Avoid duplicate codex_apps tool refresh on force refetch

.github/CODEOWNERS

@@ -1,6 +1,5 @@
 # Core crate ownership.
 /codex-rs/core/ @openai/codex-core-agent-team
-/codex-rs/ext/extension-api/ @openai/codex-core-agent-team
 
 # Keep ownership changes reviewed by the same team.
 /.github/CODEOWNERS @openai/codex-core-agent-team

.github/ISSUE_TEMPLATE/3-cli.yml

@@ -11,8 +11,6 @@ body:
 
         Make sure you are running the [latest](https://npmjs.com/package/@openai/codex) version of Codex CLI. The bug you are experiencing may already have been fixed.
 
-        If your version supports it, please run `codex doctor --json` and paste the output in the "Codex doctor report" field below. This helps us diagnose install, config, auth, terminal, MCP, network, and local state issues.
-
   - type: input
     id: version
     attributes:
@@ -45,16 +43,6 @@ body:
       description: |
         Also note any multiplexer in use (screen / tmux / zellij).
         E.g., VS Code, Terminal.app, iTerm2, Ghostty, Windows Terminal (WSL / PowerShell)
-  - type: textarea
-    id: doctor
-    attributes:
-      label: Codex doctor report
-      description: |
-        If available, run `codex doctor --json` and paste the full output here.
-
-        The report is designed to redact secrets, but please review it before submitting.
-        If your Codex version does not support `doctor`, write `not available`.
-      render: json
   - type: textarea
     id: actual
     attributes:

.github/workflows/bazel.yml

@@ -17,10 +17,10 @@ concurrency:
   cancel-in-progress: ${{ github.ref_name != 'main' }}
 jobs:
   test:
-    # PRs use the sharded Windows cross-compiled test jobs below. Post-merge
-    # pushes to main also run the native Windows test job for broader Windows
-    # signal without putting PR latency back on the critical path. Cargo CI
-    # owns V8/code-mode test coverage for now.
+    # PRs use a fast Windows cross-compiled test leg for pre-merge signal.
+    # Post-merge pushes to main also run the native Windows test job below for
+    # broader Windows signal without putting PR latency back on the critical
+    # path. Cargo CI owns V8/code-mode test coverage for now.
     timeout-minutes: 30
     strategy:
       fail-fast: false
@@ -44,6 +44,12 @@ jobs:
           # - os: ubuntu-24.04-arm
           #   target: aarch64-unknown-linux-gnu
 
+          # Windows fast path: build the windows-gnullvm binaries with Linux
+          # RBE, then run the resulting Windows tests on the Windows runner.
+          # Cargo CI preserves V8/code-mode coverage while Bazel CI keeps broad
+          # non-code-mode signal.
+          - os: windows-latest
+            target: x86_64-pc-windows-gnullvm
     runs-on: ${{ matrix.os }}
 
     # Configure a human readable name for each job
@@ -102,6 +108,13 @@ jobs:
             --test_verbose_timeout_warnings
             --build_metadata=COMMIT_SHA=${GITHUB_SHA}
           )
+          if [[ "${RUNNER_OS}" == "Windows" ]]; then
+            bazel_wrapper_args+=(
+              --windows-cross-compile
+              --remote-download-toplevel
+            )
+          fi
+
           ./.github/scripts/run-bazel-ci.sh \
             "${bazel_wrapper_args[@]}" \
             -- \
@@ -128,118 +141,6 @@ jobs:
           path: ${{ steps.prepare_bazel.outputs.repository-cache-path }}
           key: ${{ steps.prepare_bazel.outputs.repository-cache-key }}
 
-  test-windows-shard:
-    # Split the Windows Bazel test leg across separate Windows
-    # hosts. Each shard still uses Linux RBE for build actions, but the test
-    # execution itself happens on its own Windows runner.
-    timeout-minutes: 30
-    strategy:
-      fail-fast: false
-      matrix:
-        shard:
-          - 1
-          - 2
-          - 3
-          - 4
-    runs-on: windows-latest
-    name: Bazel test on windows-latest for x86_64-pc-windows-gnullvm shard ${{ matrix.shard }}/4
-
-    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
-          persist-credentials: false
-
-      - name: Prepare Bazel CI
-        id: prepare_bazel
-        uses: ./.github/actions/prepare-bazel-ci
-        with:
-          target: x86_64-pc-windows-gnullvm
-          # Reuse the former monolithic Windows test cache for restores. Do
-          # not save it from every shard below; duplicate uploads would sit on
-          # the PR-blocking critical path after the useful test work is done.
-          cache-scope: bazel-test
-          install-test-prereqs: "true"
-
-      - name: bazel test shard
-        env:
-          BAZEL_TEST_SHARD: ${{ matrix.shard }}
-          BAZEL_TEST_SHARD_COUNT: 4
-          BUILDBUDDY_API_KEY: ${{ secrets.BUILDBUDDY_API_KEY }}
-        shell: bash
-        run: |
-          set -euo pipefail
-
-          bazel_test_query='tests(//...) except tests(//third_party/v8:all) except //codex-rs/code-mode:code-mode-unit-tests except //codex-rs/v8-poc:v8-poc-unit-tests except attr(tags, "manual", tests(//...))'
-          mapfile -t bazel_targets < <(
-            MSYS2_ARG_CONV_EXCL='*' bazel query --output=label "${bazel_test_query}" \
-              | LC_ALL=C sort
-          )
-
-          selected_targets=()
-          for bazel_target in "${bazel_targets[@]}"; do
-            target_bucket="$(
-              printf '%s\n' "${bazel_target}" \
-                | cksum \
-                | awk -v shard_count="${BAZEL_TEST_SHARD_COUNT}" '{ print ($1 % shard_count) + 1 }'
-            )"
-            if [[ "${target_bucket}" == "${BAZEL_TEST_SHARD}" ]]; then
-              selected_targets+=("${bazel_target}")
-            fi
-          done
-
-          if [[ ${#selected_targets[@]} -eq 0 ]]; then
-            echo "No Bazel test targets selected for Windows shard ${BAZEL_TEST_SHARD}/${BAZEL_TEST_SHARD_COUNT}." >&2
-            exit 1
-          fi
-
-          echo "Selected ${#selected_targets[@]} of ${#bazel_targets[@]} Bazel test targets for Windows shard ${BAZEL_TEST_SHARD}/${BAZEL_TEST_SHARD_COUNT}."
-
-          bazel_test_args=(
-            test
-            --skip_incompatible_explicit_targets
-            --test_tag_filters=-argument-comment-lint
-            --test_verbose_timeout_warnings
-            --build_metadata=COMMIT_SHA=${GITHUB_SHA}
-            --build_metadata=TAG_windows_test_shard=${BAZEL_TEST_SHARD}
-          )
-
-          ./.github/scripts/run-bazel-ci.sh \
-            --print-failed-action-summary \
-            --print-failed-test-logs \
-            --windows-cross-compile \
-            --remote-download-toplevel \
-            -- \
-            "${bazel_test_args[@]}" \
-            -- \
-            "${selected_targets[@]}"
-
-      - name: Upload Bazel execution logs
-        if: always() && !cancelled()
-        continue-on-error: true
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
-        with:
-          name: bazel-execution-logs-test-x86_64-pc-windows-gnullvm-shard-${{ matrix.shard }}
-          path: ${{ runner.temp }}/bazel-execution-logs
-          if-no-files-found: ignore
-
-  test-windows:
-    # Preserve the existing required-check surface while the real work happens
-    # in the sharded Windows jobs above.
-    if: always()
-    needs: test-windows-shard
-    runs-on: ubuntu-24.04
-    name: Bazel test on windows-latest for x86_64-pc-windows-gnullvm
-
-    steps:
-      - name: Confirm Windows Bazel test shards passed
-        shell: bash
-        run: |
-          if [[ "${{ needs.test-windows-shard.result }}" != "success" ]]; then
-            echo "Windows Bazel test shards finished with result: ${{ needs.test-windows-shard.result }}" >&2
-            exit 1
-          fi
-
   test-windows-native-main:
     # Native Windows Bazel tests are slower and frequently approach the
     # 30-minute PR budget. Run this only for post-merge commits to main and give

.github/workflows/issue-deduplicator.yml

@@ -15,8 +15,14 @@ jobs:
     permissions:
       contents: read
     outputs:
-      codex_output: ${{ steps.codex-all.outputs.final-message }}
+      issues_json: ${{ steps.normalize-all.outputs.issues_json }}
+      reason: ${{ steps.normalize-all.outputs.reason }}
+      has_matches: ${{ steps.normalize-all.outputs.has_matches }}
     steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
       - name: Prepare Codex inputs
         env:
           GH_TOKEN: ${{ github.token }}
@@ -61,8 +67,6 @@ jobs:
         with:
           openai-api-key: ${{ secrets.CODEX_OPENAI_API_KEY }}
           allow-users: "*"
-          safety-strategy: drop-sudo
-          sandbox: read-only
           prompt: |
             You are an assistant that triages new GitHub issues by identifying potential duplicates.
 
@@ -96,21 +100,10 @@ jobs:
               "additionalProperties": false
             }
 
-  normalize-duplicates-all:
-    name: Normalize pass 1 output
-    needs: gather-duplicates-all
-    if: ${{ needs.gather-duplicates-all.result == 'success' }}
-    runs-on: ubuntu-latest
-    permissions: {}
-    outputs:
-      issues_json: ${{ steps.normalize-all.outputs.issues_json }}
-      reason: ${{ steps.normalize-all.outputs.reason }}
-      has_matches: ${{ steps.normalize-all.outputs.has_matches }}
-    steps:
       - id: normalize-all
         name: Normalize pass 1 output
         env:
-          CODEX_OUTPUT: ${{ needs.gather-duplicates-all.outputs.codex_output }}
+          CODEX_OUTPUT: ${{ steps.codex-all.outputs.final-message }}
           CURRENT_ISSUE_NUMBER: ${{ github.event.issue.number }}
         run: |
           set -eo pipefail
@@ -153,15 +146,21 @@ jobs:
 
   gather-duplicates-open:
     name: Identify potential duplicates (open issues fallback)
-    # Pass 1 Codex execution drops sudo on its runner, so run the fallback in a fresh job.
-    needs: normalize-duplicates-all
-    if: ${{ needs.normalize-duplicates-all.result == 'success' && needs.normalize-duplicates-all.outputs.has_matches != 'true' }}
+    # Pass 1 may drop sudo on the runner, so run the fallback in a fresh job.
+    needs: gather-duplicates-all
+    if: ${{ needs.gather-duplicates-all.result == 'success' && needs.gather-duplicates-all.outputs.has_matches != 'true' }}
     runs-on: ubuntu-latest
     permissions:
       contents: read
     outputs:
-      codex_output: ${{ steps.codex-open.outputs.final-message }}
+      issues_json: ${{ steps.normalize-open.outputs.issues_json }}
+      reason: ${{ steps.normalize-open.outputs.reason }}
+      has_matches: ${{ steps.normalize-open.outputs.has_matches }}
     steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
       - name: Prepare Codex inputs
         env:
           GH_TOKEN: ${{ github.token }}
@@ -204,8 +203,6 @@ jobs:
         with:
           openai-api-key: ${{ secrets.CODEX_OPENAI_API_KEY }}
           allow-users: "*"
-          safety-strategy: drop-sudo
-          sandbox: read-only
           prompt: |
             You are an assistant that triages new GitHub issues by identifying potential duplicates.
 
@@ -239,21 +236,10 @@ jobs:
               "additionalProperties": false
             }
 
-  normalize-duplicates-open:
-    name: Normalize pass 2 output
-    needs: gather-duplicates-open
-    if: ${{ needs.gather-duplicates-open.result == 'success' }}
-    runs-on: ubuntu-latest
-    permissions: {}
-    outputs:
-      issues_json: ${{ steps.normalize-open.outputs.issues_json }}
-      reason: ${{ steps.normalize-open.outputs.reason }}
-      has_matches: ${{ steps.normalize-open.outputs.has_matches }}
-    steps:
       - id: normalize-open
         name: Normalize pass 2 output
         env:
-          CODEX_OUTPUT: ${{ needs.gather-duplicates-open.outputs.codex_output }}
+          CODEX_OUTPUT: ${{ steps.codex-open.outputs.final-message }}
           CURRENT_ISSUE_NUMBER: ${{ github.event.issue.number }}
         run: |
           set -eo pipefail
@@ -297,9 +283,9 @@ jobs:
   select-final:
     name: Select final duplicate set
     needs:
-      - normalize-duplicates-all
-      - normalize-duplicates-open
-    if: ${{ always() && needs.normalize-duplicates-all.result == 'success' && (needs.normalize-duplicates-open.result == 'success' || needs.normalize-duplicates-open.result == 'skipped') }}
+      - gather-duplicates-all
+      - gather-duplicates-open
+    if: ${{ always() && needs.gather-duplicates-all.result == 'success' && (needs.gather-duplicates-open.result == 'success' || needs.gather-duplicates-open.result == 'skipped') }}
     runs-on: ubuntu-latest
     permissions:
       contents: read
@@ -309,12 +295,12 @@ jobs:
       - id: select-final
         name: Select final duplicate set
         env:
-          PASS1_ISSUES: ${{ needs.normalize-duplicates-all.outputs.issues_json }}
-          PASS1_REASON: ${{ needs.normalize-duplicates-all.outputs.reason }}
-          PASS2_ISSUES: ${{ needs.normalize-duplicates-open.outputs.issues_json }}
-          PASS2_REASON: ${{ needs.normalize-duplicates-open.outputs.reason }}
-          PASS1_HAS_MATCHES: ${{ needs.normalize-duplicates-all.outputs.has_matches }}
-          PASS2_HAS_MATCHES: ${{ needs.normalize-duplicates-open.outputs.has_matches }}
+          PASS1_ISSUES: ${{ needs.gather-duplicates-all.outputs.issues_json }}
+          PASS1_REASON: ${{ needs.gather-duplicates-all.outputs.reason }}
+          PASS2_ISSUES: ${{ needs.gather-duplicates-open.outputs.issues_json }}
+          PASS2_REASON: ${{ needs.gather-duplicates-open.outputs.reason }}
+          PASS1_HAS_MATCHES: ${{ needs.gather-duplicates-all.outputs.has_matches }}
+          PASS2_HAS_MATCHES: ${{ needs.gather-duplicates-open.outputs.has_matches }}
         run: |
           set -eo pipefail
 

.github/workflows/issue-labeler.yml

@@ -17,13 +17,15 @@ jobs:
     outputs:
       codex_output: ${{ steps.codex.outputs.final-message }}
     steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+
       - id: codex
         uses: openai/codex-action@5c3f4ccdb2b8790f73d6b21751ac00e602aa0c02 # v1.7
         with:
           openai-api-key: ${{ secrets.CODEX_OPENAI_API_KEY }}
           allow-users: "*"
-          safety-strategy: drop-sudo
-          sandbox: read-only
           prompt: |
             You are an assistant that reviews GitHub issues for the repository.
 

.github/workflows/rust-ci-full.yml

@@ -524,9 +524,10 @@ jobs:
   tests:
     name: Tests — ${{ matrix.runner }} - ${{ matrix.target }}${{ matrix.remote_env == 'true' && ' (remote)' || '' }}
     runs-on: ${{ matrix.runs_on || matrix.runner }}
-    # Windows ARM64 is the long pole here, and nextest retries plus targeted
-    # Windows timeout headroom need more than 45m to finish reliably.
-    timeout-minutes: 60
+    # Perhaps we can bring this back down to 30m once we finish the cutover
+    # from tui_app_server/ to tui/. Incidentally, windows-arm64 was the main
+    # offender for exceeding the timeout.
+    timeout-minutes: 45
     defaults:
       run:
         working-directory: codex-rs
@@ -687,14 +688,6 @@ jobs:
           RUST_MIN_STACK: "8388608" # 8 MiB
           NEXTEST_STATUS_LEVEL: leak
 
-      - name: Upload nextest JUnit report
-        if: always()
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
-        with:
-          name: nextest-junit-rust-ci-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}
-          path: codex-rs/target/nextest/default/junit.xml
-          if-no-files-found: warn
-
       - name: Upload Cargo timings (nextest)
         if: always()
         uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0

.github/workflows/rust-release-prepare.yml

@@ -16,9 +16,6 @@ jobs:
   prepare:
     # Prevent scheduled runs on forks (no secrets, wastes Actions minutes)
     if: github.repository == 'openai/codex'
-    environment:
-      name: rust-release-prepare
-      deployment: false
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

.github/workflows/rust-release-windows.yml

@@ -220,48 +220,6 @@ jobs:
               "$dest/${binary}-${{ matrix.target }}.exe"
           done
 
-      - name: Build Python runtime wheel
-        shell: bash
-        run: |
-          set -euo pipefail
-
-          case "${{ matrix.target }}" in
-            aarch64-pc-windows-msvc)
-              platform_tag="win_arm64"
-              ;;
-            x86_64-pc-windows-msvc)
-              platform_tag="win_amd64"
-              ;;
-            *)
-              echo "No Python runtime wheel platform tag for ${{ matrix.target }}"
-              exit 1
-              ;;
-          esac
-
-          python -m venv "${RUNNER_TEMP}/python-runtime-build-venv"
-          "${RUNNER_TEMP}/python-runtime-build-venv/Scripts/python.exe" -m pip install build
-
-          stage_dir="${RUNNER_TEMP}/openai-codex-cli-bin-${{ matrix.target }}"
-          wheel_dir="${GITHUB_WORKSPACE}/python-runtime-dist/${{ matrix.target }}"
-          # Keep the helpers next to codex.exe in the runtime wheel so Windows
-          # sandbox/elevation lookup matches the standalone release zip.
-          python "${GITHUB_WORKSPACE}/sdk/python/scripts/update_sdk_artifacts.py" \
-            stage-runtime \
-            "$stage_dir" \
-            "${GITHUB_WORKSPACE}/codex-rs/target/${{ matrix.target }}/release/codex.exe" \
-            --codex-version "${GITHUB_REF_NAME}" \
-            --platform-tag "$platform_tag" \
-            --resource-binary "${GITHUB_WORKSPACE}/codex-rs/target/${{ matrix.target }}/release/codex-command-runner.exe" \
-            --resource-binary "${GITHUB_WORKSPACE}/codex-rs/target/${{ matrix.target }}/release/codex-windows-sandbox-setup.exe"
-          "${RUNNER_TEMP}/python-runtime-build-venv/Scripts/python.exe" -m build --wheel --outdir "$wheel_dir" "$stage_dir"
-
-      - name: Upload Python runtime wheel
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
-        with:
-          name: python-runtime-wheel-${{ matrix.target }}
-          path: python-runtime-dist/${{ matrix.target }}/*.whl
-          if-no-files-found: error
-
       - name: Install DotSlash
         uses: facebook/install-dotslash@1e4e7b3e07eaca387acb98f1d4720e0bee8dbb6a # v2
 

.github/workflows/rust-release.yml

@@ -4,46 +4,12 @@
 # git tag -a rust-v0.1.0 -m "Release 0.1.0"
 # git push origin rust-v0.1.0
 # ```
-#
-# To use external macOS signing, manually dispatch `release_mode=build_unsigned`,
-# sign the unsigned macOS artifacts in a secure enclave, upload the signed handoff
-# archive as a GitHub Release asset, then manually dispatch
-# `release_mode=promote_signed` with `unsigned_run_id` and `signed_macos_asset`.
-# The signed handoff archive should contain target or artifact directories such
-# as `aarch64-apple-darwin/` with signed binaries.
 
 name: rust-release
 on:
   push:
     tags:
       - "rust-v*.*.*"
-  workflow_dispatch:
-    inputs:
-      release_mode:
-        description: "build_unsigned creates unsigned macOS handoff artifacts; promote_signed finishes a release from signed macOS handoff artifacts."
-        required: false
-        type: choice
-        default: build_unsigned
-        options:
-          - build_unsigned
-          - promote_signed
-      sign_macos:
-        description: "Deprecated compatibility input; use release_mode instead."
-        required: false
-        type: boolean
-        default: false
-      unsigned_run_id:
-        description: "For promote_signed: workflow run id from the build_unsigned run."
-        required: false
-        type: string
-      signed_macos_asset:
-        description: "For promote_signed: exact GitHub Release asset name containing signed macOS handoff artifacts."
-        required: false
-        type: string
-      signed_macos_sha256:
-        description: "For promote_signed: optional SHA-256 of signed_macos_asset."
-        required: false
-        type: string
 
 concurrency:
   group: ${{ github.workflow }}
@@ -59,60 +25,10 @@ jobs:
       - uses: dtolnay/rust-toolchain@a0b273b48ed29de4470960879e8381ff45632f26 # 1.93.0
       - name: Validate tag matches Cargo.toml version
         shell: bash
-        env:
-          RELEASE_MODE: ${{ github.event_name == 'workflow_dispatch' && inputs.release_mode || 'signed' }}
-          REQUESTED_SIGN_MACOS: ${{ inputs.sign_macos }}
-          SIGNED_MACOS_ASSET: ${{ inputs.signed_macos_asset }}
-          UNSIGNED_RUN_ID: ${{ inputs.unsigned_run_id }}
         run: |
           set -euo pipefail
           echo "::group::Tag validation"
 
-          case "${RELEASE_MODE}" in
-            signed)
-              if [[ "${GITHUB_EVENT_NAME}" == "workflow_dispatch" ]]; then
-                echo "❌  Manual rust-release runs must use release_mode=build_unsigned or release_mode=promote_signed"
-                exit 1
-              fi
-              ;;
-            build_unsigned)
-              if [[ "${GITHUB_EVENT_NAME}" != "workflow_dispatch" ]]; then
-                echo "❌  release_mode=build_unsigned is only valid for manual runs"
-                exit 1
-              fi
-              ;;
-            promote_signed)
-              if [[ "${GITHUB_EVENT_NAME}" != "workflow_dispatch" ]]; then
-                echo "❌  release_mode=promote_signed is only valid for manual runs"
-                exit 1
-              fi
-              if [[ ! "${UNSIGNED_RUN_ID}" =~ ^[0-9]+$ ]]; then
-                echo "❌  release_mode=promote_signed requires unsigned_run_id to be a workflow run id"
-                exit 1
-              fi
-              if [[ -z "${SIGNED_MACOS_ASSET}" ]]; then
-                echo "❌  release_mode=promote_signed requires signed_macos_asset"
-                exit 1
-              fi
-              if [[ "${SIGNED_MACOS_ASSET}" == */* || "${SIGNED_MACOS_ASSET}" == *"*"* || "${SIGNED_MACOS_ASSET}" == *"?"* || "${SIGNED_MACOS_ASSET}" == *"["* ]]; then
-                echo "❌  signed_macos_asset must be an exact release asset name, not a path or glob"
-                exit 1
-              fi
-              if [[ "${UNSIGNED_RUN_ID}" == "${GITHUB_RUN_ID}" ]]; then
-                echo "❌  unsigned_run_id must refer to the earlier build_unsigned run, not this run"
-                exit 1
-              fi
-              ;;
-            *)
-              echo "❌  Unknown release_mode '${RELEASE_MODE}'"
-              exit 1
-              ;;
-          esac
-
-          if [[ "${GITHUB_EVENT_NAME}" == "workflow_dispatch" && "${REQUESTED_SIGN_MACOS}" == "true" ]]; then
-            echo "::warning title=Deprecated sign_macos input ignored::Use release_mode=build_unsigned or release_mode=promote_signed instead."
-          fi
-
           # 1. Must be a tag and match the regex
           [[ "${GITHUB_REF_TYPE}" == "tag" ]] \
             || { echo "❌  Not a tag push"; exit 1; }
@@ -132,7 +48,6 @@ jobs:
           echo "::endgroup::"
 
   build:
-    if: ${{ github.event_name != 'workflow_dispatch' || inputs.release_mode != 'promote_signed' }}
     needs: tag-check
     name: Build - ${{ matrix.runner }} - ${{ matrix.target }} - ${{ matrix.bundle }}
     runs-on: ${{ matrix.runs_on || matrix.runner }}
@@ -149,7 +64,6 @@ jobs:
       # 2026-03-04: temporarily change releases to use thin LTO because
       # Ubuntu ARM is timing out at 60 minutes.
       CARGO_PROFILE_RELEASE_LTO: ${{ contains(github.ref_name, '-alpha') && 'thin' || 'thin' }}
-      SIGN_MACOS: ${{ github.event_name != 'workflow_dispatch' }}
 
     strategy:
       fail-fast: false
@@ -381,39 +295,6 @@ jobs:
           path: codex-rs/target/**/cargo-timings/cargo-timing.html
           if-no-files-found: warn
 
-      - if: ${{ runner.os == 'macOS' && env.SIGN_MACOS != 'true' }}
-        name: Stage unsigned macOS artifacts
-        shell: bash
-        run: |
-          set -euo pipefail
-
-          target="${{ matrix.target }}"
-          release_dir="target/${target}/release"
-          dest="unsigned-dist/${target}"
-          mkdir -p "$dest"
-
-          for binary in ${{ matrix.binaries }}; do
-            binary_path="${release_dir}/${binary}"
-            unsigned_name="${binary}-${target}-unsigned"
-            unsigned_path="${dest}/${unsigned_name}"
-            if [[ ! -f "${binary_path}" ]]; then
-              echo "Binary ${binary_path} not found"
-              exit 1
-            fi
-
-            cp "${binary_path}" "${unsigned_path}"
-            tar -C "$dest" -czf "${unsigned_path}.tar.gz" "${unsigned_name}"
-            zstd -T0 -19 --rm "${unsigned_path}"
-          done
-
-      - if: ${{ runner.os == 'macOS' && env.SIGN_MACOS != 'true' }}
-        name: Upload unsigned macOS artifacts
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
-        with:
-          name: ${{ matrix.artifact_name }}-unsigned
-          path: codex-rs/unsigned-dist/${{ matrix.target }}/*
-          if-no-files-found: error
-
       - if: ${{ contains(matrix.target, 'linux') }}
         name: Cosign Linux artifacts
         uses: ./.github/actions/linux-code-sign
@@ -422,7 +303,7 @@ jobs:
           artifacts-dir: ${{ github.workspace }}/codex-rs/target/${{ matrix.target }}/release
           binaries: ${{ matrix.binaries }}
 
-      - if: ${{ runner.os == 'macOS' && env.SIGN_MACOS == 'true' }}
+      - if: ${{ runner.os == 'macOS' }}
         name: MacOS code signing (binaries)
         uses: ./.github/actions/macos-code-sign
         with:
@@ -436,7 +317,7 @@ jobs:
           apple-notarization-key-id: ${{ secrets.APPLE_NOTARIZATION_KEY_ID }}
           apple-notarization-issuer-id: ${{ secrets.APPLE_NOTARIZATION_ISSUER_ID }}
 
-      - if: ${{ runner.os == 'macOS' && matrix.build_dmg == 'true' && env.SIGN_MACOS == 'true' }}
+      - if: ${{ runner.os == 'macOS' && matrix.build_dmg == 'true' }}
         name: Build macOS dmg
         shell: bash
         run: |
@@ -476,7 +357,7 @@ jobs:
             exit 1
           fi
 
-      - if: ${{ runner.os == 'macOS' && matrix.build_dmg == 'true' && env.SIGN_MACOS == 'true' }}
+      - if: ${{ runner.os == 'macOS' && matrix.build_dmg == 'true' }}
         name: MacOS code signing (dmg)
         uses: ./.github/actions/macos-code-sign
         with:
@@ -490,7 +371,6 @@ jobs:
           apple-notarization-issuer-id: ${{ secrets.APPLE_NOTARIZATION_ISSUER_ID }}
 
       - name: Stage artifacts
-        if: ${{ runner.os != 'macOS' || env.SIGN_MACOS == 'true' }}
         shell: bash
         run: |
           dest="dist/${{ matrix.target }}"
@@ -519,67 +399,7 @@ jobs:
             cp target/${{ matrix.target }}/release/codex-${{ matrix.target }}.dmg "$dest/codex-${{ matrix.target }}.dmg"
           fi
 
-      - name: Build Python runtime wheel
-        if: ${{ matrix.bundle == 'primary' && (runner.os != 'macOS' || env.SIGN_MACOS == 'true') }}
-        shell: bash
-        run: |
-          set -euo pipefail
-
-          case "${{ matrix.target }}" in
-            aarch64-apple-darwin)
-              platform_tag="macosx_11_0_arm64"
-              ;;
-            x86_64-apple-darwin)
-              platform_tag="macosx_10_9_x86_64"
-              ;;
-            aarch64-unknown-linux-musl)
-              platform_tag="manylinux_2_17_aarch64"
-              ;;
-            x86_64-unknown-linux-musl)
-              platform_tag="manylinux_2_17_x86_64"
-              ;;
-            *)
-              echo "No Python runtime wheel platform tag for ${{ matrix.target }}"
-              exit 1
-              ;;
-          esac
-
-          python3 -m venv "${RUNNER_TEMP}/python-runtime-build-venv"
-          # Do not install into the runner's system Python; macOS runners mark
-          # the Homebrew Python as externally managed under PEP 668.
-          "${RUNNER_TEMP}/python-runtime-build-venv/bin/python" -m pip install build
-
-          stage_dir="${RUNNER_TEMP}/openai-codex-cli-bin-${{ matrix.target }}"
-          wheel_dir="${GITHUB_WORKSPACE}/python-runtime-dist/${{ matrix.target }}"
-          stage_runtime_args=(
-            "${GITHUB_WORKSPACE}/sdk/python/scripts/update_sdk_artifacts.py"
-            stage-runtime
-            "$stage_dir"
-            "${GITHUB_WORKSPACE}/codex-rs/target/${{ matrix.target }}/release/codex"
-            --codex-version "${GITHUB_REF_NAME}"
-            --platform-tag "$platform_tag"
-          )
-          if [[ "${{ matrix.target }}" == *linux* ]]; then
-            # Keep bwrap in the runtime wheel so Linux sandbox fallback behavior
-            # matches the standalone release bundle on hosts without system bwrap.
-            stage_runtime_args+=(
-              --resource-binary
-              "${GITHUB_WORKSPACE}/codex-rs/target/${{ matrix.target }}/release/bwrap"
-            )
-          fi
-          python3 "${stage_runtime_args[@]}"
-          "${RUNNER_TEMP}/python-runtime-build-venv/bin/python" -m build --wheel --outdir "$wheel_dir" "$stage_dir"
-
-      - name: Upload Python runtime wheel
-        if: ${{ matrix.bundle == 'primary' && (runner.os != 'macOS' || env.SIGN_MACOS == 'true') }}
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
-        with:
-          name: python-runtime-wheel-${{ matrix.target }}
-          path: python-runtime-dist/${{ matrix.target }}/*.whl
-          if-no-files-found: error
-
       - name: Compress artifacts
-        if: ${{ runner.os != 'macOS' || env.SIGN_MACOS == 'true' }}
         shell: bash
         run: |
           # Path that contains the uncompressed binaries for the current
@@ -616,7 +436,6 @@ jobs:
           done
 
       - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
-        if: ${{ runner.os != 'macOS' || env.SIGN_MACOS == 'true' }}
         with:
           name: ${{ matrix.artifact_name }}
           # Upload the per-binary .zst files, .tar.gz equivalents, and any
@@ -624,233 +443,7 @@ jobs:
           path: |
             codex-rs/dist/${{ matrix.target }}/*
 
-  stage-signed-macos:
-    if: ${{ github.event_name == 'workflow_dispatch' && inputs.release_mode == 'promote_signed' }}
-    needs: tag-check
-    name: Stage signed macOS handoff - ${{ matrix.target }} - ${{ matrix.bundle }}
-    runs-on: macos-15-xlarge
-    timeout-minutes: 30
-    permissions:
-      contents: read
-    defaults:
-      run:
-        working-directory: codex-rs
-
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - target: aarch64-apple-darwin
-            bundle: primary
-            artifact_name: aarch64-apple-darwin
-            binaries: "codex codex-responses-api-proxy"
-            build_dmg: "false"
-          - target: aarch64-apple-darwin
-            bundle: app-server
-            artifact_name: aarch64-apple-darwin-app-server
-            binaries: "codex-app-server"
-            build_dmg: "false"
-          - target: x86_64-apple-darwin
-            bundle: primary
-            artifact_name: x86_64-apple-darwin
-            binaries: "codex codex-responses-api-proxy"
-            build_dmg: "false"
-          - target: x86_64-apple-darwin
-            bundle: app-server
-            artifact_name: x86_64-apple-darwin-app-server
-            binaries: "codex-app-server"
-            build_dmg: "false"
-
-    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          persist-credentials: false
-
-      - name: Download signed macOS handoff
-        shell: bash
-        env:
-          GH_TOKEN: ${{ github.token }}
-          SIGNED_MACOS_ASSET: ${{ inputs.signed_macos_asset }}
-          SIGNED_MACOS_SHA256: ${{ inputs.signed_macos_sha256 }}
-        run: |
-          set -euo pipefail
-
-          download_dir="${RUNNER_TEMP}/signed-macos-download"
-          handoff_dir="${RUNNER_TEMP}/signed-macos-handoff"
-          rm -rf "$download_dir" "$handoff_dir"
-          mkdir -p "$download_dir" "$handoff_dir"
-
-          gh release download "$GITHUB_REF_NAME" \
-            --repo "$GITHUB_REPOSITORY" \
-            --pattern "$SIGNED_MACOS_ASSET" \
-            --dir "$download_dir"
-
-          asset_count="$(find "$download_dir" -maxdepth 1 -type f | wc -l | tr -d '[:space:]')"
-          if [[ "$asset_count" != "1" ]]; then
-            echo "Expected exactly one signed macOS handoff asset named ${SIGNED_MACOS_ASSET}; found ${asset_count}"
-            find "$download_dir" -maxdepth 1 -type f -print
-            exit 1
-          fi
-
-          asset_path="$(find "$download_dir" -maxdepth 1 -type f -print -quit)"
-          if [[ -n "${SIGNED_MACOS_SHA256}" ]]; then
-            expected_sha="$(printf '%s' "$SIGNED_MACOS_SHA256" | tr '[:upper:]' '[:lower:]')"
-            actual_sha="$(shasum -a 256 "$asset_path" | awk '{print $1}')"
-            if [[ "$actual_sha" != "$expected_sha" ]]; then
-              echo "signed_macos_sha256 mismatch for ${SIGNED_MACOS_ASSET}"
-              echo "expected: ${expected_sha}"
-              echo "actual:   ${actual_sha}"
-              exit 1
-            fi
-          fi
-
-          asset_name="$(basename "$asset_path")"
-          case "$asset_name" in
-            *.tar.zst)
-              zstd -dc "$asset_path" | tar -C "$handoff_dir" -xf -
-              ;;
-            *.tar.gz|*.tgz)
-              tar -C "$handoff_dir" -xzf "$asset_path"
-              ;;
-            *.zip)
-              ditto -x -k "$asset_path" "$handoff_dir"
-              ;;
-            *)
-              echo "Unsupported signed macOS handoff archive format: ${asset_name}"
-              exit 1
-              ;;
-          esac
-
-          echo "SIGNED_MACOS_HANDOFF_DIR=$handoff_dir" >> "$GITHUB_ENV"
-
-      - name: Stage signed macOS artifacts
-        shell: bash
-        run: |
-          set -euo pipefail
-
-          target="${{ matrix.target }}"
-          artifact_name="${{ matrix.artifact_name }}"
-          source_dir="${SIGNED_MACOS_HANDOFF_DIR}/${artifact_name}"
-          if [[ ! -d "$source_dir" && -d "${SIGNED_MACOS_HANDOFF_DIR}/dist/${artifact_name}" ]]; then
-            source_dir="${SIGNED_MACOS_HANDOFF_DIR}/dist/${artifact_name}"
-          fi
-          if [[ ! -d "$source_dir" && -d "${SIGNED_MACOS_HANDOFF_DIR}/${target}" ]]; then
-            source_dir="${SIGNED_MACOS_HANDOFF_DIR}/${target}"
-          fi
-          if [[ ! -d "$source_dir" && -d "${SIGNED_MACOS_HANDOFF_DIR}/dist/${target}" ]]; then
-            source_dir="${SIGNED_MACOS_HANDOFF_DIR}/dist/${target}"
-          fi
-          if [[ ! -d "$source_dir" ]]; then
-            echo "Signed macOS handoff is missing ${artifact_name}/"
-            echo "Expected either:"
-            echo "  ${SIGNED_MACOS_HANDOFF_DIR}/${artifact_name}"
-            echo "  ${SIGNED_MACOS_HANDOFF_DIR}/dist/${artifact_name}"
-            echo "  ${SIGNED_MACOS_HANDOFF_DIR}/${target}"
-            echo "  ${SIGNED_MACOS_HANDOFF_DIR}/dist/${target}"
-            find "$SIGNED_MACOS_HANDOFF_DIR" -maxdepth 3 -type f -print
-            exit 1
-          fi
-
-          dest="dist/${target}"
-          mkdir -p "$dest"
-
-          for binary in ${{ matrix.binaries }}; do
-            source_path="${source_dir}/${binary}"
-            if [[ ! -f "$source_path" ]]; then
-              source_path="${source_dir}/${binary}-${target}"
-            fi
-            if [[ ! -f "$source_path" ]]; then
-              echo "Signed macOS handoff is missing ${binary} for ${artifact_name}"
-              exit 1
-            fi
-
-            release_path="${dest}/${binary}-${target}"
-            ditto "$source_path" "$release_path"
-            chmod 0755 "$release_path"
-            codesign --verify --strict --verbose=2 "$release_path"
-          done
-
-          # DMG staging is disabled for signed promotion because we no longer
-          # distribute DMGs from this release path. Keep the branch here so the
-          # handoff can opt back in by flipping matrix.build_dmg if needed.
-          if [[ "${{ matrix.build_dmg }}" == "true" ]]; then
-            dmg_name="codex-${target}.dmg"
-            dmg_source="${source_dir}/${dmg_name}"
-            if [[ ! -f "$dmg_source" ]]; then
-              echo "Signed macOS handoff is missing ${dmg_name} for ${artifact_name}"
-              exit 1
-            fi
-
-            codesign --verify --strict --verbose=2 "$dmg_source"
-            xcrun stapler validate "$dmg_source"
-            cp "$dmg_source" "$dest/$dmg_name"
-          fi
-
-      - name: Build Python runtime wheel
-        if: ${{ matrix.bundle == 'primary' }}
-        shell: bash
-        run: |
-          set -euo pipefail
-
-          case "${{ matrix.target }}" in
-            aarch64-apple-darwin)
-              platform_tag="macosx_11_0_arm64"
-              ;;
-            x86_64-apple-darwin)
-              platform_tag="macosx_10_9_x86_64"
-              ;;
-            *)
-              echo "No Python runtime wheel platform tag for ${{ matrix.target }}"
-              exit 1
-              ;;
-          esac
-
-          python3 -m venv "${RUNNER_TEMP}/python-runtime-build-venv"
-          "${RUNNER_TEMP}/python-runtime-build-venv/bin/python" -m pip install build
-
-          stage_dir="${RUNNER_TEMP}/openai-codex-cli-bin-${{ matrix.target }}"
-          wheel_dir="${GITHUB_WORKSPACE}/python-runtime-dist/${{ matrix.target }}"
-          python3 \
-            "${GITHUB_WORKSPACE}/sdk/python/scripts/update_sdk_artifacts.py" \
-            stage-runtime \
-            "$stage_dir" \
-            "${GITHUB_WORKSPACE}/codex-rs/dist/${{ matrix.target }}/codex-${{ matrix.target }}" \
-            --codex-version "${GITHUB_REF_NAME}" \
-            --platform-tag "$platform_tag"
-          "${RUNNER_TEMP}/python-runtime-build-venv/bin/python" -m build --wheel --outdir "$wheel_dir" "$stage_dir"
-
-      - name: Upload Python runtime wheel
-        if: ${{ matrix.bundle == 'primary' }}
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
-        with:
-          name: python-runtime-wheel-${{ matrix.target }}
-          path: python-runtime-dist/${{ matrix.target }}/*.whl
-          if-no-files-found: error
-
-      - name: Compress artifacts
-        shell: bash
-        run: |
-          set -euo pipefail
-
-          dest="dist/${{ matrix.target }}"
-          for f in "$dest"/*; do
-            base="$(basename "$f")"
-            if [[ "$base" == *.tar.gz || "$base" == *.tar.zst || "$base" == *.zip || "$base" == *.dmg ]]; then
-              continue
-            fi
-
-            tar -C "$dest" -czf "$dest/${base}.tar.gz" "$base"
-            zstd -T0 -19 --rm "$dest/$base"
-          done
-
-      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
-        with:
-          name: ${{ matrix.artifact_name }}
-          path: |
-            codex-rs/dist/${{ matrix.target }}/*
-
   build-windows:
-    if: ${{ github.event_name != 'workflow_dispatch' || inputs.release_mode != 'promote_signed' }}
     needs: tag-check
     uses: ./.github/workflows/rust-release-windows.yml
     with:
@@ -858,7 +451,6 @@ jobs:
     secrets: inherit
 
   argument-comment-lint-release-assets:
-    if: ${{ github.event_name != 'workflow_dispatch' || inputs.release_mode != 'promote_signed' }}
     name: argument-comment-lint release assets
     needs: tag-check
     uses: ./.github/workflows/rust-release-argument-comment-lint.yml
@@ -866,60 +458,26 @@ jobs:
       publish: true
 
   zsh-release-assets:
-    if: ${{ github.event_name != 'workflow_dispatch' || inputs.release_mode != 'promote_signed' }}
     name: zsh release assets
     needs: tag-check
     uses: ./.github/workflows/rust-release-zsh.yml
 
   release:
     needs:
-      - tag-check
       - build
-      - stage-signed-macos
       - build-windows
       - argument-comment-lint-release-assets
       - zsh-release-assets
-    if: >-
-      ${{
-        always() &&
-        needs.tag-check.result == 'success' &&
-        (
-          (
-            github.event_name == 'workflow_dispatch' &&
-            inputs.release_mode == 'promote_signed' &&
-            needs.stage-signed-macos.result == 'success' &&
-            needs.build.result == 'skipped' &&
-            needs.build-windows.result == 'skipped' &&
-            needs.argument-comment-lint-release-assets.result == 'skipped' &&
-            needs.zsh-release-assets.result == 'skipped'
-          ) ||
-          (
-            (github.event_name != 'workflow_dispatch' || inputs.release_mode != 'promote_signed') &&
-            needs.build.result == 'success' &&
-            needs.stage-signed-macos.result == 'skipped' &&
-            needs.build-windows.result == 'success' &&
-            needs.argument-comment-lint-release-assets.result == 'success' &&
-            needs.zsh-release-assets.result == 'success'
-          )
-        )
-      }}
     name: release
     runs-on: ubuntu-latest
     permissions:
       contents: write
       actions: read
-    env:
-      RELEASE_MODE: ${{ github.event_name == 'workflow_dispatch' && inputs.release_mode || 'signed' }}
-      SIGN_MACOS: ${{ github.event_name != 'workflow_dispatch' || inputs.release_mode == 'promote_signed' }}
-      SIGNED_MACOS_ASSET: ${{ inputs.signed_macos_asset }}
-      UNSIGNED_RUN_ID: ${{ inputs.unsigned_run_id }}
     outputs:
       version: ${{ steps.release_name.outputs.name }}
       tag: ${{ github.ref_name }}
-      sign_macos: ${{ steps.release_mode.outputs.sign_macos }}
       should_publish_npm: ${{ steps.npm_publish_settings.outputs.should_publish }}
       npm_tag: ${{ steps.npm_publish_settings.outputs.npm_tag }}
-      should_publish_python_runtime: ${{ steps.python_runtime_publish_settings.outputs.should_publish }}
 
     steps:
       - name: Checkout repository
@@ -927,12 +485,6 @@ jobs:
         with:
           persist-credentials: false
 
-      - name: Define release mode
-        id: release_mode
-        run: |
-          echo "release_mode=${RELEASE_MODE}" >> "$GITHUB_OUTPUT"
-          echo "sign_macos=${SIGN_MACOS}" >> "$GITHUB_OUTPUT"
-
       - name: Generate release notes from tag commit message
         id: release_notes
         shell: bash
@@ -957,121 +509,9 @@ jobs:
         with:
           path: dist
 
-      - name: Validate unsigned build run
-        if: ${{ env.RELEASE_MODE == 'promote_signed' }}
-        env:
-          GH_TOKEN: ${{ github.token }}
-        run: |
-          set -euo pipefail
-
-          run_summary="$(gh run view "$UNSIGNED_RUN_ID" \
-            --repo "$GITHUB_REPOSITORY" \
-            --json conclusion,event,headBranch,headSha,status,workflowName,url \
-            --jq '[.workflowName, .event, .headBranch, .headSha, .status, .conclusion, .url] | @tsv')"
-          IFS=$'\t' read -r workflow_name event head_branch head_sha status conclusion run_url <<< "$run_summary"
-          expected_head_sha="$(git rev-parse "${GITHUB_SHA}^{commit}")"
-
-          if [[ "$workflow_name" != "$GITHUB_WORKFLOW" ]]; then
-            echo "unsigned_run_id ${UNSIGNED_RUN_ID} is for workflow '${workflow_name}', expected '${GITHUB_WORKFLOW}'"
-            echo "Run URL: ${run_url}"
-            exit 1
-          fi
-
-          if [[ "$event" != "workflow_dispatch" ]]; then
-            echo "unsigned_run_id ${UNSIGNED_RUN_ID} was triggered by '${event}', expected 'workflow_dispatch'"
-            echo "Run URL: ${run_url}"
-            exit 1
-          fi
-
-          if [[ "$head_branch" != "$GITHUB_REF_NAME" ]]; then
-            echo "unsigned_run_id ${UNSIGNED_RUN_ID} used ref '${head_branch}', expected '${GITHUB_REF_NAME}'"
-            echo "Run URL: ${run_url}"
-            exit 1
-          fi
-
-          if [[ "$head_sha" != "$expected_head_sha" ]]; then
-            echo "unsigned_run_id ${UNSIGNED_RUN_ID} used head SHA '${head_sha}', expected '${expected_head_sha}'"
-            echo "Run URL: ${run_url}"
-            exit 1
-          fi
-
-          if [[ "$status" != "completed" || "$conclusion" != "success" ]]; then
-            echo "unsigned_run_id ${UNSIGNED_RUN_ID} is ${status}/${conclusion}, expected completed/success"
-            echo "Run URL: ${run_url}"
-            exit 1
-          fi
-
-      - name: Download artifacts from unsigned build run
-        if: ${{ env.RELEASE_MODE == 'promote_signed' }}
-        env:
-          GH_TOKEN: ${{ github.token }}
-        run: |
-          set -euo pipefail
-          gh run download "$UNSIGNED_RUN_ID" \
-            --repo "$GITHUB_REPOSITORY" \
-            --dir dist
-
-      - name: Remove unsigned macOS staging artifacts
-        if: ${{ env.RELEASE_MODE == 'promote_signed' }}
-        run: |
-          set -euo pipefail
-          find dist -mindepth 1 -maxdepth 1 -type d \
-            -name '*-apple-darwin*-unsigned' \
-            -exec rm -rf {} +
-
-      - name: Re-upload promoted Linux x64 artifacts
-        if: ${{ env.RELEASE_MODE == 'promote_signed' }}
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
-        with:
-          name: x86_64-unknown-linux-musl
-          path: dist/x86_64-unknown-linux-musl/*
-          if-no-files-found: error
-
-      - name: Re-upload promoted Linux arm64 artifacts
-        if: ${{ env.RELEASE_MODE == 'promote_signed' }}
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
-        with:
-          name: aarch64-unknown-linux-musl
-          path: dist/aarch64-unknown-linux-musl/*
-          if-no-files-found: error
-
-      - name: Re-upload promoted Windows x64 artifacts
-        if: ${{ env.RELEASE_MODE == 'promote_signed' }}
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
-        with:
-          name: x86_64-pc-windows-msvc
-          path: dist/x86_64-pc-windows-msvc/*
-          if-no-files-found: error
-
-      - name: Re-upload promoted Windows arm64 artifacts
-        if: ${{ env.RELEASE_MODE == 'promote_signed' }}
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
-        with:
-          name: aarch64-pc-windows-msvc
-          path: dist/aarch64-pc-windows-msvc/*
-          if-no-files-found: error
-
       - name: List
         run: ls -R dist/
 
-      - name: Prune artifacts excluded from unsigned macOS release
-        if: ${{ env.SIGN_MACOS == 'false' }}
-        run: |
-          find dist -mindepth 1 -maxdepth 1 -type d \
-            ! -name '*-apple-darwin*-unsigned' \
-            ! -name 'aarch64-unknown-linux-musl' \
-            ! -name 'aarch64-unknown-linux-musl-app-server' \
-            ! -name 'x86_64-unknown-linux-musl' \
-            ! -name 'x86_64-unknown-linux-musl-app-server' \
-            ! -name 'aarch64-pc-windows-msvc' \
-            ! -name 'x86_64-pc-windows-msvc' \
-            -exec rm -rf {} +
-
-          if ! find dist -type f -name '*-apple-darwin*-unsigned*' | grep -q .; then
-            echo "No unsigned macOS artifacts found in downloaded workflow artifacts."
-            exit 1
-          fi
-
       - name: Delete entries from dist/ that should not go in the release
         run: |
           rm -rf dist/windows-binaries*
@@ -1103,12 +543,6 @@ jobs:
           set -euo pipefail
           version="${VERSION}"
 
-          if [[ "${SIGN_MACOS}" != "true" ]]; then
-            echo "should_publish=false" >> "$GITHUB_OUTPUT"
-            echo "npm_tag=" >> "$GITHUB_OUTPUT"
-            exit 0
-          fi
-
           if [[ "${version}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
             echo "should_publish=true" >> "$GITHUB_OUTPUT"
             echo "npm_tag=" >> "$GITHUB_OUTPUT"
@@ -1120,61 +554,33 @@ jobs:
             echo "npm_tag=" >> "$GITHUB_OUTPUT"
           fi
 
-      - name: Determine Python runtime publish settings
-        id: python_runtime_publish_settings
-        env:
-          VERSION: ${{ steps.release_name.outputs.name }}
-        run: |
-          set -euo pipefail
-          version="${VERSION}"
-
-          if [[ "${SIGN_MACOS}" != "true" ]]; then
-            echo "should_publish=false" >> "$GITHUB_OUTPUT"
-            exit 0
-          fi
-
-          if [[ "${version}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
-            echo "should_publish=true" >> "$GITHUB_OUTPUT"
-          elif [[ "${version}" =~ ^[0-9]+\.[0-9]+\.[0-9]+-alpha\.[0-9]+$ ]]; then
-            echo "should_publish=true" >> "$GITHUB_OUTPUT"
-          else
-            echo "should_publish=false" >> "$GITHUB_OUTPUT"
-          fi
-
       - name: Setup pnpm
-        if: ${{ env.SIGN_MACOS == 'true' }}
         uses: pnpm/action-setup@a8198c4bff370c8506180b035930dea56dbd5288 # v5
         with:
           run_install: false
 
       - name: Setup Node.js for npm packaging
-        if: ${{ env.SIGN_MACOS == 'true' }}
         uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           node-version: 22
 
       - name: Install dependencies
-        if: ${{ env.SIGN_MACOS == 'true' }}
         run: pnpm install --frozen-lockfile
 
       # stage_npm_packages.py requires DotSlash when staging releases.
       - uses: facebook/install-dotslash@1e4e7b3e07eaca387acb98f1d4720e0bee8dbb6a # v2
       - name: Stage npm packages
-        if: ${{ env.SIGN_MACOS == 'true' }}
         env:
           GH_TOKEN: ${{ github.token }}
           RELEASE_VERSION: ${{ steps.release_name.outputs.name }}
         run: |
-          workflow_url="${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}"
           ./scripts/stage_npm_packages.py \
             --release-version "$RELEASE_VERSION" \
-            --workflow-url "$workflow_url" \
             --package codex \
             --package codex-responses-api-proxy \
             --package codex-sdk
 
       - name: Stage installer scripts
-        if: ${{ env.SIGN_MACOS == 'true' }}
         run: |
           cp scripts/install/install.sh dist/install.sh
           cp scripts/install/install.ps1 dist/install.ps1
@@ -1186,56 +592,25 @@ jobs:
           tag_name: ${{ github.ref_name }}
           body_path: ${{ steps.release_notes.outputs.path }}
           files: dist/**
-          overwrite_files: true
-          make_latest: ${{ env.SIGN_MACOS == 'true' && !contains(steps.release_name.outputs.name, '-') }}
           # Mark as prerelease only when the version has a suffix after x.y.z
           # (e.g. -alpha, -beta). Otherwise publish a normal release.
           prerelease: ${{ contains(steps.release_name.outputs.name, '-') }}
 
-      - name: Clean up signed promotion handoff assets
-        if: ${{ env.RELEASE_MODE == 'promote_signed' }}
-        env:
-          GH_TOKEN: ${{ github.token }}
-        run: |
-          set -euo pipefail
-
-          release_id="$(gh api "repos/${GITHUB_REPOSITORY}/releases/tags/${GITHUB_REF_NAME}" --jq '.id')"
-          gh api --paginate "repos/${GITHUB_REPOSITORY}/releases/${release_id}/assets" \
-            --jq '.[] | [.id, .name] | @tsv' |
-            while IFS=$'\t' read -r asset_id asset_name; do
-              if [[ -z "$asset_id" || -z "$asset_name" ]]; then
-                continue
-              fi
-
-              delete_asset=false
-              if [[ "$asset_name" == *unsigned* || "$asset_name" == "$SIGNED_MACOS_ASSET" ]]; then
-                delete_asset=true
-              fi
-
-              if [[ "$delete_asset" == "true" ]]; then
-                echo "Deleting release asset ${asset_name}"
-                gh api -X DELETE "repos/${GITHUB_REPOSITORY}/releases/assets/${asset_id}"
-              fi
-            done
-
-      - if: ${{ env.SIGN_MACOS == 'true' }}
-        uses: facebook/dotslash-publish-release@9c9ec027515c34db9282a09a25a9cab5880b2c52 # v2
+      - uses: facebook/dotslash-publish-release@9c9ec027515c34db9282a09a25a9cab5880b2c52 # v2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           tag: ${{ github.ref_name }}
           config: .github/dotslash-config.json
 
-      - if: ${{ env.SIGN_MACOS == 'true' }}
-        uses: facebook/dotslash-publish-release@9c9ec027515c34db9282a09a25a9cab5880b2c52 # v2
+      - uses: facebook/dotslash-publish-release@9c9ec027515c34db9282a09a25a9cab5880b2c52 # v2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           tag: ${{ github.ref_name }}
           config: .github/dotslash-zsh-config.json
 
-      - if: ${{ env.SIGN_MACOS == 'true' }}
-        uses: facebook/dotslash-publish-release@9c9ec027515c34db9282a09a25a9cab5880b2c52 # v2
+      - uses: facebook/dotslash-publish-release@9c9ec027515c34db9282a09a25a9cab5880b2c52 # v2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
@@ -1245,7 +620,7 @@ jobs:
       - name: Trigger developers.openai.com deploy
         # Only trigger the deploy if the release is not a pre-release.
         # The deploy is used to update the developers.openai.com website with the new config schema json file.
-        if: ${{ env.SIGN_MACOS == 'true' && !contains(steps.release_name.outputs.name, '-') }}
+        if: ${{ !contains(steps.release_name.outputs.name, '-') }}
         continue-on-error: true
         env:
           DEV_WEBSITE_VERCEL_DEPLOY_HOOK_URL: ${{ secrets.DEV_WEBSITE_VERCEL_DEPLOY_HOOK_URL }}
@@ -1260,15 +635,7 @@ jobs:
   # npm docs: https://docs.npmjs.com/trusted-publishers
   publish-npm:
     # Publish to npm for stable releases and alpha pre-releases with numeric suffixes.
-    # promote_signed intentionally skips build jobs that are ancestors of release;
-    # include the !cancelled() status function so Actions does not apply its implicit
-    # success() check to the whole dependency chain before evaluating release outputs.
-    if: >-
-      ${{
-        !cancelled() &&
-        needs.release.result == 'success' &&
-        needs.release.outputs.should_publish_npm == 'true'
-      }}
+    if: ${{ needs.release.outputs.should_publish_npm == 'true' }}
     name: publish-npm
     needs: release
     runs-on: ubuntu-latest
@@ -1420,65 +787,12 @@ jobs:
             exit "${publish_status}"
           done
 
-  # Publish the platform-specific Python runtime wheels using PyPI trusted publishing.
-  # PyPI project configuration must trust this workflow and job. Keep this
-  # non-blocking while the Python runtime publishing path is new; failures still
-  # need release follow-up, but should not invalidate the Rust release itself.
-  publish-python-runtime:
-    # Publish to PyPI for stable releases and alpha pre-releases with numeric suffixes.
-    if: >-
-      ${{
-        !cancelled() &&
-        needs.release.result == 'success' &&
-        needs.release.outputs.should_publish_python_runtime == 'true'
-      }}
-    name: publish-python-runtime
-    needs: release
-    runs-on: ubuntu-latest
-    continue-on-error: true
-    environment: pypi
-    permissions:
-      id-token: write # Required for PyPI trusted publishing.
-      contents: read
-
-    steps:
-      - name: Download Python runtime wheels from release
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          RELEASE_TAG: ${{ needs.release.outputs.tag }}
-          RELEASE_VERSION: ${{ needs.release.outputs.version }}
-        run: |
-          set -euo pipefail
-          python_version="$RELEASE_VERSION"
-          python_version="${python_version/-alpha./a}"
-          python_version="${python_version/-beta./b}"
-          python_version="${python_version/-rc./rc}"
-
-          mkdir -p dist/python-runtime
-          gh release download "$RELEASE_TAG" \
-            --repo "${GITHUB_REPOSITORY}" \
-            --pattern "openai_codex_cli_bin-${python_version}-*.whl" \
-            --dir dist/python-runtime
-          ls -lh dist/python-runtime
-
-      - name: Publish Python runtime wheels to PyPI
-        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
-        with:
-          packages-dir: dist/python-runtime
-          skip-existing: true
-
   winget:
     name: winget
     needs: release
     # Only publish stable/mainline releases to WinGet; pre-releases include a
     # '-' in the semver string (e.g., 1.2.3-alpha.1).
-    if: >-
-      ${{
-        !cancelled() &&
-        needs.release.result == 'success' &&
-        needs.release.outputs.sign_macos == 'true' &&
-        !contains(needs.release.outputs.version, '-')
-      }}
+    if: ${{ !contains(needs.release.outputs.version, '-') }}
     # This job only invokes a GitHub Action to open/update the winget-pkgs PR;
     # it does not execute Windows-only tooling, so Linux is sufficient.
     runs-on: ubuntu-latest
@@ -1498,12 +812,6 @@ jobs:
 
   update-branch:
     name: Update latest-alpha-cli branch
-    if: >-
-      ${{
-        !cancelled() &&
-        needs.release.result == 'success' &&
-        needs.release.outputs.sign_macos == 'true'
-      }}
     permissions:
       contents: write
     needs: release

.github/workflows/sdk.yml

@@ -6,41 +6,6 @@ on:
   pull_request: {}
 
 jobs:
-  python-sdk:
-    runs-on:
-      group: codex-runners
-      labels: codex-linux-x64
-    timeout-minutes: 10
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-        with:
-          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
-          persist-credentials: false
-
-      - name: Test Python SDK
-        shell: bash
-        run: |
-          set -euo pipefail
-
-          # Run inside Alpine so dependency resolution exercises the pinned
-          # runtime wheel on the same Linux wheel family that CI installs.
-          docker run --rm \
-            --user "$(id -u):$(id -g)" \
-            -e HOME=/tmp/codex-python-sdk-home \
-            -e UV_LINK_MODE=copy \
-            -v "${GITHUB_WORKSPACE}:${GITHUB_WORKSPACE}" \
-            -w "${GITHUB_WORKSPACE}/sdk/python" \
-            python:3.12-alpine \
-            sh -euxc '
-              python -m venv /tmp/uv
-              /tmp/uv/bin/python -m pip install uv==0.11.3
-              /tmp/uv/bin/uv sync --extra dev --frozen
-              /tmp/uv/bin/uv run --extra dev ruff check --output-format=github .
-              /tmp/uv/bin/uv run --extra dev ruff format --check .
-              /tmp/uv/bin/uv run --extra dev pytest
-            '
-
   sdks:
     runs-on:
       group: codex-runners

.vscode/extensions.json

@@ -1,7 +1,6 @@
 {
     "recommendations": [
         "rust-lang.rust-analyzer",
-        "charliermarsh.ruff",
         "tamasfe.even-better-toml",
         "vadimcn.vscode-lldb",
 

.vscode/settings.json

@@ -12,14 +12,6 @@
         "editor.defaultFormatter": "tamasfe.even-better-toml",
         "editor.formatOnSave": true,
     },
-    "[python]": {
-        "editor.defaultFormatter": "charliermarsh.ruff",
-        "editor.formatOnSave": true,
-        "editor.codeActionsOnSave": {
-            "source.fixAll.ruff": "explicit",
-            "source.organizeImports.ruff": "explicit",
-        },
-    },
     // Array order for options in ~/.codex/config.toml such as `notify` and the
     // `args` for an MCP server is significant, so we disable reordering.
     "evenBetterToml.formatter.reorderArrays": false,

