "properties": {
-          "message": {
-            "description": "Concise guardian warning message for the user.",
-            "type": "string"
-          },
-          "threadId": {
-            "description": "Thread target for the guardian warning.",
-            "type": "string"
-          }
-        },
-        "required": [
-          "message",
-          "threadId"
-        ],
-        "title": "GuardianWarningNotification",
-        "type": "object"
-      },
      "HookCompletedNotification": {
        "$schema": "http://json-schema.org/draft-07/schema#",
        "properties": {
@@ -10170,67 +9940,6 @@
        "title": "LogoutAccountResponse",
        "type": "object"
      },
-      "ManagedHooksRequirements": {
-        "properties": {
-          "PermissionRequest": {
-            "items": {
-              "$ref": "#/definitions/v2/ConfiguredHookMatcherGroup"
-            },
-            "type": "array"
-          },
-          "PostToolUse": {
-            "items": {
-              "$ref": "#/definitions/v2/ConfiguredHookMatcherGroup"
-            },
-            "type": "array"
-          },
-          "PreToolUse": {
-            "items": {
-              "$ref": "#/definitions/v2/ConfiguredHookMatcherGroup"
-            },
-            "type": "array"
-          },
-          "SessionStart": {
-            "items": {
-              "$ref": "#/definitions/v2/ConfiguredHookMatcherGroup"
-            },
-            "type": "array"
-          },
-          "Stop": {
-            "items": {
-              "$ref": "#/definitions/v2/ConfiguredHookMatcherGroup"
-            },
-            "type": "array"
-          },
-          "UserPromptSubmit": {
-            "items": {
-              "$ref": "#/definitions/v2/ConfiguredHookMatcherGroup"
-            },
-            "type": "array"
-          },
-          "managedDir": {
-            "type": [
-              "string",
-              "null"
-            ]
-          },
-          "windowsManagedDir": {
-            "type": [
-              "string",
-              "null"
-            ]
-          }
-        },
-        "required": [
-          "PermissionRequest",
-          "PostToolUse",
-          "PreToolUse",
-          "SessionStart",
-          "Stop",
-          "UserPromptSubmit"
-        ],
-        "type": "object"
-      },
      "MarketplaceAddParams": {
        "$schema": "http://json-schema.org/draft-07/schema#",
        "properties": {
@@ -10342,64 +10051,6 @@
        "title": "MarketplaceRemoveResponse",
        "type": "object"
      },
-      "MarketplaceUpgradeErrorInfo": {
-        "properties": {
-          "marketplaceName": {
-            "type": "string"
-          },
-          "message": {
-            "type": "string"
-          }
-        },
-        "required": [
-          "marketplaceName",
-          "message"
-        ],
-        "type": "object"
-      },
-      "MarketplaceUpgradeParams": {
-        "$schema": "http://json-schema.org/draft-07/schema#",
-        "properties": {
-          "marketplaceName": {
-            "type": [
-              "string",
-              "null"
-            ]
-          }
-        },
-        "title": "MarketplaceUpgradeParams",
-        "type": "object"
-      },
-      "MarketplaceUpgradeResponse": {
-        "$schema": "http://json-schema.org/draft-07/schema#",
-        "properties": {
-          "errors": {
-            "items": {
-              "$ref": "#/definitions/v2/MarketplaceUpgradeErrorInfo"
-            },
-            "type": "array"
-          },
-          "selectedMarketplaces": {
-            "items": {
-              "type": "string"
-            },
-            "type": "array"
-          },
-          "upgradedRoots": {
-            "items": {
-              "$ref": "#/definitions/v2/AbsolutePathBuf"
-            },
-            "type": "array"
-          }
-        },
-        "required": [
-          "errors",
-          "selectedMarketplaces",
-          "upgradedRoots"
-        ],
-        "title": "MarketplaceUpgradeResponse",
-        "type": "object"
-      },
      "McpAuthStatus": {
        "enum": [
          "unsupported",
@@ -11009,36 +10660,6 @@
        ],
        "type": "object"
      },
-      "ModelVerification": {
-        "enum": [
-          "trustedAccessForCyber"
-        ],
-        "type": "string"
-      },
-      "ModelVerificationNotification": {
-        "$schema": "http://json-schema.org/draft-07/schema#",
-        "properties": {
-          "threadId": {
-            "type": "string"
-          },
-          "turnId": {
-            "type": "string"
-          },
-          "verifications": {
-            "items": {
-              "$ref": "#/definitions/v2/ModelVerification"
-            },
-            "type": "array"
-          }
-        },
-        "required": [
-          "threadId",
-          "turnId",
-          "verifications"
-        ],
-        "title": "ModelVerificationNotification",
-        "type": "object"
-      },
      "NetworkAccess": {
        "enum": [
          "restricted",
@@ -11268,64 +10889,6 @@
          }
        ]
      },
-      "PermissionProfile": {
-        "properties": {
-          "fileSystem": {
-            "anyOf": [
-              {
-                "$ref": "#/definitions/v2/PermissionProfileFileSystemPermissions"
-              },
-              {
-                "type": "null"
-              }
-            ]
-          },
-          "network": {
-            "anyOf": [
-              {
-                "$ref": "#/definitions/v2/PermissionProfileNetworkPermissions"
-              },
-              {
-                "type": "null"
-              }
-            ]
-          }
-        },
-        "type": "object"
-      },
-      "PermissionProfileFileSystemPermissions": {
-        "properties": {
-          "entries": {
-            "items": {
-              "$ref": "#/definitions/v2/FileSystemSandboxEntry"
-            },
-            "type": "array"
-          },
-          "globScanMaxDepth": {
-            "format": "uint",
-            "minimum": 1.0,
-            "type": [
-              "integer",
-              "null"
-            ]
-          }
-        },
-        "required": [
-          "entries"
-        ],
-        "type": "object"
-      },
-      "PermissionProfileNetworkPermissions": {
-        "properties": {
-          "enabled": {
-            "type": [
-              "boolean",
-              "null"
-            ]
-          }
-        },
-        "type": "object"
-      },
      "Personality": {
        "enum": [
          "none",
@@ -14301,28 +13864,6 @@
        ],
        "type": "string"
      },
-      "ThreadApproveGuardianDeniedActionParams": {
-        "$schema": "http://json-schema.org/draft-07/schema#",
-        "properties": {
-          "event": {
-            "description": "Serialized `codex_protocol::protocol::GuardianAssessmentEvent`."
-          },
-          "threadId": {
-            "type": "string"
-          }
-        },
-        "required": [
-          "event",
-          "threadId"
-        ],
-        "title": "ThreadApproveGuardianDeniedActionParams",
-        "type": "object"
-      },
-      "ThreadApproveGuardianDeniedActionResponse": {
-        "$schema": "http://json-schema.org/draft-07/schema#",
-        "title": "ThreadApproveGuardianDeniedActionResponse",
-        "type": "object"
-      },
      "ThreadArchiveParams": {
        "$schema": "http://json-schema.org/draft-07/schema#",
        "properties": {
@@ -14438,10 +13979,6 @@
          "ephemeral": {
            "type": "boolean"
          },
-          "excludeTurns": {
-            "description": "When true, return only thread metadata and live fork state without populating `thread.turns`. This is useful when the client plans to call `thread/turns/list` immediately after forking.",
-            "type": "boolean"
-          },
          "model": {
            "description": "Configuration overrides for the forked thread, if any.",
            "type": [
@@ -14455,17 +13992,6 @@
              "null"
            ]
          },
-          "permissionProfile": {
-            "anyOf": [
-              {
-                "$ref": "#/definitions/v2/PermissionProfile"
-              },
-              {
-                "type": "null"
-              }
-            ],
-            "description": "Full permissions override for the forked thread. Cannot be combined with `sandbox`."
-          },
          "sandbox": {
            "anyOf": [
              {
@@ -14534,18 +14060,6 @@
          "modelProvider": {
            "type": "string"
          },
-          "permissionProfile": {
-            "anyOf": [
-              {
-                "$ref": "#/definitions/v2/PermissionProfile"
-              },
-              {
-                "type": "null"
-              }
-            ],
-            "default": null,
-            "description": "Canonical active permissions view for this thread when representable. This is `null` for external sandbox policies because external enforcement cannot be round-tripped as a `PermissionProfile`."
-          },
          "reasoningEffort": {
            "anyOf": [
              {
@@ -14557,12 +14071,7 @@
            ]
          },
          "sandbox": {
-            "allOf": [
-              {
-                "$ref": "#/definitions/v2/SandboxPolicy"
-              }
-            ],
-            "description": "Legacy sandbox policy retained for compatibility. New clients should use `permissionProfile` when present as the canonical active permissions view."
+            "$ref": "#/definitions/v2/SandboxPolicy"
          },
          "serviceTier": {
            "anyOf": [
@@ -15277,19 +14786,6 @@
          }
        ]
      },
-      "ThreadListCwdFilter": {
-        "anyOf": [
-          {
-            "type": "string"
-          },
-          {
-            "items": {
-              "type": "string"
-            },
-            "type": "array"
-          }
-        ]
-      },
      "ThreadListParams": {
        "$schema": "http://json-schema.org/draft-07/schema#",
        "properties": {
@@ -15308,15 +14804,11 @@
            ]
          },
          "cwd": {
-            "anyOf": [
-              {
-                "$ref": "#/definitions/v2/ThreadListCwdFilter"
-              },
-              {
-                "type": "null"
-              }
-            ],
-            "description": "Optional cwd filter or filters; when set, only threads whose session cwd exactly matches one of these paths are returned."
+            "description": "Optional cwd filter; when set, only threads whose session cwd exactly matches this path are returned.",
+            "type": [
+              "string",
+              "null"
+            ]
          },
          "limit": {
            "description": "Optional page size; defaults to a reasonable server-side value.",
@@ -15375,10 +14867,6 @@
              "array",
              "null"
            ]
-          },
-          "useStateDbOnly": {
-            "description": "If true, return from the state DB without scanning JSONL rollouts to repair thread metadata. Omitted or false preserves scan-and-repair behavior.",
-            "type": "boolean"
          }
        },
        "title": "ThreadListParams",
@@ -15871,10 +15359,6 @@
              "null"
            ]
          },
-          "excludeTurns": {
-            "description": "When true, return only thread metadata and live-resume state without populating `thread.turns`. This is useful when the client plans to call `thread/turns/list` immediately after resuming.",
-            "type": "boolean"
-          },
          "model": {
            "description": "Configuration overrides for the resumed thread, if any.",
            "type": [
@@ -15888,17 +15372,6 @@
              "null"
            ]
          },
-          "permissionProfile": {
-            "anyOf": [
-              {
-                "$ref": "#/definitions/v2/PermissionProfile"
-              },
-              {
-                "type": "null"
-              }
-            ],
-            "description": "Full permissions override for the resumed thread. Cannot be combined with `sandbox`."
-          },
          "personality": {
            "anyOf": [
              {
@@ -15977,18 +15450,6 @@
          "modelProvider": {
            "type": "string"
          },
-          "permissionProfile": {
-            "anyOf": [
-              {
-                "$ref": "#/definitions/v2/PermissionProfile"
-              },
-              {
-                "type": "null"
-              }
-            ],
-            "default": null,
-            "description": "Canonical active permissions view for this thread when representable. This is `null` for external sandbox policies because external enforcement cannot be round-tripped as a `PermissionProfile`."
-          },
          "reasoningEffort": {
            "anyOf": [
              {
@@ -16000,12 +15461,7 @@
            ]
          },
          "sandbox": {
-            "allOf": [
-              {
-                "$ref": "#/definitions/v2/SandboxPolicy"
-              }
-            ],
-            "description": "Legacy sandbox policy retained for compatibility. New clients should use `permissionProfile` when present as the canonical active permissions view."
+            "$ref": "#/definitions/v2/SandboxPolicy"
          },
          "serviceTier": {
            "anyOf": [
@@ -16205,17 +15661,6 @@
              "null"
            ]
          },
-          "permissionProfile": {
-            "anyOf": [
-              {
-                "$ref": "#/definitions/v2/PermissionProfile"
-              },
-              {
-                "type": "null"
-              }
-            ],
-            "description": "Full permissions override for this thread. Cannot be combined with `sandbox`."
-          },
          "personality": {
            "anyOf": [
              {
@@ -16304,18 +15749,6 @@
          "modelProvider": {
            "type": "string"
          },
-          "permissionProfile": {
-            "anyOf": [
-              {
-                "$ref": "#/definitions/v2/PermissionProfile"
-              },
-              {
-                "type": "null"
-              }
-            ],
-            "default": null,
-            "description": "Canonical active permissions view for this thread when representable. This is `null` for external sandbox policies because external enforcement cannot be round-tripped as a `PermissionProfile`."
-          },
          "reasoningEffort": {
            "anyOf": [
              {
@@ -16327,12 +15760,7 @@
            ]
          },
          "sandbox": {
-            "allOf": [
-              {
-                "$ref": "#/definitions/v2/SandboxPolicy"
-              }
-            ],
-            "description": "Legacy sandbox policy retained for compatibility. New clients should use `permissionProfile` when present as the canonical active permissions view."
+            "$ref": "#/definitions/v2/SandboxPolicy"
          },
          "serviceTier": {
            "anyOf": [
@@ -17021,17 +16449,6 @@
          "outputSchema": {
            "description": "Optional JSON Schema used to constrain the final assistant message for this turn."
          },
-          "permissionProfile": {
-            "anyOf": [
-              {
-                "$ref": "#/definitions/v2/PermissionProfile"
-              },
-              {
-                "type": "null"
-              }
-            ],
-            "description": "Override the full permissions profile for this turn and subsequent turns. Cannot be combined with `sandboxPolicy`."
-          },
          "personality": {
            "anyOf": [
              {
--- a/codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.v2.schemas.json
+++ b/codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.v2.schemas.json
@@ -148,7 +148,6 @@
          ]
        },
        "read": {
-          "description": "This will be removed in favor of `entries`.",
          "items": {
            "$ref": "#/definitions/AbsolutePathBuf"
          },
@@ -158,7 +157,6 @@
          ]
        },
        "write": {
-          "description": "This will be removed in favor of `entries`.",
          "items": {
            "$ref": "#/definitions/AbsolutePathBuf"
          },
@@ -607,10 +605,9 @@
      "type": "object"
    },
    "ApprovalsReviewer": {
-      "description": "Configures who approval requests are routed to for review. Examples include sandbox escapes, blocked network access, MCP approval prompts, and ARC escalations. Defaults to `user`. `auto_review` uses a carefully prompted subagent to gather relevant context and apply a risk-based decision framework before approving or denying the request. The legacy value `guardian_subagent` is accepted for compatibility.",
+      "description": "Configures who approval requests are routed to for review. Examples include sandbox escapes, blocked network access, MCP approval prompts, and ARC escalations. Defaults to `user`. `guardian_subagent` uses a carefully prompted subagent to gather relevant context and apply a risk-based decision framework before approving or denying the request.",
      "enum": [
        "user",
-        "auto_review",
        "guardian_subagent"
      ],
      "type": "string"
@@ -780,13 +777,6 @@
            "chatgptAuthTokens"
          ],
          "type": "string"
-        },
-        {
-          "description": "Programmatic Codex auth backed by a registered Agent Identity.",
-          "enum": [
-            "agentIdentity"
-          ],
-          "type": "string"
        }
      ]
    },
@@ -1139,30 +1129,6 @@
          "title": "Thread/shellCommandRequest",
          "type": "object"
        },
-        {
-          "properties": {
-            "id": {
-              "$ref": "#/definitions/RequestId"
-            },
-            "method": {
-              "enum": [
-                "thread/approveGuardianDeniedAction"
-              ],
-              "title": "Thread/approveGuardianDeniedActionRequestMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/ThreadApproveGuardianDeniedActionParams"
-            }
-          },
-          "required": [
-            "id",
-            "method",
-            "params"
-          ],
-          "title": "Thread/approveGuardianDeniedActionRequest",
-          "type": "object"
-        },
        {
          "properties": {
            "id": {
@@ -1380,30 +1346,6 @@
          "title": "Marketplace/removeRequest",
          "type": "object"
        },
-        {
-          "properties": {
-            "id": {
-              "$ref": "#/definitions/RequestId"
-            },
-            "method": {
-              "enum": [
-                "marketplace/upgrade"
-              ],
-              "title": "Marketplace/upgradeRequestMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/MarketplaceUpgradeParams"
-            }
-          },
-          "required": [
-            "id",
-            "method",
-            "params"
-          ],
-          "title": "Marketplace/upgradeRequest",
-          "type": "object"
-        },
        {
          "properties": {
            "id": {
@@ -2591,7 +2533,6 @@
            "contextWindowExceeded",
            "usageLimitExceeded",
            "serverOverloaded",
-            "cyberPolicy",
            "internalServerError",
            "unauthorized",
            "badRequest",
@@ -3039,17 +2980,6 @@
            "null"
          ]
        },
-        "permissionProfile": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PermissionProfile"
-            },
-            {
-              "type": "null"
-            }
-          ],
-          "description": "Optional full permissions profile for this command.\n\nDefaults to the user's configured permissions when omitted. Cannot be combined with `sandboxPolicy`."
-        },
        "processId": {
          "description": "Optional client-supplied, connection-scoped process id.\n\nRequired for `tty`, `streamStdin`, `streamStdoutStderr`, and follow-up `command/exec/write`, `command/exec/resize`, and `command/exec/terminate` calls. When omitted, buffered execution gets an internal id that is not exposed to the client.",
          "type": [
@@ -3066,7 +2996,7 @@
              "type": "null"
            }
          ],
-          "description": "Optional sandbox policy for this command.\n\nUses the same shape as thread/turn execution sandbox configuration and defaults to the user's configured policy when omitted. Cannot be combined with `permissionProfile`."
+          "description": "Optional sandbox policy for this command.\n\nUses the same shape as thread/turn execution sandbox configuration and defaults to the user's configured policy when omitted."
        },
        "size": {
          "anyOf": [
@@ -3943,100 +3873,6 @@
      "title": "ConfigWriteResponse",
      "type": "object"
    },
-    "ConfiguredHookHandler": {
-      "oneOf": [
-        {
-          "properties": {
-            "async": {
-              "type": "boolean"
-            },
-            "command": {
-              "type": "string"
-            },
-            "statusMessage": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "timeoutSec": {
-              "format": "uint64",
-              "minimum": 0.0,
-              "type": [
-                "integer",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "command"
-              ],
-              "title": "CommandConfiguredHookHandlerType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "async",
-            "command",
-            "type"
-          ],
-          "title": "CommandConfiguredHookHandler",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "type": {
-              "enum": [
-                "prompt"
-              ],
-              "title": "PromptConfiguredHookHandlerType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "PromptConfiguredHookHandler",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "type": {
-              "enum": [
-                "agent"
-              ],
-              "title": "AgentConfiguredHookHandlerType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "AgentConfiguredHookHandler",
-          "type": "object"
-        }
-      ]
-    },
-    "ConfiguredHookMatcherGroup": {
-      "properties": {
-        "hooks": {
-          "items": {
-            "$ref": "#/definitions/ConfiguredHookHandler"
-          },
-          "type": "array"
-        },
-        "matcher": {
-          "type": [
-            "string",
-            "null"
-          ]
-        }
-      },
-      "required": [
-        "hooks"
-      ],
-      "type": "object"
-    },
    "ContentItem": {
      "oneOf": [
        {
@@ -6139,25 +5975,6 @@
      ],
      "type": "string"
    },
-    "GuardianWarningNotification": {
-      "$schema": "http://json-schema.org/draft-07/schema#",
-      "properties": {
-        "message": {
-          "description": "Concise guardian warning message for the user.",
-          "type": "string"
-        },
-        "threadId": {
-          "description": "Thread target for the guardian warning.",
-          "type": "string"
-        }
-      },
-      "required": [
-        "message",
-        "threadId"
-      ],
-      "title": "GuardianWarningNotification",
-      "type": "object"
-    },
    "HookCompletedNotification": {
      "$schema": "http://json-schema.org/draft-07/schema#",
      "properties": {
@@ -6885,67 +6702,6 @@
      "title": "LogoutAccountResponse",
      "type": "object"
    },
-    "ManagedHooksRequirements": {
-      "properties": {
-        "PermissionRequest": {
-          "items": {
-            "$ref": "#/definitions/ConfiguredHookMatcherGroup"
-          },
-          "type": "array"
-        },
-        "PostToolUse": {
-          "items": {
-            "$ref": "#/definitions/ConfiguredHookMatcherGroup"
-          },
-          "type": "array"
-        },
-        "PreToolUse": {
-          "items": {
-            "$ref": "#/definitions/ConfiguredHookMatcherGroup"
-          },
-          "type": "array"
-        },
-        "SessionStart": {
-          "items": {
-            "$ref": "#/definitions/ConfiguredHookMatcherGroup"
-          },
-          "type": "array"
-        },
-        "Stop": {
-          "items": {
-            "$ref": "#/definitions/ConfiguredHookMatcherGroup"
-          },
-          "type": "array"
-        },
-        "UserPromptSubmit": {
-          "items": {
-            "$ref": "#/definitions/ConfiguredHookMatcherGroup"
-          },
-          "type": "array"
-        },
-        "managedDir": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "windowsManagedDir": {
-          "type": [
-            "string",
-            "null"
-          ]
-        }
-      },
-      "required": [
-        "PermissionRequest",
-        "PostToolUse",
-        "PreToolUse",
-        "SessionStart",
-        "Stop",
-        "UserPromptSubmit"
-      ],
-      "type": "object"
-    },
    "MarketplaceAddParams": {
      "$schema": "http://json-schema.org/draft-07/schema#",
      "properties": {
@@ -7057,64 +6813,6 @@
      "title": "MarketplaceRemoveResponse",
      "type": "object"
    },
-    "MarketplaceUpgradeErrorInfo": {
-      "properties": {
-        "marketplaceName": {
-          "type": "string"
-        },
-        "message": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "marketplaceName",
-        "message"
-      ],
-      "type": "object"
-    },
-    "MarketplaceUpgradeParams": {
-      "$schema": "http://json-schema.org/draft-07/schema#",
-      "properties": {
-        "marketplaceName": {
-          "type": [
-            "string",
-            "null"
-          ]
-        }
-      },
-      "title": "MarketplaceUpgradeParams",
-      "type": "object"
-    },
-    "MarketplaceUpgradeResponse": {
-      "$schema": "http://json-schema.org/draft-07/schema#",
-      "properties": {
-        "errors": {
-          "items": {
-            "$ref": "#/definitions/MarketplaceUpgradeErrorInfo"
-          },
-          "type": "array"
-        },
-        "selectedMarketplaces": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "upgradedRoots": {
-          "items": {
-            "$ref": "#/definitions/AbsolutePathBuf"
-          },
-          "type": "array"
-        }
-      },
-      "required": [
-        "errors",
-        "selectedMarketplaces",
-        "upgradedRoots"
-      ],
-      "title": "MarketplaceUpgradeResponse",
-      "type": "object"
-    },
    "McpAuthStatus": {
      "enum": [
        "unsupported",
@@ -7724,36 +7422,6 @@
      ],
      "type": "object"
    },
-    "ModelVerification": {
-      "enum": [
-        "trustedAccessForCyber"
-      ],
-      "type": "string"
-    },
-    "ModelVerificationNotification": {
-      "$schema": "http://json-schema.org/draft-07/schema#",
-      "properties": {
-        "threadId": {
-          "type": "string"
-        },
-        "turnId": {
-          "type": "string"
-        },
-        "verifications": {
-          "items": {
-            "$ref": "#/definitions/ModelVerification"
-          },
-          "type": "array"
-        }
-      },
-      "required": [
-        "threadId",
-        "turnId",
-        "verifications"
-      ],
-      "title": "ModelVerificationNotification",
-      "type": "object"
-    },
    "NetworkAccess": {
      "enum": [
        "restricted",
@@ -7983,64 +7651,6 @@
        }
      ]
    },
-    "PermissionProfile": {
-      "properties": {
-        "fileSystem": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PermissionProfileFileSystemPermissions"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
-        "network": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        }
-      },
-      "type": "object"
-    },
-    "PermissionProfileFileSystemPermissions": {
-      "properties": {
-        "entries": {
-          "items": {
-            "$ref": "#/definitions/FileSystemSandboxEntry"
-          },
-          "type": "array"
-        },
-        "globScanMaxDepth": {
-          "format": "uint",
-          "minimum": 1.0,
-          "type": [
-            "integer",
-            "null"
-          ]
-        }
-      },
-      "required": [
-        "entries"
-      ],
-      "type": "object"
-    },
-    "PermissionProfileNetworkPermissions": {
-      "properties": {
-        "enabled": {
-          "type": [
-            "boolean",
-            "null"
-          ]
-        }
-      },
-      "type": "object"
-    },
    "Personality": {
      "enum": [
        "none",
@@ -11067,26 +10677,6 @@
          "title": "Model/reroutedNotification",
          "type": "object"
        },
-        {
-          "properties": {
-            "method": {
-              "enum": [
-                "model/verification"
-              ],
-              "title": "Model/verificationNotificationMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/ModelVerificationNotification"
-            }
-          },
-          "required": [
-            "method",
-            "params"
-          ],
-          "title": "Model/verificationNotification",
-          "type": "object"
-        },
        {
          "properties": {
            "method": {
@@ -11107,26 +10697,6 @@
          "title": "WarningNotification",
          "type": "object"
        },
-        {
-          "properties": {
-            "method": {
-              "enum": [
-                "guardianWarning"
-              ],
-              "title": "GuardianWarningNotificationMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/GuardianWarningNotification"
-            }
-          },
-          "required": [
-            "method",
-            "params"
-          ],
-          "title": "GuardianWarningNotification",
-          "type": "object"
-        },
        {
          "properties": {
            "method": {
@@ -12188,28 +11758,6 @@
      ],
      "type": "string"
    },
-    "ThreadApproveGuardianDeniedActionParams": {
-      "$schema": "http://json-schema.org/draft-07/schema#",
-      "properties": {
-        "event": {
-          "description": "Serialized `codex_protocol::protocol::GuardianAssessmentEvent`."
-        },
-        "threadId": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "event",
-        "threadId"
-      ],
-      "title": "ThreadApproveGuardianDeniedActionParams",
-      "type": "object"
-    },
-    "ThreadApproveGuardianDeniedActionResponse": {
-      "$schema": "http://json-schema.org/draft-07/schema#",
-      "title": "ThreadApproveGuardianDeniedActionResponse",
-      "type": "object"
-    },
    "ThreadArchiveParams": {
      "$schema": "http://json-schema.org/draft-07/schema#",
      "properties": {
@@ -12325,10 +11873,6 @@
        "ephemeral": {
          "type": "boolean"
        },
-        "excludeTurns": {
-          "description": "When true, return only thread metadata and live fork state without populating `thread.turns`. This is useful when the client plans to call `thread/turns/list` immediately after forking.",
-          "type": "boolean"
-        },
        "model": {
          "description": "Configuration overrides for the forked thread, if any.",
          "type": [
@@ -12342,17 +11886,6 @@
            "null"
          ]
        },
-        "permissionProfile": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PermissionProfile"
-            },
-            {
-              "type": "null"
-            }
-          ],
-          "description": "Full permissions override for the forked thread. Cannot be combined with `sandbox`."
-        },
        "sandbox": {
          "anyOf": [
            {
@@ -12421,18 +11954,6 @@
        "modelProvider": {
          "type": "string"
        },
-        "permissionProfile": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PermissionProfile"
-            },
-            {
-              "type": "null"
-            }
-          ],
-          "default": null,
-          "description": "Canonical active permissions view for this thread when representable. This is `null` for external sandbox policies because external enforcement cannot be round-tripped as a `PermissionProfile`."
-        },
        "reasoningEffort": {
          "anyOf": [
            {
@@ -12444,12 +11965,7 @@
          ]
        },
        "sandbox": {
-          "allOf": [
-            {
-              "$ref": "#/definitions/SandboxPolicy"
-            }
-          ],
-          "description": "Legacy sandbox policy retained for compatibility. New clients should use `permissionProfile` when present as the canonical active permissions view."
+          "$ref": "#/definitions/SandboxPolicy"
        },
        "serviceTier": {
          "anyOf": [
@@ -13164,19 +12680,6 @@
        }
      ]
    },
-    "ThreadListCwdFilter": {
-      "anyOf": [
-        {
-          "type": "string"
-        },
-        {
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      ]
-    },
    "ThreadListParams": {
      "$schema": "http://json-schema.org/draft-07/schema#",
      "properties": {
@@ -13195,15 +12698,11 @@
          ]
        },
        "cwd": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/ThreadListCwdFilter"
-            },
-            {
-              "type": "null"
-            }
-          ],
-          "description": "Optional cwd filter or filters; when set, only threads whose session cwd exactly matches one of these paths are returned."
+          "description": "Optional cwd filter; when set, only threads whose session cwd exactly matches this path are returned.",
+          "type": [
+            "string",
+            "null"
+          ]
        },
        "limit": {
          "description": "Optional page size; defaults to a reasonable server-side value.",
@@ -13262,10 +12761,6 @@
            "array",
            "null"
          ]
-        },
-        "useStateDbOnly": {
-          "description": "If true, return from the state DB without scanning JSONL rollouts to repair thread metadata. Omitted or false preserves scan-and-repair behavior.",
-          "type": "boolean"
        }
      },
      "title": "ThreadListParams",
@@ -13758,10 +13253,6 @@
            "null"
          ]
        },
-        "excludeTurns": {
-          "description": "When true, return only thread metadata and live-resume state without populating `thread.turns`. This is useful when the client plans to call `thread/turns/list` immediately after resuming.",
-          "type": "boolean"
-        },
        "model": {
          "description": "Configuration overrides for the resumed thread, if any.",
          "type": [
@@ -13775,17 +13266,6 @@
            "null"
          ]
        },
-        "permissionProfile": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PermissionProfile"
-            },
-            {
-              "type": "null"
-            }
-          ],
-          "description": "Full permissions override for the resumed thread. Cannot be combined with `sandbox`."
-        },
        "personality": {
          "anyOf": [
            {
@@ -13864,18 +13344,6 @@
        "modelProvider": {
          "type": "string"
        },
-        "permissionProfile": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PermissionProfile"
-            },
-            {
-              "type": "null"
-            }
-          ],
-          "default": null,
-          "description": "Canonical active permissions view for this thread when representable. This is `null` for external sandbox policies because external enforcement cannot be round-tripped as a `PermissionProfile`."
-        },
        "reasoningEffort": {
          "anyOf": [
            {
@@ -13887,12 +13355,7 @@
          ]
        },
        "sandbox": {
-          "allOf": [
-            {
-              "$ref": "#/definitions/SandboxPolicy"
-            }
-          ],
-          "description": "Legacy sandbox policy retained for compatibility. New clients should use `permissionProfile` when present as the canonical active permissions view."
+          "$ref": "#/definitions/SandboxPolicy"
        },
        "serviceTier": {
          "anyOf": [
@@ -14092,17 +13555,6 @@
            "null"
          ]
        },
-        "permissionProfile": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PermissionProfile"
-            },
-            {
-              "type": "null"
-            }
-          ],
-          "description": "Full permissions override for this thread. Cannot be combined with `sandbox`."
-        },
        "personality": {
          "anyOf": [
            {
@@ -14191,18 +13643,6 @@
        "modelProvider": {
          "type": "string"
        },
-        "permissionProfile": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PermissionProfile"
-            },
-            {
-              "type": "null"
-            }
-          ],
-          "default": null,
-          "description": "Canonical active permissions view for this thread when representable. This is `null` for external sandbox policies because external enforcement cannot be round-tripped as a `PermissionProfile`."
-        },
        "reasoningEffort": {
          "anyOf": [
            {
@@ -14214,12 +13654,7 @@
          ]
        },
        "sandbox": {
-          "allOf": [
-            {
-              "$ref": "#/definitions/SandboxPolicy"
-            }
-          ],
-          "description": "Legacy sandbox policy retained for compatibility. New clients should use `permissionProfile` when present as the canonical active permissions view."
+          "$ref": "#/definitions/SandboxPolicy"
        },
        "serviceTier": {
          "anyOf": [
@@ -14908,17 +14343,6 @@
        "outputSchema": {
          "description": "Optional JSON Schema used to constrain the final assistant message for this turn."
        },
-        "permissionProfile": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PermissionProfile"
-            },
-            {
-              "type": "null"
-            }
-          ],
-          "description": "Override the full permissions profile for this turn and subsequent turns. Cannot be combined with `sandboxPolicy`."
-        },
        "personality": {
          "anyOf": [
            {
--- a/codex-rs/app-server-protocol/schema/json/v2/AccountUpdatedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/AccountUpdatedNotification.json
@@ -24,13 +24,6 @@
            "chatgptAuthTokens"
          ],
          "type": "string"
-        },
-        {
-          "description": "Programmatic Codex auth backed by a registered Agent Identity.",
-          "enum": [
-            "agentIdentity"
-          ],
-          "type": "string"
        }
      ]
    },
--- a/codex-rs/app-server-protocol/schema/json/v2/CommandExecParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/CommandExecParams.json
@@ -27,217 +27,6 @@
      ],
      "type": "object"
    },
-    "FileSystemAccessMode": {
-      "enum": [
-        "read",
-        "write",
-        "none"
-      ],
-      "type": "string"
-    },
-    "FileSystemPath": {
-      "oneOf": [
-        {
-          "properties": {
-            "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
-            },
-            "type": {
-              "enum": [
-                "path"
-              ],
-              "title": "PathFileSystemPathType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "path",
-            "type"
-          ],
-          "title": "PathFileSystemPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "pattern": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "glob_pattern"
-              ],
-              "title": "GlobPatternFileSystemPathType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "pattern",
-            "type"
-          ],
-          "title": "GlobPatternFileSystemPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "type": {
-              "enum": [
-                "special"
-              ],
-              "title": "SpecialFileSystemPathType",
-              "type": "string"
-            },
-            "value": {
-              "$ref": "#/definitions/FileSystemSpecialPath"
-            }
-          },
-          "required": [
-            "type",
-            "value"
-          ],
-          "title": "SpecialFileSystemPath",
-          "type": "object"
-        }
-      ]
-    },
-    "FileSystemSandboxEntry": {
-      "properties": {
-        "access": {
-          "$ref": "#/definitions/FileSystemAccessMode"
-        },
-        "path": {
-          "$ref": "#/definitions/FileSystemPath"
-        }
-      },
-      "required": [
-        "access",
-        "path"
-      ],
-      "type": "object"
-    },
-    "FileSystemSpecialPath": {
-      "oneOf": [
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "root"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "RootFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "minimal"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "MinimalFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "current_working_directory"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "CurrentWorkingDirectoryFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "project_roots"
-              ],
-              "type": "string"
-            },
-            "subpath": {
-              "type": [
-                "string",
-                "null"
-              ]
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "KindFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "tmpdir"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "TmpdirFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "slash_tmp"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "SlashTmpFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "unknown"
-              ],
-              "type": "string"
-            },
-            "path": {
-              "type": "string"
-            },
-            "subpath": {
-              "type": [
-                "string",
-                "null"
-              ]
-            }
-          },
-          "required": [
-            "kind",
-            "path"
-          ],
-          "type": "object"
-        }
-      ]
-    },
    "NetworkAccess": {
      "enum": [
        "restricted",
@@ -245,64 +34,6 @@
      ],
      "type": "string"
    },
-    "PermissionProfile": {
-      "properties": {
-        "fileSystem": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PermissionProfileFileSystemPermissions"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
-        "network": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        }
-      },
-      "type": "object"
-    },
-    "PermissionProfileFileSystemPermissions": {
-      "properties": {
-        "entries": {
-          "items": {
-            "$ref": "#/definitions/FileSystemSandboxEntry"
-          },
-          "type": "array"
-        },
-        "globScanMaxDepth": {
-          "format": "uint",
-          "minimum": 1.0,
-          "type": [
-            "integer",
-            "null"
-          ]
-        }
-      },
-      "required": [
-        "entries"
-      ],
-      "type": "object"
-    },
-    "PermissionProfileNetworkPermissions": {
-      "properties": {
-        "enabled": {
-          "type": [
-            "boolean",
-            "null"
-          ]
-        }
-      },
-      "type": "object"
-    },
    "ReadOnlyAccess": {
      "oneOf": [
        {
@@ -516,17 +247,6 @@
        "null"
      ]
    },
-    "permissionProfile": {
-      "anyOf": [
-        {
-          "$ref": "#/definitions/PermissionProfile"
-        },
-        {
-          "type": "null"
-        }
-      ],
-      "description": "Optional full permissions profile for this command.\n\nDefaults to the user's configured permissions when omitted. Cannot be combined with `sandboxPolicy`."
-    },
    "processId": {
      "description": "Optional client-supplied, connection-scoped process id.\n\nRequired for `tty`, `streamStdin`, `streamStdoutStderr`, and follow-up `command/exec/write`, `command/exec/resize`, and `command/exec/terminate` calls. When omitted, buffered execution gets an internal id that is not exposed to the client.",
      "type": [
@@ -543,7 +263,7 @@
          "type": "null"
        }
      ],
-      "description": "Optional sandbox policy for this command.\n\nUses the same shape as thread/turn execution sandbox configuration and defaults to the user's configured policy when omitted. Cannot be combined with `permissionProfile`."
+      "description": "Optional sandbox policy for this command.\n\nUses the same shape as thread/turn execution sandbox configuration and defaults to the user's configured policy when omitted."
    },
    "size": {
      "anyOf": [
--- a/codex-rs/app-server-protocol/schema/json/v2/ConfigReadResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ConfigReadResponse.json
@@ -97,10 +97,9 @@
      "type": "object"
    },
    "ApprovalsReviewer": {
-      "description": "Configures who approval requests are routed to for review. Examples include sandbox escapes, blocked network access, MCP approval prompts, and ARC escalations. Defaults to `user`. `auto_review` uses a carefully prompted subagent to gather relevant context and apply a risk-based decision framework before approving or denying the request. The legacy value `guardian_subagent` is accepted for compatibility.",
+      "description": "Configures who approval requests are routed to for review. Examples include sandbox escapes, blocked network access, MCP approval prompts, and ARC escalations. Defaults to `user`. `guardian_subagent` uses a carefully prompted subagent to gather relevant context and apply a risk-based decision framework before approving or denying the request.",
      "enum": [
        "user",
-        "auto_review",
        "guardian_subagent"
      ],
      "type": "string"
--- a/codex-rs/app-server-protocol/schema/json/v2/ConfigRequirementsReadResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ConfigRequirementsReadResponse.json
@@ -2,10 +2,9 @@
  "$schema": "http://json-schema.org/draft-07/schema#",
  "definitions": {
    "ApprovalsReviewer": {
-      "description": "Configures who approval requests are routed to for review. Examples include sandbox escapes, blocked network access, MCP approval prompts, and ARC escalations. Defaults to `user`. `auto_review` uses a carefully prompted subagent to gather relevant context and apply a risk-based decision framework before approving or denying the request. The legacy value `guardian_subagent` is accepted for compatibility.",
+      "description": "Configures who approval requests are routed to for review. Examples include sandbox escapes, blocked network access, MCP approval prompts, and ARC escalations. Defaults to `user`. `guardian_subagent` uses a carefully prompted subagent to gather relevant context and apply a risk-based decision framework before approving or denying the request.",
      "enum": [
        "user",
-        "auto_review",
        "guardian_subagent"
      ],
      "type": "string"
@@ -111,161 +110,6 @@
      },
      "type": "object"
    },
-    "ConfiguredHookHandler": {
-      "oneOf": [
-        {
-          "properties": {
-            "async": {
-              "type": "boolean"
-            },
-            "command": {
-              "type": "string"
-            },
-            "statusMessage": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "timeoutSec": {
-              "format": "uint64",
-              "minimum": 0.0,
-              "type": [
-                "integer",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "command"
-              ],
-              "title": "CommandConfiguredHookHandlerType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "async",
-            "command",
-            "type"
-          ],
-          "title": "CommandConfiguredHookHandler",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "type": {
-              "enum": [
-                "prompt"
-              ],
-              "title": "PromptConfiguredHookHandlerType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "PromptConfiguredHookHandler",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "type": {
-              "enum": [
-                "agent"
-              ],
-              "title": "AgentConfiguredHookHandlerType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "AgentConfiguredHookHandler",
-          "type": "object"
-        }
-      ]
-    },
-    "ConfiguredHookMatcherGroup": {
-      "properties": {
-        "hooks": {
-          "items": {
-            "$ref": "#/definitions/ConfiguredHookHandler"
-          },
-          "type": "array"
-        },
-        "matcher": {
-          "type": [
-            "string",
-            "null"
-          ]
-        }
-      },
-      "required": [
-        "hooks"
-      ],
-      "type": "object"
-    },
-    "ManagedHooksRequirements": {
-      "properties": {
-        "PermissionRequest": {
-          "items": {
-            "$ref": "#/definitions/ConfiguredHookMatcherGroup"
-          },
-          "type": "array"
-        },
-        "PostToolUse": {
-          "items": {
-            "$ref": "#/definitions/ConfiguredHookMatcherGroup"
-          },
-          "type": "array"
-        },
-        "PreToolUse": {
-          "items": {
-            "$ref": "#/definitions/ConfiguredHookMatcherGroup"
-          },
-          "type": "array"
-        },
-        "SessionStart": {
-          "items": {
-            "$ref": "#/definitions/ConfiguredHookMatcherGroup"
-          },
-          "type": "array"
-        },
-        "Stop": {
-          "items": {
-            "$ref": "#/definitions/ConfiguredHookMatcherGroup"
-          },
-          "type": "array"
-        },
-        "UserPromptSubmit": {
-          "items": {
-            "$ref": "#/definitions/ConfiguredHookMatcherGroup"
-          },
-          "type": "array"
-        },
-        "managedDir": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "windowsManagedDir": {
-          "type": [
-            "string",
-            "null"
-          ]
-        }
-      },
-      "required": [
-        "PermissionRequest",
-        "PostToolUse",
-        "PreToolUse",
-        "SessionStart",
-        "Stop",
-        "UserPromptSubmit"
-      ],
-      "type": "object"
-    },
    "NetworkDomainPermission": {
      "enum": [
        "allow",
--- a/codex-rs/app-server-protocol/schema/json/v2/ErrorNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ErrorNotification.json
@@ -9,7 +9,6 @@
            "contextWindowExceeded",
            "usageLimitExceeded",
            "serverOverloaded",
-            "cyberPolicy",
            "internalServerError",
            "unauthorized",
            "badRequest",
--- a/codex-rs/app-server-protocol/schema/json/v2/GuardianWarningNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/GuardianWarningNotification.json
@@ -1,19 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "message": {
-      "description": "Concise guardian warning message for the user.",
-      "type": "string"
-    },
-    "threadId": {
-      "description": "Thread target for the guardian warning.",
-      "type": "string"
-    }
-  },
-  "required": [
-    "message",
-    "threadId"
-  ],
-  "title": "GuardianWarningNotification",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/ItemGuardianApprovalReviewCompletedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ItemGuardianApprovalReviewCompletedNotification.json
@@ -25,7 +25,6 @@
          ]
        },
        "read": {
-          "description": "This will be removed in favor of `entries`.",
          "items": {
            "$ref": "#/definitions/AbsolutePathBuf"
          },
@@ -35,7 +34,6 @@
          ]
        },
        "write": {
-          "description": "This will be removed in favor of `entries`.",
          "items": {
            "$ref": "#/definitions/AbsolutePathBuf"
          },
--- a/codex-rs/app-server-protocol/schema/json/v2/ItemGuardianApprovalReviewStartedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ItemGuardianApprovalReviewStartedNotification.json
@@ -25,7 +25,6 @@
          ]
        },
        "read": {
-          "description": "This will be removed in favor of `entries`.",
          "items": {
            "$ref": "#/definitions/AbsolutePathBuf"
          },
@@ -35,7 +34,6 @@
          ]
        },
        "write": {
-          "description": "This will be removed in favor of `entries`.",
          "items": {
            "$ref": "#/definitions/AbsolutePathBuf"
          },
--- a/codex-rs/app-server-protocol/schema/json/v2/MarketplaceUpgradeParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/MarketplaceUpgradeParams.json
@@ -1,13 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "marketplaceName": {
-      "type": [
-        "string",
-        "null"
-      ]
-    }
-  },
-  "title": "MarketplaceUpgradeParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/MarketplaceUpgradeResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/MarketplaceUpgradeResponse.json
@@ -1,51 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "AbsolutePathBuf": {
-      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
-      "type": "string"
-    },
-    "MarketplaceUpgradeErrorInfo": {
-      "properties": {
-        "marketplaceName": {
-          "type": "string"
-        },
-        "message": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "marketplaceName",
-        "message"
-      ],
-      "type": "object"
-    }
-  },
-  "properties": {
-    "errors": {
-      "items": {
-        "$ref": "#/definitions/MarketplaceUpgradeErrorInfo"
-      },
-      "type": "array"
-    },
-    "selectedMarketplaces": {
-      "items": {
-        "type": "string"
-      },
-      "type": "array"
-    },
-    "upgradedRoots": {
-      "items": {
-        "$ref": "#/definitions/AbsolutePathBuf"
-      },
-      "type": "array"
-    }
-  },
-  "required": [
-    "errors",
-    "selectedMarketplaces",
-    "upgradedRoots"
-  ],
-  "title": "MarketplaceUpgradeResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/ModelVerificationNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ModelVerificationNotification.json
@@ -1,32 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "ModelVerification": {
-      "enum": [
-        "trustedAccessForCyber"
-      ],
-      "type": "string"
-    }
-  },
-  "properties": {
-    "threadId": {
-      "type": "string"
-    },
-    "turnId": {
-      "type": "string"
-    },
-    "verifications": {
-      "items": {
-        "$ref": "#/definitions/ModelVerification"
-      },
-      "type": "array"
-    }
-  },
-  "required": [
-    "threadId",
-    "turnId",
-    "verifications"
-  ],
-  "title": "ModelVerificationNotification",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/ReviewStartResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ReviewStartResponse.json
@@ -32,7 +32,6 @@
            "contextWindowExceeded",
            "usageLimitExceeded",
            "serverOverloaded",
-            "cyberPolicy",
            "internalServerError",
            "unauthorized",
            "badRequest",
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadApproveGuardianDeniedActionParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadApproveGuardianDeniedActionParams.json
@@ -1,17 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "event": {
-      "description": "Serialized `codex_protocol::protocol::GuardianAssessmentEvent`."
-    },
-    "threadId": {
-      "type": "string"
-    }
-  },
-  "required": [
-    "event",
-    "threadId"
-  ],
-  "title": "ThreadApproveGuardianDeniedActionParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadApproveGuardianDeniedActionResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadApproveGuardianDeniedActionResponse.json
@@ -1,5 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "title": "ThreadApproveGuardianDeniedActionResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadForkParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadForkParams.json
@@ -1,15 +1,10 @@
 {
  "$schema": "http://json-schema.org/draft-07/schema#",
  "definitions": {
-    "AbsolutePathBuf": {
-      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
-      "type": "string"
-    },
    "ApprovalsReviewer": {
-      "description": "Configures who approval requests are routed to for review. Examples include sandbox escapes, blocked network access, MCP approval prompts, and ARC escalations. Defaults to `user`. `auto_review` uses a carefully prompted subagent to gather relevant context and apply a risk-based decision framework before approving or denying the request. The legacy value `guardian_subagent` is accepted for compatibility.",
+      "description": "Configures who approval requests are routed to for review. Examples include sandbox escapes, blocked network access, MCP approval prompts, and ARC escalations. Defaults to `user`. `guardian_subagent` uses a carefully prompted subagent to gather relevant context and apply a risk-based decision framework before approving or denying the request.",
      "enum": [
        "user",
-        "auto_review",
        "guardian_subagent"
      ],
      "type": "string"
@@ -64,275 +59,6 @@
        }
      ]
    },
-    "FileSystemAccessMode": {
-      "enum": [
-        "read",
-        "write",
-        "none"
-      ],
-      "type": "string"
-    },
-    "FileSystemPath": {
-      "oneOf": [
-        {
-          "properties": {
-            "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
-            },
-            "type": {
-              "enum": [
-                "path"
-              ],
-              "title": "PathFileSystemPathType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "path",
-            "type"
-          ],
-          "title": "PathFileSystemPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "pattern": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "glob_pattern"
-              ],
-              "title": "GlobPatternFileSystemPathType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "pattern",
-            "type"
-          ],
-          "title": "GlobPatternFileSystemPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "type": {
-              "enum": [
-                "special"
-              ],
-              "title": "SpecialFileSystemPathType",
-              "type": "string"
-            },
-            "value": {
-              "$ref": "#/definitions/FileSystemSpecialPath"
-            }
-          },
-          "required": [
-            "type",
-            "value"
-          ],
-          "title": "SpecialFileSystemPath",
-          "type": "object"
-        }
-      ]
-    },
-    "FileSystemSandboxEntry": {
-      "properties": {
-        "access": {
-          "$ref": "#/definitions/FileSystemAccessMode"
-        },
-        "path": {
-          "$ref": "#/definitions/FileSystemPath"
-        }
-      },
-      "required": [
-        "access",
-        "path"
-      ],
-      "type": "object"
-    },
-    "FileSystemSpecialPath": {
-      "oneOf": [
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "root"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "RootFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "minimal"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "MinimalFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "current_working_directory"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "CurrentWorkingDirectoryFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "project_roots"
-              ],
-              "type": "string"
-            },
-            "subpath": {
-              "type": [
-                "string",
-                "null"
-              ]