MODULE.bazel.lock

@@ -887,6 +887,7 @@
       "enum-as-inner_0.6.1": "{\"dependencies\":[{\"name\":\"heck\",\"req\":\"^0.5\"},{\"name\":\"proc-macro2\",\"req\":\"^1.0\"},{\"name\":\"quote\",\"req\":\"^1.0\"},{\"name\":\"syn\",\"req\":\"^2.0\"}],\"features\":{}}",
       "enumflags2_0.7.12": "{\"dependencies\":[{\"name\":\"enumflags2_derive\",\"req\":\"=0.7.12\"},{\"default_features\":false,\"name\":\"serde\",\"optional\":true,\"req\":\"^1.0.0\"}],\"features\":{\"std\":[]}}",
       "enumflags2_derive_0.7.12": "{\"dependencies\":[{\"name\":\"proc-macro2\",\"req\":\"^1.0\"},{\"name\":\"quote\",\"req\":\"^1.0\"},{\"default_features\":false,\"features\":[\"parsing\",\"printing\",\"derive\",\"proc-macro\"],\"name\":\"syn\",\"req\":\"^2.0\"}],\"features\":{}}",
+      "env-flags_0.1.1": "{\"dependencies\":[],\"features\":{}}",
       "env_filter_1.0.0": "{\"dependencies\":[{\"features\":[\"std\"],\"name\":\"log\",\"req\":\"^0.4.8\"},{\"default_features\":false,\"features\":[\"std\",\"perf\"],\"name\":\"regex\",\"optional\":true,\"req\":\"^1.0.3\"},{\"kind\":\"dev\",\"name\":\"snapbox\",\"req\":\"^0.6\"}],\"features\":{\"default\":[\"regex\"],\"regex\":[\"dep:regex\"]}}",
       "env_filter_1.0.1": "{\"dependencies\":[{\"features\":[\"std\"],\"name\":\"log\",\"req\":\"^0.4.29\"},{\"default_features\":false,\"features\":[\"std\",\"perf\"],\"name\":\"regex\",\"optional\":true,\"req\":\"^1.12.3\"},{\"kind\":\"dev\",\"name\":\"snapbox\",\"req\":\"^1.0\"}],\"features\":{\"default\":[\"regex\"],\"regex\":[\"dep:regex\"]}}",
       "env_home_0.1.0": "{\"dependencies\":[],\"features\":{}}",
@@ -1482,7 +1483,6 @@
       "serde_derive_1.0.228": "{\"dependencies\":[{\"default_features\":false,\"features\":[\"proc-macro\"],\"name\":\"proc-macro2\",\"req\":\"^1.0.74\"},{\"default_features\":false,\"features\":[\"proc-macro\"],\"name\":\"quote\",\"req\":\"^1.0.35\"},{\"kind\":\"dev\",\"name\":\"serde\",\"req\":\"^1\"},{\"default_features\":false,\"features\":[\"clone-impls\",\"derive\",\"parsing\",\"printing\",\"proc-macro\"],\"name\":\"syn\",\"req\":\"^2.0.81\"}],\"features\":{\"default\":[],\"deserialize_in_place\":[]}}",
       "serde_derive_internals_0.29.1": "{\"dependencies\":[{\"default_features\":false,\"name\":\"proc-macro2\",\"req\":\"^1.0.74\"},{\"default_features\":false,\"name\":\"quote\",\"req\":\"^1.0.35\"},{\"default_features\":false,\"features\":[\"clone-impls\",\"derive\",\"parsing\",\"printing\"],\"name\":\"syn\",\"req\":\"^2.0.46\"}],\"features\":{}}",
       "serde_html_form_0.3.2": "{\"dependencies\":[{\"kind\":\"dev\",\"name\":\"assert_matches2\",\"req\":\"^0.1.0\"},{\"kind\":\"dev\",\"name\":\"divan\",\"req\":\"^0.1.11\"},{\"default_features\":false,\"features\":[\"alloc\"],\"name\":\"form_urlencoded\",\"req\":\"^1.0.1\"},{\"default_features\":false,\"name\":\"indexmap\",\"req\":\"^2.0.0\"},{\"kind\":\"dev\",\"name\":\"insta\",\"req\":\"^1.45.0\"},{\"name\":\"itoa\",\"req\":\"^1.0.1\"},{\"name\":\"ryu\",\"optional\":true,\"req\":\"^1.0.9\"},{\"features\":[\"derive\"],\"kind\":\"dev\",\"name\":\"serde\",\"req\":\"^1.0.221\"},{\"default_features\":false,\"features\":[\"alloc\"],\"name\":\"serde_core\",\"req\":\"^1.0.221\"},{\"kind\":\"dev\",\"name\":\"serde_urlencoded\",\"req\":\"^0.7.1\"}],\"features\":{\"default\":[\"ryu\",\"std\"],\"std\":[]}}",
-      "serde_ignored_0.1.14": "{\"dependencies\":[{\"default_features\":false,\"name\":\"serde\",\"req\":\"^1.0.220\",\"target\":\"cfg(any())\"},{\"kind\":\"dev\",\"name\":\"serde\",\"req\":\"^1.0.220\"},{\"default_features\":false,\"features\":[\"alloc\"],\"name\":\"serde_core\",\"req\":\"^1.0.220\"},{\"kind\":\"dev\",\"name\":\"serde_derive\",\"req\":\"^1.0.220\"},{\"kind\":\"dev\",\"name\":\"serde_json\",\"req\":\"^1.0.110\"}],\"features\":{}}",
       "serde_json_1.0.149": "{\"dependencies\":[{\"kind\":\"dev\",\"name\":\"automod\",\"req\":\"^1.0.11\"},{\"name\":\"indexmap\",\"optional\":true,\"req\":\"^2.2.3\"},{\"kind\":\"dev\",\"name\":\"indoc\",\"req\":\"^2.0.2\"},{\"name\":\"itoa\",\"req\":\"^1.0\"},{\"default_features\":false,\"name\":\"memchr\",\"req\":\"^2\"},{\"kind\":\"dev\",\"name\":\"ref-cast\",\"req\":\"^1.0.18\"},{\"kind\":\"dev\",\"name\":\"rustversion\",\"req\":\"^1.0.13\"},{\"default_features\":false,\"name\":\"serde\",\"req\":\"^1.0.220\",\"target\":\"cfg(any())\"},{\"features\":[\"derive\"],\"kind\":\"dev\",\"name\":\"serde\",\"req\":\"^1.0.194\"},{\"kind\":\"dev\",\"name\":\"serde_bytes\",\"req\":\"^0.11.10\"},{\"default_features\":false,\"name\":\"serde_core\",\"req\":\"^1.0.220\"},{\"kind\":\"dev\",\"name\":\"serde_derive\",\"req\":\"^1.0.166\"},{\"kind\":\"dev\",\"name\":\"serde_stacker\",\"req\":\"^0.1.8\"},{\"features\":[\"diff\"],\"kind\":\"dev\",\"name\":\"trybuild\",\"req\":\"^1.0.108\"},{\"name\":\"zmij\",\"req\":\"^1.0\"}],\"features\":{\"alloc\":[\"serde_core/alloc\"],\"arbitrary_precision\":[],\"default\":[\"std\"],\"float_roundtrip\":[],\"preserve_order\":[\"indexmap\",\"std\"],\"raw_value\":[],\"std\":[\"memchr/std\",\"serde_core/std\"],\"unbounded_depth\":[]}}",
       "serde_path_to_error_0.1.20": "{\"dependencies\":[{\"name\":\"itoa\",\"req\":\"^1.0\"},{\"default_features\":false,\"name\":\"serde\",\"req\":\"^1.0.220\",\"target\":\"cfg(any())\"},{\"kind\":\"dev\",\"name\":\"serde\",\"req\":\"^1.0.220\"},{\"default_features\":false,\"features\":[\"alloc\"],\"name\":\"serde_core\",\"req\":\"^1.0.220\"},{\"kind\":\"dev\",\"name\":\"serde_derive\",\"req\":\"^1.0.220\"},{\"kind\":\"dev\",\"name\":\"serde_json\",\"req\":\"^1.0.100\"}],\"features\":{}}",
       "serde_repr_0.1.20": "{\"dependencies\":[{\"name\":\"proc-macro2\",\"req\":\"^1.0.74\"},{\"name\":\"quote\",\"req\":\"^1.0.35\"},{\"kind\":\"dev\",\"name\":\"rustversion\",\"req\":\"^1.0.13\"},{\"kind\":\"dev\",\"name\":\"serde\",\"req\":\"^1.0.166\"},{\"kind\":\"dev\",\"name\":\"serde_json\",\"req\":\"^1.0.100\"},{\"name\":\"syn\",\"req\":\"^2.0.46\"},{\"features\":[\"diff\"],\"kind\":\"dev\",\"name\":\"trybuild\",\"req\":\"^1.0.81\"}],\"features\":{}}",

codex-cli/bin/codex.js

@@ -2,7 +2,7 @@
 // Unified entry point for the Codex CLI.
 
 import { spawn } from "node:child_process";
-import { existsSync, realpathSync } from "fs";
+import { existsSync } from "fs";
 import { createRequire } from "node:module";
 import path from "path";
 import { fileURLToPath } from "url";
@@ -171,7 +171,6 @@ const packageManagerEnvVar =
     ? "CODEX_MANAGED_BY_BUN"
     : "CODEX_MANAGED_BY_NPM";
 env[packageManagerEnvVar] = "1";
-env.CODEX_MANAGED_PACKAGE_ROOT = realpathSync(path.join(__dirname, ".."));
 
 const child = spawn(binaryPath, process.argv.slice(2), {
   stdio: "inherit",

codex-rs/.cargo/config.toml

@@ -1,5 +1,5 @@
 [target.'cfg(all(windows, target_env = "msvc"))']
-rustflags = ["-C", "link-arg=/STACK:8388608", "-C", "target-feature=+crt-static"]
+rustflags = ["-C", "link-arg=/STACK:8388608"]
 
 # MSVC emits a warning about code that may trip "Cortex-A53 MPCore processor bug #843419" (see
 # https://developer.arm.com/documentation/epm048406/latest) which is sometimes emitted by LLVM.

codex-rs/.config/nextest.toml

@@ -1,10 +1,6 @@
 [profile.default]
-# Retry once so one transient failure does not fail full-CI outright.
+# Do not increase, fix your test instead
 slow-timeout = { period = "15s", terminate-after = 2 }
-retries = 1
-
-[profile.default.junit]
-path = "junit.xml"
 
 [test-groups.app_server_protocol_codegen]
 max-threads = 1
@@ -18,9 +14,6 @@ max-threads = 1
 [test-groups.windows_sandbox_legacy_sessions]
 max-threads = 1
 
-[test-groups.windows_process_heavy]
-max-threads = 2
-
 [[profile.default.overrides]]
 # Do not add new tests here
 filter = 'test(rmcp_client) | test(humanlike_typing_1000_chars_appears_live_no_placeholder)'
@@ -51,18 +44,3 @@ test-group = 'core_apply_patch_cli_integration'
 # Serialize them to avoid exhausting Windows session/global desktop resources in CI.
 filter = 'package(codex-windows-sandbox) & test(legacy_)'
 test-group = 'windows_sandbox_legacy_sessions'
-
-[[profile.default.overrides]]
-# This Codex-home startup path still exceeded the broader Windows-heavy ceiling
-# in both Windows full-CI lanes after contention was reduced.
-platform = 'cfg(windows)'
-filter = 'test(start_thread_uses_all_default_environments_from_codex_home)'
-slow-timeout = { period = "1m", terminate-after = 2 }
-
-[[profile.default.overrides]]
-# These Windows-heavy tests spawn subprocesses, session files, or JSON-RPC
-# clients and have been the dominant source of 30s full-CI timeouts.
-platform = 'cfg(windows)'
-filter = 'test(suite::resume::) | test(suite::cli_stream::) | test(suite::auth_env::) | test(start_thread_uses_all_default_environments_from_codex_home) | test(connect_stdio_command_initializes_json_rpc_client_on_windows)'
-test-group = 'windows_process_heavy'
-slow-timeout = { period = "45s", terminate-after = 2 }

codex-rs/Cargo.lock

@@ -1145,7 +1145,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8b52af3cb4058c895d37317bb27508dccc8e5f2d39454016b297bf4a400597b8"
 dependencies = [
  "axum-core",
- "base64 0.22.1",
  "bytes",
  "form_urlencoded",
  "futures-util",
@@ -1164,10 +1163,8 @@ dependencies = [
  "serde_json",
  "serde_path_to_error",
  "serde_urlencoded",
- "sha1",
  "sync_wrapper",
  "tokio",
- "tokio-tungstenite",
  "tower",
  "tower-layer",
  "tower-service",
@@ -1902,12 +1899,11 @@ dependencies = [
  "codex-feedback",
  "codex-file-search",
  "codex-file-watcher",
+ "codex-git-attribution",
  "codex-git-utils",
- "codex-guardian",
  "codex-hooks",
  "codex-login",
  "codex-mcp",
- "codex-memories-extension",
  "codex-memories-write",
  "codex-model-provider",
  "codex-model-provider-info",
@@ -1922,6 +1918,7 @@ dependencies = [
  "codex-state",
  "codex-thread-store",
  "codex-tools",
+ "codex-uds",
  "codex-utils-absolute-path",
  "codex-utils-cargo-bin",
  "codex-utils-cli",
@@ -1930,16 +1927,13 @@ dependencies = [
  "core_test_support",
  "flate2",
  "futures",
- "hmac",
  "opentelemetry",
  "opentelemetry_sdk",
  "pretty_assertions",
- "reqwest",
  "rmcp",
  "serde",
  "serde_json",
  "serial_test",
- "sha2",
  "shlex",
  "tar",
  "tempfile",
@@ -1970,8 +1964,6 @@ dependencies = [
  "codex-exec-server",
  "codex-feedback",
  "codex-protocol",
- "codex-uds",
- "codex-utils-absolute-path",
  "codex-utils-rustls-provider",
  "futures",
  "pretty_assertions",
@@ -1992,15 +1984,14 @@ dependencies = [
  "anyhow",
  "codex-app-server-protocol",
  "codex-app-server-transport",
+ "codex-core",
  "codex-uds",
- "codex-utils-home-dir",
  "futures",
  "libc",
  "pretty_assertions",
  "reqwest",
  "serde",
  "serde_json",
- "sha2",
  "tempfile",
  "tokio",
  "tokio-tungstenite",
@@ -2058,11 +2049,8 @@ dependencies = [
 name = "codex-app-server-transport"
 version = "0.0.0"
 dependencies = [
- "anyhow",
- "axum",
  "base64 0.22.1",
  "chrono",
- "clap",
  "codex-api",
  "codex-app-server-protocol",
  "codex-config",
@@ -2073,18 +2061,12 @@ dependencies = [
  "codex-uds",
  "codex-utils-absolute-path",
  "codex-utils-rustls-provider",
- "constant_time_eq 0.3.1",
  "futures",
  "gethostname",
- "hmac",
- "jsonwebtoken",
- "owo-colors",
  "pretty_assertions",
  "serde",
  "serde_json",
- "sha2",
  "tempfile",
- "time",
  "tokio",
  "tokio-tungstenite",
  "tokio-util",
@@ -2221,7 +2203,6 @@ dependencies = [
  "assert_matches",
  "clap",
  "clap_complete",
- "codex-api",
  "codex-app-server",
  "codex-app-server-daemon",
  "codex-app-server-protocol",
@@ -2236,14 +2217,11 @@ dependencies = [
  "codex-exec-server",
  "codex-execpolicy",
  "codex-features",
- "codex-install-context",
  "codex-login",
  "codex-mcp",
  "codex-mcp-server",
  "codex-memories-write",
- "codex-model-provider",
  "codex-models-manager",
- "codex-plugin",
  "codex-protocol",
  "codex-responses-api-proxy",
  "codex-rmcp-client",
@@ -2258,14 +2236,11 @@ dependencies = [
  "codex-utils-cli",
  "codex-utils-path",
  "codex-windows-sandbox",
- "crossterm",
- "http 1.4.0",
  "libc",
  "owo-colors",
  "predicates",
  "pretty_assertions",
  "regex-lite",
- "serde",
  "serde_json",
  "sqlx",
  "supports-color 3.0.2",
@@ -2439,7 +2414,6 @@ dependencies = [
  "prost 0.14.3",
  "schemars 0.8.22",
  "serde",
- "serde_ignored",
  "serde_json",
  "serde_path_to_error",
  "sha2",
@@ -2526,6 +2500,7 @@ dependencies = [
  "codex-terminal-detection",
  "codex-test-binary-support",
  "codex-thread-store",
+ "codex-tool-api",
  "codex-tools",
  "codex-utils-absolute-path",
  "codex-utils-cache",
@@ -2536,6 +2511,7 @@ dependencies = [
  "codex-utils-path",
  "codex-utils-plugins",
  "codex-utils-pty",
+ "codex-utils-readiness",
  "codex-utils-stream-parser",
  "codex-utils-string",
  "codex-utils-template",
@@ -2545,6 +2521,7 @@ dependencies = [
  "ctor 0.6.3",
  "dirs",
  "dunce",
+ "env-flags",
  "eventsource-stream",
  "futures",
  "http 1.4.0",
@@ -2716,7 +2693,6 @@ dependencies = [
  "codex-utils-cargo-bin",
  "codex-utils-cli",
  "codex-utils-oss",
- "codex-utils-sandbox-summary",
  "core_test_support",
  "libc",
  "opentelemetry",
@@ -2745,10 +2721,8 @@ dependencies = [
  "anyhow",
  "arc-swap",
  "async-trait",
- "axum",
  "base64 0.22.1",
  "bytes",
- "codex-api",
  "codex-app-server-protocol",
  "codex-client",
  "codex-file-system",
@@ -2757,12 +2731,9 @@ dependencies = [
  "codex-test-binary-support",
  "codex-utils-absolute-path",
  "codex-utils-pty",
- "codex-utils-rustls-provider",
  "ctor 0.6.3",
  "futures",
- "http 1.4.0",
  "pretty_assertions",
- "prost 0.14.3",
  "reqwest",
  "serde",
  "serde_json",
@@ -2829,9 +2800,8 @@ dependencies = [
 name = "codex-extension-api"
 version = "0.0.0"
 dependencies = [
- "async-trait",
  "codex-protocol",
- "codex-tools",
+ "codex-tool-api",
 ]
 
 [[package]]
@@ -2923,6 +2893,16 @@ dependencies = [
  "tracing",
 ]
 
+[[package]]
+name = "codex-git-attribution"
+version = "0.0.0"
+dependencies = [
+ "codex-core",
+ "codex-extension-api",
+ "codex-features",
+ "pretty_assertions",
+]
+
 [[package]]
 name = "codex-git-utils"
 version = "0.0.0"
@@ -2947,28 +2927,6 @@ dependencies = [
  "walkdir",
 ]
 
-[[package]]
-name = "codex-goal-extension"
-version = "0.0.0"
-dependencies = [
- "async-trait",
- "codex-extension-api",
- "codex-protocol",
- "codex-tools",
- "serde",
- "serde_json",
-]
-
-[[package]]
-name = "codex-guardian"
-version = "0.0.0"
-dependencies = [
- "async-trait",
- "codex-core",
- "codex-extension-api",
- "codex-protocol",
-]
-
 [[package]]
 name = "codex-hooks"
 version = "0.0.0"
@@ -3152,27 +3110,6 @@ dependencies = [
  "wiremock",
 ]
 
-[[package]]
-name = "codex-memories-extension"
-version = "0.0.0"
-dependencies = [
- "async-trait",
- "codex-core",
- "codex-extension-api",
- "codex-features",
- "codex-memories-read",
- "codex-tools",
- "codex-utils-absolute-path",
- "codex-utils-output-truncation",
- "pretty_assertions",
- "schemars 0.8.22",
- "serde",
- "serde_json",
- "tempfile",
- "thiserror 2.0.18",
- "tokio",
-]
-
 [[package]]
 name = "codex-memories-mcp"
 version = "0.0.0"
@@ -3497,7 +3434,6 @@ version = "0.0.0"
 dependencies = [
  "anyhow",
  "axum",
- "base64 0.22.1",
  "bytes",
  "codex-api",
  "codex-client",
@@ -3561,7 +3497,6 @@ dependencies = [
  "anyhow",
  "codex-code-mode",
  "codex-protocol",
- "http 1.4.0",
  "pretty_assertions",
  "serde",
  "serde_json",
@@ -3734,7 +3669,6 @@ dependencies = [
  "codex-protocol",
  "codex-rollout",
  "codex-state",
- "codex-utils-path",
  "pretty_assertions",
  "serde",
  "serde_json",
@@ -3745,23 +3679,29 @@ dependencies = [
  "uuid",
 ]
 
+[[package]]
+name = "codex-tool-api"
+version = "0.0.0"
+dependencies = [
+ "pretty_assertions",
+ "serde_json",
+ "thiserror 2.0.18",
+]
+
 [[package]]
 name = "codex-tools"
 version = "0.0.0"
 dependencies = [
- "async-trait",
  "codex-app-server-protocol",
  "codex-code-mode",
  "codex-features",
  "codex-protocol",
  "codex-utils-absolute-path",
  "codex-utils-pty",
- "codex-utils-string",
  "pretty_assertions",
  "rmcp",
  "serde",
  "serde_json",
- "thiserror 2.0.18",
  "tracing",
 ]
 
@@ -3803,7 +3743,6 @@ dependencies = [
  "codex-protocol",
  "codex-realtime-webrtc",
  "codex-rollout",
- "codex-sandboxing",
  "codex-shell-command",
  "codex-state",
  "codex-terminal-detection",
@@ -3813,16 +3752,15 @@ dependencies = [
  "codex-utils-cli",
  "codex-utils-elapsed",
  "codex-utils-fuzzy-match",
- "codex-utils-home-dir",
  "codex-utils-oss",
  "codex-utils-path",
  "codex-utils-plugins",
+ "codex-utils-pty",
  "codex-utils-sandbox-summary",
  "codex-utils-sleep-inhibitor",
  "codex-utils-string",
  "codex-windows-sandbox",
  "color-eyre",
- "core_test_support",
  "cpal",
  "crossterm",
  "derive_more 2.1.1",
@@ -3846,7 +3784,6 @@ dependencies = [
  "serde",
  "serde_json",
  "serial_test",
- "sha2",
  "shlex",
  "strum 0.27.2",
  "strum_macros 0.28.0",
@@ -3873,7 +3810,6 @@ dependencies = [
  "which 8.0.0",
  "windows-sys 0.52.0",
  "winsplit",
- "wiremock",
 ]
 
 [[package]]
@@ -3933,7 +3869,6 @@ version = "0.0.0"
 dependencies = [
  "clap",
  "codex-protocol",
- "codex-shell-command",
  "pretty_assertions",
  "serde",
  "toml 0.9.11+spec-1.1.0",
@@ -5423,6 +5358,12 @@ dependencies = [
  "syn 2.0.114",
 ]
 
+[[package]]
+name = "env-flags"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dbfd0e7fc632dec5e6c9396a27bc9f9975b4e039720e1fd3e34021d3ce28c415"
+
 [[package]]
 name = "env_filter"
 version = "1.0.0"
@@ -5474,7 +5415,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb"
 dependencies = [
  "libc",
- "windows-sys 0.52.0",
+ "windows-sys 0.61.2",
 ]
 
 [[package]]
@@ -9022,7 +8963,7 @@ version = "5.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "51e219e79014df21a225b1860a479e2dcd7cbd9130f4defd4bd0e191ea31d67d"
 dependencies = [
- "base64 0.22.1",
+ "base64 0.21.7",
  "chrono",
  "getrandom 0.2.17",
  "http 1.4.0",
@@ -9490,7 +9431,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7d8fae84b431384b68627d0f9b3b1245fcf9f46f6c0e3dc902e9dce64edd1967"
 dependencies = [
  "libc",
- "windows-sys 0.61.2",
+ "windows-sys 0.45.0",
 ]
 
 [[package]]
@@ -11661,16 +11602,6 @@ dependencies = [
  "serde_core",
 ]
 
-[[package]]
-name = "serde_ignored"
-version = "0.1.14"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "115dffd5f3853e06e746965a20dcbae6ee747ae30b543d91b0e089668bb07798"
-dependencies = [
- "serde",
- "serde_core",
-]
-
 [[package]]
 name = "serde_json"
 version = "1.0.149"
@@ -14144,7 +14075,7 @@ version = "0.1.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22"
 dependencies = [
- "windows-sys 0.61.2",
+ "windows-sys 0.48.0",
 ]
 
 [[package]]

codex-rs/Cargo.toml

@@ -45,9 +45,7 @@ members = [
     "execpolicy",
     "execpolicy-legacy",
     "ext/extension-api",
-    "ext/goal",
-    "ext/guardian",
-    "ext/memories",
+    "ext/git-attribution",
     "external-agent-migration",
     "external-agent-sessions",
     "keyring-store",
@@ -109,6 +107,7 @@ members = [
     "test-binary-support",
     "thread-manager-sample",
     "thread-store",
+    "tool-api",
     "uds",
     "codex-experimental-api-macros",
     "plugin",
@@ -163,8 +162,7 @@ codex-file-system = { path = "file-system" }
 codex-exec-server = { path = "exec-server" }
 codex-execpolicy = { path = "execpolicy" }
 codex-extension-api = { path = "ext/extension-api" }
-codex-goal-extension = { path = "ext/goal" }
-codex-guardian = { path = "ext/guardian" }
+codex-git-attribution = { path = "ext/git-attribution" }
 codex-external-agent-migration = { path = "external-agent-migration" }
 codex-external-agent-sessions = { path = "external-agent-sessions" }
 codex-experimental-api-macros = { path = "codex-experimental-api-macros" }
@@ -180,7 +178,6 @@ codex-linux-sandbox = { path = "linux-sandbox" }
 codex-lmstudio = { path = "lmstudio" }
 codex-login = { path = "login" }
 codex-message-history = { path = "message-history" }
-codex-memories-extension = { path = "ext/memories" }
 codex-memories-read = { path = "memories/read" }
 codex-memories-write = { path = "memories/write" }
 codex-mcp = { path = "codex-mcp" }
@@ -210,6 +207,7 @@ codex-stdio-to-uds = { path = "stdio-to-uds" }
 codex-terminal-detection = { path = "terminal-detection" }
 codex-test-binary-support = { path = "test-binary-support" }
 codex-thread-store = { path = "thread-store" }
+codex-tool-api = { path = "tool-api" }
 codex-tools = { path = "tools" }
 codex-tui = { path = "tui" }
 codex-uds = { path = "uds" }
@@ -228,6 +226,7 @@ codex-utils-output-truncation = { path = "utils/output-truncation" }
 codex-utils-path = { path = "utils/path-utils" }
 codex-utils-plugins = { path = "utils/plugins" }
 codex-utils-pty = { path = "utils/pty" }
+codex-utils-readiness = { path = "utils/readiness" }
 codex-utils-rustls-provider = { path = "utils/rustls-provider" }
 codex-utils-sandbox-summary = { path = "utils/sandbox-summary" }
 codex-utils-sleep-inhibitor = { path = "utils/sleep-inhibitor" }
@@ -265,7 +264,6 @@ chrono = "0.4.43"
 clap = "4"
 clap_complete = "4"
 color-eyre = "0.6.3"
-constant_time_eq = "0.3.1"
 crossbeam-channel = "0.5.15"
 crypto_box = { version = "0.9.1", features = ["seal"] }
 crossterm = "0.28.1"
@@ -280,6 +278,7 @@ dotenvy = "0.15.7"
 dunce = "1.0.4"
 ed25519-dalek = { version = "2.2.0", features = ["pkcs8"] }
 encoding_rs = "0.8.35"
+env-flags = "0.1.1"
 env_logger = "0.11.9"
 eventsource-stream = "0.2.3"
 flate2 = "1.1.8"
@@ -352,7 +351,6 @@ seccompiler = "0.5.0"
 semver = "1.0"
 sentry = "0.46.0"
 serde = "1"
-serde_ignored = "0.1.14"
 serde_json = "1"
 serde_path_to_error = "0.1.20"
 serde_with = "3.17"
@@ -472,7 +470,6 @@ unwrap_used = "deny"
 [workspace.metadata.cargo-shear]
 ignored = [
     "codex-agent-graph-store",
-    "codex-goal-extension",
     "icu_provider",
     "openssl-sys",
     "codex-v8-poc",

codex-rs/analytics/src/accepted_lines.rs

@@ -7,6 +7,9 @@ use codex_git_utils::get_git_remote_urls_assume_git_repo;
 use sha1::Digest;
 use std::path::Path;
 
+const ACCEPTED_LINE_FINGERPRINT_EVENT_TARGET_BYTES: usize = 2 * 1024 * 1024;
+const ACCEPTED_LINE_FINGERPRINT_EVENT_FIXED_BYTES: usize = 1024;
+
 #[derive(Clone, Debug, PartialEq, Eq)]
 pub struct AcceptedLineFingerprintSummary {
     pub accepted_added_lines: u64,
@@ -94,38 +97,39 @@ pub fn fingerprint_hash(domain: &str, value: &str) -> String {
 pub(crate) fn accepted_line_fingerprint_event_requests(
     input: AcceptedLineFingerprintEventInput,
 ) -> Vec<TrackEventRequest> {
-    let AcceptedLineFingerprintEventInput {
-        event_type,
-        turn_id,
-        thread_id,
-        product_surface,
-        model_slug,
-        completed_at,
-        repo_hash,
-        accepted_added_lines,
-        accepted_deleted_lines,
-        line_fingerprints: _line_fingerprints,
-    } = input;
-
-    vec![TrackEventRequest::AcceptedLineFingerprints(Box::new(
-        CodexAcceptedLineFingerprintsEventRequest {
-            event_type: "codex_accepted_line_fingerprints",
-            event_params: CodexAcceptedLineFingerprintsEventParams {
-                event_type,
-                turn_id,
-                thread_id,
-                product_surface,
-                model_slug,
-                completed_at,
-                repo_hash,
-                accepted_added_lines,
-                accepted_deleted_lines,
-                // Keep computing local fingerprints for parsing tests and future attribution,
-                // but do not upload path/line hashes in the analytics event payload.
-                line_fingerprints: Vec::new(),
-            },
-        },
-    ))]
+    let chunks = accepted_line_fingerprint_chunks(input.line_fingerprints);
+    chunks
+        .into_iter()
+        .enumerate()
+        .map(|(index, line_fingerprints)| {
+            let is_first_chunk = index == 0;
+            TrackEventRequest::AcceptedLineFingerprints(Box::new(
+                CodexAcceptedLineFingerprintsEventRequest {
+                    event_type: "codex_accepted_line_fingerprints",
+                    event_params: CodexAcceptedLineFingerprintsEventParams {
+                        event_type: input.event_type,
+                        turn_id: input.turn_id.clone(),
+                        thread_id: input.thread_id.clone(),
+                        product_surface: input.product_surface.clone(),
+                        model_slug: input.model_slug.clone(),
+                        completed_at: input.completed_at,
+                        repo_hash: input.repo_hash.clone(),
+                        accepted_added_lines: if is_first_chunk {
+                            input.accepted_added_lines
+                        } else {
+                            0
+                        },
+                        accepted_deleted_lines: if is_first_chunk {
+                            input.accepted_deleted_lines
+                        } else {
+                            0
+                        },
+                        line_fingerprints,
+                    },
+                },
+            ))
+        })
+        .collect()
 }
 
 pub async fn accepted_line_repo_hash_for_cwd(cwd: &Path) -> Option<String> {
@@ -168,6 +172,44 @@ fn normalize_effective_line(line: &str) -> Option<String> {
     Some(normalized)
 }
 
+fn accepted_line_fingerprint_chunks(
+    line_fingerprints: Vec<AcceptedLineFingerprint>,
+) -> Vec<Vec<AcceptedLineFingerprint>> {
+    if line_fingerprints.is_empty() {
+        return vec![Vec::new()];
+    }
+
+    let mut chunks = Vec::new();
+    let mut current = Vec::new();
+    let mut current_bytes = ACCEPTED_LINE_FINGERPRINT_EVENT_FIXED_BYTES;
+
+    for fingerprint in line_fingerprints {
+        let item_bytes = accepted_line_fingerprint_json_bytes(&fingerprint);
+        let separator_bytes = usize::from(!current.is_empty());
+        if !current.is_empty()
+            && current_bytes + separator_bytes + item_bytes
+                > ACCEPTED_LINE_FINGERPRINT_EVENT_TARGET_BYTES
+        {
+            chunks.push(current);
+            current = Vec::new();
+            current_bytes = ACCEPTED_LINE_FINGERPRINT_EVENT_FIXED_BYTES;
+        }
+        current_bytes += usize::from(!current.is_empty()) + item_bytes;
+        current.push(fingerprint);
+    }
+
+    if !current.is_empty() {
+        chunks.push(current);
+    }
+    chunks
+}
+
+fn accepted_line_fingerprint_json_bytes(fingerprint: &AcceptedLineFingerprint) -> usize {
+    // {"path_hash":"...","line_hash":"..."} plus one byte of array comma
+    // accounted for by the caller when needed.
+    32 + fingerprint.path_hash.len() + fingerprint.line_hash.len()
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;

codex-rs/analytics/src/analytics_client_tests.rs

@@ -11,25 +11,18 @@ use crate::events::CodexCompactionEventRequest;
 use crate::events::CodexHookRunEventRequest;
 use crate::events::CodexPluginEventRequest;
 use crate::events::CodexPluginUsedEventRequest;
-use crate::events::CodexReviewEventParams;
-use crate::events::CodexReviewEventRequest;
 use crate::events::CodexRuntimeMetadata;
 use crate::events::CodexToolItemEventBase;
 use crate::events::CodexTurnEventRequest;
-use crate::events::FinalApprovalOutcome;
 use crate::events::GuardianApprovalRequestSource;
 use crate::events::GuardianReviewDecision;
 use crate::events::GuardianReviewEventParams;
 use crate::events::GuardianReviewFailureReason;
 use crate::events::GuardianReviewTerminalStatus;
 use crate::events::GuardianReviewedAction;
-use crate::events::ReviewResolution;
-use crate::events::ReviewStatus;
-use crate::events::ReviewSubjectKind;
-use crate::events::ReviewTrigger;
-use crate::events::Reviewer;
 use crate::events::ThreadInitializedEvent;
 use crate::events::ThreadInitializedEventParams;
+use crate::events::ToolItemFinalApprovalOutcome;
 use crate::events::ToolItemTerminalStatus;
 use crate::events::TrackEventRequest;
 use crate::events::codex_app_metadata;
@@ -37,6 +30,7 @@ use crate::events::codex_hook_run_metadata;
 use crate::events::codex_plugin_metadata;
 use crate::events::codex_plugin_used_metadata;
 use crate::events::subagent_thread_started_event_request;
+use crate::facts::AcceptedLineFingerprint;
 use crate::facts::AnalyticsFact;
 use crate::facts::AnalyticsJsonRpcError;
 use crate::facts::AppInvocation;
@@ -78,32 +72,20 @@ use codex_app_server_protocol::CodexErrorInfo;
 use codex_app_server_protocol::CollabAgentTool;
 use codex_app_server_protocol::CollabAgentToolCallStatus;
 use codex_app_server_protocol::CommandAction;
-use codex_app_server_protocol::CommandExecutionApprovalDecision;
-use codex_app_server_protocol::CommandExecutionRequestApprovalParams;
-use codex_app_server_protocol::CommandExecutionRequestApprovalResponse;
 use codex_app_server_protocol::CommandExecutionSource;
 use codex_app_server_protocol::CommandExecutionStatus;
 use codex_app_server_protocol::DynamicToolCallStatus;
-use codex_app_server_protocol::GuardianApprovalReview;
-use codex_app_server_protocol::GuardianApprovalReviewAction;
-use codex_app_server_protocol::GuardianApprovalReviewStatus;
-use codex_app_server_protocol::GuardianCommandSource as AppServerGuardianCommandSource;
 use codex_app_server_protocol::InitializeCapabilities;
 use codex_app_server_protocol::InitializeParams;
 use codex_app_server_protocol::ItemCompletedNotification;
-use codex_app_server_protocol::ItemGuardianApprovalReviewCompletedNotification;
 use codex_app_server_protocol::ItemStartedNotification;
 use codex_app_server_protocol::JSONRPCErrorError;
 use codex_app_server_protocol::McpToolCallStatus;
 use codex_app_server_protocol::NonSteerableTurnKind;
 use codex_app_server_protocol::PatchApplyStatus;
-use codex_app_server_protocol::PermissionsRequestApprovalParams;
 use codex_app_server_protocol::RequestId;
-use codex_app_server_protocol::RequestPermissionProfile;
 use codex_app_server_protocol::SandboxPolicy as AppServerSandboxPolicy;
 use codex_app_server_protocol::ServerNotification;
-use codex_app_server_protocol::ServerRequest;
-use codex_app_server_protocol::ServerResponse;
 use codex_app_server_protocol::SessionSource as AppServerSessionSource;
 use codex_app_server_protocol::Thread;
 use codex_app_server_protocol::ThreadArchiveParams;
@@ -132,19 +114,16 @@ use codex_plugin::PluginTelemetryMetadata;
 use codex_protocol::approvals::NetworkApprovalProtocol;
 use codex_protocol::config_types::ApprovalsReviewer;
 use codex_protocol::config_types::ModeKind;
-use codex_protocol::models::NetworkPermissions as CoreNetworkPermissions;
 use codex_protocol::models::PermissionProfile as CorePermissionProfile;
 use codex_protocol::protocol::AskForApproval;
 use codex_protocol::protocol::HookEventName;
 use codex_protocol::protocol::HookRunStatus;
 use codex_protocol::protocol::HookSource;
+use codex_protocol::protocol::SandboxPolicy;
 use codex_protocol::protocol::SessionSource;
 use codex_protocol::protocol::SubAgentSource;
 use codex_protocol::protocol::ThreadSource;
 use codex_protocol::protocol::TokenUsage;
-use codex_protocol::request_permissions::PermissionGrantScope as CorePermissionGrantScope;
-use codex_protocol::request_permissions::RequestPermissionProfile as CoreRequestPermissionProfile;
-use codex_protocol::request_permissions::RequestPermissionsResponse as CoreRequestPermissionsResponse;
 use codex_utils_absolute_path::test_support::PathBufExt;
 use codex_utils_absolute_path::test_support::test_path_buf;
 use pretty_assertions::assert_eq;
@@ -200,11 +179,11 @@ fn sample_thread_start_response(
         model_provider: "openai".to_string(),
         service_tier: None,
         cwd: test_path_buf("/tmp").abs(),
-        runtime_workspace_roots: Vec::new(),
         instruction_sources: Vec::new(),
         approval_policy: AppServerAskForApproval::OnFailure,
         approvals_reviewer: AppServerApprovalsReviewer::User,
         sandbox: AppServerSandboxPolicy::DangerFullAccess,
+        permission_profile: None,
         active_permission_profile: None,
         reasoning_effort: None,
     })
@@ -256,11 +235,11 @@ fn sample_thread_resume_response_with_source(
         model_provider: "openai".to_string(),
         service_tier: None,
         cwd: test_path_buf("/tmp").abs(),
-        runtime_workspace_roots: Vec::new(),
         instruction_sources: Vec::new(),
         approval_policy: AppServerAskForApproval::OnFailure,
         approvals_reviewer: AppServerApprovalsReviewer::User,
         sandbox: AppServerSandboxPolicy::DangerFullAccess,
+        permission_profile: None,
         active_permission_profile: None,
         reasoning_effort: None,
     })
@@ -278,7 +257,6 @@ fn sample_turn_start_request(thread_id: &str, request_id: i64) -> ClientRequest
                 },
                 UserInput::Image {
                     url: "https://example.com/a.png".to_string(),
-                    detail: None,
                 },
             ],
             ..Default::default()
@@ -366,7 +344,9 @@ fn sample_turn_resolved_config(thread_id: &str, turn_id: &str) -> TurnResolvedCo
         session_source: SessionSource::Exec,
         model: "gpt-5".to_string(),
         model_provider: "openai".to_string(),
-        permission_profile: CorePermissionProfile::read_only(),
+        permission_profile: CorePermissionProfile::from_legacy_sandbox_policy(
+            &SandboxPolicy::new_read_only_policy(),
+        ),
         permission_profile_cwd: PathBuf::from("/tmp"),
         reasoning_effort: None,
         reasoning_summary: None,
@@ -397,7 +377,6 @@ fn sample_turn_steer_request(
                 },
                 UserInput::LocalImage {
                     path: "/tmp/a.png".into(),
-                    detail: None,
                 },
             ],
             responsesapi_client_metadata: None,
@@ -633,7 +612,7 @@ async fn ingest_turn_prerequisites(
     }
 }
 
-async fn ingest_review_prerequisites(
+async fn ingest_tool_review_prerequisites(
     reducer: &mut AnalyticsReducer,
     events: &mut Vec<TrackEventRequest>,
 ) {
@@ -655,58 +634,6 @@ async fn ingest_review_prerequisites(
     events.clear();
 }
 
-async fn ingest_completed_command_execution_item(
-    reducer: &mut AnalyticsReducer,
-    events: &mut Vec<TrackEventRequest>,
-    thread_id: &str,
-    item_id: &str,
-) {
-    reducer
-        .ingest(
-            AnalyticsFact::Notification(Box::new(sample_turn_started_notification(
-                thread_id, "turn-1",
-            ))),
-            events,
-        )
-        .await;
-    reducer
-        .ingest(
-            AnalyticsFact::Notification(Box::new(ServerNotification::ItemStarted(
-                ItemStartedNotification {
-                    thread_id: thread_id.to_string(),
-                    turn_id: "turn-1".to_string(),
-                    started_at_ms: 1_000,
-                    item: sample_command_execution_item_with_id(
-                        item_id,
-                        CommandExecutionStatus::InProgress,
-                        /*exit_code*/ None,
-                        /*duration_ms*/ None,
-                    ),
-                },
-            ))),
-            events,
-        )
-        .await;
-    reducer
-        .ingest(
-            AnalyticsFact::Notification(Box::new(ServerNotification::ItemCompleted(
-                ItemCompletedNotification {
-                    thread_id: thread_id.to_string(),
-                    turn_id: "turn-1".to_string(),
-                    completed_at_ms: 1_042,
-                    item: sample_command_execution_item_with_id(
-                        item_id,
-                        CommandExecutionStatus::Completed,
-                        Some(0),
-                        Some(42),
-                    ),
-                },
-            ))),
-            events,
-        )
-        .await;
-}
-
 fn sample_initialize_fact(connection_id: u64) -> AnalyticsFact {
     AnalyticsFact::Initialize {
         connection_id,
@@ -737,18 +664,9 @@ fn sample_command_execution_item(
     status: CommandExecutionStatus,
     exit_code: Option<i32>,
     duration_ms: Option<i64>,
-) -> ThreadItem {
-    sample_command_execution_item_with_id("item-1", status, exit_code, duration_ms)
-}
-
-fn sample_command_execution_item_with_id(
-    id: &str,
-    status: CommandExecutionStatus,
-    exit_code: Option<i32>,
-    duration_ms: Option<i64>,
 ) -> ThreadItem {
     ThreadItem::CommandExecution {
-        id: id.to_string(),
+        id: "item-1".to_string(),
         command: "echo hi".to_string(),
         cwd: test_path_buf("/tmp").abs(),
         process_id: Some("pid-1".to_string()),
@@ -779,98 +697,6 @@ fn sample_command_execution_item_with_actions(
     item
 }
 
-fn sample_command_approval_request(request_id: i64, approval_id: Option<&str>) -> ServerRequest {
-    ServerRequest::CommandExecutionRequestApproval {
-        request_id: RequestId::Integer(request_id),
-        params: CommandExecutionRequestApprovalParams {
-            thread_id: "thread-1".to_string(),
-            turn_id: "turn-1".to_string(),
-            item_id: "item-1".to_string(),
-            started_at_ms: 1_000,
-            approval_id: approval_id.map(str::to_string),
-            reason: None,
-            network_approval_context: None,
-            command: Some("echo hi".to_string()),
-            cwd: None,
-            command_actions: None,
-            additional_permissions: None,
-            proposed_execpolicy_amendment: None,
-            proposed_network_policy_amendments: None,
-            available_decisions: None,
-        },
-    }
-}
-
-fn sample_command_approval_response(
-    request_id: i64,
-    decision: CommandExecutionApprovalDecision,
-) -> ServerResponse {
-    ServerResponse::CommandExecutionRequestApproval {
-        request_id: RequestId::Integer(request_id),
-        response: CommandExecutionRequestApprovalResponse { decision },
-    }
-}
-
-fn sample_permissions_approval_request(request_id: i64) -> ServerRequest {
-    ServerRequest::PermissionsRequestApproval {
-        request_id: RequestId::Integer(request_id),
-        params: PermissionsRequestApprovalParams {
-            thread_id: "thread-1".to_string(),
-            turn_id: "turn-1".to_string(),
-            item_id: "permissions-1".to_string(),
-            started_at_ms: 1_000,
-            cwd: test_path_buf("/tmp").abs(),
-            reason: Some("need network".to_string()),
-            permissions: RequestPermissionProfile {
-                network: Some(codex_app_server_protocol::AdditionalNetworkPermissions {
-                    enabled: Some(true),
-                }),
-                file_system: None,
-            },
-        },
-    }
-}
-
-fn sample_effective_permissions_approval_response(
-    permissions: CoreRequestPermissionProfile,
-    scope: CorePermissionGrantScope,
-) -> CoreRequestPermissionsResponse {
-    CoreRequestPermissionsResponse {
-        permissions,
-        scope,
-        strict_auto_review: false,
-    }
-}
-
-fn sample_guardian_review_completed(
-    review_id: &str,
-    target_item_id: Option<&str>,
-    status: GuardianApprovalReviewStatus,
-) -> ServerNotification {
-    ServerNotification::ItemGuardianApprovalReviewCompleted(
-        ItemGuardianApprovalReviewCompletedNotification {
-            thread_id: "thread-1".to_string(),
-            turn_id: "turn-1".to_string(),
-            started_at_ms: 1_000,
-            completed_at_ms: 1_042,
-            review_id: review_id.to_string(),
-            target_item_id: target_item_id.map(str::to_string),
-            decision_source: codex_app_server_protocol::AutoReviewDecisionSource::Agent,
-            review: GuardianApprovalReview {
-                status,
-                risk_level: None,
-                user_authorization: None,
-                rationale: None,
-            },
-            action: GuardianApprovalReviewAction::Command {
-                source: AppServerGuardianCommandSource::Shell,
-                command: "echo hi".to_string(),
-                cwd: test_path_buf("/tmp").abs(),
-            },
-        },
-    )
-}
-
 fn expected_absolute_path(path: &PathBuf) -> String {
     std::fs::canonicalize(path)
         .unwrap_or_else(|_| path.to_path_buf())
@@ -1026,7 +852,10 @@ fn accepted_line_fingerprints_event_serializes_expected_shape() {
                 repo_hash: Some("repo-hash-1".to_string()),
                 accepted_added_lines: 42,
                 accepted_deleted_lines: 40,
-                line_fingerprints: Vec::new(),
+                line_fingerprints: vec![AcceptedLineFingerprint {
+                    path_hash: "path-hash-1".to_string(),
+                    line_hash: "line-hash-1".to_string(),
+                }],
             },
         },
     ));
@@ -1047,14 +876,19 @@ fn accepted_line_fingerprints_event_serializes_expected_shape() {
                 "repo_hash": "repo-hash-1",
                 "accepted_added_lines": 42,
                 "accepted_deleted_lines": 40,
-                "line_fingerprints": []
+                "line_fingerprints": [
+                    {
+                        "path_hash": "path-hash-1",
+                        "line_hash": "line-hash-1"
+                    }
+                ]
             }
         })
     );
 }
 
 #[tokio::test]
-async fn reducer_emits_large_accepted_line_aggregates_without_fingerprints() {
+async fn reducer_chunks_large_accepted_line_fingerprint_events_without_repeating_counts() {
     let mut reducer = AnalyticsReducer::default();
     let mut events = Vec::new();
 
@@ -1114,14 +948,22 @@ index 1111111..2222222
             _ => None,
         })
         .collect::<Vec<_>>();
-    assert_eq!(accepted_line_events.len(), 1);
-    let event = accepted_line_events[0];
-    assert_eq!(event.event_params.turn_id, "turn-2");
-    assert_eq!(event.event_params.thread_id, "thread-2");
-    assert_eq!(event.event_params.accepted_added_lines, 20_000);
-    assert_eq!(event.event_params.accepted_deleted_lines, 0);
-    assert!(event.event_params.line_fingerprints.is_empty());
-    assert!(serde_json::to_vec(event).expect("serialize event").len() < 2_100_000);
+    assert!(accepted_line_events.len() > 1);
+    let mut total_fingerprints = 0;
+    for (index, event) in accepted_line_events.iter().enumerate() {
+        assert_eq!(event.event_params.turn_id, "turn-2");
+        assert_eq!(event.event_params.thread_id, "thread-2");
+        total_fingerprints += event.event_params.line_fingerprints.len();
+        if index == 0 {
+            assert_eq!(event.event_params.accepted_added_lines, 20_000);
+            assert_eq!(event.event_params.accepted_deleted_lines, 0);
+        } else {
+            assert_eq!(event.event_params.accepted_added_lines, 0);
+            assert_eq!(event.event_params.accepted_deleted_lines, 0);
+        }
+        assert!(serde_json::to_vec(event).expect("serialize chunk").len() < 2_100_000);
+    }
+    assert_eq!(total_fingerprints, 20_000);
 }
 
 #[tokio::test]
@@ -1188,7 +1030,11 @@ index 1111111..2222222
     assert_eq!(accepted_line_events.len(), 1);
     let event = accepted_line_events[0];
     assert_eq!(event.event_params.accepted_added_lines, 1);
-    assert!(event.event_params.line_fingerprints.is_empty());
+    assert_eq!(event.event_params.line_fingerprints.len(), 1);
+    assert_eq!(
+        event.event_params.line_fingerprints[0].line_hash,
+        crate::fingerprint_hash("line", "let latest_value = 2;")
+    );
 }
 
 #[test]
@@ -1387,7 +1233,7 @@ fn command_execution_event_serializes_expected_shape() {
                 review_count: 0,
                 guardian_review_count: 0,
                 user_review_count: 0,
-                final_approval_outcome: FinalApprovalOutcome::NotNeeded,
+                final_approval_outcome: ToolItemFinalApprovalOutcome::NotNeeded,
                 terminal_status: ToolItemTerminalStatus::Completed,
                 failure_kind: None,
                 requested_additional_permissions: false,
@@ -1453,82 +1299,6 @@ fn command_execution_event_serializes_expected_shape() {
     );
 }
 
-#[test]
-fn review_event_serializes_expected_shape() {
-    let event = TrackEventRequest::ReviewEvent(CodexReviewEventRequest {
-        event_type: "codex_review_event",
-        event_params: CodexReviewEventParams {
-            thread_id: "thread-1".to_string(),
-            turn_id: "turn-1".to_string(),
-            item_id: None,
-            review_id: "review-1".to_string(),
-            app_server_client: CodexAppServerClientMetadata {
-                product_client_id: "codex_tui".to_string(),
-                client_name: Some("codex-tui".to_string()),
-                client_version: Some("1.2.3".to_string()),
-                rpc_transport: AppServerRpcTransport::Websocket,
-                experimental_api_enabled: Some(true),
-            },
-            runtime: CodexRuntimeMetadata {
-                codex_rs_version: "0.99.0".to_string(),
-                runtime_os: "macos".to_string(),
-                runtime_os_version: "15.3.1".to_string(),
-                runtime_arch: "aarch64".to_string(),
-            },
-            thread_source: Some(ThreadSource::Subagent),
-            subagent_source: Some("thread_spawn".to_string()),
-            parent_thread_id: Some("parent-thread-1".to_string()),
-            subject_kind: ReviewSubjectKind::NetworkAccess,
-            subject_name: "network_access".to_string(),
-            reviewer: Reviewer::User,
-            trigger: ReviewTrigger::NetworkPolicyDenial,
-            status: ReviewStatus::Approved,
-            resolution: ReviewResolution::NetworkPolicyAmendment,
-            started_at_ms: 123,
-            completed_at_ms: 125,
-            duration_ms: Some(2),
-        },
-    });
-
-    let payload = serde_json::to_value(&event).expect("serialize review event");
-    assert_eq!(
-        payload,
-        json!({
-            "event_type": "codex_review_event",
-            "event_params": {
-                "thread_id": "thread-1",
-                "turn_id": "turn-1",
-                "item_id": null,
-                "review_id": "review-1",
-                "app_server_client": {
-                    "product_client_id": "codex_tui",
-                    "client_name": "codex-tui",
-                    "client_version": "1.2.3",
-                    "rpc_transport": "websocket",
-                    "experimental_api_enabled": true
-                },
-                "runtime": {
-                    "codex_rs_version": "0.99.0",
-                    "runtime_os": "macos",
-                    "runtime_os_version": "15.3.1",
-                    "runtime_arch": "aarch64"
-                },
-                "thread_source": "subagent",
-                "subagent_source": "thread_spawn",
-                "parent_thread_id": "parent-thread-1",
-                "subject_kind": "network_access",
-                "subject_name": "network_access",
-                "reviewer": "user",
-                "trigger": "network_policy_denial",
-                "status": "approved",
-                "resolution": "network_policy_amendment",
-                "started_at_ms": 123,
-                "completed_at_ms": 125,
-                "duration_ms": 2
-            }
-        })
-    );
-}
 #[tokio::test]
 async fn initialize_caches_client_and_thread_lifecycle_publishes_once_initialized() {
     let mut reducer = AnalyticsReducer::default();
@@ -1943,7 +1713,7 @@ async fn item_lifecycle_notifications_publish_command_execution_event() {
     let mut reducer = AnalyticsReducer::default();
     let mut events = Vec::new();
 
-    ingest_review_prerequisites(&mut reducer, &mut events).await;
+    ingest_tool_review_prerequisites(&mut reducer, &mut events).await;
     reducer
         .ingest(
             AnalyticsFact::Notification(Box::new(sample_turn_started_notification(
@@ -2054,336 +1824,6 @@ async fn item_lifecycle_notifications_publish_command_execution_event() {
     assert_eq!(payload[0]["event_params"]["thread_source"], "user");
 }
 
-#[tokio::test]
-async fn command_execution_approval_response_publishes_user_review_event() {
-    let mut reducer = AnalyticsReducer::default();
-    let mut events = Vec::new();
-
-    ingest_review_prerequisites(&mut reducer, &mut events).await;
-    reducer
-        .ingest(
-            AnalyticsFact::ServerRequest {
-                connection_id: 7,
-                request: Box::new(sample_command_approval_request(
-                    /*request_id*/ 41, /*approval_id*/ None,
-                )),
-            },
-            &mut events,
-        )
-        .await;
-    assert!(events.is_empty());
-
-    reducer
-        .ingest(
-            AnalyticsFact::ServerResponse {
-                completed_at_ms: 1_042,
-                response: Box::new(sample_command_approval_response(
-                    /*request_id*/ 41,
-                    CommandExecutionApprovalDecision::Accept,
-                )),
-            },
-            &mut events,
-        )
-        .await;
-
-    let payload = serde_json::to_value(&events).expect("serialize events");
-    assert_eq!(payload.as_array().expect("events array").len(), 1);
-    assert_eq!(payload[0]["event_type"], "codex_review_event");
-    assert_eq!(payload[0]["event_params"]["thread_id"], "thread-1");
-    assert_eq!(payload[0]["event_params"]["turn_id"], "turn-1");
-    assert_eq!(payload[0]["event_params"]["item_id"], "item-1");
-    assert_eq!(payload[0]["event_params"]["review_id"], "user:41");
-    assert_eq!(payload[0]["event_params"]["thread_source"], "user");
-    assert_eq!(
-        payload[0]["event_params"]["subject_kind"],
-        "command_execution"
-    );
-    assert_eq!(
-        payload[0]["event_params"]["subject_name"],
-        "command_execution"
-    );
-    assert_eq!(payload[0]["event_params"]["reviewer"], "user");
-    assert_eq!(payload[0]["event_params"]["trigger"], "initial");
-    assert_eq!(payload[0]["event_params"]["status"], "approved");
-    assert_eq!(payload[0]["event_params"]["started_at_ms"], 1_000);
-    assert_eq!(payload[0]["event_params"]["completed_at_ms"], 1_042);
-    assert_eq!(payload[0]["event_params"]["duration_ms"], 42);
-}
-
-#[tokio::test]
-async fn permissions_reviews_emit_events_without_denormalizing_onto_tool_items() {
-    let mut reducer = AnalyticsReducer::default();
-    let mut events = Vec::new();
-
-    ingest_review_prerequisites(&mut reducer, &mut events).await;
-    reducer
-        .ingest(
-            AnalyticsFact::ServerRequest {
-                connection_id: 7,
-                request: Box::new(sample_permissions_approval_request(/*request_id*/ 51)),
-            },
-            &mut events,
-        )
-        .await;
-    assert!(events.is_empty());
-
-    reducer
-        .ingest(
-            AnalyticsFact::EffectivePermissionsApprovalResponse {
-                completed_at_ms: 1_042,
-                request_id: RequestId::Integer(51),
-                response: Box::new(sample_effective_permissions_approval_response(
-                    CoreRequestPermissionProfile::default(),
-                    CorePermissionGrantScope::Turn,
-                )),
-            },
-            &mut events,
-        )
-        .await;
-
-    let payload = serde_json::to_value(&events).expect("serialize events");
-    assert_eq!(payload.as_array().expect("events array").len(), 1);
-    assert_eq!(payload[0]["event_type"], "codex_review_event");
-    assert_eq!(payload[0]["event_params"]["review_id"], "user:51");
-    assert_eq!(payload[0]["event_params"]["subject_kind"], "permissions");
-    assert_eq!(payload[0]["event_params"]["reviewer"], "user");
-    assert_eq!(payload[0]["event_params"]["status"], "denied");
-    assert_eq!(payload[0]["event_params"]["resolution"], "none");
-
-    events.clear();
-    ingest_completed_command_execution_item(&mut reducer, &mut events, "thread-1", "permissions-1")
-        .await;
-
-    let payload = serde_json::to_value(&events[0]).expect("serialize tool item event");
-    assert_eq!(payload["event_params"]["item_id"], "permissions-1");
-    assert_eq!(payload["event_params"]["review_count"], 0);
-    assert_eq!(payload["event_params"]["user_review_count"], 0);
-    assert_eq!(payload["event_params"]["guardian_review_count"], 0);
-}
-
-#[tokio::test]
-async fn effective_session_permissions_response_publishes_session_user_review_event() {
-    let mut reducer = AnalyticsReducer::default();
-    let mut events = Vec::new();
-
-    ingest_review_prerequisites(&mut reducer, &mut events).await;
-    reducer
-        .ingest(
-            AnalyticsFact::ServerRequest {
-                connection_id: 7,
-                request: Box::new(sample_permissions_approval_request(/*request_id*/ 52)),
-            },
-            &mut events,
-        )
-        .await;
-
-    reducer
-        .ingest(
-            AnalyticsFact::EffectivePermissionsApprovalResponse {
-                completed_at_ms: 1_042,
-                request_id: RequestId::Integer(52),
-                response: Box::new(sample_effective_permissions_approval_response(
-                    CoreRequestPermissionProfile {
-                        network: Some(CoreNetworkPermissions {
-                            enabled: Some(true),
-                        }),
-                        file_system: None,
-                    },
-                    CorePermissionGrantScope::Session,
-                )),
-            },
-            &mut events,
-        )
-        .await;
-
-    let payload = serde_json::to_value(&events).expect("serialize events");
-    assert_eq!(payload.as_array().expect("events array").len(), 1);
-    assert_eq!(payload[0]["event_type"], "codex_review_event");
-    assert_eq!(payload[0]["event_params"]["review_id"], "user:52");
-    assert_eq!(payload[0]["event_params"]["subject_kind"], "permissions");
-    assert_eq!(payload[0]["event_params"]["reviewer"], "user");
-    assert_eq!(payload[0]["event_params"]["status"], "approved");
-    assert_eq!(payload[0]["event_params"]["resolution"], "session_approval");
-}
-
-#[tokio::test]
-async fn aborted_server_request_publishes_aborted_user_review_event_once() {
-    let mut reducer = AnalyticsReducer::default();
-    let mut events = Vec::new();
-
-    ingest_review_prerequisites(&mut reducer, &mut events).await;
-    reducer
-        .ingest(
-            AnalyticsFact::ServerRequest {
-                connection_id: 7,
-                request: Box::new(sample_command_approval_request(
-                    /*request_id*/ 61, /*approval_id*/ None,
-                )),
-            },
-            &mut events,
-        )
-        .await;
-    reducer
-        .ingest(
-            AnalyticsFact::ServerRequestAborted {
-                completed_at_ms: 1_042,
-                request_id: RequestId::Integer(61),
-            },
-            &mut events,
-        )
-        .await;
-
-    let payload = serde_json::to_value(&events).expect("serialize events");
-    assert_eq!(payload.as_array().expect("events array").len(), 1);
-    assert_eq!(payload[0]["event_params"]["review_id"], "user:61");
-    assert_eq!(payload[0]["event_params"]["status"], "aborted");
-    assert_eq!(payload[0]["event_params"]["resolution"], "none");
-
-    events.clear();
-    reducer
-        .ingest(
-            AnalyticsFact::ServerResponse {
-                completed_at_ms: 1_043,
-                response: Box::new(sample_command_approval_response(
-                    /*request_id*/ 61,
-                    CommandExecutionApprovalDecision::Accept,
-                )),
-            },
-            &mut events,
-        )
-        .await;
-    assert!(events.is_empty());
-}
-
-#[tokio::test]
-async fn guardian_completed_notification_publishes_review_event_with_thread_metadata() {
-    let mut reducer = AnalyticsReducer::default();
-    let mut events = Vec::new();
-
-    ingest_review_prerequisites(&mut reducer, &mut events).await;
-    reducer
-        .ingest(
-            AnalyticsFact::Notification(Box::new(sample_guardian_review_completed(
-                "guardian-review-1",
-                Some("item-1"),
-                GuardianApprovalReviewStatus::Denied,
-            ))),
-            &mut events,
-        )
-        .await;
-
-    let payload = serde_json::to_value(&events[0]).expect("serialize review event");
-    assert_eq!(payload["event_type"], "codex_review_event");
-    assert_eq!(payload["event_params"]["review_id"], "guardian-review-1");
-    assert_eq!(payload["event_params"]["item_id"], "item-1");
-    assert_eq!(payload["event_params"]["thread_source"], "user");
-    assert_eq!(payload["event_params"]["subject_kind"], "command_execution");
-    assert_eq!(payload["event_params"]["reviewer"], "guardian");
-    assert_eq!(payload["event_params"]["status"], "denied");
-    assert_eq!(payload["event_params"]["started_at_ms"], 1_000);
-    assert_eq!(payload["event_params"]["completed_at_ms"], 1_042);
-    assert_eq!(payload["event_params"]["duration_ms"], 42);
-}
-
-#[tokio::test]
-async fn terminal_reviews_denormalize_counts_onto_tool_item_events() {
-    let mut reducer = AnalyticsReducer::default();
-    let mut events = Vec::new();
-
-    ingest_review_prerequisites(&mut reducer, &mut events).await;
-    reducer
-        .ingest(
-            AnalyticsFact::ServerRequest {
-                connection_id: 7,
-                request: Box::new(sample_command_approval_request(
-                    /*request_id*/ 71, /*approval_id*/ None,
-                )),
-            },
-            &mut events,
-        )
-        .await;
-    reducer
-        .ingest(
-            AnalyticsFact::ServerResponse {
-                completed_at_ms: 1_042,
-                response: Box::new(sample_command_approval_response(
-                    /*request_id*/ 71,
-                    CommandExecutionApprovalDecision::AcceptForSession,
-                )),
-            },
-            &mut events,
-        )
-        .await;
-    events.clear();
-
-    ingest_completed_command_execution_item(&mut reducer, &mut events, "thread-1", "item-1").await;
-
-    let payload = serde_json::to_value(&events[0]).expect("serialize tool item event");
-    assert_eq!(payload["event_params"]["review_count"], 1);
-    assert_eq!(payload["event_params"]["user_review_count"], 1);
-    assert_eq!(payload["event_params"]["guardian_review_count"], 0);
-    assert_eq!(
-        payload["event_params"]["final_approval_outcome"],
-        "user_approved_for_session"
-    );
-}
-
-#[tokio::test]
-async fn item_review_summaries_do_not_cross_threads_with_reused_item_ids() {
-    let mut reducer = AnalyticsReducer::default();
-    let mut events = Vec::new();
-
-    ingest_review_prerequisites(&mut reducer, &mut events).await;
-    reducer
-        .ingest(
-            AnalyticsFact::ClientResponse {
-                connection_id: 7,
-                request_id: RequestId::Integer(2),
-                response: Box::new(sample_thread_start_response(
-                    "thread-2", /*ephemeral*/ false, "gpt-5",
-                )),
-            },
-            &mut events,
-        )
-        .await;
-    events.clear();
-
-    reducer
-        .ingest(
-            AnalyticsFact::ServerRequest {
-                connection_id: 7,
-                request: Box::new(sample_command_approval_request(
-                    /*request_id*/ 72, /*approval_id*/ None,
-                )),
-            },
-            &mut events,
-        )
-        .await;
-    reducer
-        .ingest(
-            AnalyticsFact::ServerResponse {
-                completed_at_ms: 1_042,
-                response: Box::new(sample_command_approval_response(
-                    /*request_id*/ 72,
-                    CommandExecutionApprovalDecision::Accept,
-                )),
-            },
-            &mut events,
-        )
-        .await;
-    events.clear();
-
-    ingest_completed_command_execution_item(&mut reducer, &mut events, "thread-2", "item-1").await;
-
-    let payload = serde_json::to_value(&events[0]).expect("serialize tool item event");
-    assert_eq!(payload["event_params"]["thread_id"], "thread-2");
-    assert_eq!(payload["event_params"]["item_id"], "item-1");
-    assert_eq!(payload["event_params"]["review_count"], 0);
-    assert_eq!(payload["event_params"]["user_review_count"], 0);
-    assert_eq!(payload["event_params"]["guardian_review_count"], 0);
-    assert_eq!(payload["event_params"]["final_approval_outcome"], "unknown");
-}
-
 #[test]
 fn subagent_thread_started_review_serializes_expected_shape() {
     let event = TrackEventRequest::ThreadInitialized(subagent_thread_started_event_request(
@@ -2672,7 +2112,7 @@ async fn subagent_tool_items_inherit_parent_connection_metadata() {
     let mut reducer = AnalyticsReducer::default();
     let mut events = Vec::new();
 