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "KindFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "tmpdir"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "TmpdirFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "slash_tmp"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "SlashTmpFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "unknown"
-              ],
-              "type": "string"
-            },
-            "path": {
-              "type": "string"
-            },
-            "subpath": {
-              "type": [
-                "string",
-                "null"
-              ]
-            }
-          },
-          "required": [
-            "kind",
-            "path"
-          ],
-          "type": "object"
-        }
-      ]
-    },
-    "PermissionProfile": {
-      "properties": {
-        "fileSystem": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PermissionProfileFileSystemPermissions"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
-        "network": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        }
-      },
-      "type": "object"
-    },
-    "PermissionProfileFileSystemPermissions": {
-      "properties": {
-        "entries": {
-          "items": {
-            "$ref": "#/definitions/FileSystemSandboxEntry"
-          },
-          "type": "array"
-        },
-        "globScanMaxDepth": {
-          "format": "uint",
-          "minimum": 1.0,
-          "type": [
-            "integer",
-            "null"
-          ]
-        }
-      },
-      "required": [
-        "entries"
-      ],
-      "type": "object"
-    },
-    "PermissionProfileNetworkPermissions": {
-      "properties": {
-        "enabled": {
-          "type": [
-            "boolean",
-            "null"
-          ]
-        }
-      },
-      "type": "object"
-    },
    "SandboxMode": {
      "enum": [
        "read-only",
@@ -400,10 +126,6 @@
    "ephemeral": {
      "type": "boolean"
    },
-    "excludeTurns": {
-      "description": "When true, return only thread metadata and live fork state without populating `thread.turns`. This is useful when the client plans to call `thread/turns/list` immediately after forking.",
-      "type": "boolean"
-    },
    "model": {
      "description": "Configuration overrides for the forked thread, if any.",
      "type": [
@@ -417,17 +139,6 @@
        "null"
      ]
    },
-    "permissionProfile": {
-      "anyOf": [
-        {
-          "$ref": "#/definitions/PermissionProfile"
-        },
-        {
-          "type": "null"
-        }
-      ],
-      "description": "Full permissions override for the forked thread. Cannot be combined with `sandbox`."
-    },
    "sandbox": {
      "anyOf": [
        {
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadForkResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadForkResponse.json
@@ -9,10 +9,9 @@
      "type": "string"
    },
    "ApprovalsReviewer": {
-      "description": "Configures who approval requests are routed to for review. Examples include sandbox escapes, blocked network access, MCP approval prompts, and ARC escalations. Defaults to `user`. `auto_review` uses a carefully prompted subagent to gather relevant context and apply a risk-based decision framework before approving or denying the request. The legacy value `guardian_subagent` is accepted for compatibility.",
+      "description": "Configures who approval requests are routed to for review. Examples include sandbox escapes, blocked network access, MCP approval prompts, and ARC escalations. Defaults to `user`. `guardian_subagent` uses a carefully prompted subagent to gather relevant context and apply a risk-based decision framework before approving or denying the request.",
      "enum": [
        "user",
-        "auto_review",
        "guardian_subagent"
      ],
      "type": "string"
@@ -94,7 +93,6 @@
            "contextWindowExceeded",
            "usageLimitExceeded",
            "serverOverloaded",
-            "cyberPolicy",
            "internalServerError",
            "unauthorized",
            "badRequest",
@@ -450,217 +448,6 @@
      ],
      "type": "string"
    },
-    "FileSystemAccessMode": {
-      "enum": [
-        "read",
-        "write",
-        "none"
-      ],
-      "type": "string"
-    },
-    "FileSystemPath": {
-      "oneOf": [
-        {
-          "properties": {
-            "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
-            },
-            "type": {
-              "enum": [
-                "path"
-              ],
-              "title": "PathFileSystemPathType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "path",
-            "type"
-          ],
-          "title": "PathFileSystemPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "pattern": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "glob_pattern"
-              ],
-              "title": "GlobPatternFileSystemPathType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "pattern",
-            "type"
-          ],
-          "title": "GlobPatternFileSystemPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "type": {
-              "enum": [
-                "special"
-              ],
-              "title": "SpecialFileSystemPathType",
-              "type": "string"
-            },
-            "value": {
-              "$ref": "#/definitions/FileSystemSpecialPath"
-            }
-          },
-          "required": [
-            "type",
-            "value"
-          ],
-          "title": "SpecialFileSystemPath",
-          "type": "object"
-        }
-      ]
-    },
-    "FileSystemSandboxEntry": {
-      "properties": {
-        "access": {
-          "$ref": "#/definitions/FileSystemAccessMode"
-        },
-        "path": {
-          "$ref": "#/definitions/FileSystemPath"
-        }
-      },
-      "required": [
-        "access",
-        "path"
-      ],
-      "type": "object"
-    },
-    "FileSystemSpecialPath": {
-      "oneOf": [
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "root"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "RootFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "minimal"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "MinimalFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "current_working_directory"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "CurrentWorkingDirectoryFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "project_roots"
-              ],
-              "type": "string"
-            },
-            "subpath": {
-              "type": [
-                "string",
-                "null"
-              ]
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "KindFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "tmpdir"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "TmpdirFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "slash_tmp"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "SlashTmpFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "unknown"
-              ],
-              "type": "string"
-            },
-            "path": {
-              "type": "string"
-            },
-            "subpath": {
-              "type": [
-                "string",
-                "null"
-              ]
-            }
-          },
-          "required": [
-            "kind",
-            "path"
-          ],
-          "type": "object"
-        }
-      ]
-    },
    "FileUpdateChange": {
      "properties": {
        "diff": {
@@ -899,64 +686,6 @@
        }
      ]
    },
-    "PermissionProfile": {
-      "properties": {
-        "fileSystem": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PermissionProfileFileSystemPermissions"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
-        "network": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        }
-      },
-      "type": "object"
-    },
-    "PermissionProfileFileSystemPermissions": {
-      "properties": {
-        "entries": {
-          "items": {
-            "$ref": "#/definitions/FileSystemSandboxEntry"
-          },
-          "type": "array"
-        },
-        "globScanMaxDepth": {
-          "format": "uint",
-          "minimum": 1.0,
-          "type": [
-            "integer",
-            "null"
-          ]
-        }
-      },
-      "required": [
-        "entries"
-      ],
-      "type": "object"
-    },
-    "PermissionProfileNetworkPermissions": {
-      "properties": {
-        "enabled": {
-          "type": [
-            "boolean",
-            "null"
-          ]
-        }
-      },
-      "type": "object"
-    },
    "ReadOnlyAccess": {
      "oneOf": [
        {
@@ -2496,18 +2225,6 @@
    "modelProvider": {
      "type": "string"
    },
-    "permissionProfile": {
-      "anyOf": [
-        {
-          "$ref": "#/definitions/PermissionProfile"
-        },
-        {
-          "type": "null"
-        }
-      ],
-      "default": null,
-      "description": "Canonical active permissions view for this thread when representable. This is `null` for external sandbox policies because external enforcement cannot be round-tripped as a `PermissionProfile`."
-    },
    "reasoningEffort": {
      "anyOf": [
        {
@@ -2519,12 +2236,7 @@
      ]
    },
    "sandbox": {
-      "allOf": [
-        {
-          "$ref": "#/definitions/SandboxPolicy"
-        }
-      ],
-      "description": "Legacy sandbox policy retained for compatibility. New clients should use `permissionProfile` when present as the canonical active permissions view."
+      "$ref": "#/definitions/SandboxPolicy"
    },
    "serviceTier": {
      "anyOf": [
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadListParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadListParams.json
@@ -8,19 +8,6 @@
      ],
      "type": "string"
    },
-    "ThreadListCwdFilter": {
-      "anyOf": [
-        {
-          "type": "string"
-        },
-        {
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      ]
-    },
    "ThreadSortKey": {
      "enum": [
        "created_at",
@@ -60,15 +47,11 @@
      ]
    },
    "cwd": {
-      "anyOf": [
-        {
-          "$ref": "#/definitions/ThreadListCwdFilter"
-        },
-        {
-          "type": "null"
-        }
-      ],
-      "description": "Optional cwd filter or filters; when set, only threads whose session cwd exactly matches one of these paths are returned."
+      "description": "Optional cwd filter; when set, only threads whose session cwd exactly matches this path are returned.",
+      "type": [
+        "string",
+        "null"
+      ]
    },
    "limit": {
      "description": "Optional page size; defaults to a reasonable server-side value.",
@@ -127,10 +110,6 @@
        "array",
        "null"
      ]
-    },
-    "useStateDbOnly": {
-      "description": "If true, return from the state DB without scanning JSONL rollouts to repair thread metadata. Omitted or false preserves scan-and-repair behavior.",
-      "type": "boolean"
    }
  },
  "title": "ThreadListParams",
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadListResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadListResponse.json
@@ -35,7 +35,6 @@
            "contextWindowExceeded",
            "usageLimitExceeded",
            "serverOverloaded",
-            "cyberPolicy",
            "internalServerError",
            "unauthorized",
            "badRequest",
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadMetadataUpdateResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadMetadataUpdateResponse.json
@@ -35,7 +35,6 @@
            "contextWindowExceeded",
            "usageLimitExceeded",
            "serverOverloaded",
-            "cyberPolicy",
            "internalServerError",
            "unauthorized",
            "badRequest",
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadReadResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadReadResponse.json
@@ -35,7 +35,6 @@
            "contextWindowExceeded",
            "usageLimitExceeded",
            "serverOverloaded",
-            "cyberPolicy",
            "internalServerError",
            "unauthorized",
            "badRequest",
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadResumeParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadResumeParams.json
@@ -1,15 +1,10 @@
 {
  "$schema": "http://json-schema.org/draft-07/schema#",
  "definitions": {
-    "AbsolutePathBuf": {
-      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
-      "type": "string"
-    },
    "ApprovalsReviewer": {
-      "description": "Configures who approval requests are routed to for review. Examples include sandbox escapes, blocked network access, MCP approval prompts, and ARC escalations. Defaults to `user`. `auto_review` uses a carefully prompted subagent to gather relevant context and apply a risk-based decision framework before approving or denying the request. The legacy value `guardian_subagent` is accepted for compatibility.",
+      "description": "Configures who approval requests are routed to for review. Examples include sandbox escapes, blocked network access, MCP approval prompts, and ARC escalations. Defaults to `user`. `guardian_subagent` uses a carefully prompted subagent to gather relevant context and apply a risk-based decision framework before approving or denying the request.",
      "enum": [
        "user",
-        "auto_review",
        "guardian_subagent"
      ],
      "type": "string"
@@ -138,217 +133,6 @@
        }
      ]
    },
-    "FileSystemAccessMode": {
-      "enum": [
-        "read",
-        "write",
-        "none"
-      ],
-      "type": "string"
-    },
-    "FileSystemPath": {
-      "oneOf": [
-        {
-          "properties": {
-            "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
-            },
-            "type": {
-              "enum": [
-                "path"
-              ],
-              "title": "PathFileSystemPathType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "path",
-            "type"
-          ],
-          "title": "PathFileSystemPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "pattern": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "glob_pattern"
-              ],
-              "title": "GlobPatternFileSystemPathType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "pattern",
-            "type"
-          ],
-          "title": "GlobPatternFileSystemPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "type": {
-              "enum": [
-                "special"
-              ],
-              "title": "SpecialFileSystemPathType",
-              "type": "string"
-            },
-            "value": {
-              "$ref": "#/definitions/FileSystemSpecialPath"
-            }
-          },
-          "required": [
-            "type",
-            "value"
-          ],
-          "title": "SpecialFileSystemPath",
-          "type": "object"
-        }
-      ]
-    },
-    "FileSystemSandboxEntry": {
-      "properties": {
-        "access": {
-          "$ref": "#/definitions/FileSystemAccessMode"
-        },
-        "path": {
-          "$ref": "#/definitions/FileSystemPath"
-        }
-      },
-      "required": [
-        "access",
-        "path"
-      ],
-      "type": "object"
-    },
-    "FileSystemSpecialPath": {
-      "oneOf": [
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "root"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "RootFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "minimal"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "MinimalFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "current_working_directory"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "CurrentWorkingDirectoryFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "project_roots"
-              ],
-              "type": "string"
-            },
-            "subpath": {
-              "type": [
-                "string",
-                "null"
-              ]
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "KindFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "tmpdir"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "TmpdirFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "slash_tmp"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "SlashTmpFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "unknown"
-              ],
-              "type": "string"
-            },
-            "path": {
-              "type": "string"
-            },
-            "subpath": {
-              "type": [
-                "string",
-                "null"
-              ]
-            }
-          },
-          "required": [
-            "kind",
-            "path"
-          ],
-          "type": "object"
-        }
-      ]
-    },
    "FunctionCallOutputBody": {
      "anyOf": [
        {
@@ -541,64 +325,6 @@
        }
      ]
    },
-    "PermissionProfile": {
-      "properties": {
-        "fileSystem": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PermissionProfileFileSystemPermissions"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
-        "network": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        }
-      },
-      "type": "object"
-    },
-    "PermissionProfileFileSystemPermissions": {
-      "properties": {
-        "entries": {
-          "items": {
-            "$ref": "#/definitions/FileSystemSandboxEntry"
-          },
-          "type": "array"
-        },
-        "globScanMaxDepth": {
-          "format": "uint",
-          "minimum": 1.0,
-          "type": [
-            "integer",
-            "null"
-          ]
-        }
-      },
-      "required": [
-        "entries"
-      ],
-      "type": "object"
-    },
-    "PermissionProfileNetworkPermissions": {
-      "properties": {
-        "enabled": {
-          "type": [
-            "boolean",
-            "null"
-          ]
-        }
-      },
-      "type": "object"
-    },
    "Personality": {
      "enum": [
        "none",
@@ -1313,10 +1039,6 @@
        "null"
      ]
    },
-    "excludeTurns": {
-      "description": "When true, return only thread metadata and live-resume state without populating `thread.turns`. This is useful when the client plans to call `thread/turns/list` immediately after resuming.",
-      "type": "boolean"
-    },
    "model": {
      "description": "Configuration overrides for the resumed thread, if any.",
      "type": [
@@ -1330,17 +1052,6 @@
        "null"
      ]
    },
-    "permissionProfile": {
-      "anyOf": [
-        {
-          "$ref": "#/definitions/PermissionProfile"
-        },
-        {
-          "type": "null"
-        }
-      ],
-      "description": "Full permissions override for the resumed thread. Cannot be combined with `sandbox`."
-    },
    "personality": {
      "anyOf": [
        {
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadResumeResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadResumeResponse.json
@@ -9,10 +9,9 @@
      "type": "string"
    },
    "ApprovalsReviewer": {
-      "description": "Configures who approval requests are routed to for review. Examples include sandbox escapes, blocked network access, MCP approval prompts, and ARC escalations. Defaults to `user`. `auto_review` uses a carefully prompted subagent to gather relevant context and apply a risk-based decision framework before approving or denying the request. The legacy value `guardian_subagent` is accepted for compatibility.",
+      "description": "Configures who approval requests are routed to for review. Examples include sandbox escapes, blocked network access, MCP approval prompts, and ARC escalations. Defaults to `user`. `guardian_subagent` uses a carefully prompted subagent to gather relevant context and apply a risk-based decision framework before approving or denying the request.",
      "enum": [
        "user",
-        "auto_review",
        "guardian_subagent"
      ],
      "type": "string"
@@ -94,7 +93,6 @@
            "contextWindowExceeded",
            "usageLimitExceeded",
            "serverOverloaded",
-            "cyberPolicy",
            "internalServerError",
            "unauthorized",
            "badRequest",
@@ -450,217 +448,6 @@
      ],
      "type": "string"
    },
-    "FileSystemAccessMode": {
-      "enum": [
-        "read",
-        "write",
-        "none"
-      ],
-      "type": "string"
-    },
-    "FileSystemPath": {
-      "oneOf": [
-        {
-          "properties": {
-            "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
-            },
-            "type": {
-              "enum": [
-                "path"
-              ],
-              "title": "PathFileSystemPathType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "path",
-            "type"
-          ],
-          "title": "PathFileSystemPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "pattern": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "glob_pattern"
-              ],
-              "title": "GlobPatternFileSystemPathType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "pattern",
-            "type"
-          ],
-          "title": "GlobPatternFileSystemPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "type": {
-              "enum": [
-                "special"
-              ],
-              "title": "SpecialFileSystemPathType",
-              "type": "string"
-            },
-            "value": {
-              "$ref": "#/definitions/FileSystemSpecialPath"
-            }
-          },
-          "required": [
-            "type",
-            "value"
-          ],
-          "title": "SpecialFileSystemPath",
-          "type": "object"
-        }
-      ]
-    },
-    "FileSystemSandboxEntry": {
-      "properties": {
-        "access": {
-          "$ref": "#/definitions/FileSystemAccessMode"
-        },
-        "path": {
-          "$ref": "#/definitions/FileSystemPath"
-        }
-      },
-      "required": [
-        "access",
-        "path"
-      ],
-      "type": "object"
-    },
-    "FileSystemSpecialPath": {
-      "oneOf": [
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "root"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "RootFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "minimal"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "MinimalFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "current_working_directory"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "CurrentWorkingDirectoryFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "project_roots"
-              ],
-              "type": "string"
-            },
-            "subpath": {
-              "type": [
-                "string",
-                "null"
-              ]
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "KindFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "tmpdir"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "TmpdirFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "slash_tmp"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "SlashTmpFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "unknown"
-              ],
-              "type": "string"
-            },
-            "path": {
-              "type": "string"
-            },
-            "subpath": {
-              "type": [
-                "string",
-                "null"
-              ]
-            }
-          },
-          "required": [
-            "kind",
-            "path"
-          ],
-          "type": "object"
-        }
-      ]
-    },
    "FileUpdateChange": {
      "properties": {
        "diff": {
@@ -899,64 +686,6 @@
        }
      ]
    },
-    "PermissionProfile": {
-      "properties": {
-        "fileSystem": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PermissionProfileFileSystemPermissions"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
-        "network": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        }
-      },
-      "type": "object"
-    },
-    "PermissionProfileFileSystemPermissions": {
-      "properties": {
-        "entries": {
-          "items": {
-            "$ref": "#/definitions/FileSystemSandboxEntry"
-          },
-          "type": "array"
-        },
-        "globScanMaxDepth": {
-          "format": "uint",
-          "minimum": 1.0,
-          "type": [
-            "integer",
-            "null"
-          ]
-        }
-      },
-      "required": [
-        "entries"
-      ],
-      "type": "object"
-    },
-    "PermissionProfileNetworkPermissions": {
-      "properties": {
-        "enabled": {
-          "type": [
-            "boolean",
-            "null"
-          ]
-        }
-      },
-      "type": "object"
-    },
    "ReadOnlyAccess": {
      "oneOf": [
        {
@@ -2496,18 +2225,6 @@
    "modelProvider": {
      "type": "string"
    },
-    "permissionProfile": {
-      "anyOf": [
-        {
-          "$ref": "#/definitions/PermissionProfile"
-        },
-        {
-          "type": "null"
-        }
-      ],
-      "default": null,
-      "description": "Canonical active permissions view for this thread when representable. This is `null` for external sandbox policies because external enforcement cannot be round-tripped as a `PermissionProfile`."
-    },
    "reasoningEffort": {
      "anyOf": [
        {
@@ -2519,12 +2236,7 @@
      ]
    },
    "sandbox": {
-      "allOf": [
-        {
-          "$ref": "#/definitions/SandboxPolicy"
-        }
-      ],
-      "description": "Legacy sandbox policy retained for compatibility. New clients should use `permissionProfile` when present as the canonical active permissions view."
+      "$ref": "#/definitions/SandboxPolicy"
    },
    "serviceTier": {
      "anyOf": [
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadRollbackResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadRollbackResponse.json
@@ -35,7 +35,6 @@
            "contextWindowExceeded",
            "usageLimitExceeded",
            "serverOverloaded",
-            "cyberPolicy",
            "internalServerError",
            "unauthorized",
            "badRequest",
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadStartParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadStartParams.json
@@ -1,15 +1,10 @@
 {
  "$schema": "http://json-schema.org/draft-07/schema#",
  "definitions": {
-    "AbsolutePathBuf": {
-      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
-      "type": "string"
-    },
    "ApprovalsReviewer": {
-      "description": "Configures who approval requests are routed to for review. Examples include sandbox escapes, blocked network access, MCP approval prompts, and ARC escalations. Defaults to `user`. `auto_review` uses a carefully prompted subagent to gather relevant context and apply a risk-based decision framework before approving or denying the request. The legacy value `guardian_subagent` is accepted for compatibility.",
+      "description": "Configures who approval requests are routed to for review. Examples include sandbox escapes, blocked network access, MCP approval prompts, and ARC escalations. Defaults to `user`. `guardian_subagent` uses a carefully prompted subagent to gather relevant context and apply a risk-based decision framework before approving or denying the request.",
      "enum": [
        "user",
-        "auto_review",
        "guardian_subagent"
      ],
      "type": "string"
@@ -90,275 +85,6 @@
      ],
      "type": "object"
    },
-    "FileSystemAccessMode": {
-      "enum": [
-        "read",
-        "write",
-        "none"
-      ],
-      "type": "string"
-    },
-    "FileSystemPath": {
-      "oneOf": [
-        {
-          "properties": {
-            "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
-            },
-            "type": {
-              "enum": [
-                "path"
-              ],
-              "title": "PathFileSystemPathType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "path",
-            "type"
-          ],
-          "title": "PathFileSystemPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "pattern": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "glob_pattern"
-              ],
-              "title": "GlobPatternFileSystemPathType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "pattern",
-            "type"
-          ],
-          "title": "GlobPatternFileSystemPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "type": {
-              "enum": [
-                "special"
-              ],
-              "title": "SpecialFileSystemPathType",
-              "type": "string"
-            },
-            "value": {
-              "$ref": "#/definitions/FileSystemSpecialPath"
-            }
-          },
-          "required": [
-            "type",
-            "value"
-          ],
-          "title": "SpecialFileSystemPath",
-          "type": "object"
-        }
-      ]
-    },
-    "FileSystemSandboxEntry": {
-      "properties": {
-        "access": {
-          "$ref": "#/definitions/FileSystemAccessMode"
-        },
-        "path": {
-          "$ref": "#/definitions/FileSystemPath"
-        }
-      },
-      "required": [
-        "access",
-        "path"
-      ],
-      "type": "object"
-    },
-    "FileSystemSpecialPath": {
-      "oneOf": [
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "root"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "RootFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "minimal"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "MinimalFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "current_working_directory"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "CurrentWorkingDirectoryFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "project_roots"
-              ],
-              "type": "string"
-            },
-            "subpath": {
-              "type": [
-                "string",
-                "null"
-              ]
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "KindFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "tmpdir"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "TmpdirFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "slash_tmp"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "SlashTmpFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "unknown"
-              ],
-              "type": "string"
-            },
-            "path": {
-              "type": "string"
-            },
-            "subpath": {
-              "type": [
-                "string",
-                "null"
-              ]
-            }
-          },
-          "required": [
-            "kind",
-            "path"
-          ],
-          "type": "object"
-        }
-      ]
-    },
-    "PermissionProfile": {
-      "properties": {
-        "fileSystem": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PermissionProfileFileSystemPermissions"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
-        "network": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        }
-      },
-      "type": "object"
-    },
-    "PermissionProfileFileSystemPermissions": {
-      "properties": {
-        "entries": {
-          "items": {
-            "$ref": "#/definitions/FileSystemSandboxEntry"
-          },
-          "type": "array"
-        },
-        "globScanMaxDepth": {
-          "format": "uint",
-          "minimum": 1.0,
-          "type": [
-            "integer",
-            "null"
-          ]
-        }
-      },
-      "required": [
-        "entries"
-      ],
-      "type": "object"
-    },
-    "PermissionProfileNetworkPermissions": {
-      "properties": {
-        "enabled": {
-          "type": [
-            "boolean",
-            "null"
-          ]
-        }
-      },
-      "type": "object"
-    },
    "Personality": {
      "enum": [
        "none",
@@ -455,17 +181,6 @@
        "null"
      ]
    },
-    "permissionProfile": {
-      "anyOf": [
-        {
-          "$ref": "#/definitions/PermissionProfile"
-        },
-        {
-          "type": "null"
-        }
-      ],
-      "description": "Full permissions override for this thread. Cannot be combined with `sandbox`."
-    },
    "personality": {
      "anyOf": [
        {
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadStartResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadStartResponse.json
@@ -9,10 +9,9 @@
      "type": "string"
    },
    "ApprovalsReviewer": {
-      "description": "Configures who approval requests are routed to for review. Examples include sandbox escapes, blocked network access, MCP approval prompts, and ARC escalations. Defaults to `user`. `auto_review` uses a carefully prompted subagent to gather relevant context and apply a risk-based decision framework before approving or denying the request. The legacy value `guardian_subagent` is accepted for compatibility.",
+      "description": "Configures who approval requests are routed to for review. Examples include sandbox escapes, blocked network access, MCP approval prompts, and ARC escalations. Defaults to `user`. `guardian_subagent` uses a carefully prompted subagent to gather relevant context and apply a risk-based decision framework before approving or denying the request.",
      "enum": [
        "user",
-        "auto_review",
        "guardian_subagent"
      ],
      "type": "string"
@@ -94,7 +93,6 @@
            "contextWindowExceeded",
            "usageLimitExceeded",
            "serverOverloaded",
-            "cyberPolicy",
            "internalServerError",
            "unauthorized",
            "badRequest",
@@ -450,217 +448,6 @@
      ],
      "type": "string"
    },
-    "FileSystemAccessMode": {
-      "enum": [
-        "read",
-        "write",
-        "none"
-      ],
-      "type": "string"
-    },
-    "FileSystemPath": {
-      "oneOf": [
-        {
-          "properties": {
-            "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
-            },
-            "type": {
-              "enum": [
-                "path"
-              ],
-              "title": "PathFileSystemPathType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "path",
-            "type"
-          ],
-          "title": "PathFileSystemPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "pattern": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "glob_pattern"
-              ],
-              "title": "GlobPatternFileSystemPathType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "pattern",
-            "type"
-          ],
-          "title": "GlobPatternFileSystemPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "type": {
-              "enum": [
-                "special"
-              ],
-              "title": "SpecialFileSystemPathType",
-              "type": "string"
-            },
-            "value": {
-              "$ref": "#/definitions/FileSystemSpecialPath"
-            }
-          },
-          "required": [
-            "type",
-            "value"
-          ],
-          "title": "SpecialFileSystemPath",
-          "type": "object"
-        }
-      ]
-    },
-    "FileSystemSandboxEntry": {
-      "properties": {
-        "access": {
-          "$ref": "#/definitions/FileSystemAccessMode"
-        },
-        "path": {
-          "$ref": "#/definitions/FileSystemPath"
-        }
-      },
-      "required": [
-        "access",
-        "path"
-      ],
-      "type": "object"
-    },
-    "FileSystemSpecialPath": {
-      "oneOf": [
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "root"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "RootFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "minimal"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "MinimalFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "current_working_directory"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "CurrentWorkingDirectoryFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "project_roots"
-              ],
-              "type": "string"
-            },
-            "subpath": {
-              "type": [
-                "string",
-                "null"
-              ]
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "KindFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "tmpdir"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "TmpdirFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "slash_tmp"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "SlashTmpFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "unknown"
-              ],
-              "type": "string"
-            },
-            "path": {
-              "type": "string"
-            },
-            "subpath": {
-              "type": [
-                "string",
-                "null"
-              ]
-            }
-          },
-          "required": [
-            "kind",
-            "path"
-          ],
-          "type": "object"
-        }
-      ]
-    },
    "FileUpdateChange": {
      "properties": {
        "diff": {
@@ -899,64 +686,6 @@
        }
      ]
    },
-    "PermissionProfile": {
-      "properties": {
-        "fileSystem": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PermissionProfileFileSystemPermissions"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
-        "network": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        }
-      },
-      "type": "object"
-    },
-    "PermissionProfileFileSystemPermissions": {
-      "properties": {
-        "entries": {
-          "items": {
-            "$ref": "#/definitions/FileSystemSandboxEntry"
-          },
-          "type": "array"
-        },
-        "globScanMaxDepth": {
-          "format": "uint",
-          "minimum": 1.0,
-          "type": [
-            "integer",
-            "null"
-          ]
-        }
-      },
-      "required": [
-        "entries"
-      ],
-      "type": "object"
-    },
-    "PermissionProfileNetworkPermissions": {
-      "properties": {
-        "enabled": {
-          "type": [
-            "boolean",
-            "null"
-          ]
-        }
-      },
-      "type": "object"
-    },
    "ReadOnlyAccess": {
      "oneOf": [
        {
@@ -2496,18 +2225,6 @@
    "modelProvider": {
      "type": "string"
    },
-    "permissionProfile": {
-      "anyOf": [
-        {
-          "$ref": "#/definitions/PermissionProfile"
-        },
-        {
-          "type": "null"
-        }
-      ],
-      "default": null,
-      "description": "Canonical active permissions view for this thread when representable. This is `null` for external sandbox policies because external enforcement cannot be round-tripped as a `PermissionProfile`."
-    },
    "reasoningEffort": {
      "anyOf": [
        {
@@ -2519,12 +2236,7 @@
      ]
    },
    "sandbox": {
-      "allOf": [
-        {
-          "$ref": "#/definitions/SandboxPolicy"
-        }
-      ],
-      "description": "Legacy sandbox policy retained for compatibility. New clients should use `permissionProfile` when present as the canonical active permissions view."
+      "$ref": "#/definitions/SandboxPolicy"
    },
    "serviceTier": {
      "anyOf": [
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadStartedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadStartedNotification.json
@@ -35,7 +35,6 @@
            "contextWindowExceeded",
            "usageLimitExceeded",
            "serverOverloaded",
-            "cyberPolicy",
            "internalServerError",
            "unauthorized",
            "badRequest",
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadTurnsListResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadTurnsListResponse.json
@@ -32,7 +32,6 @@
            "contextWindowExceeded",
            "usageLimitExceeded",
            "serverOverloaded",
-            "cyberPolicy",
            "internalServerError",
            "unauthorized",
            "badRequest",
--- a/codex-rs/app-server-protocol/schema/json/v2/ThreadUnarchiveResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ThreadUnarchiveResponse.json
@@ -35,7 +35,6 @@
            "contextWindowExceeded",
            "usageLimitExceeded",
            "serverOverloaded",
-            "cyberPolicy",
            "internalServerError",
            "unauthorized",
            "badRequest",
--- a/codex-rs/app-server-protocol/schema/json/v2/TurnCompletedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/TurnCompletedNotification.json
@@ -32,7 +32,6 @@
            "contextWindowExceeded",
            "usageLimitExceeded",
            "serverOverloaded",
-            "cyberPolicy",
            "internalServerError",
            "unauthorized",
            "badRequest",
--- a/codex-rs/app-server-protocol/schema/json/v2/TurnStartParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/TurnStartParams.json
@@ -6,10 +6,9 @@
      "type": "string"
    },
    "ApprovalsReviewer": {
-      "description": "Configures who approval requests are routed to for review. Examples include sandbox escapes, blocked network access, MCP approval prompts, and ARC escalations. Defaults to `user`. `auto_review` uses a carefully prompted subagent to gather relevant context and apply a risk-based decision framework before approving or denying the request. The legacy value `guardian_subagent` is accepted for compatibility.",
+      "description": "Configures who approval requests are routed to for review. Examples include sandbox escapes, blocked network access, MCP approval prompts, and ARC escalations. Defaults to `user`. `guardian_subagent` uses a carefully prompted subagent to gather relevant context and apply a risk-based decision framework before approving or denying the request.",
      "enum": [
        "user",
-        "auto_review",
        "guardian_subagent"
      ],
      "type": "string"
@@ -99,217 +98,6 @@
      ],
      "type": "object"
    },
-    "FileSystemAccessMode": {
-      "enum": [
-        "read",
-        "write",
-        "none"
-      ],
-      "type": "string"
-    },
-    "FileSystemPath": {
-      "oneOf": [
-        {
-          "properties": {
-            "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
-            },
-            "type": {
-              "enum": [
-                "path"
-              ],
-              "title": "PathFileSystemPathType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "path",
-            "type"
-          ],
-          "title": "PathFileSystemPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "pattern": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "glob_pattern"
-              ],
-              "title": "GlobPatternFileSystemPathType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "pattern",
-            "type"
-          ],
-          "title": "GlobPatternFileSystemPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "type": {
-              "enum": [
-                "special"
-              ],
-              "title": "SpecialFileSystemPathType",
-              "type": "string"
-            },
-            "value": {
-              "$ref": "#/definitions/FileSystemSpecialPath"
-            }
-          },
-          "required": [
-            "type",
-            "value"
-          ],
-          "title": "SpecialFileSystemPath",
-          "type": "object"
-        }
-      ]
-    },
-    "FileSystemSandboxEntry": {
-      "properties": {
-        "access": {
-          "$ref": "#/definitions/FileSystemAccessMode"
-        },
-        "path": {
-          "$ref": "#/definitions/FileSystemPath"
-        }
-      },
-      "required": [
-        "access",
-        "path"
-      ],
-      "type": "object"
-    },
-    "FileSystemSpecialPath": {
-      "oneOf": [
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "root"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "RootFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "minimal"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "MinimalFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "current_working_directory"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "CurrentWorkingDirectoryFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "project_roots"
-              ],
-              "type": "string"
-            },
-            "subpath": {
-              "type": [
-                "string",
-                "null"
-              ]
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "KindFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "tmpdir"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "TmpdirFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "slash_tmp"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "kind"
-          ],
-          "title": "SlashTmpFileSystemSpecialPath",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "kind": {
-              "enum": [
-                "unknown"
-              ],
-              "type": "string"
-            },
-            "path": {
-              "type": "string"
-            },
-            "subpath": {
-              "type": [
-                "string",
-                "null"
-              ]
-            }
-          },
-          "required": [
-            "kind",
-            "path"
-          ],
-          "type": "object"
-        }
-      ]
-    },
    "ModeKind": {
      "description": "Initial collaboration mode to use when the TUI starts.",
      "enum": [
@@ -325,64 +113,6 @@
      ],
      "type": "string"
    },
-    "PermissionProfile": {
-      "properties": {
-        "fileSystem": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PermissionProfileFileSystemPermissions"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
-        "network": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        }
-      },
-      "type": "object"
-    },
-    "PermissionProfileFileSystemPermissions": {
-      "properties": {
-        "entries": {
-          "items": {
-            "$ref": "#/definitions/FileSystemSandboxEntry"
-          },
-          "type": "array"
-        },
-        "globScanMaxDepth": {
-          "format": "uint",
-          "minimum": 1.0,
-          "type": [
-            "integer",
-            "null"
-          ]
-        }
-      },
-      "required": [
-        "entries"
-      ],
-      "type": "object"
-    },
-    "PermissionProfileNetworkPermissions": {
-      "properties": {
-        "enabled": {
-          "type": [
-            "boolean",
-            "null"
-          ]
-        }
-      },
-      "type": "object"
-    },
    "Personality": {
      "enum": [
        "none",
@@ -840,17 +570,6 @@
    "outputSchema": {
      "description": "Optional JSON Schema used to constrain the final assistant message for this turn."
    },
-    "permissionProfile": {
-      "anyOf": [
-        {
-          "$ref": "#/definitions/PermissionProfile"
-        },
-        {
-          "type": "null"
-        }
-      ],
-      "description": "Override the full permissions profile for this turn and subsequent turns. Cannot be combined with `sandboxPolicy`."
-    },
    "personality": {
      "anyOf": [
        {
--- a/codex-rs/app-server-protocol/schema/json/v2/TurnStartResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/TurnStartResponse.json
@@ -32,7 +32,6 @@
            "contextWindowExceeded",
            "usageLimitExceeded",
            "serverOverloaded",
-            "cyberPolicy",
            "internalServerError",
            "unauthorized",
            "badRequest",
--- a/codex-rs/app-server-protocol/schema/json/v2/TurnStartedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/TurnStartedNotification.json
@@ -32,7 +32,6 @@
            "contextWindowExceeded",
            "usageLimitExceeded",
            "serverOverloaded",
-            "cyberPolicy",
            "internalServerError",
            "unauthorized",
            "badRequest",
--- a/codex-rs/app-server-protocol/schema/typescript/AuthMode.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/AuthMode.ts
@@ -5,4 +5,4 @@
 /**
 * Authentication mode for OpenAI-backed providers.
 */
-export type AuthMode = "apikey" | "chatgpt" | "chatgptAuthTokens" | "agentIdentity";
+export type AuthMode = "apikey" | "chatgpt" | "chatgptAuthTokens";
--- a/codex-rs/app-server-protocol/schema/typescript/ClientRequest.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/ClientRequest.ts
--- a/codex-rs/app-server-protocol/schema/typescript/ServerNotification.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/ServerNotification.ts
@@ -18,7 +18,6 @@ import type { ExternalAgentConfigImportCompletedNotification } from "./v2/Extern
 import type { FileChangeOutputDeltaNotification } from "./v2/FileChangeOutputDeltaNotification";
 import type { FileChangePatchUpdatedNotification } from "./v2/FileChangePatchUpdatedNotification";
 import type { FsChangedNotification } from "./v2/FsChangedNotification";
-import type { GuardianWarningNotification } from "./v2/GuardianWarningNotification";
 import type { HookCompletedNotification } from "./v2/HookCompletedNotification";
 import type { HookStartedNotification } from "./v2/HookStartedNotification";
 import type { ItemCompletedNotification } from "./v2/ItemCompletedNotification";
@@ -29,7 +28,6 @@ import type { McpServerOauthLoginCompletedNotification } from "./v2/McpServerOau
 import type { McpServerStatusUpdatedNotification } from "./v2/McpServerStatusUpdatedNotification";
 import type { McpToolCallProgressNotification } from "./v2/McpToolCallProgressNotification";
 import type { ModelReroutedNotification } from "./v2/ModelReroutedNotification";
-import type { ModelVerificationNotification } from "./v2/ModelVerificationNotification";
 import type { PlanDeltaNotification } from "./v2/PlanDeltaNotification";
 import type { RawResponseItemCompletedNotification } from "./v2/RawResponseItemCompletedNotification";
 import type { ReasoningSummaryPartAddedNotification } from "./v2/ReasoningSummaryPartAddedNotification";
@@ -64,4 +62,4 @@ import type { WindowsWorldWritableWarningNotification } from "./v2/WindowsWorldW
 /**
 * Notification sent from the server to the client.
 */
-export type ServerNotification = { "method": "error", "params": ErrorNotification } | { "method": "thread/started", "params": ThreadStartedNotification } | { "method": "thread/status/changed", "params": ThreadStatusChangedNotification } | { "method": "thread/archived", "params": ThreadArchivedNotification } | { "method": "thread/unarchived", "params": ThreadUnarchivedNotification } | { "method": "thread/closed", "params": ThreadClosedNotification } | { "method": "skills/changed", "params": SkillsChangedNotification } | { "method": "thread/name/updated", "params": ThreadNameUpdatedNotification } | { "method": "thread/tokenUsage/updated", "params": ThreadTokenUsageUpdatedNotification } | { "method": "turn/started", "params": TurnStartedNotification } | { "method": "hook/started", "params": HookStartedNotification } | { "method": "turn/completed", "params": TurnCompletedNotification } | { "method": "hook/completed", "params": HookCompletedNotification } | { "method": "turn/diff/updated", "params": TurnDiffUpdatedNotification } | { "method": "turn/plan/updated", "params": TurnPlanUpdatedNotification } | { "method": "item/started", "params": ItemStartedNotification } | { "method": "item/autoApprovalReview/started", "params": ItemGuardianApprovalReviewStartedNotification } | { "method": "item/autoApprovalReview/completed", "params": ItemGuardianApprovalReviewCompletedNotification } | { "method": "item/completed", "params": ItemCompletedNotification } | { "method": "rawResponseItem/completed", "params": RawResponseItemCompletedNotification } | { "method": "item/agentMessage/delta", "params": AgentMessageDeltaNotification } | { "method": "item/plan/delta", "params": PlanDeltaNotification } | { "method": "command/exec/outputDelta", "params": CommandExecOutputDeltaNotification } | { "method": "item/commandExecution/outputDelta", "params": CommandExecutionOutputDeltaNotification } | { "method": "item/commandExecution/terminalInteraction", "params": TerminalInteractionNotification } | { "method": "item/fileChange/outputDelta", "params": FileChangeOutputDeltaNotification } | { "method": "item/fileChange/patchUpdated", "params": FileChangePatchUpdatedNotification } | { "method": "serverRequest/resolved", "params": ServerRequestResolvedNotification } | { "method": "item/mcpToolCall/progress", "params": McpToolCallProgressNotification } | { "method": "mcpServer/oauthLogin/completed", "params": McpServerOauthLoginCompletedNotification } | { "method": "mcpServer/startupStatus/updated", "params": McpServerStatusUpdatedNotification } | { "method": "account/updated", "params": AccountUpdatedNotification } | { "method": "account/rateLimits/updated", "params": AccountRateLimitsUpdatedNotification } | { "method": "app/list/updated", "params": AppListUpdatedNotification } | { "method": "externalAgentConfig/import/completed", "params": ExternalAgentConfigImportCompletedNotification } | { "method": "fs/changed", "params": FsChangedNotification } | { "method": "item/reasoning/summaryTextDelta", "params": ReasoningSummaryTextDeltaNotification } | { "method": "item/reasoning/summaryPartAdded", "params": ReasoningSummaryPartAddedNotification } | { "method": "item/reasoning/textDelta", "params": ReasoningTextDeltaNotification } | { "method": "thread/compacted", "params": ContextCompactedNotification } | { "method": "model/rerouted", "params": ModelReroutedNotification } | { "method": "model/verification", "params": ModelVerificationNotification } | { "method": "warning", "params": WarningNotification } | { "method": "guardianWarning", "params": GuardianWarningNotification } | { "method": "deprecationNotice", "params": DeprecationNoticeNotification } | { "method": "configWarning", "params": ConfigWarningNotification } | { "method": "fuzzyFileSearch/sessionUpdated", "params": FuzzyFileSearchSessionUpdatedNotification } | { "method": "fuzzyFileSearch/sessionCompleted", "params": FuzzyFileSearchSessionCompletedNotification } | { "method": "thread/realtime/started", "params": ThreadRealtimeStartedNotification } | { "method": "thread/realtime/itemAdded", "params": ThreadRealtimeItemAddedNotification } | { "method": "thread/realtime/transcript/delta", "params": ThreadRealtimeTranscriptDeltaNotification } | { "method": "thread/realtime/transcript/done", "params": ThreadRealtimeTranscriptDoneNotification } | { "method": "thread/realtime/outputAudio/delta", "params": ThreadRealtimeOutputAudioDeltaNotification } | { "method": "thread/realtime/sdp", "params": ThreadRealtimeSdpNotification } | { "method": "thread/realtime/error", "params": ThreadRealtimeErrorNotification } | { "method": "thread/realtime/closed", "params": ThreadRealtimeClosedNotification } | { "method": "windows/worldWritableWarning", "params": WindowsWorldWritableWarningNotification } | { "method": "windowsSandbox/setupCompleted", "params": WindowsSandboxSetupCompletedNotification } | { "method": "account/login/completed", "params": AccountLoginCompletedNotification };
+export type ServerNotification = { "method": "error", "params": ErrorNotification } | { "method": "thread/started", "params": ThreadStartedNotification } | { "method": "thread/status/changed", "params": ThreadStatusChangedNotification } | { "method": "thread/archived", "params": ThreadArchivedNotification } | { "method": "thread/unarchived", "params": ThreadUnarchivedNotification } | { "method": "thread/closed", "params": ThreadClosedNotification } | { "method": "skills/changed", "params": SkillsChangedNotification } | { "method": "thread/name/updated", "params": ThreadNameUpdatedNotification } | { "method": "thread/tokenUsage/updated", "params": ThreadTokenUsageUpdatedNotification } | { "method": "turn/started", "params": TurnStartedNotification } | { "method": "hook/started", "params": HookStartedNotification } | { "method": "turn/completed", "params": TurnCompletedNotification } | { "method": "hook/completed", "params": HookCompletedNotification } | { "method": "turn/diff/updated", "params": TurnDiffUpdatedNotification } | { "method": "turn/plan/updated", "params": TurnPlanUpdatedNotification } | { "method": "item/started", "params": ItemStartedNotification } | { "method": "item/autoApprovalReview/started", "params": ItemGuardianApprovalReviewStartedNotification } | { "method": "item/autoApprovalReview/completed", "params": ItemGuardianApprovalReviewCompletedNotification } | { "method": "item/completed", "params": ItemCompletedNotification } | { "method": "rawResponseItem/completed", "params": RawResponseItemCompletedNotification } | { "method": "item/agentMessage/delta", "params": AgentMessageDeltaNotification } | { "method": "item/plan/delta", "params": PlanDeltaNotification } | { "method": "command/exec/outputDelta", "params": CommandExecOutputDeltaNotification } | { "method": "item/commandExecution/outputDelta", "params": CommandExecutionOutputDeltaNotification } | { "method": "item/commandExecution/terminalInteraction", "params": TerminalInteractionNotification } | { "method": "item/fileChange/outputDelta", "params": FileChangeOutputDeltaNotification } | { "method": "item/fileChange/patchUpdated", "params": FileChangePatchUpdatedNotification } | { "method": "serverRequest/resolved", "params": ServerRequestResolvedNotification } | { "method": "item/mcpToolCall/progress", "params": McpToolCallProgressNotification } | { "method": "mcpServer/oauthLogin/completed", "params": McpServerOauthLoginCompletedNotification } | { "method": "mcpServer/startupStatus/updated", "params": McpServerStatusUpdatedNotification } | { "method": "account/updated", "params": AccountUpdatedNotification } | { "method": "account/rateLimits/updated", "params": AccountRateLimitsUpdatedNotification } | { "method": "app/list/updated", "params": AppListUpdatedNotification } | { "method": "externalAgentConfig/import/completed", "params": ExternalAgentConfigImportCompletedNotification } | { "method": "fs/changed", "params": FsChangedNotification } | { "method": "item/reasoning/summaryTextDelta", "params": ReasoningSummaryTextDeltaNotification } | { "method": "item/reasoning/summaryPartAdded", "params": ReasoningSummaryPartAddedNotification } | { "method": "item/reasoning/textDelta", "params": ReasoningTextDeltaNotification } | { "method": "thread/compacted", "params": ContextCompactedNotification } | { "method": "model/rerouted", "params": ModelReroutedNotification } | { "method": "warning", "params": WarningNotification } | { "method": "deprecationNotice", "params": DeprecationNoticeNotification } | { "method": "configWarning", "params": ConfigWarningNotification } | { "method": "fuzzyFileSearch/sessionUpdated", "params": FuzzyFileSearchSessionUpdatedNotification } | { "method": "fuzzyFileSearch/sessionCompleted", "params": FuzzyFileSearchSessionCompletedNotification } | { "method": "thread/realtime/started", "params": ThreadRealtimeStartedNotification } | { "method": "thread/realtime/itemAdded", "params": ThreadRealtimeItemAddedNotification } | { "method": "thread/realtime/transcript/delta", "params": ThreadRealtimeTranscriptDeltaNotification } | { "method": "thread/realtime/transcript/done", "params": ThreadRealtimeTranscriptDoneNotification } | { "method": "thread/realtime/outputAudio/delta", "params": ThreadRealtimeOutputAudioDeltaNotification } | { "method": "thread/realtime/sdp", "params": ThreadRealtimeSdpNotification } | { "method": "thread/realtime/error", "params": ThreadRealtimeErrorNotification } | { "method": "thread/realtime/closed", "params": ThreadRealtimeClosedNotification } | { "method": "windows/worldWritableWarning", "params": WindowsWorldWritableWarningNotification } | { "method": "windowsSandbox/setupCompleted", "params": WindowsSandboxSetupCompletedNotification } | { "method": "account/login/completed", "params": AccountLoginCompletedNotification };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/AdditionalFileSystemPermissions.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/AdditionalFileSystemPermissions.ts
@@ -4,12 +4,4 @@
 import type { AbsolutePathBuf } from "../AbsolutePathBuf";
 import type { FileSystemSandboxEntry } from "./FileSystemSandboxEntry";

-export type AdditionalFileSystemPermissions = {
-/**
- * This will be removed in favor of `entries`.
- */
-read: Array<AbsolutePathBuf> | null,
-/**
- * This will be removed in favor of `entries`.
- */
-write: Array<AbsolutePathBuf> | null, globScanMaxDepth?: number, entries?: Array<FileSystemSandboxEntry>, };
+export type AdditionalFileSystemPermissions = { read: Array<AbsolutePathBuf> | null, write: Array<AbsolutePathBuf> | null, globScanMaxDepth?: number, entries?: Array<FileSystemSandboxEntry>, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/ApprovalsReviewer.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/ApprovalsReviewer.ts
@@ -5,8 +5,8 @@
 /**
 * Configures who approval requests are routed to for review. Examples
 * include sandbox escapes, blocked network access, MCP approval prompts, and
- * ARC escalations. Defaults to `user`. `auto_review` uses a carefully
+ * ARC escalations. Defaults to `user`. `guardian_subagent` uses a carefully
 * prompted subagent to gather relevant context and apply a risk-based
 * decision framework before approving or denying the request.
 */
-export type ApprovalsReviewer = "user" | "auto_review" | "guardian_subagent";
+export type ApprovalsReviewer = "user" | "guardian_subagent";
--- a/codex-rs/app-server-protocol/schema/typescript/v2/CodexErrorInfo.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/CodexErrorInfo.ts
@@ -9,4 +9,4 @@ import type { NonSteerableTurnKind } from "./NonSteerableTurnKind";
 * When an upstream HTTP status is available (for example, from the Responses API or a provider),
 * it is forwarded in `httpStatusCode` on the relevant `codexErrorInfo` variant.
 */
-export type CodexErrorInfo = "contextWindowExceeded" | "usageLimitExceeded" | "serverOverloaded" | "cyberPolicy" | { "httpConnectionFailed": { httpStatusCode: number | null, } } | { "responseStreamConnectionFailed": { httpStatusCode: number | null, } } | "internalServerError" | "unauthorized" | "badRequest" | "threadRollbackFailed" | "sandboxError" | { "responseStreamDisconnected": { httpStatusCode: number | null, } } | { "responseTooManyFailedAttempts": { httpStatusCode: number | null, } } | { "activeTurnNotSteerable": { turnKind: NonSteerableTurnKind, } } | "other";
+export type CodexErrorInfo = "contextWindowExceeded" | "usageLimitExceeded" | "serverOverloaded" | { "httpConnectionFailed": { httpStatusCode: number | null, } } | { "responseStreamConnectionFailed": { httpStatusCode: number | null, } } | "internalServerError" | "unauthorized" | "badRequest" | "threadRollbackFailed" | "sandboxError" | { "responseStreamDisconnected": { httpStatusCode: number | null, } } | { "responseTooManyFailedAttempts": { httpStatusCode: number | null, } } | { "activeTurnNotSteerable": { turnKind: NonSteerableTurnKind, } } | "other";
--- a/codex-rs/app-server-protocol/schema/typescript/v2/CommandExecParams.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/CommandExecParams.ts
@@ -2,7 +2,6 @@