-    ingest_review_prerequisites(&mut reducer, &mut events).await;
+    ingest_tool_review_prerequisites(&mut reducer, &mut events).await;
     reducer
         .ingest(
             AnalyticsFact::Custom(CustomAnalyticsFact::SubAgentThreadStarted(

codex-rs/analytics/src/client.rs

@@ -33,7 +33,6 @@ use codex_login::AuthManager;
 use codex_login::CodexAuth;
 use codex_login::default_client::create_client;
 use codex_plugin::PluginTelemetryMetadata;
-use codex_protocol::request_permissions::RequestPermissionsResponse;
 use std::collections::HashSet;
 use std::sync::Arc;
 use std::sync::Mutex;
@@ -173,10 +172,9 @@ impl AnalyticsEventsClient {
         &self,
         tracking: &GuardianReviewTrackContext,
         result: GuardianReviewAnalyticsResult,
-        completed_at_ms: u64,
     ) {
         self.record_fact(AnalyticsFact::Custom(CustomAnalyticsFact::GuardianReview(
-            Box::new(tracking.event_params(result, completed_at_ms)),
+            Box::new(tracking.event_params(result)),
         )));
     }
 
@@ -350,26 +348,6 @@ impl AnalyticsEventsClient {
         });
     }
 
-    pub fn track_effective_permissions_approval_response(
-        &self,
-        completed_at_ms: u64,
-        request_id: RequestId,
-        response: RequestPermissionsResponse,
-    ) {
-        self.record_fact(AnalyticsFact::EffectivePermissionsApprovalResponse {
-            completed_at_ms,
-            request_id,
-            response: Box::new(response),
-        });
-    }
-
-    pub fn track_server_request_aborted(&self, completed_at_ms: u64, request_id: RequestId) {
-        self.record_fact(AnalyticsFact::ServerRequestAborted {
-            completed_at_ms,
-            request_id,
-        });
-    }
-
     pub fn track_notification(&self, notification: ServerNotification) {
         if !matches!(
             notification,

codex-rs/analytics/src/client_tests.rs

@@ -6,12 +6,14 @@ use crate::events::CodexAcceptedLineFingerprintsEventRequest;
 use crate::events::SkillInvocationEventParams;
 use crate::events::SkillInvocationEventRequest;
 use crate::events::TrackEventRequest;
+use crate::facts::AcceptedLineFingerprint;
 use crate::facts::AnalyticsFact;
 use crate::facts::InvocationType;
 use codex_app_server_protocol::ApprovalsReviewer as AppServerApprovalsReviewer;
 use codex_app_server_protocol::AskForApproval as AppServerAskForApproval;
 use codex_app_server_protocol::ClientRequest;
 use codex_app_server_protocol::ClientResponsePayload;
+use codex_app_server_protocol::PermissionProfile as AppServerPermissionProfile;
 use codex_app_server_protocol::RequestId;
 use codex_app_server_protocol::SandboxPolicy as AppServerSandboxPolicy;
 use codex_app_server_protocol::SessionSource as AppServerSessionSource;
@@ -28,6 +30,7 @@ use codex_app_server_protocol::TurnStartResponse;
 use codex_app_server_protocol::TurnStatus as AppServerTurnStatus;
 use codex_app_server_protocol::TurnSteerParams;
 use codex_app_server_protocol::TurnSteerResponse;
+use codex_protocol::models::PermissionProfile as CorePermissionProfile;
 use codex_utils_absolute_path::test_support::PathBufExt;
 use codex_utils_absolute_path::test_support::test_path_buf;
 use std::collections::HashSet;
@@ -50,7 +53,10 @@ fn sample_accepted_line_fingerprint_event(thread_id: &str) -> TrackEventRequest
                 repo_hash: None,
                 accepted_added_lines: 1,
                 accepted_deleted_lines: 0,
-                line_fingerprints: Vec::new(),
+                line_fingerprints: vec![AcceptedLineFingerprint {
+                    path_hash: "path-hash".to_string(),
+                    line_hash: "line-hash".to_string(),
+                }],
             },
         },
     ))
@@ -140,6 +146,10 @@ fn sample_thread(thread_id: &str) -> Thread {
     }
 }
 
+fn sample_permission_profile() -> AppServerPermissionProfile {
+    CorePermissionProfile::Disabled.into()
+}
+
 fn sample_thread_start_response() -> ClientResponsePayload {
     ClientResponsePayload::ThreadStart(ThreadStartResponse {
         thread: sample_thread("thread-1"),
@@ -147,11 +157,11 @@ fn sample_thread_start_response() -> ClientResponsePayload {
         model_provider: "openai".to_string(),
         service_tier: None,
         cwd: test_path_buf("/tmp").abs(),
-        runtime_workspace_roots: Vec::new(),
         instruction_sources: Vec::new(),
         approval_policy: AppServerAskForApproval::OnFailure,
         approvals_reviewer: AppServerApprovalsReviewer::User,
         sandbox: AppServerSandboxPolicy::DangerFullAccess,
+        permission_profile: Some(sample_permission_profile()),
         active_permission_profile: None,
         reasoning_effort: None,
     })
@@ -164,11 +174,11 @@ fn sample_thread_resume_response() -> ClientResponsePayload {
         model_provider: "openai".to_string(),
         service_tier: None,
         cwd: test_path_buf("/tmp").abs(),
-        runtime_workspace_roots: Vec::new(),
         instruction_sources: Vec::new(),
         approval_policy: AppServerAskForApproval::OnFailure,
         approvals_reviewer: AppServerApprovalsReviewer::User,
         sandbox: AppServerSandboxPolicy::DangerFullAccess,
+        permission_profile: Some(sample_permission_profile()),
         active_permission_profile: None,
         reasoning_effort: None,
     })
@@ -181,11 +191,11 @@ fn sample_thread_fork_response() -> ClientResponsePayload {
         model_provider: "openai".to_string(),
         service_tier: None,
         cwd: test_path_buf("/tmp").abs(),
-        runtime_workspace_roots: Vec::new(),
         instruction_sources: Vec::new(),
         approval_policy: AppServerAskForApproval::OnFailure,
         approvals_reviewer: AppServerApprovalsReviewer::User,
         sandbox: AppServerSandboxPolicy::DangerFullAccess,
+        permission_profile: Some(sample_permission_profile()),
         active_permission_profile: None,
         reasoning_effort: None,
     })

codex-rs/analytics/src/events.rs

@@ -20,6 +20,7 @@ use crate::facts::TurnSteerRejectionReason;
 use crate::facts::TurnSteerResult;
 use crate::facts::TurnSubmissionType;
 use crate::now_unix_millis;
+use crate::now_unix_seconds;
 use codex_app_server_protocol::CodexErrorInfo;
 use codex_app_server_protocol::CommandExecutionSource;
 use codex_login::default_client::originator;
@@ -319,7 +320,6 @@ impl GuardianReviewTrackContext {
     pub(crate) fn event_params(
         &self,
         result: GuardianReviewAnalyticsResult,
-        completed_at_ms: u64,
     ) -> GuardianReviewEventParams {
         GuardianReviewEventParams {
             thread_id: self.thread_id.clone(),
@@ -346,7 +346,7 @@ impl GuardianReviewTrackContext {
             time_to_first_token_ms: result.time_to_first_token_ms,
             completion_latency_ms: Some(self.started_instant.elapsed().as_millis() as u64),
             started_at: self.started_at_ms / 1_000,
-            completed_at: Some(completed_at_ms / 1_000),
+            completed_at: Some(now_unix_seconds()),
             input_tokens: result.token_usage.as_ref().map(|usage| usage.input_tokens),
             cached_input_tokens: result
                 .token_usage
@@ -429,7 +429,7 @@ pub(crate) struct GuardianReviewEventPayload {
 #[allow(dead_code)]
 #[derive(Clone, Copy, Debug, Serialize)]
 #[serde(rename_all = "snake_case")]
-pub(crate) enum FinalApprovalOutcome {
+pub(crate) enum ToolItemFinalApprovalOutcome {
     Unknown,
     NotNeeded,
     ConfigAllowed,
@@ -486,7 +486,7 @@ pub(crate) struct CodexToolItemEventBase {
     pub(crate) review_count: u64,
     pub(crate) guardian_review_count: u64,
     pub(crate) user_review_count: u64,
-    pub(crate) final_approval_outcome: FinalApprovalOutcome,
+    pub(crate) final_approval_outcome: ToolItemFinalApprovalOutcome,
     pub(crate) terminal_status: ToolItemTerminalStatus,
     pub(crate) failure_kind: Option<ToolItemFailureKind>,
     pub(crate) requested_additional_permissions: bool,
@@ -553,8 +553,8 @@ pub(crate) struct CodexReviewEventParams {
     pub(crate) thread_source: Option<ThreadSource>,
     pub(crate) subagent_source: Option<String>,
     pub(crate) parent_thread_id: Option<String>,
-    pub(crate) subject_kind: ReviewSubjectKind,
-    pub(crate) subject_name: String,
+    pub(crate) tool_kind: ReviewSubjectKind,
+    pub(crate) tool_name: String,
     pub(crate) reviewer: Reviewer,
     pub(crate) trigger: ReviewTrigger,
     pub(crate) status: ReviewStatus,

codex-rs/analytics/src/facts.rs

@@ -25,7 +25,6 @@ use codex_protocol::protocol::SessionSource;
 use codex_protocol::protocol::SkillScope;
 use codex_protocol::protocol::SubAgentSource;
 use codex_protocol::protocol::TokenUsage;
-use codex_protocol::request_permissions::RequestPermissionsResponse;
 use serde::Serialize;
 use std::path::PathBuf;
 
@@ -306,15 +305,6 @@ pub(crate) enum AnalyticsFact {
         completed_at_ms: u64,
         response: Box<ServerResponse>,
     },
-    EffectivePermissionsApprovalResponse {
-        completed_at_ms: u64,
-        request_id: RequestId,
-        response: Box<RequestPermissionsResponse>,
-    },
-    ServerRequestAborted {
-        completed_at_ms: u64,
-        request_id: RequestId,
-    },
     Notification(Box<ServerNotification>),
     // Facts that do not naturally exist on the app-server protocol surface, or
     // would require non-trivial protocol reshaping on this branch.

codex-rs/analytics/src/reducer.rs

@@ -22,8 +22,6 @@ use crate::events::CodexMcpToolCallEventParams;
 use crate::events::CodexMcpToolCallEventRequest;
 use crate::events::CodexPluginEventRequest;
 use crate::events::CodexPluginUsedEventRequest;
-use crate::events::CodexReviewEventParams;
-use crate::events::CodexReviewEventRequest;
 use crate::events::CodexRuntimeMetadata;
 use crate::events::CodexToolItemEventBase;
 use crate::events::CodexTurnEventParams;
@@ -32,20 +30,15 @@ use crate::events::CodexTurnSteerEventParams;
 use crate::events::CodexTurnSteerEventRequest;
 use crate::events::CodexWebSearchEventParams;
 use crate::events::CodexWebSearchEventRequest;
-use crate::events::FinalApprovalOutcome;
 use crate::events::GuardianReviewEventParams;
 use crate::events::GuardianReviewEventPayload;
 use crate::events::GuardianReviewEventRequest;
-use crate::events::ReviewResolution;
-use crate::events::ReviewStatus;
-use crate::events::ReviewSubjectKind;
-use crate::events::ReviewTrigger;
-use crate::events::Reviewer;
 use crate::events::SkillInvocationEventParams;
 use crate::events::SkillInvocationEventRequest;
 use crate::events::ThreadInitializedEvent;
 use crate::events::ThreadInitializedEventParams;
 use crate::events::ToolItemFailureKind;
+use crate::events::ToolItemFinalApprovalOutcome;
 use crate::events::ToolItemTerminalStatus;
 use crate::events::TrackEventRequest;
 use crate::events::WebSearchActionKind;
@@ -87,24 +80,16 @@ use codex_app_server_protocol::CollabAgentStatus;
 use codex_app_server_protocol::CollabAgentTool;
 use codex_app_server_protocol::CollabAgentToolCallStatus;
 use codex_app_server_protocol::CommandAction;
-use codex_app_server_protocol::CommandExecutionApprovalDecision;
 use codex_app_server_protocol::CommandExecutionSource;
 use codex_app_server_protocol::CommandExecutionStatus;
 use codex_app_server_protocol::DynamicToolCallOutputContentItem;
 use codex_app_server_protocol::DynamicToolCallStatus;
-use codex_app_server_protocol::FileChangeApprovalDecision;
-use codex_app_server_protocol::GuardianApprovalReviewAction;
-use codex_app_server_protocol::GuardianApprovalReviewStatus;
 use codex_app_server_protocol::InitializeParams;
 use codex_app_server_protocol::McpToolCallStatus;
-use codex_app_server_protocol::NetworkPolicyRuleAction;
 use codex_app_server_protocol::PatchApplyStatus;
 use codex_app_server_protocol::PatchChangeKind;
 use codex_app_server_protocol::RequestId;
-use codex_app_server_protocol::RequestPermissionProfile;
 use codex_app_server_protocol::ServerNotification;
-use codex_app_server_protocol::ServerRequest;
-use codex_app_server_protocol::ServerResponse;
 use codex_app_server_protocol::ThreadItem;
 use codex_app_server_protocol::TurnSteerResponse;
 use codex_app_server_protocol::UserInput;
@@ -120,8 +105,6 @@ use codex_protocol::protocol::SessionSource;
 use codex_protocol::protocol::SkillScope;
 use codex_protocol::protocol::ThreadSource;
 use codex_protocol::protocol::TokenUsage;
-use codex_protocol::request_permissions::PermissionGrantScope as CorePermissionGrantScope;
-use codex_protocol::request_permissions::RequestPermissionsResponse as CoreRequestPermissionsResponse;
 use sha1::Digest;
 use std::collections::HashMap;
 use std::path::Path;
@@ -134,8 +117,6 @@ pub(crate) struct AnalyticsReducer {
     connections: HashMap<u64, ConnectionState>,
     threads: HashMap<String, ThreadAnalyticsState>,
     tool_items_started_at_ms: HashMap<ToolItemKey, u64>,
-    pending_reviews: HashMap<RequestId, PendingReviewState>,
-    item_review_summaries: HashMap<ToolItemKey, ItemReviewSummary>,
 }
 
 struct ConnectionState {
@@ -169,16 +150,6 @@ impl<'a> AnalyticsDropSite<'a> {
         }
     }
 
-    fn review(input: &'a PendingReviewState) -> Self {
-        Self {
-            event_name: "review",
-            thread_id: &input.thread_id,
-            turn_id: Some(&input.turn_id),
-            review_id: Some(&input.review_id),
-            item_id: input.item_id.as_deref(),
-        }
-    }
-
     fn compaction(input: &'a CodexCompactionEvent) -> Self {
         Self {
             event_name: "compaction",
@@ -229,30 +200,6 @@ enum MissingAnalyticsContext {
     ThreadMetadata,
 }
 
-#[derive(Clone)]
-struct PendingReviewState {
-    thread_id: String,
-    turn_id: String,
-    item_id: Option<String>,
-    review_id: String,
-    subject_kind: ReviewSubjectKind,
-    subject_name: String,
-    trigger: ReviewTrigger,
-    started_at_ms: u64,
-    requested_additional_permissions: bool,
-    requested_network_access: bool,
-}
-
-#[derive(Clone, Default)]
-struct ItemReviewSummary {
-    review_count: u64,
-    guardian_review_count: u64,
-    user_review_count: u64,
-    final_approval_outcome: Option<FinalApprovalOutcome>,
-    requested_additional_permissions: bool,
-    requested_network_access: bool,
-}
-
 #[derive(Clone)]
 struct ThreadMetadataState {
     thread_source: Option<ThreadSource>,
@@ -416,35 +363,13 @@ impl AnalyticsReducer {
                 self.ingest_notification(*notification, out).await;
             }
             AnalyticsFact::ServerRequest {
-                connection_id,
-                request,
-            } => {
-                self.ingest_server_request(connection_id, *request);
-            }
+                connection_id: _connection_id,
+                request: _request,
+            } => {}
             AnalyticsFact::ServerResponse {
-                completed_at_ms,
-                response,
-            } => {
-                self.ingest_server_response(completed_at_ms, *response, out);
-            }
-            AnalyticsFact::EffectivePermissionsApprovalResponse {
-                completed_at_ms,
-                request_id,
-                response,
-            } => {
-                self.ingest_effective_permissions_approval_response(
-                    completed_at_ms,
-                    request_id,
-                    *response,
-                    out,
-                );
-            }
-            AnalyticsFact::ServerRequestAborted {
-                completed_at_ms,
-                request_id,
-            } => {
-                self.ingest_server_request_aborted(completed_at_ms, request_id, out);
-            }
+                response: _response,
+                ..
+            } => {}
             AnalyticsFact::Custom(input) => match input {
                 CustomAnalyticsFact::SubAgentThreadStarted(input) => {
                     self.ingest_subagent_thread_started(input, out);
@@ -815,207 +740,6 @@ impl AnalyticsReducer {
         }
     }
 
-    fn ingest_server_request(&mut self, _connection_id: u64, request: ServerRequest) {
-        match request {
-            ServerRequest::CommandExecutionRequestApproval { request_id, params } => {
-                let is_network_access_review = params.network_approval_context.is_some();
-                let requested_network_access = is_network_access_review
-                    || params
-                        .proposed_network_policy_amendments
-                        .as_ref()
-                        .is_some_and(|amendments| !amendments.is_empty())
-                    || params
-                        .additional_permissions
-                        .as_ref()
-                        .and_then(|permissions| permissions.network.as_ref())
-                        .and_then(|network| network.enabled)
-                        .unwrap_or(false);
-                let requested_additional_permissions = params.additional_permissions.is_some();
-                let trigger = if params.approval_id.is_some() {
-                    ReviewTrigger::ExecveIntercept
-                } else if requested_network_access {
-                    ReviewTrigger::NetworkPolicyDenial
-                } else if requested_additional_permissions {
-                    ReviewTrigger::SandboxDenial
-                } else {
-                    ReviewTrigger::Initial
-                };
-                let Some(started_at_ms) = option_i64_to_u64(Some(params.started_at_ms)) else {
-                    return;
-                };
-                self.pending_reviews.insert(
-                    request_id.clone(),
-                    PendingReviewState {
-                        thread_id: params.thread_id,
-                        turn_id: params.turn_id,
-                        item_id: Some(params.item_id),
-                        review_id: user_review_id(&request_id),
-                        subject_kind: if is_network_access_review {
-                            ReviewSubjectKind::NetworkAccess
-                        } else {
-                            ReviewSubjectKind::CommandExecution
-                        },
-                        subject_name: if is_network_access_review {
-                            "network_access".to_string()
-                        } else {
-                            "command_execution".to_string()
-                        },
-                        trigger,
-                        started_at_ms,
-                        requested_additional_permissions,
-                        requested_network_access,
-                    },
-                );
-            }
-            ServerRequest::FileChangeRequestApproval { request_id, params } => {
-                let requested_additional_permissions = params.grant_root.is_some();
-                let Some(started_at_ms) = option_i64_to_u64(Some(params.started_at_ms)) else {
-                    return;
-                };
-                self.pending_reviews.insert(
-                    request_id.clone(),
-                    PendingReviewState {
-                        thread_id: params.thread_id,
-                        turn_id: params.turn_id,
-                        item_id: Some(params.item_id),
-                        review_id: user_review_id(&request_id),
-                        subject_kind: ReviewSubjectKind::FileChange,
-                        subject_name: "apply_patch".to_string(),
-                        trigger: if requested_additional_permissions {
-                            ReviewTrigger::SandboxDenial
-                        } else {
-                            ReviewTrigger::Initial
-                        },
-                        started_at_ms,
-                        requested_additional_permissions,
-                        requested_network_access: false,
-                    },
-                );
-            }
-            ServerRequest::PermissionsRequestApproval { request_id, params } => {
-                let requested_network_access = params
-                    .permissions
-                    .network
-                    .as_ref()
-                    .and_then(|network| network.enabled)
-                    .unwrap_or(false);
-                let requested_additional_permissions =
-                    requested_network_access || params.permissions.file_system.is_some();
-                let trigger = if requested_network_access {
-                    ReviewTrigger::NetworkPolicyDenial
-                } else if requested_additional_permissions {
-                    ReviewTrigger::SandboxDenial
-                } else {
-                    ReviewTrigger::Initial
-                };
-                let Some(started_at_ms) = option_i64_to_u64(Some(params.started_at_ms)) else {
-                    return;
-                };
-                self.pending_reviews.insert(
-                    request_id.clone(),
-                    PendingReviewState {
-                        thread_id: params.thread_id,
-                        turn_id: params.turn_id,
-                        item_id: Some(params.item_id),
-                        review_id: user_review_id(&request_id),
-                        subject_kind: ReviewSubjectKind::Permissions,
-                        subject_name: "permissions".to_string(),
-                        trigger,
-                        started_at_ms,
-                        requested_additional_permissions,
-                        requested_network_access,
-                    },
-                );
-            }
-            _ => {}
-        }
-    }
-
-    fn ingest_server_response(
-        &mut self,
-        completed_at_ms: u64,
-        response: ServerResponse,
-        out: &mut Vec<TrackEventRequest>,
-    ) {
-        match response {
-            ServerResponse::CommandExecutionRequestApproval {
-                request_id,
-                response,
-            } => {
-                let Some(pending_review) = self.pending_reviews.remove(&request_id) else {
-                    return;
-                };
-                let (status, resolution) = command_execution_review_result(response.decision);
-                self.emit_review_event(
-                    pending_review,
-                    Reviewer::User,
-                    status,
-                    resolution,
-                    completed_at_ms,
-                    out,
-                );
-            }
-            ServerResponse::FileChangeRequestApproval {
-                request_id,
-                response,
-            } => {
-                let Some(pending_review) = self.pending_reviews.remove(&request_id) else {
-                    return;
-                };
-                let (status, resolution) = file_change_review_result(response.decision);
-                self.emit_review_event(
-                    pending_review,
-                    Reviewer::User,
-                    status,
-                    resolution,
-                    completed_at_ms,
-                    out,
-                );
-            }
-            _ => {}
-        }
-    }
-
-    fn ingest_effective_permissions_approval_response(
-        &mut self,
-        completed_at_ms: u64,
-        request_id: RequestId,
-        response: CoreRequestPermissionsResponse,
-        out: &mut Vec<TrackEventRequest>,
-    ) {
-        let Some(pending_review) = self.pending_reviews.remove(&request_id) else {
-            return;
-        };
-        let (status, resolution) = effective_permissions_review_result(&response);
-        self.emit_review_event(
-            pending_review,
-            Reviewer::User,
-            status,
-            resolution,
-            completed_at_ms,
-            out,
-        );
-    }
-
-    fn ingest_server_request_aborted(
-        &mut self,
-        completed_at_ms: u64,
-        request_id: RequestId,
-        out: &mut Vec<TrackEventRequest>,
-    ) {
-        let Some(pending_review) = self.pending_reviews.remove(&request_id) else {
-            return;
-        };
-        self.emit_review_event(
-            pending_review,
-            Reviewer::User,
-            ReviewStatus::Aborted,
-            ReviewResolution::None,
-            completed_at_ms,
-            out,
-        );
-    }
-
     fn ingest_error_response(
         &mut self,
         connection_id: u64,
@@ -1126,25 +850,17 @@ impl AnalyticsReducer {
                 else {
                     return;
                 };
-                if let Some(event) = tool_item_event(ToolItemEventInput {
-                    thread_id: &notification.thread_id,
-                    turn_id: &notification.turn_id,
-                    item: &notification.item,
+                if let Some(event) = tool_item_event(
+                    &notification.thread_id,
+                    &notification.turn_id,
+                    &notification.item,
                     started_at_ms,
                     completed_at_ms,
                     connection_state,
                     thread_metadata,
-                    review_summary: self.item_review_summaries.get(&key),
-                }) {
+                ) {
                     out.push(event);
                 }
-                self.item_review_summaries.remove(&key);
-            }
-            ServerNotification::ItemGuardianApprovalReviewStarted(notification) => {
-                let _ = notification;
-            }
-            ServerNotification::ItemGuardianApprovalReviewCompleted(notification) => {
-                self.ingest_guardian_review_completed(notification, out);
             }
             ServerNotification::TurnStarted(notification) => {
                 let turn_state = self.turns.entry(notification.turn.id).or_insert(TurnState {
@@ -1287,48 +1003,6 @@ impl AnalyticsReducer {
         )));
     }
 
-    fn ingest_guardian_review_completed(
-        &mut self,
-        notification: codex_app_server_protocol::ItemGuardianApprovalReviewCompletedNotification,
-        out: &mut Vec<TrackEventRequest>,
-    ) {
-        let Some((status, resolution)) = guardian_review_result(notification.review.status) else {
-            return;
-        };
-        let (subject_kind, subject_name, trigger) =
-            guardian_review_subject_metadata(&notification.action);
-        let Some(started_at_ms) = option_i64_to_u64(Some(notification.started_at_ms)) else {
-            return;
-        };
-        let pending_review = PendingReviewState {
-            thread_id: notification.thread_id,
-            turn_id: notification.turn_id,
-            item_id: notification.target_item_id,
-            review_id: notification.review_id,
-            subject_kind,
-            subject_name,
-            trigger,
-            started_at_ms,
-            requested_additional_permissions: guardian_review_requested_additional_permissions(
-                &notification.action,
-            ),
-            requested_network_access: guardian_review_requested_network_access(
-                &notification.action,
-            ),
-        };
-        let Some(completed_at_ms) = option_i64_to_u64(Some(notification.completed_at_ms)) else {
-            return;
-        };
-        self.emit_review_event(
-            pending_review,
-            Reviewer::Guardian,
-            status,
-            resolution,
-            completed_at_ms,
-            out,
-        );
-    }
-
     fn ingest_turn_steer_response(
         &mut self,
         connection_id: u64,
@@ -1394,73 +1068,6 @@ impl AnalyticsReducer {
         }));
     }
 