 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { CommandExecTerminalSize } from "./CommandExecTerminalSize";
-import type { PermissionProfile } from "./PermissionProfile";
 import type { SandboxPolicy } from "./SandboxPolicy";

 /**
@@ -93,14 +92,6 @@ size?: CommandExecTerminalSize | null,
 * Optional sandbox policy for this command.
 *
 * Uses the same shape as thread/turn execution sandbox configuration and
- * defaults to the user's configured policy when omitted. Cannot be
- * combined with `permissionProfile`.
+ * defaults to the user's configured policy when omitted.
 */
-sandboxPolicy?: SandboxPolicy | null,
-/**
- * Optional full permissions profile for this command.
- *
- * Defaults to the user's configured permissions when omitted. Cannot be
- * combined with `sandboxPolicy`.
- */
-permissionProfile?: PermissionProfile | null, };
+sandboxPolicy?: SandboxPolicy | null, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/ConfiguredHookHandler.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/ConfiguredHookHandler.ts
@@ -1,5 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-
-export type ConfiguredHookHandler = { "type": "command", command: string, timeoutSec: bigint | null, async: boolean, statusMessage: string | null, } | { "type": "prompt", } | { "type": "agent", };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/ConfiguredHookMatcherGroup.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/ConfiguredHookMatcherGroup.ts
@@ -1,6 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { ConfiguredHookHandler } from "./ConfiguredHookHandler";
-
-export type ConfiguredHookMatcherGroup = { matcher: string | null, hooks: Array<ConfiguredHookHandler>, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/GuardianWarningNotification.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/GuardianWarningNotification.ts
@@ -1,13 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-
-export type GuardianWarningNotification = {
-/**
- * Thread target for the guardian warning.
- */
-threadId: string,
-/**
- * Concise guardian warning message for the user.
- */
-message: string, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/ManagedHooksRequirements.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/ManagedHooksRequirements.ts
@@ -1,6 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { ConfiguredHookMatcherGroup } from "./ConfiguredHookMatcherGroup";
-
-export type ManagedHooksRequirements = { managedDir: string | null, windowsManagedDir: string | null, PreToolUse: Array<ConfiguredHookMatcherGroup>, PermissionRequest: Array<ConfiguredHookMatcherGroup>, PostToolUse: Array<ConfiguredHookMatcherGroup>, SessionStart: Array<ConfiguredHookMatcherGroup>, UserPromptSubmit: Array<ConfiguredHookMatcherGroup>, Stop: Array<ConfiguredHookMatcherGroup>, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/MarketplaceUpgradeErrorInfo.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/MarketplaceUpgradeErrorInfo.ts
@@ -1,5 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-
-export type MarketplaceUpgradeErrorInfo = { marketplaceName: string, message: string, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/MarketplaceUpgradeParams.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/MarketplaceUpgradeParams.ts
@@ -1,5 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-
-export type MarketplaceUpgradeParams = { marketplaceName?: string | null, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/MarketplaceUpgradeResponse.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/MarketplaceUpgradeResponse.ts
@@ -1,7 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { AbsolutePathBuf } from "../AbsolutePathBuf";
-import type { MarketplaceUpgradeErrorInfo } from "./MarketplaceUpgradeErrorInfo";
-
-export type MarketplaceUpgradeResponse = { selectedMarketplaces: Array<string>, upgradedRoots: Array<AbsolutePathBuf>, errors: Array<MarketplaceUpgradeErrorInfo>, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/ModelVerification.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/ModelVerification.ts
@@ -1,5 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-
-export type ModelVerification = "trustedAccessForCyber";
--- a/codex-rs/app-server-protocol/schema/typescript/v2/ModelVerificationNotification.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/ModelVerificationNotification.ts
@@ -1,6 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { ModelVerification } from "./ModelVerification";
-
-export type ModelVerificationNotification = { threadId: string, turnId: string, verifications: Array<ModelVerification>, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/PermissionProfile.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/PermissionProfile.ts
@@ -1,7 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { PermissionProfileFileSystemPermissions } from "./PermissionProfileFileSystemPermissions";
-import type { PermissionProfileNetworkPermissions } from "./PermissionProfileNetworkPermissions";
-
-export type PermissionProfile = { network: PermissionProfileNetworkPermissions | null, fileSystem: PermissionProfileFileSystemPermissions | null, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/PermissionProfileFileSystemPermissions.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/PermissionProfileFileSystemPermissions.ts
@@ -1,6 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { FileSystemSandboxEntry } from "./FileSystemSandboxEntry";
-
-export type PermissionProfileFileSystemPermissions = { entries: Array<FileSystemSandboxEntry>, globScanMaxDepth?: number, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/PermissionProfileNetworkPermissions.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/PermissionProfileNetworkPermissions.ts
@@ -1,5 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-
-export type PermissionProfileNetworkPermissions = { enabled: boolean | null, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/PermissionsRequestApprovalResponse.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/PermissionsRequestApprovalResponse.ts
@@ -4,8 +4,4 @@
 import type { GrantedPermissionProfile } from "./GrantedPermissionProfile";
 import type { PermissionGrantScope } from "./PermissionGrantScope";

-export type PermissionsRequestApprovalResponse = { permissions: GrantedPermissionProfile, scope: PermissionGrantScope,
-/**
- * Review every subsequent command in this turn before normal sandboxed execution.
- */
-strictAutoReview?: boolean, };
+export type PermissionsRequestApprovalResponse = { permissions: GrantedPermissionProfile, scope: PermissionGrantScope, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/ThreadApproveGuardianDeniedActionParams.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/ThreadApproveGuardianDeniedActionParams.ts
@@ -1,10 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { JsonValue } from "../serde_json/JsonValue";
-
-export type ThreadApproveGuardianDeniedActionParams = { threadId: string,
-/**
- * Serialized `codex_protocol::protocol::GuardianAssessmentEvent`.
- */
-event: JsonValue, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/ThreadApproveGuardianDeniedActionResponse.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/ThreadApproveGuardianDeniedActionResponse.ts
@@ -1,5 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-
-export type ThreadApproveGuardianDeniedActionResponse = Record<string, never>;
--- a/codex-rs/app-server-protocol/schema/typescript/v2/ThreadForkParams.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/ThreadForkParams.ts
@@ -5,7 +5,6 @@ import type { ServiceTier } from "../ServiceTier";
 import type { JsonValue } from "../serde_json/JsonValue";
 import type { ApprovalsReviewer } from "./ApprovalsReviewer";
 import type { AskForApproval } from "./AskForApproval";
-import type { PermissionProfile } from "./PermissionProfile";
 import type { SandboxMode } from "./SandboxMode";

 /**
@@ -28,16 +27,7 @@ model?: string | null, modelProvider?: string | null, serviceTier?: ServiceTier
 * Override where approval requests are routed for review on this thread
 * and subsequent turns.
 */
-approvalsReviewer?: ApprovalsReviewer | null, sandbox?: SandboxMode | null, /**
- * Full permissions override for the forked thread. Cannot be combined
- * with `sandbox`.
- */
-permissionProfile?: PermissionProfile | null, config?: { [key in string]?: JsonValue } | null, baseInstructions?: string | null, developerInstructions?: string | null, ephemeral?: boolean, /**
- * When true, return only thread metadata and live fork state without
- * populating `thread.turns`. This is useful when the client plans to call
- * `thread/turns/list` immediately after forking.
- */
-excludeTurns?: boolean, /**
+approvalsReviewer?: ApprovalsReviewer | null, sandbox?: SandboxMode | null, config?: { [key in string]?: JsonValue } | null, baseInstructions?: string | null, developerInstructions?: string | null, ephemeral?: boolean, /**
 * If true, persist additional rollout EventMsg variants required to
 * reconstruct a richer thread history on subsequent resume/fork/read.
 */
--- a/codex-rs/app-server-protocol/schema/typescript/v2/ThreadForkResponse.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/ThreadForkResponse.ts
@@ -6,7 +6,6 @@ import type { ReasoningEffort } from "../ReasoningEffort";
 import type { ServiceTier } from "../ServiceTier";
 import type { ApprovalsReviewer } from "./ApprovalsReviewer";
 import type { AskForApproval } from "./AskForApproval";
-import type { PermissionProfile } from "./PermissionProfile";
 import type { SandboxPolicy } from "./SandboxPolicy";
 import type { Thread } from "./Thread";