-    fn emit_review_event(
-        &mut self,
-        pending_review: PendingReviewState,
-        reviewer: Reviewer,
-        status: ReviewStatus,
-        resolution: ReviewResolution,
-        completed_at_ms: u64,
-        out: &mut Vec<TrackEventRequest>,
-    ) {
-        if let Some(item_key) = item_review_summary_key(&pending_review) {
-            self.record_item_review_summary(
-                item_key,
-                reviewer,
-                status,
-                resolution,
-                &pending_review,
-            );
-        }
-        let Some((connection_state, thread_metadata)) =
-            self.thread_context_or_warn(AnalyticsDropSite::review(&pending_review))
-        else {
-            return;
-        };
-        out.push(TrackEventRequest::ReviewEvent(CodexReviewEventRequest {
-            event_type: "codex_review_event",
-            event_params: CodexReviewEventParams {
-                thread_id: pending_review.thread_id,
-                turn_id: pending_review.turn_id,
-                item_id: pending_review.item_id,
-                review_id: pending_review.review_id,
-                app_server_client: connection_state.app_server_client.clone(),
-                runtime: connection_state.runtime.clone(),
-                thread_source: thread_metadata.thread_source,
-                subagent_source: thread_metadata.subagent_source.clone(),
-                parent_thread_id: thread_metadata.parent_thread_id.clone(),
-                subject_kind: pending_review.subject_kind,
-                subject_name: pending_review.subject_name,
-                reviewer,
-                trigger: pending_review.trigger,
-                status,
-                resolution,
-                started_at_ms: pending_review.started_at_ms,
-                completed_at_ms,
-                duration_ms: observed_duration_ms(pending_review.started_at_ms, completed_at_ms),
-            },
-        }));
-    }
-
-    fn record_item_review_summary(
-        &mut self,
-        item_key: ToolItemKey,
-        reviewer: Reviewer,
-        status: ReviewStatus,
-        resolution: ReviewResolution,
-        pending_review: &PendingReviewState,
-    ) {
-        let summary = self.item_review_summaries.entry(item_key).or_default();
-        summary.review_count += 1;
-        match reviewer {
-            Reviewer::Guardian => summary.guardian_review_count += 1,
-            Reviewer::User => summary.user_review_count += 1,
-        }
-        summary.final_approval_outcome = Some(final_approval_outcome(reviewer, status, resolution));
-        summary.requested_additional_permissions |= pending_review.requested_additional_permissions;
-        summary.requested_network_access |= pending_review.requested_network_access;
-    }
-
     async fn maybe_emit_turn_event(&mut self, turn_id: &str, out: &mut Vec<TrackEventRequest>) {
         let Some(turn_state) = self.turns.get(turn_id) else {
             return;
@@ -1597,41 +1204,21 @@ fn tracked_tool_item_id(item: &ThreadItem) -> Option<&str> {
     }
 }
 
-fn item_review_summary_key(pending_review: &PendingReviewState) -> Option<ToolItemKey> {
-    match pending_review.subject_kind {
-        ReviewSubjectKind::CommandExecution
-        | ReviewSubjectKind::FileChange
-        | ReviewSubjectKind::McpToolCall => Some(ToolItemKey {
-            thread_id: pending_review.thread_id.clone(),
-            turn_id: pending_review.turn_id.clone(),
-            item_id: pending_review.item_id.clone()?,
-        }),
-        ReviewSubjectKind::Permissions | ReviewSubjectKind::NetworkAccess => None,
-    }
-}
-
-struct ToolItemEventInput<'a> {
-    thread_id: &'a str,
-    turn_id: &'a str,
-    item: &'a ThreadItem,
+fn tool_item_event(
+    thread_id: &str,
+    turn_id: &str,
+    item: &ThreadItem,
     started_at_ms: u64,
     completed_at_ms: u64,
-    connection_state: &'a ConnectionState,
-    thread_metadata: &'a ThreadMetadataState,
-    review_summary: Option<&'a ItemReviewSummary>,
-}
-
-fn tool_item_event(input: ToolItemEventInput<'_>) -> Option<TrackEventRequest> {
-    let ToolItemEventInput {
-        thread_id,
-        turn_id,
-        item,
+    connection_state: &ConnectionState,
+    thread_metadata: &ThreadMetadataState,
+) -> Option<TrackEventRequest> {
+    let context = ToolItemContext {
         started_at_ms,
         completed_at_ms,
         connection_state,
         thread_metadata,
-        review_summary,
-    } = input;
+    };
     match item {
         ThreadItem::CommandExecution {
             id,
@@ -1654,13 +1241,7 @@ fn tool_item_event(input: ToolItemEventInput<'_>) -> Option<TrackEventRequest> {
                     failure_kind,
                     execution_duration_ms: option_i64_to_u64(*duration_ms),
                 },
-                ToolItemContext {
-                    started_at_ms,
-                    completed_at_ms,
-                    connection_state,
-                    thread_metadata,
-                    review_summary,
-                },
+                context,
             );
             Some(TrackEventRequest::CommandExecution(
                 CodexCommandExecutionEventRequest {
@@ -1695,13 +1276,7 @@ fn tool_item_event(input: ToolItemEventInput<'_>) -> Option<TrackEventRequest> {
                     failure_kind,
                     execution_duration_ms: None,
                 },
-                ToolItemContext {
-                    started_at_ms,
-                    completed_at_ms,
-                    connection_state,
-                    thread_metadata,
-                    review_summary,
-                },
+                context,
             );
             Some(TrackEventRequest::FileChange(CodexFileChangeEventRequest {
                 event_type: "codex_file_change_event",
@@ -1735,13 +1310,7 @@ fn tool_item_event(input: ToolItemEventInput<'_>) -> Option<TrackEventRequest> {
                     failure_kind,
                     execution_duration_ms: option_i64_to_u64(*duration_ms),
                 },
-                ToolItemContext {
-                    started_at_ms,
-                    completed_at_ms,
-                    connection_state,
-                    thread_metadata,
-                    review_summary,
-                },
+                context,
             );
             Some(TrackEventRequest::McpToolCall(
                 CodexMcpToolCallEventRequest {
@@ -1778,13 +1347,7 @@ fn tool_item_event(input: ToolItemEventInput<'_>) -> Option<TrackEventRequest> {
                     failure_kind,
                     execution_duration_ms: option_i64_to_u64(*duration_ms),
                 },
-                ToolItemContext {
-                    started_at_ms,
-                    completed_at_ms,
-                    connection_state,
-                    thread_metadata,
-                    review_summary,
-                },
+                context,
             );
             Some(TrackEventRequest::DynamicToolCall(
                 CodexDynamicToolCallEventRequest {
@@ -1822,13 +1385,7 @@ fn tool_item_event(input: ToolItemEventInput<'_>) -> Option<TrackEventRequest> {
                     failure_kind,
                     execution_duration_ms: None,
                 },
-                ToolItemContext {
-                    started_at_ms,
-                    completed_at_ms,
-                    connection_state,
-                    thread_metadata,
-                    review_summary,
-                },
+                context,
             );
             Some(TrackEventRequest::CollabAgentToolCall(
                 CodexCollabAgentToolCallEventRequest {
@@ -1877,13 +1434,7 @@ fn tool_item_event(input: ToolItemEventInput<'_>) -> Option<TrackEventRequest> {
                     failure_kind: None,
                     execution_duration_ms: None,
                 },
-                ToolItemContext {
-                    started_at_ms,
-                    completed_at_ms,
-                    connection_state,
-                    thread_metadata,
-                    review_summary,
-                },
+                context,
             );
             Some(TrackEventRequest::WebSearch(CodexWebSearchEventRequest {
                 event_type: "codex_web_search_event",
@@ -1913,13 +1464,7 @@ fn tool_item_event(input: ToolItemEventInput<'_>) -> Option<TrackEventRequest> {
                     failure_kind,
                     execution_duration_ms: None,
                 },
-                ToolItemContext {
-                    started_at_ms,
-                    completed_at_ms,
-                    connection_state,
-                    thread_metadata,
-                    review_summary,
-                },
+                context,
             );
             Some(TrackEventRequest::ImageGeneration(
                 CodexImageGenerationEventRequest {
@@ -1973,7 +1518,6 @@ struct ToolItemContext<'a> {
     completed_at_ms: u64,
     connection_state: &'a ConnectionState,
     thread_metadata: &'a ThreadMetadataState,
-    review_summary: Option<&'a ItemReviewSummary>,
 }
 
 fn tool_item_base(
@@ -1985,7 +1529,6 @@ fn tool_item_base(
     context: ToolItemContext<'_>,
 ) -> CodexToolItemEventBase {
     let thread_metadata = context.thread_metadata;
-    let review_summary = context.review_summary.cloned().unwrap_or_default();
     CodexToolItemEventBase {
         thread_id: thread_id.to_string(),
         turn_id: turn_id.to_string(),
@@ -2003,16 +1546,14 @@ fn tool_item_base(
         // full upstream execution time.
         duration_ms: observed_duration_ms(context.started_at_ms, context.completed_at_ms),
         execution_duration_ms: outcome.execution_duration_ms,
-        review_count: review_summary.review_count,
-        guardian_review_count: review_summary.guardian_review_count,
-        user_review_count: review_summary.user_review_count,
-        final_approval_outcome: review_summary
-            .final_approval_outcome
-            .unwrap_or(FinalApprovalOutcome::Unknown),
+        review_count: 0,
+        guardian_review_count: 0,
+        user_review_count: 0,
+        final_approval_outcome: ToolItemFinalApprovalOutcome::Unknown,
         terminal_status: outcome.terminal_status,
         failure_kind: outcome.failure_kind,
-        requested_additional_permissions: review_summary.requested_additional_permissions,
-        requested_network_access: review_summary.requested_network_access,
+        requested_additional_permissions: false,
+        requested_network_access: false,
     }
 }
 
@@ -2020,195 +1561,6 @@ fn observed_duration_ms(started_at_ms: u64, completed_at_ms: u64) -> Option<u64>
     completed_at_ms.checked_sub(started_at_ms)
 }
 
-fn user_review_id(request_id: &RequestId) -> String {
-    format!("user:{request_id}")
-}
-
-fn command_execution_review_result(
-    decision: CommandExecutionApprovalDecision,
-) -> (ReviewStatus, ReviewResolution) {
-    match decision {
-        CommandExecutionApprovalDecision::Accept => {
-            (ReviewStatus::Approved, ReviewResolution::None)
-        }
-        CommandExecutionApprovalDecision::AcceptForSession => {
-            (ReviewStatus::Approved, ReviewResolution::SessionApproval)
-        }
-        CommandExecutionApprovalDecision::AcceptWithExecpolicyAmendment { .. } => (
-            ReviewStatus::Approved,
-            ReviewResolution::ExecPolicyAmendment,
-        ),
-        CommandExecutionApprovalDecision::ApplyNetworkPolicyAmendment {
-            network_policy_amendment,
-        } => match network_policy_amendment.action {
-            NetworkPolicyRuleAction::Allow => (
-                ReviewStatus::Approved,
-                ReviewResolution::NetworkPolicyAmendment,
-            ),
-            NetworkPolicyRuleAction::Deny => (
-                ReviewStatus::Denied,
-                ReviewResolution::NetworkPolicyAmendment,
-            ),
-        },
-        CommandExecutionApprovalDecision::Decline => (ReviewStatus::Denied, ReviewResolution::None),
-        CommandExecutionApprovalDecision::Cancel => (ReviewStatus::Aborted, ReviewResolution::None),
-    }
-}
-
-fn file_change_review_result(
-    decision: FileChangeApprovalDecision,
-) -> (ReviewStatus, ReviewResolution) {
-    match decision {
-        FileChangeApprovalDecision::Accept => (ReviewStatus::Approved, ReviewResolution::None),
-        FileChangeApprovalDecision::AcceptForSession => {
-            (ReviewStatus::Approved, ReviewResolution::SessionApproval)
-        }
-        FileChangeApprovalDecision::Decline => (ReviewStatus::Denied, ReviewResolution::None),
-        FileChangeApprovalDecision::Cancel => (ReviewStatus::Aborted, ReviewResolution::None),
-    }
-}
-
-fn effective_permissions_review_result(
-    response: &CoreRequestPermissionsResponse,
-) -> (ReviewStatus, ReviewResolution) {
-    if response.permissions.is_empty() {
-        return (ReviewStatus::Denied, ReviewResolution::None);
-    }
-
-    match response.scope {
-        CorePermissionGrantScope::Turn => (ReviewStatus::Approved, ReviewResolution::None),
-        CorePermissionGrantScope::Session => {
-            (ReviewStatus::Approved, ReviewResolution::SessionApproval)
-        }
-    }
-}
-
-fn guardian_review_result(
-    status: GuardianApprovalReviewStatus,
-) -> Option<(ReviewStatus, ReviewResolution)> {
-    match status {
-        GuardianApprovalReviewStatus::InProgress => None,
-        GuardianApprovalReviewStatus::Approved => {
-            Some((ReviewStatus::Approved, ReviewResolution::None))
-        }
-        GuardianApprovalReviewStatus::Denied => {
-            Some((ReviewStatus::Denied, ReviewResolution::None))
-        }
-        GuardianApprovalReviewStatus::TimedOut => {
-            Some((ReviewStatus::TimedOut, ReviewResolution::None))
-        }
-        GuardianApprovalReviewStatus::Aborted => {
-            Some((ReviewStatus::Aborted, ReviewResolution::None))
-        }
-    }
-}
-
-fn guardian_review_subject_metadata(
-    action: &GuardianApprovalReviewAction,
-) -> (ReviewSubjectKind, String, ReviewTrigger) {
-    match action {
-        GuardianApprovalReviewAction::Command { .. } => (
-            ReviewSubjectKind::CommandExecution,
-            "command_execution".to_string(),
-            ReviewTrigger::Initial,
-        ),
-        GuardianApprovalReviewAction::Execve { .. } => (
-            ReviewSubjectKind::CommandExecution,
-            "command_execution".to_string(),
-            ReviewTrigger::ExecveIntercept,
-        ),
-        GuardianApprovalReviewAction::ApplyPatch { .. } => (
-            ReviewSubjectKind::FileChange,
-            "apply_patch".to_string(),
-            ReviewTrigger::SandboxDenial,
-        ),
-        GuardianApprovalReviewAction::NetworkAccess { .. } => (
-            ReviewSubjectKind::NetworkAccess,
-            "network_access".to_string(),
-            ReviewTrigger::NetworkPolicyDenial,
-        ),
-        GuardianApprovalReviewAction::RequestPermissions { permissions, .. } => {
-            let requested_network_access = permissions
-                .network
-                .as_ref()
-                .and_then(|network| network.enabled)
-                .unwrap_or(false);
-            let trigger = if requested_network_access {
-                ReviewTrigger::NetworkPolicyDenial
-            } else if permissions.file_system.is_some() {
-                ReviewTrigger::SandboxDenial
-            } else {
-                ReviewTrigger::Initial
-            };
-            (
-                ReviewSubjectKind::Permissions,
-                "permissions".to_string(),
-                trigger,
-            )
-        }
-        GuardianApprovalReviewAction::McpToolCall { tool_name, .. } => (
-            ReviewSubjectKind::McpToolCall,
-            tool_name.clone(),
-            ReviewTrigger::Initial,
-        ),
-    }
-}
-
-fn guardian_review_requested_additional_permissions(action: &GuardianApprovalReviewAction) -> bool {
-    match action {
-        GuardianApprovalReviewAction::ApplyPatch { .. }
-        | GuardianApprovalReviewAction::NetworkAccess { .. } => true,
-        GuardianApprovalReviewAction::RequestPermissions { permissions, .. } => {
-            guardian_review_request_permissions_network_enabled(permissions)
-                || permissions.file_system.is_some()
-        }
-        GuardianApprovalReviewAction::Command { .. }
-        | GuardianApprovalReviewAction::Execve { .. }
-        | GuardianApprovalReviewAction::McpToolCall { .. } => false,
-    }
-}
-
-fn guardian_review_requested_network_access(action: &GuardianApprovalReviewAction) -> bool {
-    match action {
-        GuardianApprovalReviewAction::NetworkAccess { .. } => true,
-        GuardianApprovalReviewAction::RequestPermissions { permissions, .. } => {
-            guardian_review_request_permissions_network_enabled(permissions)
-        }
-        GuardianApprovalReviewAction::ApplyPatch { .. }
-        | GuardianApprovalReviewAction::Command { .. }
-        | GuardianApprovalReviewAction::Execve { .. }
-        | GuardianApprovalReviewAction::McpToolCall { .. } => false,
-    }
-}
-
-fn guardian_review_request_permissions_network_enabled(
-    permissions: &RequestPermissionProfile,
-) -> bool {
-    permissions
-        .network
-        .as_ref()
-        .and_then(|network| network.enabled)
-        .unwrap_or(false)
-}
-
-fn final_approval_outcome(
-    reviewer: Reviewer,
-    status: ReviewStatus,
-    resolution: ReviewResolution,
-) -> FinalApprovalOutcome {
-    match (reviewer, status, resolution) {
-        (Reviewer::Guardian, ReviewStatus::Approved, _) => FinalApprovalOutcome::GuardianApproved,
-        (Reviewer::Guardian, ReviewStatus::Denied, _) => FinalApprovalOutcome::GuardianDenied,
-        (Reviewer::Guardian, _, _) => FinalApprovalOutcome::GuardianAborted,
-        (Reviewer::User, ReviewStatus::Approved, ReviewResolution::SessionApproval) => {
-            FinalApprovalOutcome::UserApprovedForSession
-        }
-        (Reviewer::User, ReviewStatus::Approved, _) => FinalApprovalOutcome::UserApproved,
-        (Reviewer::User, ReviewStatus::Denied, _) => FinalApprovalOutcome::UserDenied,
-        (Reviewer::User, _, _) => FinalApprovalOutcome::UserAborted,
-    }
-}
-
 fn command_execution_tool_name(source: CommandExecutionSource) -> &'static str {
     match source {
         CommandExecutionSource::UnifiedExecStartup
@@ -2638,13 +1990,4 @@ mod tests {
             "external_sandbox"
         );
     }
-
-    #[test]
-    fn guardian_review_result_maps_terminal_statuses() {
-        assert!(guardian_review_result(GuardianApprovalReviewStatus::InProgress).is_none());
-        assert!(matches!(
-            guardian_review_result(GuardianApprovalReviewStatus::TimedOut),
-            Some((ReviewStatus::TimedOut, ReviewResolution::None))
-        ));
-    }
 }

codex-rs/app-server-client/Cargo.toml

@@ -21,8 +21,6 @@ codex-core = { workspace = true }
 codex-exec-server = { workspace = true }
 codex-feedback = { workspace = true }
 codex-protocol = { workspace = true }
-codex-uds = { workspace = true }
-codex-utils-absolute-path = { workspace = true }
 codex-utils-rustls-provider = { workspace = true }
 futures = { workspace = true }
 serde = { workspace = true }

codex-rs/app-server-client/src/lib.rs

@@ -25,7 +25,6 @@ use std::io::Result as IoResult;
 use std::sync::Arc;
 use std::time::Duration;
 
-pub use codex_app_server::app_server_control_socket_path;
 pub use codex_app_server::in_process::DEFAULT_IN_PROCESS_CHANNEL_CAPACITY;
 pub use codex_app_server::in_process::InProcessServerEvent;
 use codex_app_server::in_process::InProcessStartArgs;
@@ -62,7 +61,6 @@ use tracing::warn;
 
 pub use crate::remote::RemoteAppServerClient;
 pub use crate::remote::RemoteAppServerConnectArgs;
-pub use crate::remote::RemoteAppServerEndpoint;
 
 /// Transitional access to core-only embedded app-server types.
 ///
@@ -336,8 +334,6 @@ pub struct InProcessClientStartArgs {
     pub cli_overrides: Vec<(String, TomlValue)>,
     /// Loader override knobs used by config API paths.
     pub loader_overrides: LoaderOverrides,
-    /// Whether config API paths should reject unknown config fields.
-    pub strict_config: bool,
     /// Preloaded cloud requirements provider.
     pub cloud_requirements: CloudRequirementsLoader,
     /// Feedback sink used by app-server/core telemetry and logs.
@@ -404,7 +400,6 @@ impl InProcessClientStartArgs {
             config: self.config,
             cli_overrides: self.cli_overrides,
             loader_overrides: self.loader_overrides,
-            strict_config: self.strict_config,
             cloud_requirements: self.cloud_requirements,
             thread_config_loader,
             feedback: self.feedback,
@@ -957,8 +952,6 @@ mod tests {
     use codex_app_server_protocol::ToolRequestUserInputQuestion;
     use codex_core::config::ConfigBuilder;
     use codex_core::init_state_db;
-    use codex_uds::UnixListener;
-    use codex_utils_absolute_path::AbsolutePathBuf;
     use futures::SinkExt;
     use futures::StreamExt;
     use pretty_assertions::assert_eq;
@@ -968,7 +961,6 @@ mod tests {
     use tokio::net::TcpListener;
     use tokio::time::Duration;
     use tokio::time::timeout;
-    use tokio_tungstenite::accept_async;
     use tokio_tungstenite::accept_hdr_async;
     use tokio_tungstenite::tungstenite::Message;
     use tokio_tungstenite::tungstenite::handshake::server::Request as WebSocketRequest;
@@ -1033,7 +1025,6 @@ mod tests {
             config,
             cli_overrides: Vec::new(),
             loader_overrides: LoaderOverrides::default(),
-            strict_config: false,
             cloud_requirements: CloudRequirementsLoader::default(),
             feedback: CodexFeedback::new(),
             log_db: None,
@@ -1109,10 +1100,9 @@ mod tests {
         format!("ws://{addr}")
     }
 
-    async fn expect_remote_initialize<S>(websocket: &mut tokio_tungstenite::WebSocketStream<S>)
-    where
-        S: tokio::io::AsyncRead + tokio::io::AsyncWrite + Unpin,
-    {
+    async fn expect_remote_initialize(
+        websocket: &mut tokio_tungstenite::WebSocketStream<tokio::net::TcpStream>,
+    ) {
         let JSONRPCMessage::Request(request) = read_websocket_message(websocket).await else {
             panic!("expected initialize request");
         };
@@ -1133,12 +1123,9 @@ mod tests {
         assert_eq!(notification.method, "initialized");
     }
 
-    async fn read_websocket_message<S>(
-        websocket: &mut tokio_tungstenite::WebSocketStream<S>,
-    ) -> JSONRPCMessage
-    where
-        S: tokio::io::AsyncRead + tokio::io::AsyncWrite + Unpin,
-    {
+    async fn read_websocket_message(
+        websocket: &mut tokio_tungstenite::WebSocketStream<tokio::net::TcpStream>,
+    ) -> JSONRPCMessage {
         loop {
             let frame = websocket
                 .next()
@@ -1158,12 +1145,10 @@ mod tests {
         }
     }
 
-    async fn write_websocket_message<S>(
-        websocket: &mut tokio_tungstenite::WebSocketStream<S>,
+    async fn write_websocket_message(
+        websocket: &mut tokio_tungstenite::WebSocketStream<tokio::net::TcpStream>,
         message: JSONRPCMessage,
-    ) where
-        S: tokio::io::AsyncRead + tokio::io::AsyncWrite + Unpin,
-    {
+    ) {
         websocket
             .send(Message::Text(
                 serde_json::to_string(&message)
@@ -1228,10 +1213,8 @@ mod tests {
 
     fn test_remote_connect_args(websocket_url: String) -> RemoteAppServerConnectArgs {
         RemoteAppServerConnectArgs {
-            endpoint: RemoteAppServerEndpoint::WebSocket {
-                websocket_url,
-                auth_token: None,
-            },
+            websocket_url,
+            auth_token: None,
             client_name: "codex-app-server-client-test".to_string(),
             client_version: "0.0.0-test".to_string(),
             experimental_api: true,
@@ -1470,64 +1453,6 @@ mod tests {
         client.shutdown().await.expect("shutdown should complete");
     }
 
-    #[tokio::test]
-    async fn remote_unix_socket_typed_request_roundtrip_works() {
-        let socket_dir = TempDir::new().expect("socket dir");
-        let socket_path = AbsolutePathBuf::from_absolute_path(socket_dir.path().join("codex.sock"))
-            .expect("socket path should resolve");
-        let mut listener = UnixListener::bind(socket_path.as_path())
-            .await
-            .expect("listener should bind");
-        tokio::spawn(async move {
-            let stream = listener.accept().await.expect("accept should succeed");
-            let mut websocket = accept_async(stream)
-                .await
-                .expect("websocket upgrade should succeed");
-            expect_remote_initialize(&mut websocket).await;
-            let JSONRPCMessage::Request(request) = read_websocket_message(&mut websocket).await
-            else {
-                panic!("expected account/read request");
-            };
-            assert_eq!(request.method, "account/read");
-            write_websocket_message(
-                &mut websocket,
-                JSONRPCMessage::Response(JSONRPCResponse {
-                    id: request.id,
-                    result: serde_json::to_value(GetAccountResponse {
-                        account: None,
-                        requires_openai_auth: false,
-                    })
-                    .expect("response should serialize"),
-                }),
-            )
-            .await;
-            websocket.close(None).await.expect("close should succeed");
-        });
-        let client = RemoteAppServerClient::connect(RemoteAppServerConnectArgs {
-            endpoint: RemoteAppServerEndpoint::UnixSocket { socket_path },
-            client_name: "codex-app-server-client-test".to_string(),
-            client_version: "0.0.0-test".to_string(),
-            experimental_api: true,
-            opt_out_notification_methods: Vec::new(),
-            channel_capacity: 8,
-        })
-        .await
-        .expect("remote client should connect");
-
-        let response: GetAccountResponse = client
-            .request_typed(ClientRequest::GetAccount {
-                request_id: RequestId::Integer(1),
-                params: codex_app_server_protocol::GetAccountParams {
-                    refresh_token: false,
-                },
-            })
-            .await
-            .expect("typed request should succeed");
-        assert_eq!(response.account, None);
-
-        client.shutdown().await.expect("shutdown should complete");
-    }
-
     #[tokio::test]
     async fn remote_typed_request_accepts_large_single_frame_response() {
         let padding = "x".repeat((17 << 20) + 1024);
@@ -1589,15 +1514,8 @@ mod tests {
         )
         .await;
         let client = RemoteAppServerClient::connect(RemoteAppServerConnectArgs {
-            endpoint: RemoteAppServerEndpoint::WebSocket {
-                websocket_url,
-                auth_token: Some(auth_token),
-            },
-            client_name: "codex-app-server-client-test".to_string(),
-            client_version: "0.0.0-test".to_string(),
-            experimental_api: true,
-            opt_out_notification_methods: Vec::new(),
-            channel_capacity: 8,
+            auth_token: Some(auth_token),
+            ..test_remote_connect_args(websocket_url)
         })
         .await
         .expect("remote client should connect");
@@ -1608,15 +1526,9 @@ mod tests {
     #[tokio::test]
     async fn remote_connect_rejects_non_loopback_ws_when_auth_configured() {
         let result = RemoteAppServerClient::connect(RemoteAppServerConnectArgs {
-            endpoint: RemoteAppServerEndpoint::WebSocket {
-                websocket_url: "ws://example.com:4500".to_string(),
-                auth_token: Some("remote-bearer-token".to_string()),
-            },
-            client_name: "codex-app-server-client-test".to_string(),
-            client_version: "0.0.0-test".to_string(),
-            experimental_api: true,
-            opt_out_notification_methods: Vec::new(),
-            channel_capacity: 8,
+            websocket_url: "ws://example.com:4500".to_string(),
+            auth_token: Some("remote-bearer-token".to_string()),
+            ..test_remote_connect_args("ws://127.0.0.1:1".to_string())
         })
         .await;
         let err = match result {
@@ -1794,8 +1706,13 @@ mod tests {
         })
         .await;
         let mut client = RemoteAppServerClient::connect(RemoteAppServerConnectArgs {
+            websocket_url,
+            auth_token: None,
+            client_name: "codex-app-server-client-test".to_string(),
+            client_version: "0.0.0-test".to_string(),
+            experimental_api: true,
+            opt_out_notification_methods: Vec::new(),
             channel_capacity: 1,
-            ..test_remote_connect_args(websocket_url)
         })
         .await
         .expect("remote client should connect");
@@ -2192,7 +2109,6 @@ mod tests {
             config: config.clone(),
             cli_overrides: Vec::new(),
             loader_overrides: LoaderOverrides::default(),
-            strict_config: false,
             cloud_requirements: CloudRequirementsLoader::default(),
             feedback: CodexFeedback::new(),
             log_db: None,
@@ -2233,7 +2149,6 @@ mod tests {
             config: Arc::new(config),
             cli_overrides: Vec::new(),
             loader_overrides: LoaderOverrides::default(),
-            strict_config: false,
             cloud_requirements: CloudRequirementsLoader::default(),
             feedback: CodexFeedback::new(),
             log_db: None,

codex-rs/app-server-client/src/remote.rs

@@ -1,13 +1,11 @@
 /*
-This module implements the remote app-server client transport.
+This module implements the websocket-backed app-server client transport.
 