@@ -18,16 +17,4 @@ instructionSources: Array<AbsolutePathBuf>, approvalPolicy: AskForApproval,
 /**
 * Reviewer currently used for approval requests on this thread.
 */
-approvalsReviewer: ApprovalsReviewer,
-/**
- * Legacy sandbox policy retained for compatibility. New clients should use
- * `permissionProfile` when present as the canonical active permissions
- * view.
- */
-sandbox: SandboxPolicy,
-/**
- * Canonical active permissions view for this thread when representable.
- * This is `null` for external sandbox policies because external
- * enforcement cannot be round-tripped as a `PermissionProfile`.
- */
-permissionProfile: PermissionProfile | null, reasoningEffort: ReasoningEffort | null, };
+approvalsReviewer: ApprovalsReviewer, sandbox: SandboxPolicy, reasoningEffort: ReasoningEffort | null, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/ThreadListParams.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/ThreadListParams.ts
@@ -38,16 +38,10 @@ sourceKinds?: Array<ThreadSourceKind> | null,
 */
 archived?: boolean | null,
 /**
- * Optional cwd filter or filters; when set, only threads whose session cwd
- * exactly matches one of these paths are returned.
+ * Optional cwd filter; when set, only threads whose session cwd exactly
+ * matches this path are returned.
 */
-cwd?: string | Array<string> | null,
-/**
- * If true, return from the state DB without scanning JSONL rollouts to
- * repair thread metadata. Omitted or false preserves scan-and-repair
- * behavior.
- */
-useStateDbOnly?: boolean,
+cwd?: string | null,
 /**
 * Optional substring filter for the extracted thread title.
 */
--- a/codex-rs/app-server-protocol/schema/typescript/v2/ThreadResumeParams.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/ThreadResumeParams.ts
@@ -7,7 +7,6 @@ import type { ServiceTier } from "../ServiceTier";
 import type { JsonValue } from "../serde_json/JsonValue";
 import type { ApprovalsReviewer } from "./ApprovalsReviewer";
 import type { AskForApproval } from "./AskForApproval";
-import type { PermissionProfile } from "./PermissionProfile";
 import type { SandboxMode } from "./SandboxMode";

 /**
@@ -37,16 +36,7 @@ model?: string | null, modelProvider?: string | null, serviceTier?: ServiceTier
 * Override where approval requests are routed for review on this thread
 * and subsequent turns.
 */
-approvalsReviewer?: ApprovalsReviewer | null, sandbox?: SandboxMode | null, /**
- * Full permissions override for the resumed thread. Cannot be combined
- * with `sandbox`.
- */
-permissionProfile?: PermissionProfile | null, config?: { [key in string]?: JsonValue } | null, baseInstructions?: string | null, developerInstructions?: string | null, personality?: Personality | null, /**
- * When true, return only thread metadata and live-resume state without
- * populating `thread.turns`. This is useful when the client plans to call
- * `thread/turns/list` immediately after resuming.
- */
-excludeTurns?: boolean, /**
+approvalsReviewer?: ApprovalsReviewer | null, sandbox?: SandboxMode | null, config?: { [key in string]?: JsonValue } | null, baseInstructions?: string | null, developerInstructions?: string | null, personality?: Personality | null, /**
 * If true, persist additional rollout EventMsg variants required to
 * reconstruct a richer thread history on subsequent resume/fork/read.
 */
--- a/codex-rs/app-server-protocol/schema/typescript/v2/ThreadResumeResponse.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/ThreadResumeResponse.ts
@@ -6,7 +6,6 @@ import type { ReasoningEffort } from "../ReasoningEffort";
 import type { ServiceTier } from "../ServiceTier";
 import type { ApprovalsReviewer } from "./ApprovalsReviewer";
 import type { AskForApproval } from "./AskForApproval";
-import type { PermissionProfile } from "./PermissionProfile";
 import type { SandboxPolicy } from "./SandboxPolicy";
 import type { Thread } from "./Thread";

@@ -18,16 +17,4 @@ instructionSources: Array<AbsolutePathBuf>, approvalPolicy: AskForApproval,
 /**
 * Reviewer currently used for approval requests on this thread.
 */
-approvalsReviewer: ApprovalsReviewer,
-/**
- * Legacy sandbox policy retained for compatibility. New clients should use
- * `permissionProfile` when present as the canonical active permissions
- * view.
- */
-sandbox: SandboxPolicy,
-/**
- * Canonical active permissions view for this thread when representable.
- * This is `null` for external sandbox policies because external
- * enforcement cannot be round-tripped as a `PermissionProfile`.
- */
-permissionProfile: PermissionProfile | null, reasoningEffort: ReasoningEffort | null, };
+approvalsReviewer: ApprovalsReviewer, sandbox: SandboxPolicy, reasoningEffort: ReasoningEffort | null, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/ThreadStartParams.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/ThreadStartParams.ts
@@ -6,7 +6,6 @@ import type { ServiceTier } from "../ServiceTier";
 import type { JsonValue } from "../serde_json/JsonValue";
 import type { ApprovalsReviewer } from "./ApprovalsReviewer";
 import type { AskForApproval } from "./AskForApproval";
-import type { PermissionProfile } from "./PermissionProfile";
 import type { SandboxMode } from "./SandboxMode";
 import type { ThreadStartSource } from "./ThreadStartSource";

@@ -14,11 +13,7 @@ export type ThreadStartParams = {model?: string | null, modelProvider?: string |
 * Override where approval requests are routed for review on this thread
 * and subsequent turns.
 */
-approvalsReviewer?: ApprovalsReviewer | null, sandbox?: SandboxMode | null, /**
- * Full permissions override for this thread. Cannot be combined with
- * `sandbox`.
- */
-permissionProfile?: PermissionProfile | null, config?: { [key in string]?: JsonValue } | null, serviceName?: string | null, baseInstructions?: string | null, developerInstructions?: string | null, personality?: Personality | null, ephemeral?: boolean | null, sessionStartSource?: ThreadStartSource | null, /**
+approvalsReviewer?: ApprovalsReviewer | null, sandbox?: SandboxMode | null, config?: { [key in string]?: JsonValue } | null, serviceName?: string | null, baseInstructions?: string | null, developerInstructions?: string | null, personality?: Personality | null, ephemeral?: boolean | null, sessionStartSource?: ThreadStartSource | null, /**
 * If true, opt into emitting raw Responses API items on the event stream.
 * This is for internal use only (e.g. Codex Cloud).
 */
--- a/codex-rs/app-server-protocol/schema/typescript/v2/ThreadStartResponse.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/ThreadStartResponse.ts
@@ -6,7 +6,6 @@ import type { ReasoningEffort } from "../ReasoningEffort";
 import type { ServiceTier } from "../ServiceTier";
 import type { ApprovalsReviewer } from "./ApprovalsReviewer";
 import type { AskForApproval } from "./AskForApproval";
-import type { PermissionProfile } from "./PermissionProfile";
 import type { SandboxPolicy } from "./SandboxPolicy";
 import type { Thread } from "./Thread";

@@ -18,16 +17,4 @@ instructionSources: Array<AbsolutePathBuf>, approvalPolicy: AskForApproval,
 /**
 * Reviewer currently used for approval requests on this thread.
 */
-approvalsReviewer: ApprovalsReviewer,
-/**
- * Legacy sandbox policy retained for compatibility. New clients should use
- * `permissionProfile` when present as the canonical active permissions
- * view.
- */
-sandbox: SandboxPolicy,
-/**
- * Canonical active permissions view for this thread when representable.
- * This is `null` for external sandbox policies because external
- * enforcement cannot be round-tripped as a `PermissionProfile`.
- */
-permissionProfile: PermissionProfile | null, reasoningEffort: ReasoningEffort | null, };
+approvalsReviewer: ApprovalsReviewer, sandbox: SandboxPolicy, reasoningEffort: ReasoningEffort | null, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/TurnStartParams.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/TurnStartParams.ts
@@ -9,7 +9,6 @@ import type { ServiceTier } from "../ServiceTier";
 import type { JsonValue } from "../serde_json/JsonValue";
 import type { ApprovalsReviewer } from "./ApprovalsReviewer";
 import type { AskForApproval } from "./AskForApproval";
-import type { PermissionProfile } from "./PermissionProfile";
 import type { SandboxPolicy } from "./SandboxPolicy";
 import type { UserInput } from "./UserInput";

@@ -27,10 +26,6 @@ approvalsReviewer?: ApprovalsReviewer | null, /**
 * Override the sandbox policy for this turn and subsequent turns.
 */
 sandboxPolicy?: SandboxPolicy | null, /**
- * Override the full permissions profile for this turn and subsequent
- * turns. Cannot be combined with `sandboxPolicy`.
- */
-permissionProfile?: PermissionProfile | null, /**
 * Override the model for this turn and subsequent turns.
 */
 model?: string | null, /**
--- a/codex-rs/app-server-protocol/schema/typescript/v2/index.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/index.ts
@@ -71,8 +71,6 @@ export type { ConfigRequirementsReadResponse } from "./ConfigRequirementsReadRes
 export type { ConfigValueWriteParams } from "./ConfigValueWriteParams";
 export type { ConfigWarningNotification } from "./ConfigWarningNotification";
 export type { ConfigWriteResponse } from "./ConfigWriteResponse";
-export type { ConfiguredHookHandler } from "./ConfiguredHookHandler";
-export type { ConfiguredHookMatcherGroup } from "./ConfiguredHookMatcherGroup";
 export type { ContextCompactedNotification } from "./ContextCompactedNotification";
 export type { CreditsSnapshot } from "./CreditsSnapshot";
 export type { DeprecationNoticeNotification } from "./DeprecationNoticeNotification";
@@ -149,7 +147,6 @@ export type { GuardianApprovalReviewStatus } from "./GuardianApprovalReviewStatu
 export type { GuardianCommandSource } from "./GuardianCommandSource";
 export type { GuardianRiskLevel } from "./GuardianRiskLevel";
 export type { GuardianUserAuthorization } from "./GuardianUserAuthorization";
-export type { GuardianWarningNotification } from "./GuardianWarningNotification";
 export type { HookCompletedNotification } from "./HookCompletedNotification";
 export type { HookEventName } from "./HookEventName";
 export type { HookExecutionMode } from "./HookExecutionMode";
@@ -171,16 +168,12 @@ export type { ListMcpServerStatusResponse } from "./ListMcpServerStatusResponse"
 export type { LoginAccountParams } from "./LoginAccountParams";
 export type { LoginAccountResponse } from "./LoginAccountResponse";
 export type { LogoutAccountResponse } from "./LogoutAccountResponse";
-export type { ManagedHooksRequirements } from "./ManagedHooksRequirements";
 export type { MarketplaceAddParams } from "./MarketplaceAddParams";
 export type { MarketplaceAddResponse } from "./MarketplaceAddResponse";
 export type { MarketplaceInterface } from "./MarketplaceInterface";
 export type { MarketplaceLoadErrorInfo } from "./MarketplaceLoadErrorInfo";
 export type { MarketplaceRemoveParams } from "./MarketplaceRemoveParams";
 export type { MarketplaceRemoveResponse } from "./MarketplaceRemoveResponse";
-export type { MarketplaceUpgradeErrorInfo } from "./MarketplaceUpgradeErrorInfo";
-export type { MarketplaceUpgradeParams } from "./MarketplaceUpgradeParams";
-export type { MarketplaceUpgradeResponse } from "./MarketplaceUpgradeResponse";
 export type { McpAuthStatus } from "./McpAuthStatus";
 export type { McpElicitationArrayType } from "./McpElicitationArrayType";
 export type { McpElicitationBooleanSchema } from "./McpElicitationBooleanSchema";
@@ -234,8 +227,6 @@ export type { ModelListResponse } from "./ModelListResponse";
 export type { ModelRerouteReason } from "./ModelRerouteReason";
 export type { ModelReroutedNotification } from "./ModelReroutedNotification";
 export type { ModelUpgradeInfo } from "./ModelUpgradeInfo";
-export type { ModelVerification } from "./ModelVerification";
-export type { ModelVerificationNotification } from "./ModelVerificationNotification";
 export type { NetworkAccess } from "./NetworkAccess";
 export type { NetworkApprovalContext } from "./NetworkApprovalContext";
 export type { NetworkApprovalProtocol } from "./NetworkApprovalProtocol";
@@ -249,9 +240,6 @@ export type { OverriddenMetadata } from "./OverriddenMetadata";
 export type { PatchApplyStatus } from "./PatchApplyStatus";
 export type { PatchChangeKind } from "./PatchChangeKind";
 export type { PermissionGrantScope } from "./PermissionGrantScope";
-export type { PermissionProfile } from "./PermissionProfile";
-export type { PermissionProfileFileSystemPermissions } from "./PermissionProfileFileSystemPermissions";
-export type { PermissionProfileNetworkPermissions } from "./PermissionProfileNetworkPermissions";
 export type { PermissionsRequestApprovalParams } from "./PermissionsRequestApprovalParams";
 export type { PermissionsRequestApprovalResponse } from "./PermissionsRequestApprovalResponse";
 export type { PlanDeltaNotification } from "./PlanDeltaNotification";
@@ -317,8 +305,6 @@ export type { TextPosition } from "./TextPosition";
 export type { TextRange } from "./TextRange";
 export type { Thread } from "./Thread";
 export type { ThreadActiveFlag } from "./ThreadActiveFlag";
-export type { ThreadApproveGuardianDeniedActionParams } from "./ThreadApproveGuardianDeniedActionParams";
-export type { ThreadApproveGuardianDeniedActionResponse } from "./ThreadApproveGuardianDeniedActionResponse";
 export type { ThreadArchiveParams } from "./ThreadArchiveParams";
 export type { ThreadArchiveResponse } from "./ThreadArchiveResponse";
 export type { ThreadArchivedNotification } from "./ThreadArchivedNotification";
--- a/codex-rs/app-server-protocol/src/protocol/common.rs
+++ b/codex-rs/app-server-protocol/src/protocol/common.rs
@@ -30,11 +30,6 @@ pub enum AuthMode {
    #[ts(rename = "chatgptAuthTokens")]
    #[strum(serialize = "chatgptAuthTokens")]
    ChatgptAuthTokens,
-    /// Programmatic Codex auth backed by a registered Agent Identity.
-    #[serde(rename = "agentIdentity")]
-    #[ts(rename = "agentIdentity")]
-    #[strum(serialize = "agentIdentity")]
-    AgentIdentity,
 }

 macro_rules! experimental_reason_expr {
@@ -158,6 +153,108 @@ macro_rules! client_request_definitions {
                    })
                    .unwrap_or_else(|| "<unknown>".to_string())
            }
+
+            pub fn into_jsonrpc_parts(
+                self,
+            ) -> std::result::Result<(RequestId, crate::Result), serde_json::Error> {
+                match self {
+                    $(
+                        Self::$variant { request_id, response } => {
+                            serde_json::to_value(response).map(|result| (request_id, result))
+                        }
+                    )*
+                }
+            }
+        }
+
+        #[derive(Debug, Clone)]
+        #[allow(clippy::large_enum_variant)]
+        pub enum ClientResponsePayload {
+            $( $variant($response), )*
+            InterruptConversation(v1::InterruptConversationResponse),
+        }
+
+        impl ClientResponsePayload {
+            pub fn into_jsonrpc_parts_and_payload(
+                self,
+                request_id: RequestId,
+            ) -> std::result::Result<
+                (RequestId, crate::Result, Option<Box<ClientResponsePayload>>),
+                serde_json::Error,
+            > {
+                match self {
+                    $(
+                        Self::$variant(response) => {
+                            let result = serde_json::to_value(&response)?;
+                            Ok((request_id, result, Some(Box::new(Self::$variant(response)))))
+                        }
+                    )*
+                    Self::InterruptConversation(response) => {
+                        serde_json::to_value(response).map(|result| (request_id, result, None))
+                    }
+                }
+            }
+
+            pub fn into_client_response(self, request_id: RequestId) -> Option<ClientResponse> {
+                match self {
+                    $(
+                        Self::$variant(response) => {
+                            Some(ClientResponse::$variant {
+                                request_id,
+                                response,
+                            })
+                        }
+                    )*
+                    Self::InterruptConversation(_) => None,
+                }
+            }
+
+            pub fn into_jsonrpc_parts_and_client_response(
+                self,
+                request_id: RequestId,
+            ) -> std::result::Result<
+                (RequestId, crate::Result, Option<ClientResponse>),
+                serde_json::Error,
+            > {
+                match self {
+                    $(
+                        Self::$variant(response) => {
+                            let result = serde_json::to_value(&response)?;
+                            let client_response = ClientResponse::$variant {
+                                request_id: request_id.clone(),
+                                response,
+                            };
+                            Ok((request_id, result, Some(client_response)))
+                        }
+                    )*
+                    Self::InterruptConversation(response) => {
+                        serde_json::to_value(response).map(|result| (request_id, result, None))
+                    }
+                }
+            }
+
+            pub fn into_jsonrpc_parts(
+                self,
+                request_id: RequestId,
+            ) -> std::result::Result<(RequestId, crate::Result), serde_json::Error> {
+                self.to_jsonrpc_parts(request_id)
+            }
+
+            pub fn to_jsonrpc_parts(
+                &self,
+                request_id: RequestId,
+            ) -> std::result::Result<(RequestId, crate::Result), serde_json::Error> {
+                match self {
+                    $(
+                        Self::$variant(response) => {
+                            serde_json::to_value(response).map(|result| (request_id, result))
+                        }
+                    )*
+                    Self::InterruptConversation(response) => {
+                        serde_json::to_value(response).map(|result| (request_id, result))
+                    }
+                }
+            }
        }

        impl crate::experimental_api::ExperimentalApi for ClientRequest {
@@ -311,10 +408,6 @@ client_request_definitions! {
        params: v2::ThreadShellCommandParams,
        response: v2::ThreadShellCommandResponse,
    },
-    ThreadApproveGuardianDeniedAction => "thread/approveGuardianDeniedAction" {
-        params: v2::ThreadApproveGuardianDeniedActionParams,
-        response: v2::ThreadApproveGuardianDeniedActionResponse,
-    },
    #[experimental("thread/backgroundTerminals/clean")]
    ThreadBackgroundTerminalsClean => "thread/backgroundTerminals/clean" {
        params: v2::ThreadBackgroundTerminalsCleanParams,
@@ -357,10 +450,6 @@ client_request_definitions! {
        params: v2::MarketplaceRemoveParams,
        response: v2::MarketplaceRemoveResponse,
    },
-    MarketplaceUpgrade => "marketplace/upgrade" {
-        params: v2::MarketplaceUpgradeParams,
-        response: v2::MarketplaceUpgradeResponse,
-    },
    PluginList => "plugin/list" {
        params: v2::PluginListParams,
        response: v2::PluginListResponse,
@@ -1064,9 +1153,7 @@ server_notification_definitions! {
    /// Deprecated: Use `ContextCompaction` item type instead.
    ContextCompacted => "thread/compacted" (v2::ContextCompactedNotification),
    ModelRerouted => "model/rerouted" (v2::ModelReroutedNotification),
-    ModelVerification => "model/verification" (v2::ModelVerificationNotification),
    Warning => "warning" (v2::WarningNotification),
-    GuardianWarning => "guardianWarning" (v2::GuardianWarningNotification),
    DeprecationNotice => "deprecationNotice" (v2::DeprecationNoticeNotification),
    ConfigWarning => "configWarning" (v2::ConfigWarningNotification),
    FuzzyFileSearchSessionUpdated => "fuzzyFileSearch/sessionUpdated" (FuzzyFileSearchSessionUpdatedNotification),
@@ -1113,6 +1200,7 @@ mod tests {
    use codex_protocol::protocol::RealtimeConversationVersion;
    use codex_protocol::protocol::RealtimeOutputModality;
    use codex_protocol::protocol::RealtimeVoice;
+    use codex_protocol::protocol::TurnAbortReason;
    use codex_utils_absolute_path::AbsolutePathBuf;
    use codex_utils_absolute_path::test_support::PathBufExt;
    use codex_utils_absolute_path::test_support::test_path_buf;
@@ -1445,7 +1533,6 @@ mod tests {

    #[test]
    fn serialize_client_response() -> Result<()> {
-        let cwd = absolute_path("/tmp");
        let response = ClientResponse::ThreadStart {
            request_id: RequestId::Integer(7),
            response: v2::ThreadStartResponse {
@@ -1459,7 +1546,7 @@ mod tests {
                    updated_at: 2,
                    status: v2::ThreadStatus::Idle,
                    path: None,
-                    cwd: cwd.clone(),
+                    cwd: absolute_path("/tmp"),
                    cli_version: "0.0.0".to_string(),
                    source: v2::SessionSource::Exec,
                    agent_nickname: None,
@@ -1471,18 +1558,11 @@ mod tests {
                model: "gpt-5".to_string(),
                model_provider: "openai".to_string(),
                service_tier: None,
-                cwd: cwd.clone(),
+                cwd: absolute_path("/tmp"),
                instruction_sources: vec![absolute_path("/tmp/AGENTS.md")],
                approval_policy: v2::AskForApproval::OnFailure,
                approvals_reviewer: v2::ApprovalsReviewer::User,
                sandbox: v2::SandboxPolicy::DangerFullAccess,
-                permission_profile: Some(
-                    codex_protocol::models::PermissionProfile::from_legacy_sandbox_policy(
-                        &codex_protocol::protocol::SandboxPolicy::DangerFullAccess,
-                        cwd.as_path(),
-                    )
-                    .into(),
-                ),
                reasoning_effort: None,
            },
        };
@@ -1525,24 +1605,6 @@ mod tests {
                    "sandbox": {
                        "type": "dangerFullAccess"
                    },
-                    "permissionProfile": {
-                        "network": {
-                            "enabled": true,
-                        },
-                        "fileSystem": {
-                            "entries": [
-                                {
-                                    "path": {
-                                        "type": "special",
-                                        "value": {
-                                            "kind": "root",
-                                        },
-                                    },
-                                    "access": "write",
-                                },
-                            ],
-                        },
-                    },
                    "reasoningEffort": null
                }
            }),
@@ -1551,6 +1613,45 @@ mod tests {
        Ok(())
    }