 It owns the remote connection lifecycle, including the initialize/initialized
 handshake, JSON-RPC request/response routing, server-request resolution, and
-notification streaming. Remote connections always carry WebSocket frames, over
-either TCP WebSocket URLs or local Unix sockets. The rest of the crate uses the
-same `AppServerEvent` surface for both in-process and remote transports, so
-callers such as the TUI can switch between them without changing their
-higher-level session logic.
+notification streaming. The rest of the crate uses the same `AppServerEvent`
+surface for both in-process and remote transports, so callers such as the TUI
+can switch between them without changing their higher-level session logic.
 */
 
 use std::collections::HashMap;
@@ -37,23 +35,17 @@ use codex_app_server_protocol::RequestId;
 use codex_app_server_protocol::Result as JsonRpcResult;
 use codex_app_server_protocol::ServerNotification;
 use codex_app_server_protocol::ServerRequest;
-use codex_uds::UnixStream;
-use codex_utils_absolute_path::AbsolutePathBuf;
 use codex_utils_rustls_provider::ensure_rustls_crypto_provider;
 use futures::SinkExt;
 use futures::StreamExt;
 use serde::de::DeserializeOwned;
-use tokio::io::AsyncRead;
-use tokio::io::AsyncWrite;
 use tokio::net::TcpStream;
 use tokio::sync::mpsc;
 use tokio::sync::oneshot;
 use tokio::time::timeout;
 use tokio_tungstenite::MaybeTlsStream;
 use tokio_tungstenite::WebSocketStream;
-use tokio_tungstenite::client_async_with_config;
 use tokio_tungstenite::connect_async_with_config;
-use tokio_tungstenite::tungstenite::Error as TungsteniteError;
 use tokio_tungstenite::tungstenite::Message;
 use tokio_tungstenite::tungstenite::client::IntoClientRequest;
 use tokio_tungstenite::tungstenite::http::HeaderValue;
@@ -65,30 +57,18 @@ use url::Url;
 const CONNECT_TIMEOUT: Duration = Duration::from_secs(10);
 const INITIALIZE_TIMEOUT: Duration = Duration::from_secs(10);
 const REMOTE_APP_SERVER_MAX_WEBSOCKET_MESSAGE_SIZE: usize = 128 << 20;
-// Tungstenite still needs an HTTP request URI for the WebSocket handshake;
-// the bytes travel over the Unix socket, not TCP.
-const UDS_WEBSOCKET_HANDSHAKE_URL: &str = "ws://localhost/rpc";
-
-#[derive(Debug, Clone, PartialEq, Eq)]
-pub enum RemoteAppServerEndpoint {
-    WebSocket {
-        websocket_url: String,
-        auth_token: Option<String>,
-    },
-    UnixSocket {
-        socket_path: AbsolutePathBuf,
-    },
-}
 
 #[derive(Debug, Clone)]
 pub struct RemoteAppServerConnectArgs {
-    pub endpoint: RemoteAppServerEndpoint,
+    pub websocket_url: String,
+    pub auth_token: Option<String>,
     pub client_name: String,
     pub client_version: String,
     pub experimental_api: bool,
     pub opt_out_notification_methods: Vec<String>,
     pub channel_capacity: usize,
 }
+
 impl RemoteAppServerConnectArgs {
     fn initialize_params(&self) -> InitializeParams {
         let capabilities = InitializeCapabilities {
@@ -161,39 +141,69 @@ pub struct RemoteAppServerRequestHandle {
 impl RemoteAppServerClient {
     pub async fn connect(args: RemoteAppServerConnectArgs) -> IoResult<Self> {
         let channel_capacity = args.channel_capacity.max(1);
-        let initialize_params = args.initialize_params();
-        match args.endpoint {
-            RemoteAppServerEndpoint::WebSocket {
-                websocket_url,
-                auth_token,
-            } => {
-                let (endpoint, stream) =
-                    connect_websocket_endpoint(websocket_url, auth_token).await?;
-                Self::connect_with_stream(channel_capacity, endpoint, stream, initialize_params)
-                    .await
-            }
-            RemoteAppServerEndpoint::UnixSocket { socket_path } => {
-                let (endpoint, stream) = connect_unix_socket_endpoint(socket_path).await?;
-                Self::connect_with_stream(channel_capacity, endpoint, stream, initialize_params)
-                    .await
-            }
+        let websocket_url = args.websocket_url.clone();
+        let url = Url::parse(&websocket_url).map_err(|err| {
+            IoError::new(
+                ErrorKind::InvalidInput,
+                format!("invalid websocket URL `{websocket_url}`: {err}"),
+            )
+        })?;
+        if args.auth_token.is_some() && !websocket_url_supports_auth_token(&url) {
+            return Err(IoError::new(
+                ErrorKind::InvalidInput,
+                format!(
+                    "remote auth tokens require `wss://` or loopback `ws://` URLs; got `{websocket_url}`"
+                ),
+            ));
         }
-    }
-
-    async fn connect_with_stream<S>(
-        channel_capacity: usize,
-        endpoint: String,
-        stream: WebSocketStream<S>,
-        initialize_params: InitializeParams,
-    ) -> IoResult<Self>
-    where
-        S: AsyncRead + AsyncWrite + Unpin + Send + 'static,
-    {
+        let mut request = url.as_str().into_client_request().map_err(|err| {
+            IoError::new(
+                ErrorKind::InvalidInput,
+                format!("invalid websocket URL `{websocket_url}`: {err}"),
+            )
+        })?;
+        if let Some(auth_token) = args.auth_token.as_deref() {
+            let header_value =
+                HeaderValue::from_str(&format!("Bearer {auth_token}")).map_err(|err| {
+                    IoError::new(
+                        ErrorKind::InvalidInput,
+                        format!("invalid remote authorization header value: {err}"),
+                    )
+                })?;
+            request.headers_mut().insert(AUTHORIZATION, header_value);
+        }
+        ensure_rustls_crypto_provider();
+        // Remote resume responses can legitimately carry large thread histories.
+        // Keep a bounded cap, but raise it above tungstenite's 16 MiB frame default.
+        let websocket_config = WebSocketConfig::default()
+            .max_frame_size(Some(REMOTE_APP_SERVER_MAX_WEBSOCKET_MESSAGE_SIZE))
+            .max_message_size(Some(REMOTE_APP_SERVER_MAX_WEBSOCKET_MESSAGE_SIZE));
+        let stream = timeout(
+            CONNECT_TIMEOUT,
+            connect_async_with_config(
+                request,
+                Some(websocket_config),
+                /*disable_nagle*/ false,
+            ),
+        )
+        .await
+        .map_err(|_| {
+            IoError::new(
+                ErrorKind::TimedOut,
+                format!("timed out connecting to remote app server at `{websocket_url}`"),
+            )
+        })?
+        .map(|(stream, _response)| stream)
+        .map_err(|err| {
+            IoError::other(format!(
+                "failed to connect to remote app server at `{websocket_url}`: {err}"
+            ))
+        })?;
         let mut stream = stream;
         let pending_events = initialize_remote_connection(
             &mut stream,
-            &endpoint,
-            initialize_params,
+            &websocket_url,
+            args.initialize_params(),
             INITIALIZE_TIMEOUT,
         )
         .await?;
@@ -225,13 +235,13 @@ impl RemoteAppServerClient {
                                 if let Err(err) = write_jsonrpc_message(
                                     &mut stream,
                                     JSONRPCMessage::Request(jsonrpc_request_from_client_request(*request)),
-                                    &endpoint,
+                                    &websocket_url,
                                 )
                                 .await
                                 {
                                     let err_message = err.to_string();
                                     let message = format!(
-                                        "remote app server at `{endpoint}` write failed: {err_message}"
+                                        "remote app server at `{websocket_url}` write failed: {err_message}"
                                     );
                                     if let Some(response_tx) = pending_requests.remove(&request_id) {
                                         let _ = response_tx.send(Err(err));
@@ -252,7 +262,7 @@ impl RemoteAppServerClient {
                                     JSONRPCMessage::Notification(
                                         jsonrpc_notification_from_client_notification(notification),
                                     ),
-                                    &endpoint,
+                                    &websocket_url,
                                 )
                                 .await;
                                 let _ = response_tx.send(result);
@@ -268,7 +278,7 @@ impl RemoteAppServerClient {
                                         id: request_id,
                                         result,
                                     }),
-                                    &endpoint,
+                                    &websocket_url,
                                 )
                                 .await;
                                 let _ = response_tx.send(result);
@@ -284,20 +294,16 @@ impl RemoteAppServerClient {
                                         error,
                                         id: request_id,
                                     }),
-                                    &endpoint,
+                                    &websocket_url,
                                 )
                                 .await;
                                 let _ = response_tx.send(result);
                             }
                             RemoteClientCommand::Shutdown { response_tx } => {
-                                let close_result = stream.close(None).await.or_else(|err| {
-                                    if websocket_close_error_is_already_closed(&err) {
-                                        Ok(())
-                                    } else {
-                                        Err(IoError::other(format!(
-                                            "failed to close websocket app server `{endpoint}`: {err}"
-                                        )))
-                                    }
+                                let close_result = stream.close(None).await.map_err(|err| {
+                                    IoError::other(format!(
+                                        "failed to close websocket app server `{websocket_url}`: {err}"
+                                    ))
                                 });
                                 let _ = response_tx.send(close_result);
                                 break;
@@ -358,13 +364,13 @@ impl RemoteAppServerClient {
                                                         },
                                                         id: request_id,
                                                     }),
-                                                    &endpoint,
+                                                    &websocket_url,
                                                 )
                                                 .await
                                                 {
                                                     let err_message = reject_err.to_string();
                                                     let message = format!(
-                                                        "remote app server at `{endpoint}` write failed: {err_message}"
+                                                        "remote app server at `{websocket_url}` write failed: {err_message}"
                                                     );
                                                     let _ = deliver_event(
                                                         &event_tx,
@@ -381,7 +387,7 @@ impl RemoteAppServerClient {
                                     }
                                     Err(err) => {
                                         let message = format!(
-                                            "remote app server at `{endpoint}` sent invalid JSON-RPC: {err}"
+                                            "remote app server at `{websocket_url}` sent invalid JSON-RPC: {err}"
                                         );
                                         let _ = deliver_event(
                                             &event_tx,
@@ -402,7 +408,7 @@ impl RemoteAppServerClient {
                                     .filter(|reason| !reason.is_empty())
                                     .unwrap_or_else(|| "connection closed".to_string());
                                 let message = format!(
-                                    "remote app server at `{endpoint}` disconnected: {reason}"
+                                    "remote app server at `{websocket_url}` disconnected: {reason}"
                                 );
                                 let _ = deliver_event(
                                     &event_tx,
@@ -422,7 +428,7 @@ impl RemoteAppServerClient {
                             | Some(Ok(Message::Frame(_))) => {}
                             Some(Err(err)) => {
                                 let message = format!(
-                                    "remote app server at `{endpoint}` transport failed: {err}"
+                                    "remote app server at `{websocket_url}` transport failed: {err}"
                                 );
                                 let _ = deliver_event(
                                     &event_tx,
@@ -435,7 +441,7 @@ impl RemoteAppServerClient {
                             }
                             None => {
                                 let message = format!(
-                                    "remote app server at `{endpoint}` closed the connection"
+                                    "remote app server at `{websocket_url}` closed the connection"
                                 );
                                 let _ = deliver_event(
                                     &event_tx,
@@ -672,131 +678,12 @@ impl RemoteAppServerRequestHandle {
     }
 }
 
-async fn connect_websocket_endpoint(
-    websocket_url: String,
-    auth_token: Option<String>,
-) -> IoResult<(String, WebSocketStream<MaybeTlsStream<TcpStream>>)> {
-    let url = Url::parse(&websocket_url).map_err(|err| {
-        IoError::new(
-            ErrorKind::InvalidInput,
-            format!("invalid websocket URL `{websocket_url}`: {err}"),
-        )
-    })?;
-    if auth_token.is_some() && !websocket_url_supports_auth_token(&url) {
-        return Err(IoError::new(
-            ErrorKind::InvalidInput,
-            format!(
-                "remote auth tokens require `wss://` or loopback `ws://` URLs; got `{websocket_url}`"
-            ),
-        ));
-    }
-
-    let mut request = url.as_str().into_client_request().map_err(|err| {
-        IoError::new(
-            ErrorKind::InvalidInput,
-            format!("invalid websocket URL `{websocket_url}`: {err}"),
-        )
-    })?;
-    if let Some(auth_token) = auth_token.as_deref() {
-        let header_value =
-            HeaderValue::from_str(&format!("Bearer {auth_token}")).map_err(|err| {
-                IoError::new(
-                    ErrorKind::InvalidInput,
-                    format!("invalid remote authorization header value: {err}"),
-                )
-            })?;
-        request.headers_mut().insert(AUTHORIZATION, header_value);
-    }
-
-    ensure_rustls_crypto_provider();
-    let websocket_config = remote_websocket_config();
-    let stream = timeout(
-        CONNECT_TIMEOUT,
-        connect_async_with_config(
-            request,
-            Some(websocket_config),
-            /*disable_nagle*/ false,
-        ),
-    )
-    .await
-    .map_err(|_| {
-        IoError::new(
-            ErrorKind::TimedOut,
-            format!("timed out connecting to remote app server at `{websocket_url}`"),
-        )
-    })?
-    .map(|(stream, _response)| stream)
-    .map_err(|err| {
-        IoError::other(format!(
-            "failed to connect to remote app server at `{websocket_url}`: {err}"
-        ))
-    })?;
-
-    Ok((websocket_url, stream))
-}
-
-async fn connect_unix_socket_endpoint(
-    socket_path: AbsolutePathBuf,
-) -> IoResult<(String, WebSocketStream<UnixStream>)> {
-    let endpoint = format!("unix://{}", socket_path.display());
-    let request = UDS_WEBSOCKET_HANDSHAKE_URL
-        .into_client_request()
-        .map_err(|err| {
-            IoError::new(
-                ErrorKind::InvalidInput,
-                format!("invalid UDS websocket handshake URL: {err}"),
-            )
-        })?;
-    let stream = timeout(CONNECT_TIMEOUT, UnixStream::connect(socket_path.as_path()))
-        .await
-        .map_err(|_| {
-            IoError::new(
-                ErrorKind::TimedOut,
-                format!("timed out connecting to remote app server at `{endpoint}`"),
-            )
-        })?
-        .map_err(|err| {
-            IoError::other(format!(
-                "failed to connect to remote app server at `{endpoint}`: {err}"
-            ))
-        })?;
-    let websocket_config = remote_websocket_config();
-    let stream = timeout(
-        CONNECT_TIMEOUT,
-        client_async_with_config(request, stream, Some(websocket_config)),
-    )
-    .await
-    .map_err(|_| {
-        IoError::new(
-            ErrorKind::TimedOut,
-            format!("timed out upgrading remote app server at `{endpoint}`"),
-        )
-    })?
-    .map(|(stream, _response)| stream)
-    .map_err(|err| {
-        IoError::other(format!(
-            "failed to upgrade remote app server at `{endpoint}`: {err}"
-        ))
-    })?;
-
-    Ok((endpoint, stream))
-}
-
-fn remote_websocket_config() -> WebSocketConfig {
-    WebSocketConfig::default()
-        .max_frame_size(Some(REMOTE_APP_SERVER_MAX_WEBSOCKET_MESSAGE_SIZE))
-        .max_message_size(Some(REMOTE_APP_SERVER_MAX_WEBSOCKET_MESSAGE_SIZE))
-}
-
-async fn initialize_remote_connection<S>(
-    stream: &mut WebSocketStream<S>,
-    endpoint: &str,
+async fn initialize_remote_connection(
+    stream: &mut WebSocketStream<MaybeTlsStream<TcpStream>>,
+    websocket_url: &str,
     params: InitializeParams,
     initialize_timeout: Duration,
-) -> IoResult<Vec<AppServerEvent>>
-where
-    S: AsyncRead + AsyncWrite + Unpin,
-{
+) -> IoResult<Vec<AppServerEvent>> {
     let initialize_request_id = RequestId::String("initialize".to_string());
     let mut pending_events = Vec::new();
     write_jsonrpc_message(
@@ -807,7 +694,7 @@ where
                 params,
             },
         )),
-        endpoint,
+        websocket_url,
     )
     .await?;
 
@@ -817,7 +704,7 @@ where
                 Some(Ok(Message::Text(text))) => {
                     let message = serde_json::from_str::<JSONRPCMessage>(&text).map_err(|err| {
                         IoError::other(format!(
-                            "remote app server at `{endpoint}` sent invalid initialize response: {err}"
+                            "remote app server at `{websocket_url}` sent invalid initialize response: {err}"
                         ))
                     })?;
                     match message {
@@ -826,7 +713,7 @@ where
                         }
                         JSONRPCMessage::Error(error) if error.id == initialize_request_id => {
                             break Err(IoError::other(format!(
-                                "remote app server at `{endpoint}` rejected initialize: {}",
+                                "remote app server at `{websocket_url}` rejected initialize: {}",
                                 error.error.message
                             )));
                         }
@@ -856,7 +743,7 @@ where
                                             },
                                             id: request_id,
                                         }),
-                                        endpoint,
+                                        websocket_url,
                                     )
                                     .await?;
                                 }
@@ -878,19 +765,19 @@ where
                     break Err(IoError::new(
                         ErrorKind::ConnectionAborted,
                         format!(
-                            "remote app server at `{endpoint}` closed during initialize: {reason}"
+                            "remote app server at `{websocket_url}` closed during initialize: {reason}"
                         ),
                     ));
                 }
                 Some(Err(err)) => {
                     break Err(IoError::other(format!(
-                        "remote app server at `{endpoint}` transport failed during initialize: {err}"
+                        "remote app server at `{websocket_url}` transport failed during initialize: {err}"
                     )));
                 }
                 None => {
                     break Err(IoError::new(
                         ErrorKind::UnexpectedEof,
-                        format!("remote app server at `{endpoint}` closed during initialize"),
+                        format!("remote app server at `{websocket_url}` closed during initialize"),
                     ));
                 }
             }
@@ -900,7 +787,7 @@ where
     .map_err(|_| {
         IoError::new(
             ErrorKind::TimedOut,
-            format!("timed out waiting for initialize response from `{endpoint}`"),
+            format!("timed out waiting for initialize response from `{websocket_url}`"),
         )
     })??;
 
@@ -909,7 +796,7 @@ where
         JSONRPCMessage::Notification(jsonrpc_notification_from_client_notification(
             ClientNotification::Initialized,
         )),
-        endpoint,
+        websocket_url,
     )
     .await?;
 
@@ -963,35 +850,21 @@ fn jsonrpc_notification_from_client_notification(
     }
 }
 
-async fn write_jsonrpc_message<S>(
-    stream: &mut WebSocketStream<S>,
+async fn write_jsonrpc_message(
+    stream: &mut WebSocketStream<MaybeTlsStream<TcpStream>>,
     message: JSONRPCMessage,
-    endpoint: &str,
-) -> IoResult<()>
-where
-    S: AsyncRead + AsyncWrite + Unpin,
-{
+    websocket_url: &str,
+) -> IoResult<()> {
     let payload = serde_json::to_string(&message).map_err(IoError::other)?;
     stream
         .send(Message::Text(payload.into()))
         .await
         .map_err(|err| {
             IoError::other(format!(
-                "failed to write websocket message to `{endpoint}`: {err}"
+                "failed to write websocket message to `{websocket_url}`: {err}"
             ))
         })
 }
-
-fn websocket_close_error_is_already_closed(err: &TungsteniteError) -> bool {
-    match err {
-        TungsteniteError::ConnectionClosed | TungsteniteError::AlreadyClosed => true,
-        TungsteniteError::Io(err) => matches!(
-            err.kind(),
-            ErrorKind::BrokenPipe | ErrorKind::ConnectionReset | ErrorKind::NotConnected
-        ),
-        _ => false,
-    }
-}
 #[cfg(test)]
 mod tests {
     use super::*;

codex-rs/app-server-daemon/Cargo.toml

@@ -16,14 +16,13 @@ workspace = true
 anyhow = { workspace = true }
 codex-app-server-protocol = { workspace = true }
 codex-app-server-transport = { workspace = true }
-codex-utils-home-dir = { workspace = true }
+codex-core = { workspace = true }
 codex-uds = { workspace = true }
 futures = { workspace = true }
 libc = { workspace = true }
 reqwest = { workspace = true, features = ["rustls-tls"] }
 serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true }
-sha2 = { workspace = true }
 tokio = { workspace = true, features = [
     "fs",
     "io-util",

codex-rs/app-server-daemon/README.md

@@ -52,8 +52,8 @@ the standalone managed binary under `CODEX_HOME`.
 | Situation | What starts | Does this daemon fetch new binaries? | Does a running app-server eventually move to a newer binary on its own? |
 | --- | --- | --- | --- |
 | `install.sh` has run, but only `start` is used | `start` uses `CODEX_HOME/packages/standalone/current/codex` | No | No. The managed path is used when starting or restarting, but no updater is installed. |
-| `install.sh` has run, then `bootstrap` is used | The pidfile backend uses `CODEX_HOME/packages/standalone/current/codex` | Yes. Bootstrap launches a detached updater loop that runs `install.sh` hourly. | Yes, while that updater process is alive and app-server is already running. After a successful fetch, the updater restarts app-server with the refreshed binary and only then replaces its own process image. |
-| Some other tool updates the managed binary path | The next fresh start or restart uses the updated file at that path | Only if `bootstrap` is active, because the updater still runs `install.sh` on its normal cadence. | Without `bootstrap`, no. With `bootstrap`, the next successful updater pass compares the managed binary contents after `install.sh` runs; if app-server is running and they differ from the updater's current image, it refreshes app-server first and then itself. |
+| `install.sh` has run, then `bootstrap` is used | The pidfile backend uses `CODEX_HOME/packages/standalone/current/codex` | Yes. Bootstrap launches a detached updater loop that runs `install.sh` hourly. | Yes, while that updater process is alive. After a successful fetch, it restarts a currently running app-server only when the managed binary reports a different version. |
+| Some other tool updates the managed binary path | The next fresh start or restart uses the updated file at that path | No | Not automatically. The existing process keeps the old executable image until an explicit `restart`. |
 
 ### Standalone installs
 
@@ -62,24 +62,19 @@ For installs created by `install.sh`:
 - lifecycle commands always use the standalone managed binary path
 - `bootstrap` is supported
 - `bootstrap` starts a detached pid-backed updater loop that fetches via
-  `install.sh`
-- after a successful refresh, if app-server is running and the managed binary
-  contents changed, the updater restarts app-server with that binary first and
-  only then replaces its own process image
+  `install.sh`, then restarts app-server if it is running on a different version
 - the updater loop is not reboot-persistent; it must be started again by
   rerunning `bootstrap` after a reboot
 
 ### Out-of-band updates
 
 This daemon does not watch arbitrary executable files for replacement. If some
-other tool updates the managed binary path:
+other tool updates a binary that the daemon would use on its next launch:
 
-- without `bootstrap`, a currently running app-server remains on the old
-  executable image until an explicit `restart`
-- with `bootstrap`, the detached updater loop notices the changed managed
-  binary on its next successful scheduled pass after running `install.sh`; if
-  app-server is running, it refreshes app-server first and then refreshes itself
-  once that replacement starts successfully
+- a currently running app-server remains on the old executable image
+- `restart` will launch the updated binary
+- for bootstrapped daemons, the detached updater loop only reacts to updates it
+  fetched itself; it does not watch arbitrary file replacement
 
 ## Lifecycle semantics
 
@@ -92,10 +87,6 @@ JSON-RPC initialize handshake on the Unix control socket.
 for future starts. If a managed app-server is already running, they restart it
 so the new setting takes effect immediately.
 
-Top-level `codex remote-control` bootstraps with `--remote-control` when the
-updater loop is not running. Otherwise it enables remote control and starts the
-daemon normally.
-
 `stop` sends a graceful termination request first, then sends a second
 termination signal after the grace window if the process is still alive.
 

codex-rs/app-server-daemon/src/backend/mod.rs

@@ -1,6 +1,5 @@
 mod pid;
 
-use std::path::Path;
 use std::path::PathBuf;
 
 use serde::Serialize;
@@ -32,15 +31,3 @@ pub(crate) fn pid_backend(paths: BackendPaths) -> PidBackend {
 pub(crate) fn pid_update_loop_backend(paths: BackendPaths) -> PidBackend {
     PidBackend::new_update_loop(paths.codex_bin, paths.update_pid_file)
 }
-
-pub(crate) async fn append_stderr_log_tail_context(pid_file: &Path, context: &mut String) {
-    match pid::read_stderr_log_tail(pid_file).await {
-        Ok(Some(tail)) => tail.append_to_context(context),
-        Ok(None) => {}
-        Err(err) => {
-            context.push_str(&format!(
-                "\n\nFailed to read managed app-server stderr log: {err:#}"
-            ));
-        }
-    }
-}

codex-rs/app-server-daemon/src/backend/pid.rs

@@ -1,4 +1,3 @@
-use std::io::SeekFrom;
 use std::path::Path;
 use std::path::PathBuf;
 #[cfg(unix)]
@@ -11,8 +10,6 @@ use anyhow::bail;
 use serde::Deserialize;
 use serde::Serialize;
 use tokio::fs;
-use tokio::io::AsyncReadExt;
-use tokio::io::AsyncSeekExt;
 #[cfg(unix)]
 use tokio::process::Command;
 use tokio::time::sleep;
@@ -21,7 +18,6 @@ const STOP_POLL_INTERVAL: Duration = Duration::from_millis(50);
 const STOP_GRACE_PERIOD: Duration = Duration::from_secs(60);
 const STOP_TIMEOUT: Duration = Duration::from_secs(70);
 const START_TIMEOUT: Duration = Duration::from_secs(10);
-const STDERR_LOG_TAIL_BYTES: u64 = 4096;
 
 #[derive(Debug)]
 #[cfg_attr(not(unix), allow(dead_code))]
@@ -39,25 +35,6 @@ struct PidRecord {
     process_start_time: String,
 }
 
-#[derive(Debug, Clone, PartialEq, Eq)]
-pub(crate) struct PidLogTail {
-    pub(crate) path: PathBuf,
-    pub(crate) contents: String,
-}
-
-impl PidLogTail {
-    pub(crate) fn append_to_context(&self, context: &mut String) {
-        context.push_str(&format!(
-            "\n\nManaged app-server stderr ({}):",
-            self.path.display()
-        ));
-        for line in self.contents.lines() {
-            context.push_str("\n  ");
-            context.push_str(line);
-        }
-    }
-}
-
 #[derive(Debug, Clone, PartialEq, Eq)]
 enum PidFileState {
     Missing,
@@ -152,18 +129,11 @@ impl PidBackend {
             }
         };
         let mut command = Command::new(&self.codex_bin);
-        let stderr_log = match self.open_stderr_log().await {
-            Ok(stderr_log) => stderr_log,
-            Err(err) => {
-                let _ = fs::remove_file(&self.pid_file).await;
-                return Err(err);
-            }
-        };
         command
             .args(self.command_args())
             .stdin(Stdio::null())
             .stdout(Stdio::null())
-            .stderr(Stdio::from(stderr_log.into_std().await));
+            .stderr(Stdio::null());
 
         #[cfg(unix)]
         {
@@ -199,11 +169,8 @@ impl PidBackend {
             },
             Err(err) => {
                 let _ = self.terminate_process(pid);
-                let mut context =
-                    format!("failed to record pid-managed app-server process {pid} startup");
-                super::append_stderr_log_tail_context(&self.pid_file, &mut context).await;
                 let _ = fs::remove_file(&self.pid_file).await;
-                return Err(err).context(context);
+                return Err(err);
             }
         };
         let contents = serde_json::to_vec(&record).context("failed to serialize pid record")?;
@@ -377,29 +344,18 @@ impl PidBackend {
         Ok(reservation_lock)
     }
 
-    #[cfg(unix)]
-    async fn open_stderr_log(&self) -> Result<fs::File> {
-        let stderr_log_file = stderr_log_file_for_pid_file(&self.pid_file);
-        fs::OpenOptions::new()
-            .create(true)
-            .truncate(true)
-            .write(true)
-            .open(&stderr_log_file)
-            .await
-            .with_context(|| {
-                format!(
-                    "failed to open stderr log for pid-managed app server {}",
-                    stderr_log_file.display()
-                )
-            })
-    }
-
     #[cfg(unix)]
     fn command_args(&self) -> Vec<&'static str> {
         match self.command_kind {
             PidCommandKind::AppServer {
                 remote_control_enabled: true,
-            } => vec!["app-server", "--remote-control", "--listen", "unix://"],
+            } => vec![
+                "--enable",
+                "remote_control",
+                "app-server",
+                "--listen",
+                "unix://",
+            ],
             PidCommandKind::AppServer {
                 remote_control_enabled: false,
             } => vec!["app-server", "--listen", "unix://"],
@@ -426,56 +382,6 @@ impl PidBackend {
     }
 }
 
-pub(crate) async fn read_stderr_log_tail(pid_file: &Path) -> Result<Option<PidLogTail>> {
-    let path = stderr_log_file_for_pid_file(pid_file);
-    let Some(contents) = read_log_tail(&path, STDERR_LOG_TAIL_BYTES).await? else {
-        return Ok(None);
-    };
-    Ok(Some(PidLogTail { path, contents }))
-}
-
-fn stderr_log_file_for_pid_file(pid_file: &Path) -> PathBuf {
-    pid_file.with_extension("stderr.log")
-}
-
-async fn read_log_tail(path: &Path, byte_limit: u64) -> Result<Option<String>> {
-    let mut file = match fs::File::open(path).await {
-        Ok(file) => file,
-        Err(err) if err.kind() == std::io::ErrorKind::NotFound => return Ok(None),
-        Err(err) => {
-            return Err(err)
-                .with_context(|| format!("failed to open stderr log {}", path.display()));
-        }
-    };
-    let len = file
-        .metadata()
-        .await
-        .with_context(|| format!("failed to inspect stderr log {}", path.display()))?
-        .len();
-    if len == 0 {
-        return Ok(None);
-    }
-
-    let start = len.saturating_sub(byte_limit);
-    file.seek(SeekFrom::Start(start))
-        .await
-        .with_context(|| format!("failed to seek stderr log {}", path.display()))?;
-    let mut bytes = Vec::new();
-    file.read_to_end(&mut bytes)
-        .await
-        .with_context(|| format!("failed to read stderr log {}", path.display()))?;
-    if start > 0
-        && let Some(newline_index) = bytes.iter().position(|byte| *byte == b'\n')
-    {
-        bytes.drain(..=newline_index);
-    }
-    let contents = String::from_utf8_lossy(&bytes).trim_end().to_string();
-    if contents.is_empty() {
-        return Ok(None);
-    }
-    Ok(Some(contents))
-}
-
 #[cfg(unix)]
 fn process_exists(pid: u32) -> bool {
     let Ok(pid) = libc::pid_t::try_from(pid) else {

codex-rs/app-server-daemon/src/backend/pid_tests.rs

@@ -6,10 +6,7 @@ use tempfile::TempDir;
 use super::PidBackend;
 use super::PidCommandKind;
 use super::PidFileState;
-use super::PidLogTail;
 use super::PidRecord;
-use super::read_stderr_log_tail;
-use super::stderr_log_file_for_pid_file;
 use super::try_lock_file;
 