+    #[test]
+    fn client_response_payload_returns_jsonrpc_parts_and_client_response() -> Result<()> {
+        let (request_id, result, client_response) =
+            ClientResponsePayload::ThreadArchive(v2::ThreadArchiveResponse {})
+                .into_jsonrpc_parts_and_client_response(RequestId::Integer(7))?;
+
+        assert_eq!(request_id, RequestId::Integer(7));
+        assert_eq!(result, json!({}));
+
+        let Some(ClientResponse::ThreadArchive {
+            request_id,
+            response: _,
+        }) = client_response
+        else {
+            panic!("expected thread/archive client response");
+        };
+        assert_eq!(request_id, RequestId::Integer(7));
+        Ok(())
+    }
+
+    #[test]
+    fn interrupt_conversation_payload_stays_jsonrpc_only() -> Result<()> {
+        let (request_id, result, client_response) =
+            ClientResponsePayload::InterruptConversation(v1::InterruptConversationResponse {
+                abort_reason: TurnAbortReason::Interrupted,
+            })
+            .into_jsonrpc_parts_and_client_response(RequestId::Integer(8))?;
+
+        assert_eq!(request_id, RequestId::Integer(8));
+        assert_eq!(
+            result,
+            json!({
+                "abortReason": "interrupted",
+            })
+        );
+        assert!(client_response.is_none());
+        Ok(())
+    }
+
    #[test]
    fn serialize_config_requirements_read() -> Result<()> {
        let request = ClientRequest::ConfigRequirementsRead {
--- a/codex-rs/app-server-protocol/src/protocol/mappers.rs
+++ b/codex-rs/app-server-protocol/src/protocol/mappers.rs
@@ -18,7 +18,6 @@ impl From<v1::ExecOneOffCommandParams> for v2::CommandExecParams {
            env: None,
            size: None,
            sandbox_policy: value.sandbox_policy.map(std::convert::Into::into),
-            permission_profile: None,
        }
    }
 }
--- a/codex-rs/app-server-protocol/src/protocol/thread_history.rs
+++ b/codex-rs/app-server-protocol/src/protocol/thread_history.rs
@@ -1357,7 +1357,6 @@ mod tests {
                last_agent_message: None,
                completed_at: None,
                duration_ms: None,
-                time_to_first_token_ms: None,
            }),
        ];

@@ -1432,7 +1431,6 @@ mod tests {
                last_agent_message: None,
                completed_at: None,
                duration_ms: None,
-                time_to_first_token_ms: None,
            })),
        ];

@@ -1756,7 +1754,6 @@ mod tests {
                last_agent_message: None,
                completed_at: None,
                duration_ms: None,
-                time_to_first_token_ms: None,
            }),
        ];

@@ -2270,7 +2267,6 @@ mod tests {
                last_agent_message: None,
                completed_at: None,
                duration_ms: None,
-                time_to_first_token_ms: None,
            }),
            EventMsg::TurnStarted(TurnStartedEvent {
                turn_id: "turn-b".into(),
@@ -2308,7 +2304,6 @@ mod tests {
                last_agent_message: None,
                completed_at: None,
                duration_ms: None,
-                time_to_first_token_ms: None,
            }),
        ];

@@ -2361,7 +2356,6 @@ mod tests {
                last_agent_message: None,
                completed_at: None,
                duration_ms: None,
-                time_to_first_token_ms: None,
            }),
            EventMsg::TurnStarted(TurnStartedEvent {
                turn_id: "turn-b".into(),
@@ -2399,7 +2393,6 @@ mod tests {
                last_agent_message: None,
                completed_at: None,
                duration_ms: None,
-                time_to_first_token_ms: None,
            }),
        ];

@@ -2574,7 +2567,6 @@ mod tests {
                last_agent_message: None,
                completed_at: None,
                duration_ms: None,
-                time_to_first_token_ms: None,
            }),
            EventMsg::TurnStarted(TurnStartedEvent {
                turn_id: "turn-b".into(),
@@ -2593,7 +2585,6 @@ mod tests {
                last_agent_message: None,
                completed_at: None,
                duration_ms: None,
-                time_to_first_token_ms: None,
            }),
            EventMsg::AgentMessage(AgentMessageEvent {
                message: "still in b".into(),
@@ -2605,7 +2596,6 @@ mod tests {
                last_agent_message: None,
                completed_at: None,
                duration_ms: None,
-                time_to_first_token_ms: None,
            }),
        ];

@@ -2640,7 +2630,6 @@ mod tests {
                last_agent_message: None,
                completed_at: None,
                duration_ms: None,
-                time_to_first_token_ms: None,
            }),
            EventMsg::TurnStarted(TurnStartedEvent {
                turn_id: "turn-b".into(),
@@ -2697,7 +2686,6 @@ mod tests {
                last_agent_message: None,
                completed_at: None,
                duration_ms: None,
-                time_to_first_token_ms: None,
            })),
        ];

@@ -2943,7 +2931,6 @@ mod tests {
                last_agent_message: None,
                completed_at: None,
                duration_ms: None,
-                time_to_first_token_ms: None,
            }),
            EventMsg::Error(ErrorEvent {
                message: "request-level failure".into(),
@@ -3003,7 +2990,6 @@ mod tests {
                last_agent_message: None,
                completed_at: None,
                duration_ms: None,
-                time_to_first_token_ms: None,
            }),
        ];

@@ -3055,7 +3041,6 @@ mod tests {
                last_agent_message: None,
                completed_at: None,
                duration_ms: None,
-                time_to_first_token_ms: None,
            })),
        ];

@@ -3104,7 +3089,6 @@ mod tests {
                last_agent_message: None,
                completed_at: None,
                duration_ms: None,
-                time_to_first_token_ms: None,
            })),
        ];

--- a/codex-rs/app-server-protocol/src/protocol/v2.rs
+++ b/codex-rs/app-server-protocol/src/protocol/v2.rs
@@ -72,7 +72,6 @@ use codex_protocol::protocol::HookRunSummary as CoreHookRunSummary;
 use codex_protocol::protocol::HookScope as CoreHookScope;
 use codex_protocol::protocol::HookSource as CoreHookSource;
 use codex_protocol::protocol::ModelRerouteReason as CoreModelRerouteReason;
-use codex_protocol::protocol::ModelVerification as CoreModelVerification;
 use codex_protocol::protocol::NetworkAccess as CoreNetworkAccess;
 use codex_protocol::protocol::NonSteerableTurnKind as CoreNonSteerableTurnKind;
 use codex_protocol::protocol::PatchApplyStatus as CorePatchApplyStatus;
@@ -102,11 +101,6 @@ use codex_protocol::user_input::TextElement as CoreTextElement;
 use codex_protocol::user_input::UserInput as CoreUserInput;
 use codex_utils_absolute_path::AbsolutePathBuf;
 use schemars::JsonSchema;
-use schemars::r#gen::SchemaGenerator;
-use schemars::schema::InstanceType;
-use schemars::schema::Metadata;
-use schemars::schema::Schema;
-use schemars::schema::SchemaObject;
 use serde::Deserialize;
 use serde::Serialize;
 use serde_json::Value as JsonValue;
@@ -164,7 +158,6 @@ pub enum CodexErrorInfo {
    ContextWindowExceeded,
    UsageLimitExceeded,
    ServerOverloaded,
-    CyberPolicy,
    HttpConnectionFailed {
        #[serde(rename = "httpStatusCode")]
        #[ts(rename = "httpStatusCode")]
@@ -209,7 +202,6 @@ impl From<CoreCodexErrorInfo> for CodexErrorInfo {
            CoreCodexErrorInfo::ContextWindowExceeded => CodexErrorInfo::ContextWindowExceeded,
            CoreCodexErrorInfo::UsageLimitExceeded => CodexErrorInfo::UsageLimitExceeded,
            CoreCodexErrorInfo::ServerOverloaded => CodexErrorInfo::ServerOverloaded,
-            CoreCodexErrorInfo::CyberPolicy => CodexErrorInfo::CyberPolicy,
            CoreCodexErrorInfo::HttpConnectionFailed { http_status_code } => {
                CodexErrorInfo::HttpConnectionFailed { http_status_code }
            }
@@ -312,59 +304,24 @@ impl From<CoreAskForApproval> for AskForApproval {
    }
 }

-#[derive(Serialize, Deserialize, Debug, Clone, Copy, PartialEq, Eq, TS)]
-#[ts(
-    type = r#""user" | "auto_review" | "guardian_subagent""#,
-    export_to = "v2/"
-)]
+#[derive(Serialize, Deserialize, Debug, Clone, Copy, PartialEq, Eq, JsonSchema, TS)]
+#[serde(rename_all = "snake_case")]
+#[ts(rename_all = "snake_case", export_to = "v2/")]
 /// Configures who approval requests are routed to for review. Examples
 /// include sandbox escapes, blocked network access, MCP approval prompts, and
-/// ARC escalations. Defaults to `user`. `auto_review` uses a carefully
+/// ARC escalations. Defaults to `user`. `guardian_subagent` uses a carefully
 /// prompted subagent to gather relevant context and apply a risk-based
 /// decision framework before approving or denying the request.
 pub enum ApprovalsReviewer {
-    #[serde(rename = "user")]
    User,
-    #[serde(rename = "guardian_subagent", alias = "auto_review")]
-    AutoReview,
-}
-
-impl JsonSchema for ApprovalsReviewer {
-    fn schema_name() -> String {
-        "ApprovalsReviewer".to_string()
-    }
-
-    fn json_schema(_generator: &mut SchemaGenerator) -> Schema {
-        string_enum_schema_with_description(
-            &["user", "auto_review", "guardian_subagent"],
-            "Configures who approval requests are routed to for review. Examples include sandbox escapes, blocked network access, MCP approval prompts, and ARC escalations. Defaults to `user`. `auto_review` uses a carefully prompted subagent to gather relevant context and apply a risk-based decision framework before approving or denying the request. The legacy value `guardian_subagent` is accepted for compatibility.",
-        )
-    }
-}
-
-fn string_enum_schema_with_description(values: &[&str], description: &str) -> Schema {
-    let mut schema = SchemaObject {
-        instance_type: Some(InstanceType::String.into()),
-        metadata: Some(Box::new(Metadata {
-            description: Some(description.to_string()),
-            ..Default::default()
-        })),
-        ..Default::default()
-    };
-    schema.enum_values = Some(
-        values
-            .iter()
-            .map(|value| JsonValue::String((*value).to_string()))
-            .collect(),
-    );
-    Schema::Object(schema)
+    GuardianSubagent,
 }

 impl ApprovalsReviewer {
    pub fn to_core(self) -> CoreApprovalsReviewer {
        match self {
            ApprovalsReviewer::User => CoreApprovalsReviewer::User,
-            ApprovalsReviewer::AutoReview => CoreApprovalsReviewer::AutoReview,
+            ApprovalsReviewer::GuardianSubagent => CoreApprovalsReviewer::GuardianSubagent,
        }
    }
 }
@@ -373,7 +330,7 @@ impl From<CoreApprovalsReviewer> for ApprovalsReviewer {
    fn from(value: CoreApprovalsReviewer) -> Self {
        match value {
            CoreApprovalsReviewer::User => ApprovalsReviewer::User,
-            CoreApprovalsReviewer::AutoReview => ApprovalsReviewer::AutoReview,
+            CoreApprovalsReviewer::GuardianSubagent => ApprovalsReviewer::GuardianSubagent,
        }
    }
 }
@@ -428,12 +385,6 @@ v2_enum_from_core!(
    }
 );

-v2_enum_from_core!(
-    pub enum ModelVerification from CoreModelVerification {
-        TrustedAccessForCyber
-    }
-);
-
 v2_enum_from_core!(
    pub enum HookEventName from CoreHookEventName {
        PreToolUse, PermissionRequest, PostToolUse, SessionStart, UserPromptSubmit, Stop
@@ -950,71 +901,11 @@ pub struct ConfigRequirements {
    pub allowed_sandbox_modes: Option<Vec<SandboxMode>>,
    pub allowed_web_search_modes: Option<Vec<WebSearchMode>>,
    pub feature_requirements: Option<BTreeMap<String, bool>>,
-    #[experimental("configRequirements/read.hooks")]
-    pub hooks: Option<ManagedHooksRequirements>,
    pub enforce_residency: Option<ResidencyRequirement>,
    #[experimental("configRequirements/read.network")]
    pub network: Option<NetworkRequirements>,
 }

-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct ManagedHooksRequirements {
-    pub managed_dir: Option<PathBuf>,
-    pub windows_managed_dir: Option<PathBuf>,
-    #[serde(rename = "PreToolUse")]
-    #[ts(rename = "PreToolUse")]
-    pub pre_tool_use: Vec<ConfiguredHookMatcherGroup>,
-    #[serde(rename = "PermissionRequest")]
-    #[ts(rename = "PermissionRequest")]
-    pub permission_request: Vec<ConfiguredHookMatcherGroup>,
-    #[serde(rename = "PostToolUse")]
-    #[ts(rename = "PostToolUse")]
-    pub post_tool_use: Vec<ConfiguredHookMatcherGroup>,
-    #[serde(rename = "SessionStart")]
-    #[ts(rename = "SessionStart")]
-    pub session_start: Vec<ConfiguredHookMatcherGroup>,
-    #[serde(rename = "UserPromptSubmit")]
-    #[ts(rename = "UserPromptSubmit")]
-    pub user_prompt_submit: Vec<ConfiguredHookMatcherGroup>,
-    #[serde(rename = "Stop")]
-    #[ts(rename = "Stop")]
-    pub stop: Vec<ConfiguredHookMatcherGroup>,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct ConfiguredHookMatcherGroup {
-    pub matcher: Option<String>,
-    pub hooks: Vec<ConfiguredHookHandler>,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
-#[serde(tag = "type")]
-#[ts(tag = "type", export_to = "v2/")]
-pub enum ConfiguredHookHandler {
-    #[serde(rename = "command")]
-    #[ts(rename = "command")]
-    Command {
-        command: String,
-        #[serde(rename = "timeoutSec")]
-        #[ts(rename = "timeoutSec")]
-        timeout_sec: Option<u64>,
-        r#async: bool,
-        #[serde(rename = "statusMessage")]
-        #[ts(rename = "statusMessage")]
-        status_message: Option<String>,
-    },
-    #[serde(rename = "prompt")]
-    #[ts(rename = "prompt")]
-    Prompt {},
-    #[serde(rename = "agent")]
-    #[ts(rename = "agent")]
-    Agent {},
-}
-
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
@@ -1273,9 +1164,7 @@ impl From<CoreNetworkApprovalContext> for NetworkApprovalContext {
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
 pub struct AdditionalFileSystemPermissions {
-    /// This will be removed in favor of `entries`.
    pub read: Option<Vec<AbsolutePathBuf>>,
-    /// This will be removed in favor of `entries`.
    pub write: Option<Vec<AbsolutePathBuf>>,
    #[serde(default, skip_serializing_if = "Option::is_none")]
    #[ts(optional)]
@@ -1288,26 +1177,11 @@ pub struct AdditionalFileSystemPermissions {
 impl From<CoreFileSystemPermissions> for AdditionalFileSystemPermissions {
    fn from(value: CoreFileSystemPermissions) -> Self {
        if let Some((read, write)) = value.legacy_read_write_roots() {
-            let mut entries = Vec::with_capacity(
-                read.as_ref().map_or(0, Vec::len) + write.as_ref().map_or(0, Vec::len),
-            );
-            if let Some(paths) = read.as_ref() {
-                entries.extend(paths.iter().map(|path| FileSystemSandboxEntry {
-                    path: FileSystemPath::Path { path: path.clone() },
-                    access: FileSystemAccessMode::Read,
-                }));
-            }
-            if let Some(paths) = write.as_ref() {
-                entries.extend(paths.iter().map(|path| FileSystemSandboxEntry {
-                    path: FileSystemPath::Path { path: path.clone() },
-                    access: FileSystemAccessMode::Write,
-                }));
-            }
            Self {
                read,
                write,
                glob_scan_max_depth: None,
-                entries: Some(entries),
+                entries: None,
            }
        } else {
            Self {
@@ -1351,13 +1225,6 @@ pub struct AdditionalNetworkPermissions {
    pub enabled: Option<bool>,
 }

-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct PermissionProfileNetworkPermissions {
-    pub enabled: Option<bool>,
-}
-
 impl From<CoreNetworkPermissions> for AdditionalNetworkPermissions {
    fn from(value: CoreNetworkPermissions) -> Self {
        Self {
@@ -1374,22 +1241,6 @@ impl From<AdditionalNetworkPermissions> for CoreNetworkPermissions {
    }
 }

-impl From<CoreNetworkPermissions> for PermissionProfileNetworkPermissions {
-    fn from(value: CoreNetworkPermissions) -> Self {
-        Self {
-            enabled: value.enabled,
-        }
-    }
-}
-
-impl From<PermissionProfileNetworkPermissions> for CoreNetworkPermissions {
-    fn from(value: PermissionProfileNetworkPermissions) -> Self {
-        Self {
-            enabled: value.enabled,
-        }
-    }
-}
-
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
 #[serde(rename_all = "camelCase")]
 #[serde(deny_unknown_fields)]
@@ -1532,70 +1383,6 @@ impl From<FileSystemSandboxEntry> for CoreFileSystemSandboxEntry {
    }
 }

-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct PermissionProfileFileSystemPermissions {
-    pub entries: Vec<FileSystemSandboxEntry>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    #[ts(optional)]
-    pub glob_scan_max_depth: Option<NonZeroUsize>,
-}
-
-impl From<CoreFileSystemPermissions> for PermissionProfileFileSystemPermissions {
-    fn from(value: CoreFileSystemPermissions) -> Self {
-        Self {
-            entries: value
-                .entries
-                .into_iter()
-                .map(FileSystemSandboxEntry::from)
-                .collect(),
-            glob_scan_max_depth: value.glob_scan_max_depth,
-        }
-    }
-}
-
-impl From<PermissionProfileFileSystemPermissions> for CoreFileSystemPermissions {
-    fn from(value: PermissionProfileFileSystemPermissions) -> Self {
-        Self {
-            entries: value
-                .entries
-                .into_iter()
-                .map(CoreFileSystemSandboxEntry::from)
-                .collect(),
-            glob_scan_max_depth: value.glob_scan_max_depth,
-        }
-    }
-}
-
-#[derive(Serialize, Deserialize, Debug, Default, Clone, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct PermissionProfile {
-    pub network: Option<PermissionProfileNetworkPermissions>,
-    pub file_system: Option<PermissionProfileFileSystemPermissions>,
-}
-
-impl From<CorePermissionProfile> for PermissionProfile {
-    fn from(value: CorePermissionProfile) -> Self {
-        Self {
-            network: value.network.map(PermissionProfileNetworkPermissions::from),
-            file_system: value
-                .file_system
-                .map(PermissionProfileFileSystemPermissions::from),
-        }
-    }
-}
-
-impl From<PermissionProfile> for CorePermissionProfile {
-    fn from(value: PermissionProfile) -> Self {
-        Self {
-            network: value.network.map(CoreNetworkPermissions::from),
-            file_system: value.file_system.map(CoreFileSystemPermissions::from),
-        }
-    }
-}
-
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
@@ -3152,16 +2939,9 @@ pub struct CommandExecParams {
    /// Optional sandbox policy for this command.
    ///
    /// Uses the same shape as thread/turn execution sandbox configuration and
-    /// defaults to the user's configured policy when omitted. Cannot be
-    /// combined with `permissionProfile`.
+    /// defaults to the user's configured policy when omitted.
    #[ts(optional = nullable)]
    pub sandbox_policy: Option<SandboxPolicy>,
-    /// Optional full permissions profile for this command.
-    ///
-    /// Defaults to the user's configured permissions when omitted. Cannot be
-    /// combined with `sandboxPolicy`.
-    #[ts(optional = nullable)]
-    pub permission_profile: Option<PermissionProfile>,
 }

 /// Final buffered result for `command/exec`.
@@ -3280,10 +3060,6 @@ pub struct ThreadStartParams {
    pub approvals_reviewer: Option<ApprovalsReviewer>,
    #[ts(optional = nullable)]
    pub sandbox: Option<SandboxMode>,
-    /// Full permissions override for this thread. Cannot be combined with
-    /// `sandbox`.
-    #[ts(optional = nullable)]
-    pub permission_profile: Option<PermissionProfile>,
    #[ts(optional = nullable)]
    pub config: Option<HashMap<String, JsonValue>>,
    #[ts(optional = nullable)]
@@ -3351,15 +3127,7 @@ pub struct ThreadStartResponse {
    pub approval_policy: AskForApproval,
    /// Reviewer currently used for approval requests on this thread.
    pub approvals_reviewer: ApprovalsReviewer,
-    /// Legacy sandbox policy retained for compatibility. New clients should use
-    /// `permissionProfile` when present as the canonical active permissions
-    /// view.
    pub sandbox: SandboxPolicy,
-    /// Canonical active permissions view for this thread when representable.
-    /// This is `null` for external sandbox policies because external
-    /// enforcement cannot be round-tripped as a `PermissionProfile`.
-    #[serde(default)]
-    pub permission_profile: Option<PermissionProfile>,
    pub reasoning_effort: Option<ReasoningEffort>,
 }

@@ -3417,10 +3185,6 @@ pub struct ThreadResumeParams {
    pub approvals_reviewer: Option<ApprovalsReviewer>,
    #[ts(optional = nullable)]
    pub sandbox: Option<SandboxMode>,
-    /// Full permissions override for the resumed thread. Cannot be combined
-    /// with `sandbox`.
-    #[ts(optional = nullable)]
-    pub permission_profile: Option<PermissionProfile>,
    #[ts(optional = nullable)]
    pub config: Option<HashMap<String, serde_json::Value>>,
    #[ts(optional = nullable)]
@@ -3429,11 +3193,6 @@ pub struct ThreadResumeParams {
    pub developer_instructions: Option<String>,
    #[ts(optional = nullable)]
    pub personality: Option<Personality>,
-    /// When true, return only thread metadata and live-resume state without
-    /// populating `thread.turns`. This is useful when the client plans to call
-    /// `thread/turns/list` immediately after resuming.
-    #[serde(default, skip_serializing_if = "std::ops::Not::not")]
-    pub exclude_turns: bool,
    /// If true, persist additional rollout EventMsg variants required to
    /// reconstruct a richer thread history on subsequent resume/fork/read.
    #[experimental("thread/resume.persistFullHistory")]
@@ -3457,15 +3216,7 @@ pub struct ThreadResumeResponse {
    pub approval_policy: AskForApproval,
    /// Reviewer currently used for approval requests on this thread.
    pub approvals_reviewer: ApprovalsReviewer,
-    /// Legacy sandbox policy retained for compatibility. New clients should use
-    /// `permissionProfile` when present as the canonical active permissions
-    /// view.
    pub sandbox: SandboxPolicy,
-    /// Canonical active permissions view for this thread when representable.
-    /// This is `null` for external sandbox policies because external
-    /// enforcement cannot be round-tripped as a `PermissionProfile`.
-    #[serde(default)]
-    pub permission_profile: Option<PermissionProfile>,
    pub reasoning_effort: Option<ReasoningEffort>,
 }

@@ -3514,10 +3265,6 @@ pub struct ThreadForkParams {
    pub approvals_reviewer: Option<ApprovalsReviewer>,
    #[ts(optional = nullable)]
    pub sandbox: Option<SandboxMode>,
-    /// Full permissions override for the forked thread. Cannot be combined
-    /// with `sandbox`.
-    #[ts(optional = nullable)]
-    pub permission_profile: Option<PermissionProfile>,
    #[ts(optional = nullable)]
    pub config: Option<HashMap<String, serde_json::Value>>,
    #[ts(optional = nullable)]
@@ -3526,11 +3273,6 @@ pub struct ThreadForkParams {
    pub developer_instructions: Option<String>,
    #[serde(default, skip_serializing_if = "std::ops::Not::not")]
    pub ephemeral: bool,
-    /// When true, return only thread metadata and live fork state without
-    /// populating `thread.turns`. This is useful when the client plans to call
-    /// `thread/turns/list` immediately after forking.
-    #[serde(default, skip_serializing_if = "std::ops::Not::not")]
-    pub exclude_turns: bool,
    /// If true, persist additional rollout EventMsg variants required to
    /// reconstruct a richer thread history on subsequent resume/fork/read.
    #[experimental("thread/fork.persistFullHistory")]
@@ -3554,15 +3296,7 @@ pub struct ThreadForkResponse {
    pub approval_policy: AskForApproval,
    /// Reviewer currently used for approval requests on this thread.
    pub approvals_reviewer: ApprovalsReviewer,
-    /// Legacy sandbox policy retained for compatibility. New clients should use
-    /// `permissionProfile` when present as the canonical active permissions
-    /// view.
    pub sandbox: SandboxPolicy,
-    /// Canonical active permissions view for this thread when representable.
-    /// This is `null` for external sandbox policies because external
-    /// enforcement cannot be round-tripped as a `PermissionProfile`.
-    #[serde(default)]
-    pub permission_profile: Option<PermissionProfile>,
    pub reasoning_effort: Option<ReasoningEffort>,
 }

@@ -3794,20 +3528,6 @@ pub struct ThreadShellCommandParams {
 #[ts(export_to = "v2/")]
 pub struct ThreadShellCommandResponse {}

-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct ThreadApproveGuardianDeniedActionParams {
-    pub thread_id: String,
-    /// Serialized `codex_protocol::protocol::GuardianAssessmentEvent`.
-    pub event: JsonValue,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct ThreadApproveGuardianDeniedActionResponse {}
-
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
@@ -3872,27 +3592,15 @@ pub struct ThreadListParams {
    /// If false or null, only non-archived threads are returned.
    #[ts(optional = nullable)]
    pub archived: Option<bool>,
-    /// Optional cwd filter or filters; when set, only threads whose session cwd
-    /// exactly matches one of these paths are returned.
-    #[ts(optional = nullable, type = "string | Array<string> | null")]
-    pub cwd: Option<ThreadListCwdFilter>,
-    /// If true, return from the state DB without scanning JSONL rollouts to
-    /// repair thread metadata. Omitted or false preserves scan-and-repair
-    /// behavior.
-    #[serde(default, skip_serializing_if = "std::ops::Not::not")]
-    pub use_state_db_only: bool,
+    /// Optional cwd filter; when set, only threads whose session cwd exactly
+    /// matches this path are returned.
+    #[ts(optional = nullable)]
+    pub cwd: Option<String>,
    /// Optional substring filter for the extracted thread title.
    #[ts(optional = nullable)]
    pub search_term: Option<String>,
 }

-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema)]
-#[serde(untagged)]
-pub enum ThreadListCwdFilter {
-    One(String),
-    Many(Vec<String>),
-}
-
 #[derive(Serialize, Deserialize, Debug, Clone, Copy, PartialEq, Eq, JsonSchema, TS)]
 #[serde(rename_all = "camelCase")]
 #[ts(rename_all = "camelCase", export_to = "v2/")]
@@ -4104,31 +3812,6 @@ pub struct MarketplaceRemoveResponse {
    pub installed_root: Option<AbsolutePathBuf>,
 }

-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct MarketplaceUpgradeParams {
-    #[ts(optional = nullable)]
-    pub marketplace_name: Option<String>,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct MarketplaceUpgradeResponse {
-    pub selected_marketplaces: Vec<String>,
-    pub upgraded_roots: Vec<AbsolutePathBuf>,
-    pub errors: Vec<MarketplaceUpgradeErrorInfo>,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct MarketplaceUpgradeErrorInfo {
-    pub marketplace_name: String,
-    pub message: String,
-}
-
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
@@ -4996,10 +4679,6 @@ pub struct TurnStartParams {
    /// Override the sandbox policy for this turn and subsequent turns.
    #[ts(optional = nullable)]
    pub sandbox_policy: Option<SandboxPolicy>,
-    /// Override the full permissions profile for this turn and subsequent
-    /// turns. Cannot be combined with `sandboxPolicy`.
-    #[ts(optional = nullable)]
-    pub permission_profile: Option<PermissionProfile>,
    /// Override the model for this turn and subsequent turns.
    #[ts(optional = nullable)]
    pub model: Option<String>,
@@ -7180,10 +6859,6 @@ pub struct PermissionsRequestApprovalResponse {
    pub permissions: GrantedPermissionProfile,
    #[serde(default)]
    pub scope: PermissionGrantScope,
-    /// Review every subsequent command in this turn before normal sandboxed execution.
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    #[ts(optional)]
-    pub strict_auto_review: Option<bool>,
 }

 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
@@ -7418,15 +7093,6 @@ pub struct ModelReroutedNotification {
    pub reason: ModelRerouteReason,
 }

-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct ModelVerificationNotification {
-    pub thread_id: String,
-    pub turn_id: String,
-    pub verifications: Vec<ModelVerification>,
-}
-
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
@@ -7447,16 +7113,6 @@ pub struct WarningNotification {
    pub message: String,
 }

-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct GuardianWarningNotification {
-    /// Thread target for the guardian warning.
-    pub thread_id: String,
-    /// Concise guardian warning message for the user.
-    pub message: String,
-}
-
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
@@ -7527,70 +7183,6 @@ mod tests {
        absolute_path("readable")
    }

-    #[test]
-    fn approvals_reviewer_serializes_auto_review_and_accepts_legacy_guardian_subagent() {
-        assert_eq!(
-            serde_json::to_string(&ApprovalsReviewer::User).expect("serialize reviewer"),
-            "\"user\""
-        );
-        assert_eq!(
-            serde_json::to_string(&ApprovalsReviewer::AutoReview).expect("serialize reviewer"),
-            "\"guardian_subagent\""
-        );
-
-        for value in ["user", "auto_review", "guardian_subagent"] {
-            let json = format!("\"{value}\"");
-            let reviewer: ApprovalsReviewer =
-                serde_json::from_str(&json).expect("deserialize reviewer");
-            let expected = if value == "user" {
-                ApprovalsReviewer::User
-            } else {
-                ApprovalsReviewer::AutoReview
-            };
-            assert_eq!(expected, reviewer);
-        }
-    }
-
-    #[test]
-    fn thread_list_params_accepts_single_cwd() {
-        let params = serde_json::from_value::<ThreadListParams>(json!({
-            "cwd": "/workspace",
-        }))
-        .expect("single cwd should deserialize");
-
-        assert_eq!(
-            params.cwd,
-            Some(ThreadListCwdFilter::One("/workspace".to_string()))
-        );
-        assert!(!params.use_state_db_only);
-    }
-
-    #[test]
-    fn thread_list_params_accepts_multiple_cwds() {
-        let params = serde_json::from_value::<ThreadListParams>(json!({
-            "cwd": ["/workspace", "/other-workspace"],
-        }))
-        .expect("cwd array should deserialize");
-
-        assert_eq!(
-            params.cwd,
-            Some(ThreadListCwdFilter::Many(vec![
-                "/workspace".to_string(),
-                "/other-workspace".to_string(),
-            ]))
-        );
-    }
-
-    #[test]
-    fn thread_list_params_accepts_state_db_only_flag() {
-        let params = serde_json::from_value::<ThreadListParams>(json!({
-            "useStateDbOnly": true,
-        }))
-        .expect("state db only flag should deserialize");
-
-        assert!(params.use_state_db_only);
-    }
-
    #[test]
    fn collab_agent_state_maps_interrupted_status() {
        assert_eq!(
@@ -7816,45 +7408,6 @@ mod tests {
        );
    }

-    #[test]
-    fn additional_file_system_permissions_populates_entries_for_legacy_roots() {
-        let read_only_path = absolute_path("read-only");
-        let read_write_path = absolute_path("read-write");
-        let core_permissions = CoreFileSystemPermissions::from_read_write_roots(
-            Some(vec![read_only_path.clone()]),
-            Some(vec![read_write_path.clone()]),
-        );
-
-        let permissions = AdditionalFileSystemPermissions::from(core_permissions.clone());
-
-        assert_eq!(
-            permissions,
-            AdditionalFileSystemPermissions {
-                read: Some(vec![read_only_path.clone()]),
-                write: Some(vec![read_write_path.clone()]),
-                glob_scan_max_depth: None,
-                entries: Some(vec![
-                    FileSystemSandboxEntry {
-                        path: FileSystemPath::Path {
-                            path: read_only_path,
-                        },
-                        access: FileSystemAccessMode::Read,
-                    },
-                    FileSystemSandboxEntry {
-                        path: FileSystemPath::Path {
-                            path: read_write_path,
-                        },
-                        access: FileSystemAccessMode::Write,
-                    },
-                ]),
-            }
-        );
-        assert_eq!(
-            CoreFileSystemPermissions::from(permissions),
-            core_permissions
-        );
-    }
-
    #[test]
    fn additional_file_system_permissions_rejects_zero_glob_scan_depth() {
        serde_json::from_value::<AdditionalFileSystemPermissions>(json!({
@@ -7866,47 +7419,6 @@ mod tests {
        .expect_err("zero glob scan depth should fail deserialization");
    }

-    #[test]
-    fn permission_profile_file_system_permissions_preserves_glob_scan_depth() {
-        let core_permissions = CoreFileSystemPermissions {
-            entries: vec![CoreFileSystemSandboxEntry {
-                path: CoreFileSystemPath::GlobPattern {
-                    pattern: "**/*.env".to_string(),
-                },
-                access: CoreFileSystemAccessMode::None,
-            }],
-            glob_scan_max_depth: NonZeroUsize::new(2),
-        };
-
-        let permissions = PermissionProfileFileSystemPermissions::from(core_permissions.clone());
-
-        assert_eq!(
-            permissions,
-            PermissionProfileFileSystemPermissions {
-                entries: vec![FileSystemSandboxEntry {
-                    path: FileSystemPath::GlobPattern {
-                        pattern: "**/*.env".to_string(),
-                    },
-                    access: FileSystemAccessMode::None,
-                }],
-                glob_scan_max_depth: NonZeroUsize::new(2),
-            }
-        );
-        assert_eq!(
-            CoreFileSystemPermissions::from(permissions),
-            core_permissions
-        );
-    }
-
-    #[test]
-    fn permission_profile_file_system_permissions_rejects_zero_glob_scan_depth() {
-        serde_json::from_value::<PermissionProfileFileSystemPermissions>(json!({
-            "entries": [],
-            "globScanMaxDepth": 0,
-        }))
-        .expect_err("zero glob scan depth should fail deserialization");
-    }
-
    #[test]
    fn permissions_request_approval_response_uses_granted_permission_profile_without_macos() {
        let read_only_path = if cfg!(windows) {
@@ -7981,18 +7493,6 @@ mod tests {
        .expect("response should deserialize");

        assert_eq!(response.scope, PermissionGrantScope::Turn);
-        assert_eq!(response.strict_auto_review, None);
-    }
-
-    #[test]
-    fn permissions_request_approval_response_accepts_strict_auto_review() {
-        let response = serde_json::from_value::<PermissionsRequestApprovalResponse>(json!({
-            "permissions": {},
-            "strictAutoReview": true,
-        }))
-        .expect("response should deserialize");
-
-        assert_eq!(response.strict_auto_review, Some(true));
    }

    #[test]
@@ -8386,7 +7886,6 @@ mod tests {
                env: None,
                size: None,
                sandbox_policy: None,
-                permission_profile: None,
            }
        );
    }
@@ -8407,7 +7906,6 @@ mod tests {
            env: None,
            size: None,
            sandbox_policy: None,
-            permission_profile: None,
        };

        let value = serde_json::to_value(&params).expect("serialize command/exec params");
@@ -8422,7 +7920,6 @@ mod tests {
                "env": null,
                "size": null,
                "sandboxPolicy": null,
-                "permissionProfile": null,
                "outputBytesCap": null,
            })
        );
@@ -8448,7 +7945,6 @@ mod tests {
            env: None,
            size: None,
            sandbox_policy: None,
-            permission_profile: None,
        };

        let value = serde_json::to_value(&params).expect("serialize command/exec params");
@@ -8465,7 +7961,6 @@ mod tests {
                "env": null,
                "size": null,
                "sandboxPolicy": null,
-                "permissionProfile": null,
            })
        );

@@ -8494,7 +7989,6 @@ mod tests {
            ])),
            size: None,
            sandbox_policy: None,
-            permission_profile: None,
        };

        let value = serde_json::to_value(&params).expect("serialize command/exec params");
@@ -8513,7 +8007,6 @@ mod tests {
                },
                "size": null,
                "sandboxPolicy": null,
-                "permissionProfile": null,
            })
        );

@@ -8583,7 +8076,6 @@ mod tests {
                cols: 120,
            }),
            sandbox_policy: None,
-            permission_profile: None,
        };

        let value = serde_json::to_value(&params).expect("serialize command/exec params");
@@ -8602,7 +8094,6 @@ mod tests {
                    "cols": 120,
                },
                "sandboxPolicy": null,
-                "permissionProfile": null,
            })
        );

@@ -8879,7 +8370,7 @@ mod tests {
            model_auto_compact_token_limit: None,
            model_provider: None,
            approval_policy: None,
-            approvals_reviewer: Some(ApprovalsReviewer::AutoReview),
+            approvals_reviewer: Some(ApprovalsReviewer::GuardianSubagent),
            sandbox_mode: None,
            sandbox_workspace_write: None,
            forced_chatgpt_workspace_id: None,
@@ -8981,7 +8472,7 @@ mod tests {
                    model: None,
                    model_provider: None,
                    approval_policy: None,
-                    approvals_reviewer: Some(ApprovalsReviewer::AutoReview),
+                    approvals_reviewer: Some(ApprovalsReviewer::GuardianSubagent),
                    service_tier: None,
                    model_reasoning_effort: None,
                    model_reasoning_summary: None,
@@ -9022,7 +8513,6 @@ mod tests {
                allowed_sandbox_modes: None,
                allowed_web_search_modes: None,
                feature_requirements: None,
-                hooks: None,
                enforce_residency: None,
                network: None,
            });
@@ -9815,36 +9305,6 @@ mod tests {
        );
    }

-    #[test]
-    fn marketplace_upgrade_params_serialization_uses_optional_marketplace_name() {
-        assert_eq!(
-            serde_json::to_value(MarketplaceUpgradeParams {
-                marketplace_name: None,
-            })
-            .unwrap(),
-            json!({
-                "marketplaceName": null,
-            }),
-        );
-
-        assert_eq!(
-            serde_json::from_value::<MarketplaceUpgradeParams>(json!({})).unwrap(),
-            MarketplaceUpgradeParams {
-                marketplace_name: None,
-            },
-        );
-
-        assert_eq!(
-            serde_json::to_value(MarketplaceUpgradeParams {
-                marketplace_name: Some("debug".to_string()),
-            })
-            .unwrap(),
-            json!({
-                "marketplaceName": "debug",
-            }),
-        );
-    }
-
    #[test]
    fn plugin_marketplace_entry_serializes_remote_only_path_as_null() {
        assert_eq!(
@@ -10091,37 +9551,6 @@ mod tests {
        );
    }

-    #[test]
-    fn marketplace_upgrade_response_serializes_camel_case_fields() {
-        let upgraded_root = if cfg!(windows) {
-            r"C:\marketplaces\debug"
-        } else {
-            "/tmp/marketplaces/debug"
-        };
-        let upgraded_root = AbsolutePathBuf::try_from(PathBuf::from(upgraded_root)).unwrap();
-        let upgraded_root_json = upgraded_root.as_path().display().to_string();
-
-        assert_eq!(
-            serde_json::to_value(MarketplaceUpgradeResponse {
-                selected_marketplaces: vec!["debug".to_string()],
-                upgraded_roots: vec![upgraded_root],
-                errors: vec![MarketplaceUpgradeErrorInfo {
-                    marketplace_name: "broken".to_string(),
-                    message: "failed to clone".to_string(),
-                }],
-            })
-            .unwrap(),
-            json!({
-                "selectedMarketplaces": ["debug"],
-                "upgradedRoots": [upgraded_root_json],
-                "errors": [{
-                    "marketplaceName": "broken",
-                    "message": "failed to clone",
-                }],
-            }),
-        );
-    }
-
    #[test]
    fn codex_error_info_serializes_http_status_code_in_camel_case() {
        let value = CodexErrorInfo::ResponseTooManyFailedAttempts {
@@ -10138,14 +9567,6 @@ mod tests {
        );
    }

-    #[test]
-    fn codex_error_info_serializes_cyber_policy_in_camel_case() {
-        assert_eq!(
-            serde_json::to_value(CodexErrorInfo::CyberPolicy).unwrap(),
-            json!("cyberPolicy")
-        );
-    }
-
    #[test]
    fn codex_error_info_serializes_active_turn_not_steerable_turn_kind_in_camel_case() {
        let value = CodexErrorInfo::ActiveTurnNotSteerable {
@@ -10287,7 +9708,7 @@ mod tests {
    }

    #[test]
-    fn thread_lifecycle_responses_default_missing_compat_fields() {
+    fn thread_lifecycle_responses_default_missing_instruction_sources() {
        let response = json!({
            "thread": {
                "id": "thread-id",
@@ -10328,9 +9749,6 @@ mod tests {
        assert_eq!(start.instruction_sources, Vec::<AbsolutePathBuf>::new());
        assert_eq!(resume.instruction_sources, Vec::<AbsolutePathBuf>::new());
        assert_eq!(fork.instruction_sources, Vec::<AbsolutePathBuf>::new());
-        assert_eq!(start.permission_profile, None);
-        assert_eq!(resume.permission_profile, None);
-        assert_eq!(fork.permission_profile, None);
    }

    #[test]
@@ -10358,7 +9776,6 @@ mod tests {
            approval_policy: None,
            approvals_reviewer: None,
            sandbox_policy: None,
-            permission_profile: None,
            model: None,
            service_tier: None,
            effort: None,
--- a/codex-rs/app-server-test-client/src/lib.rs
+++ b/codex-rs/app-server-test-client/src/lib.rs
@@ -1129,7 +1129,6 @@ async fn thread_list(endpoint: &Endpoint, config_overrides: &[String], limit: u3
            source_kinds: None,
            archived: None,
            cwd: None,
-            use_state_db_only: false,
            search_term: None,
        })?;
        println!("< thread/list response: {response:?}");
--- a/codex-rs/app-server/Cargo.toml
+++ b/codex-rs/app-server/Cargo.toml
@@ -40,6 +40,7 @@ codex-exec-server = { workspace = true }
 codex-features = { workspace = true }
 codex-git-utils = { workspace = true }
 codex-otel = { workspace = true }
+codex-plugin = { workspace = true }
 codex-shell-command = { workspace = true }
 codex-utils-cli = { workspace = true }
 codex-utils-pty = { workspace = true }
@@ -58,7 +59,6 @@ codex-sandboxing = { workspace = true }
 codex-state = { workspace = true }
 codex-thread-store = { workspace = true }
 codex-tools = { workspace = true }
-codex-uds = { workspace = true }
 codex-utils-absolute-path = { workspace = true }
 codex-utils-json-to-toml = { workspace = true }
 codex-utils-rustls-provider = { workspace = true }
--- a/Show More
+++ b/Show More