 #[tokio::test]
@@ -159,38 +156,3 @@ fn update_loop_uses_hidden_app_server_subcommand() {
         vec!["app-server", "daemon", "pid-update-loop"]
     );
 }
-
-#[test]
-fn app_server_remote_control_uses_runtime_flag() {
-    let backend = PidBackend::new(
-        "codex".into(),
-        "app-server.pid".into(),
-        /*remote_control_enabled*/ true,
-    );
-
-    assert_eq!(
-        backend.command_args(),
-        vec!["app-server", "--remote-control", "--listen", "unix://"]
-    );
-}
-
-#[tokio::test]
-async fn read_stderr_log_tail_returns_recent_complete_lines() {
-    let temp_dir = TempDir::new().expect("temp dir");
-    let pid_file = temp_dir.path().join("app-server.pid");
-    let log_file = stderr_log_file_for_pid_file(&pid_file);
-    let contents = format!("{}\nrecent error\nusage", "x".repeat(4100));
-    tokio::fs::write(&log_file, contents)
-        .await
-        .expect("write stderr log");
-
-    assert_eq!(
-        read_stderr_log_tail(&pid_file)
-            .await
-            .expect("read stderr log"),
-        Some(PidLogTail {
-            path: log_file,
-            contents: "recent error\nusage".to_string(),
-        })
-    );
-}

codex-rs/app-server-daemon/src/client.rs

@@ -5,7 +5,6 @@ use anyhow::Context;
 use anyhow::Result;
 use anyhow::anyhow;
 use codex_app_server_protocol::ClientInfo;
-use codex_app_server_protocol::InitializeCapabilities;
 use codex_app_server_protocol::InitializeParams;
 use codex_app_server_protocol::InitializeResponse;
 use codex_app_server_protocol::JSONRPCMessage;
@@ -15,16 +14,12 @@ use codex_app_server_protocol::RequestId;
 use codex_uds::UnixStream;
 use futures::SinkExt;
 use futures::StreamExt;
-use tokio::io::AsyncRead;
-use tokio::io::AsyncWrite;
 use tokio::time::timeout;
-use tokio_tungstenite::WebSocketStream;
 use tokio_tungstenite::client_async;
 use tokio_tungstenite::tungstenite::Message;
 
-pub(crate) const CONTROL_SOCKET_RESPONSE_TIMEOUT: Duration = Duration::from_secs(2);
+const PROBE_TIMEOUT: Duration = Duration::from_secs(2);
 const CLIENT_NAME: &str = "codex_app_server_daemon";
-const INITIALIZE_REQUEST_ID: RequestId = RequestId::Integer(1);
 
 #[derive(Debug, Clone, PartialEq, Eq)]
 pub(crate) struct ProbeInfo {
@@ -32,7 +27,7 @@ pub(crate) struct ProbeInfo {
 }
 
 pub(crate) async fn probe(socket_path: &Path) -> Result<ProbeInfo> {
-    timeout(CONTROL_SOCKET_RESPONSE_TIMEOUT, probe_inner(socket_path))
+    timeout(PROBE_TIMEOUT, probe_inner(socket_path))
         .await
         .with_context(|| {
             format!(
@@ -43,42 +38,15 @@ pub(crate) async fn probe(socket_path: &Path) -> Result<ProbeInfo> {
 }
 
 async fn probe_inner(socket_path: &Path) -> Result<ProbeInfo> {
-    let mut websocket = connect(socket_path).await?;
-
-    let initialize_response = initialize(&mut websocket, /*experimental_api*/ false).await?;
-    let initialized = JSONRPCMessage::Notification(JSONRPCNotification {
-        method: "initialized".to_string(),
-        params: None,
-    });
-    send_message(&mut websocket, &initialized)
-        .await
-        .context("failed to send initialized notification")?;
-    websocket.close(None).await.ok();
-
-    Ok(ProbeInfo {
-        app_server_version: parse_version_from_user_agent(&initialize_response.user_agent)?,
-    })
-}
-
-pub(crate) async fn connect(socket_path: &Path) -> Result<WebSocketStream<UnixStream>> {
     let stream = UnixStream::connect(socket_path)
         .await
         .with_context(|| format!("failed to connect to {}", socket_path.display()))?;
-    let (websocket, _response) = client_async("ws://localhost/", stream)
+    let (mut websocket, _response) = client_async("ws://localhost/", stream)
         .await
         .with_context(|| format!("failed to upgrade {}", socket_path.display()))?;
-    Ok(websocket)
-}
 
-pub(crate) async fn initialize<S>(
-    websocket: &mut WebSocketStream<S>,
-    experimental_api: bool,
-) -> Result<InitializeResponse>
-where
-    S: AsyncRead + AsyncWrite + Unpin,
-{
     let initialize = JSONRPCMessage::Request(JSONRPCRequest {
-        id: INITIALIZE_REQUEST_ID,
+        id: RequestId::Integer(1),
         method: "initialize".to_string(),
         params: Some(serde_json::to_value(InitializeParams {
             client_info: ClientInfo {
@@ -86,63 +54,45 @@ where
                 title: Some("Codex App Server Daemon".to_string()),
                 version: env!("CARGO_PKG_VERSION").to_string(),
             },
-            capabilities: if experimental_api {
-                Some(InitializeCapabilities {
-                    experimental_api: true,
-                    ..Default::default()
-                })
-            } else {
-                None
-            },
+            capabilities: None,
         })?),
         trace: None,
     });
-    send_message(websocket, &initialize)
+    websocket
+        .send(Message::Text(serde_json::to_string(&initialize)?.into()))
         .await
         .context("failed to send initialize request")?;
 
     let response = loop {
-        let message = timeout(CONTROL_SOCKET_RESPONSE_TIMEOUT, read_message(websocket))
+        let frame = websocket
+            .next()
             .await
-            .context("timed out waiting for initialize response")??;
+            .ok_or_else(|| anyhow!("app-server closed before initialize response"))??;
+        let Message::Text(payload) = frame else {
+            continue;
+        };
+        let message = serde_json::from_str::<JSONRPCMessage>(&payload)?;
         if let JSONRPCMessage::Response(response) = message
-            && response.id == INITIALIZE_REQUEST_ID
+            && response.id == RequestId::Integer(1)
         {
             break response;
         }
     };
-    serde_json::from_value::<InitializeResponse>(response.result)
-        .context("failed to parse initialize response")
-}
+    let initialize_response = serde_json::from_value::<InitializeResponse>(response.result)?;
 
-pub(crate) async fn send_message<S>(
-    websocket: &mut WebSocketStream<S>,
-    message: &JSONRPCMessage,
-) -> Result<()>
-where
-    S: AsyncRead + AsyncWrite + Unpin,
-{
+    let initialized = JSONRPCMessage::Notification(JSONRPCNotification {
+        method: "initialized".to_string(),
+        params: None,
+    });
     websocket
-        .send(Message::Text(serde_json::to_string(message)?.into()))
-        .await?;
-    Ok(())
-}
+        .send(Message::Text(serde_json::to_string(&initialized)?.into()))
+        .await
+        .context("failed to send initialized notification")?;
+    websocket.close(None).await.ok();
 
-pub(crate) async fn read_message<S>(websocket: &mut WebSocketStream<S>) -> Result<JSONRPCMessage>
-where
-    S: AsyncRead + AsyncWrite + Unpin,
-{
-    loop {
-        let frame = websocket
-            .next()
-            .await
-            .ok_or_else(|| anyhow!("app-server closed the control socket"))??;
-        let Message::Text(payload) = frame else {
-            continue;
-        };
-        return serde_json::from_str::<JSONRPCMessage>(&payload)
-            .context("failed to parse app-server JSON-RPC message");
-    }
+    Ok(ProbeInfo {
+        app_server_version: parse_version_from_user_agent(&initialize_response.user_agent)?,
+    })
 }
 
 fn parse_version_from_user_agent(user_agent: &str) -> Result<String> {

codex-rs/app-server-daemon/src/lib.rs

@@ -1,11 +1,9 @@
 mod backend;
 mod client;
 mod managed_install;
-mod remote_control_client;
 mod settings;
 mod update_loop;
 
-use std::path::Path;
 use std::path::PathBuf;
 use std::time::Duration;
 
@@ -14,9 +12,8 @@ use anyhow::Result;
 use anyhow::anyhow;
 pub use backend::BackendKind;
 use backend::BackendPaths;
-use codex_app_server_protocol::RemoteControlConnectionStatus;
 use codex_app_server_transport::app_server_control_socket_path;
-use codex_utils_home_dir::find_codex_home;
+use codex_core::config::find_codex_home;
 use managed_install::managed_codex_bin;
 #[cfg(unix)]
 use managed_install::managed_codex_version;
@@ -60,8 +57,6 @@ pub struct LifecycleOutput {
     pub backend: Option<BackendKind>,
     #[serde(skip_serializing_if = "Option::is_none")]
     pub pid: Option<u32>,
-    pub managed_codex_path: PathBuf,
-    pub managed_codex_version: Option<String>,
     pub socket_path: PathBuf,
     #[serde(skip_serializing_if = "Option::is_none")]
     pub cli_version: Option<String>,
@@ -88,33 +83,11 @@ pub struct BootstrapOutput {
     pub auto_update_enabled: bool,
     pub remote_control_enabled: bool,
     pub managed_codex_path: PathBuf,
-    pub managed_codex_version: Option<String>,
     pub socket_path: PathBuf,
     pub cli_version: String,
     pub app_server_version: String,
 }
 
-#[derive(Debug, Clone, PartialEq, Eq, Serialize)]
-#[serde(untagged)]
-pub enum RemoteControlStartOutput {
-    Bootstrap(BootstrapOutput),
-    Start(LifecycleOutput),
-}
-
-#[derive(Debug, Clone, PartialEq, Eq)]
-pub struct RemoteControlReadyStatus {
-    pub status: RemoteControlConnectionStatus,
-    pub server_name: String,
-    pub environment_id: Option<String>,
-    pub timed_out: bool,
-}
-
-#[derive(Debug, Clone, PartialEq, Eq)]
-pub struct RemoteControlReadyOutput {
-    pub daemon: RemoteControlStartOutput,
-    pub remote_control: RemoteControlReadyStatus,
-}
-
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
 pub enum RemoteControlMode {
     Enabled,
@@ -150,35 +123,9 @@ pub struct RemoteControlOutput {
 }
 
 #[cfg(unix)]
-#[derive(Debug, Clone, Copy, PartialEq, Eq)]
 pub(crate) enum RestartIfRunningOutcome {
+    Completed,
     Busy,
-    NotRunning,
-    NotReady,
-    AlreadyCurrent,
-    Restarted,
-}
-
-#[cfg(unix)]
-#[derive(Debug, Clone, Copy, PartialEq, Eq)]
-pub(crate) enum RestartMode {
-    IfVersionChanged,
-    Always,
-}
-
-#[cfg(unix)]
-#[derive(Debug, Clone, Copy, PartialEq, Eq)]
-pub(crate) enum UpdaterRefreshMode {
-    None,
-    ReexecIfManagedBinaryChanged,
-}
-
-#[cfg(unix)]
-#[derive(Debug, Clone, Copy, PartialEq, Eq)]
-enum RestartDecision {
-    NotReady,
-    AlreadyCurrent,
-    Restart,
 }
 
 pub async fn run(command: LifecycleCommand) -> Result<LifecycleOutput> {
@@ -191,34 +138,6 @@ pub async fn bootstrap(options: BootstrapOptions) -> Result<BootstrapOutput> {
     Daemon::from_environment()?.bootstrap(options).await
 }
 
-pub async fn ensure_remote_control_started() -> Result<RemoteControlStartOutput> {
-    ensure_supported_platform()?;
-    Daemon::from_environment()?
-        .ensure_remote_control_started()
-        .await
-}
-
-pub async fn ensure_remote_control_ready() -> Result<RemoteControlReadyOutput> {
-    ensure_supported_platform()?;
-    Daemon::from_environment()?
-        .ensure_remote_control_ready()
-        .await
-}
-
-pub async fn enable_remote_control_on_socket(
-    socket_path: &Path,
-    connect_timeout: Duration,
-    connect_retry_delay: Duration,
-) -> Result<RemoteControlReadyStatus> {
-    ensure_supported_platform()?;
-    remote_control_client::enable_remote_control_with_connect_retry(
-        socket_path,
-        connect_timeout,
-        connect_retry_delay,
-    )
-    .await
-}
-
 pub async fn set_remote_control(mode: RemoteControlMode) -> Result<RemoteControlOutput> {
     ensure_supported_platform()?;
     Daemon::from_environment()?.set_remote_control(mode).await
@@ -288,39 +207,33 @@ impl Daemon {
     async fn start(&self) -> Result<LifecycleOutput> {
         let settings = self.load_settings().await?;
         if let Ok(info) = client::probe(&self.socket_path).await {
-            return Ok(self
-                .output(
-                    LifecycleStatus::AlreadyRunning,
-                    self.running_backend(&settings).await?,
-                    /*pid*/ None,
-                    Some(info.app_server_version),
-                )
-                .await);
+            return Ok(self.output(
+                LifecycleStatus::AlreadyRunning,
+                self.running_backend(&settings).await?,
+                /*pid*/ None,
+                Some(info.app_server_version),
+            ));
         }
 
         if self.running_backend_instance(&settings).await?.is_some() {
             let info = self.wait_until_ready().await?;
-            return Ok(self
-                .output(
-                    LifecycleStatus::AlreadyRunning,
-                    Some(BackendKind::Pid),
-                    /*pid*/ None,
-                    Some(info.app_server_version),
-                )
-                .await);
+            return Ok(self.output(
+                LifecycleStatus::AlreadyRunning,
+                Some(BackendKind::Pid),
+                /*pid*/ None,
+                Some(info.app_server_version),
+            ));
         }
 
         self.ensure_managed_codex_bin()?;
         let pid = self.start_managed_backend(&settings).await?;
         let info = self.wait_until_ready().await?;
-        Ok(self
-            .output(
-                LifecycleStatus::Started,
-                Some(BackendKind::Pid),
-                pid,
-                Some(info.app_server_version),
-            )
-            .await)
+        Ok(self.output(
+            LifecycleStatus::Started,
+            Some(BackendKind::Pid),
+            pid,
+            Some(info.app_server_version),
+        ))
     }
 
     async fn restart(&self) -> Result<LifecycleOutput> {
@@ -340,74 +253,33 @@ impl Daemon {
 
         let pid = self.start_managed_backend(&settings).await?;
         let info = self.wait_until_ready().await?;
-        Ok(self
-            .output(
-                LifecycleStatus::Restarted,
-                Some(BackendKind::Pid),
-                pid,
-                Some(info.app_server_version),
-            )
-            .await)
+        Ok(self.output(
+            LifecycleStatus::Restarted,
+            Some(BackendKind::Pid),
+            pid,
+            Some(info.app_server_version),
+        ))
     }
 
     #[cfg(unix)]
-    pub(crate) async fn try_restart_if_running(
-        &self,
-        mode: RestartMode,
-        updater_refresh_mode: UpdaterRefreshMode,
-        managed_codex_bin: &Path,
-    ) -> Result<RestartIfRunningOutcome> {
+    pub(crate) async fn try_restart_if_running(&self) -> Result<RestartIfRunningOutcome> {
         let operation_lock = self.open_operation_lock_file().await?;
         if !try_lock_file(&operation_lock)? {
             return Ok(RestartIfRunningOutcome::Busy);
         }
-        let settings = self.load_settings().await?;
-        let outcome = if let Some(backend) = self.running_backend_instance(&settings).await? {
-            let info = client::probe(&self.socket_path).await.ok();
-            let managed_version = if info.is_some() {
-                Some(managed_codex_version(managed_codex_bin).await?)
-            } else {
-                None
-            };
-            match restart_decision(mode, info.as_ref(), managed_version.as_deref()) {
-                RestartDecision::NotReady => return Ok(RestartIfRunningOutcome::NotReady),
-                RestartDecision::AlreadyCurrent => RestartIfRunningOutcome::AlreadyCurrent,
-                RestartDecision::Restart => {
-                    backend.stop().await?;
-                    let _ = self
-                        .start_managed_backend_with_bin(&settings, managed_codex_bin)
-                        .await?;
-                    self.wait_until_ready().await?;
-                    RestartIfRunningOutcome::Restarted
-                }
-            }
-        } else if client::probe(&self.socket_path).await.is_ok() {
-            return Err(anyhow!(
-                "app server is running but is not managed by codex app-server daemon"
-            ));
-        } else {
-            RestartIfRunningOutcome::NotRunning
-        };
-
-        if should_reexec_updater(updater_refresh_mode, outcome) {
-            crate::update_loop::reexec_managed_updater(managed_codex_bin)?;
-        }
-
-        Ok(outcome)
-    }
-
-    async fn stop(&self) -> Result<LifecycleOutput> {
         let settings = self.load_settings().await?;
         if let Some(backend) = self.running_backend_instance(&settings).await? {
+            let Ok(info) = client::probe(&self.socket_path).await else {
+                return Ok(RestartIfRunningOutcome::Completed);
+            };
+            let managed_version = managed_codex_version(&self.managed_codex_bin).await?;
+            if info.app_server_version == managed_version {
+                return Ok(RestartIfRunningOutcome::Completed);
+            }
             backend.stop().await?;
-            return Ok(self
-                .output(
-                    LifecycleStatus::Stopped,
-                    Some(BackendKind::Pid),
-                    /*pid*/ None,
-                    /*app_server_version*/ None,
-                )
-                .await);
+            let _ = self.start_managed_backend(&settings).await?;
+            self.wait_until_ready().await?;
+            return Ok(RestartIfRunningOutcome::Completed);
         }
 
         if client::probe(&self.socket_path).await.is_ok() {
@@ -416,27 +288,44 @@ impl Daemon {
             ));
         }
 
-        Ok(self
-            .output(
-                LifecycleStatus::NotRunning,
-                /*backend*/ None,
+        Ok(RestartIfRunningOutcome::Completed)
+    }
+
+    async fn stop(&self) -> Result<LifecycleOutput> {
+        let settings = self.load_settings().await?;
+        if let Some(backend) = self.running_backend_instance(&settings).await? {
+            backend.stop().await?;
+            return Ok(self.output(
+                LifecycleStatus::Stopped,
+                Some(BackendKind::Pid),
                 /*pid*/ None,
                 /*app_server_version*/ None,
-            )
-            .await)
+            ));
+        }
+
+        if client::probe(&self.socket_path).await.is_ok() {
+            return Err(anyhow!(
+                "app server is running but is not managed by codex app-server daemon"
+            ));
+        }
+
+        Ok(self.output(
+            LifecycleStatus::NotRunning,
+            /*backend*/ None,
+            /*pid*/ None,
+            /*app_server_version*/ None,
+        ))
     }
 
     async fn version(&self) -> Result<LifecycleOutput> {
         let settings = self.load_settings().await?;
         let info = client::probe(&self.socket_path).await?;
-        Ok(self
-            .output(
-                LifecycleStatus::Running,
-                self.running_backend(&settings).await?,
-                /*pid*/ None,
-                Some(info.app_server_version),
-            )
-            .await)
+        Ok(self.output(
+            LifecycleStatus::Running,
+            self.running_backend(&settings).await?,
+            /*pid*/ None,
+            Some(info.app_server_version),
+        ))
     }
 
     async fn wait_until_ready(&self) -> Result<client::ProbeInfo> {
@@ -449,77 +338,24 @@ impl Daemon {
                     sleep(START_POLL_INTERVAL).await;
                 }
                 Err(err) => {
-                    let context = self.app_server_not_ready_context().await;
-                    return Err(err).context(context);
+                    return Err(err).with_context(|| {
+                        format!(
+                            "app server did not become ready on {}",
+                            self.socket_path.display()
+                        )
+                    });
                 }
             }
         }
     }
 
-    async fn app_server_not_ready_context(&self) -> String {
-        let mut context = format!(
-            "app server did not become ready on {}",
-            self.socket_path.display()
-        );
-        self.append_daemon_app_server_context(&mut context).await;
-        backend::append_stderr_log_tail_context(&self.pid_file, &mut context).await;
-        context
-    }
-
-    async fn append_daemon_app_server_context(&self, context: &mut String) {
-        let managed_codex_version = self
-            .managed_codex_version_best_effort()
-            .await
-            .unwrap_or_else(|| "unknown".to_string());
-        context.push_str(&format!(
-            "\n\nDaemon used app-server:\n  path: {}\n  version: {managed_codex_version}",
-            self.managed_codex_bin.display()
-        ));
-    }
-
     async fn bootstrap(&self, options: BootstrapOptions) -> Result<BootstrapOutput> {
         let _operation_lock = self.acquire_operation_lock().await?;
         self.bootstrap_locked(options).await
     }
 
-    async fn ensure_remote_control_started(&self) -> Result<RemoteControlStartOutput> {
-        let _operation_lock = self.acquire_operation_lock().await?;
-        let settings = self.load_settings().await?;
-        if self.is_bootstrapped(&settings).await? {
-            let _ = self
-                .set_remote_control_locked(RemoteControlMode::Enabled)
-                .await?;
-            let output = self.start().await?;
-            return Ok(RemoteControlStartOutput::Start(output));
-        }
-
-        let output = self
-            .bootstrap_locked(BootstrapOptions {
-                remote_control_enabled: true,
-            })
-            .await?;
-        Ok(RemoteControlStartOutput::Bootstrap(output))
-    }
-
-    async fn ensure_remote_control_ready(&self) -> Result<RemoteControlReadyOutput> {
-        let daemon = self.ensure_remote_control_started().await?;
-        let remote_control =
-            remote_control_client::enable_remote_control(&self.socket_path).await?;
-        Ok(RemoteControlReadyOutput {
-            daemon,
-            remote_control,
-        })
-    }
-
     async fn set_remote_control(&self, mode: RemoteControlMode) -> Result<RemoteControlOutput> {
         let _operation_lock = self.acquire_operation_lock().await?;
-        self.set_remote_control_locked(mode).await
-    }
-
-    async fn set_remote_control_locked(
-        &self,
-        mode: RemoteControlMode,
-    ) -> Result<RemoteControlOutput> {
         let previous_settings = self.load_settings().await?;
         let mut settings = previous_settings.clone();
         let remote_control_enabled = mode.is_enabled();
@@ -593,14 +429,12 @@ impl Daemon {
         updater.start().await?;
 
         let info = self.wait_until_ready().await?;
-        let managed_codex_version = self.managed_codex_version_best_effort().await;
         Ok(BootstrapOutput {
             status: BootstrapStatus::Bootstrapped,
             backend: BackendKind::Pid,
             auto_update_enabled: true,
             remote_control_enabled: settings.remote_control_enabled,
             managed_codex_path: self.managed_codex_bin.clone(),
-            managed_codex_version,
             socket_path: self.socket_path.clone(),
             cli_version: env!("CARGO_PKG_VERSION").to_string(),
             app_server_version: info.app_server_version,
@@ -626,61 +460,24 @@ impl Daemon {
     }
 
     async fn start_managed_backend(&self, settings: &DaemonSettings) -> Result<Option<u32>> {
-        self.start_managed_backend_with_bin(settings, &self.managed_codex_bin)
-            .await
-    }
-
-    async fn start_managed_backend_with_bin(
-        &self,
-        settings: &DaemonSettings,
-        managed_codex_bin: &Path,
-    ) -> Result<Option<u32>> {
-        let backend =
-            backend::pid_backend(self.backend_paths_with_bin(settings, managed_codex_bin));
+        let backend = backend::pid_backend(self.backend_paths(settings));
         backend.start().await
     }
 
-    async fn is_bootstrapped(&self, settings: &DaemonSettings) -> Result<bool> {
-        let updater = backend::pid_update_loop_backend(self.backend_paths(settings));
-        updater.is_starting_or_running().await
-    }
-
     fn ensure_managed_codex_bin(&self) -> Result<()> {
         if self.managed_codex_bin.is_file() {
             return Ok(());
         }
 
-        let managed_codex_path = self.managed_codex_bin.display();
         Err(anyhow!(
-            "managed standalone Codex install not found at {managed_codex_path}\n\n\
-             This command requires the standalone install managed by the Codex installer, because \
-             the daemon starts and updates app-server from that fixed path.\n\n\
-             Install it with:\n  curl -fsSL https://chatgpt.com/codex/install.sh | sh\n\n\
-             Then rerun the command you just tried."
+            "managed standalone Codex install not found at {}; install Codex first",
+            self.managed_codex_bin.display()
         ))
     }
 
-    #[cfg(unix)]
-    async fn managed_codex_version_best_effort(&self) -> Option<String> {
-        managed_codex_version(&self.managed_codex_bin).await.ok()
-    }
-
-    #[cfg(not(unix))]
-    async fn managed_codex_version_best_effort(&self) -> Option<String> {
-        None
-    }
-
     fn backend_paths(&self, settings: &DaemonSettings) -> BackendPaths {
-        self.backend_paths_with_bin(settings, &self.managed_codex_bin)
-    }
-
-    fn backend_paths_with_bin(
-        &self,
-        settings: &DaemonSettings,
-        managed_codex_bin: &Path,
-    ) -> BackendPaths {
         BackendPaths {
-            codex_bin: managed_codex_bin.to_path_buf(),
+            codex_bin: self.managed_codex_bin.clone(),
             pid_file: self.pid_file.clone(),
             update_pid_file: self.update_pid_file.clone(),
             remote_control_enabled: settings.remote_control_enabled,
@@ -729,20 +526,17 @@ impl Daemon {
             })
     }
 
-    async fn output(
+    fn output(
         &self,
         status: LifecycleStatus,
         backend: Option<BackendKind>,
         pid: Option<u32>,
         app_server_version: Option<String>,
     ) -> LifecycleOutput {
-        let managed_codex_version = self.managed_codex_version_best_effort().await;
         LifecycleOutput {
             status,
             backend,
             pid,
-            managed_codex_path: self.managed_codex_bin.clone(),
-            managed_codex_version,
             socket_path: self.socket_path.clone(),
             cli_version: Some(env!("CARGO_PKG_VERSION").to_string()),
             app_server_version,
@@ -781,32 +575,6 @@ fn already_remote_control_status(mode: RemoteControlMode) -> RemoteControlStatus
     }
 }
 
-#[cfg(unix)]
-fn restart_decision(
-    mode: RestartMode,
-    info: Option<&client::ProbeInfo>,
-    managed_version: Option<&str>,
-) -> RestartDecision {
-    match (mode, info, managed_version) {
-        (RestartMode::IfVersionChanged, None, _) => RestartDecision::NotReady,
-        (RestartMode::IfVersionChanged, Some(info), Some(managed_version))
-            if info.app_server_version == managed_version =>
-        {
-            RestartDecision::AlreadyCurrent
-        }
-        _ => RestartDecision::Restart,
-    }
-}
-
-#[cfg(unix)]
-fn should_reexec_updater(
-    updater_refresh_mode: UpdaterRefreshMode,
-    outcome: RestartIfRunningOutcome,
-) -> bool {
-    updater_refresh_mode == UpdaterRefreshMode::ReexecIfManagedBinaryChanged
-        && outcome == RestartIfRunningOutcome::Restarted
-}
-
 #[cfg(unix)]
 fn try_lock_file(file: &tokio::fs::File) -> Result<bool> {
     use std::os::fd::AsRawFd;
@@ -831,23 +599,26 @@ fn try_lock_file(_file: &tokio::fs::File) -> Result<bool> {
 #[cfg(all(test, unix))]
 mod tests {
     use pretty_assertions::assert_eq;
-    use tempfile::TempDir;
 
-    use super::BackendKind;
-    use super::BootstrapOutput;
     use super::BootstrapStatus;
-    use super::Daemon;
-    use super::LifecycleOutput;
     use super::LifecycleStatus;
-    use super::RemoteControlStartOutput;
     use super::RemoteControlStatus;
-    use super::RestartDecision;
-    use super::RestartIfRunningOutcome;
-    use super::RestartMode;
-    use super::UpdaterRefreshMode;
-    use super::restart_decision;
-    use super::should_reexec_updater;
-    use crate::client::ProbeInfo;
+
+    #[test]
+    fn lifecycle_status_uses_camel_case_json() {
+        assert_eq!(
+            serde_json::to_string(&LifecycleStatus::AlreadyRunning).expect("serialize"),
+            "\"alreadyRunning\""
+        );
+    }
+
+    #[test]
+    fn bootstrap_status_uses_camel_case_json() {
+        assert_eq!(
+            serde_json::to_string(&BootstrapStatus::Bootstrapped).expect("serialize"),
+            "\"bootstrapped\""
+        );
+    }
 
     #[test]
     fn remote_control_status_uses_camel_case_json() {
@@ -856,163 +627,4 @@ mod tests {
             "\"alreadyEnabled\""
         );
     }
-
-    #[test]
-    fn updater_reexec_waits_for_validated_restart() {
-        assert_eq!(
-            [
-                RestartIfRunningOutcome::Busy,
-                RestartIfRunningOutcome::NotReady,
-                RestartIfRunningOutcome::AlreadyCurrent,
-                RestartIfRunningOutcome::NotRunning,
-                RestartIfRunningOutcome::Restarted,
-            ]
-            .map(|outcome| {
-                should_reexec_updater(UpdaterRefreshMode::ReexecIfManagedBinaryChanged, outcome)
-            }),
-            [false, false, false, false, true]
-        );
-    }
-
-    #[test]
-    fn unchanged_updater_never_reexecs() {
-        assert_eq!(
-            [
-                RestartIfRunningOutcome::Busy,
-                RestartIfRunningOutcome::NotReady,
-                RestartIfRunningOutcome::AlreadyCurrent,
-                RestartIfRunningOutcome::NotRunning,
-                RestartIfRunningOutcome::Restarted,
-            ]
-            .map(|outcome| should_reexec_updater(UpdaterRefreshMode::None, outcome)),
-            [false, false, false, false, false]
-        );
-    }
-
-    #[test]
-    fn restart_decision_preserves_forced_refreshes() {
-        let current_info = ProbeInfo {
-            app_server_version: "0.1.0".to_string(),
-        };
-
-        assert_eq!(
-            [
-                restart_decision(
-                    RestartMode::IfVersionChanged,
-                    Some(&current_info),
-                    Some("0.1.0"),
-                ),
-                restart_decision(
-                    RestartMode::IfVersionChanged,
-                    /*info*/ None,
-                    /*managed_version*/ None,
-                ),
-                restart_decision(RestartMode::Always, Some(&current_info), Some("0.1.0")),
-                restart_decision(
-                    RestartMode::Always,
-                    /*info*/ None,
-                    /*managed_version*/ None,
-                ),
-            ],
-            [
-                RestartDecision::AlreadyCurrent,
-                RestartDecision::NotReady,
-                RestartDecision::Restart,
-                RestartDecision::Restart,
-            ]
-        );
-    }
-
-    #[test]
-    fn remote_control_start_output_serializes_inner_output_without_tag() {
-        let lifecycle_output = LifecycleOutput {
-            status: LifecycleStatus::AlreadyRunning,
-            backend: Some(BackendKind::Pid),
-            pid: None,
-            managed_codex_path: "codex".into(),
-            managed_codex_version: Some("1.2.3".to_string()),
-            socket_path: "codex.sock".into(),
-            cli_version: Some("1.2.3".to_string()),
-            app_server_version: Some("1.2.4".to_string()),
-        };
-        let output = RemoteControlStartOutput::Start(lifecycle_output.clone());
-
-        assert_eq!(
-            serde_json::to_value(&lifecycle_output).expect("serialize"),
-            serde_json::json!({
-                "status": "alreadyRunning",
-                "backend": "pid",
-                "managedCodexPath": "codex",
-                "managedCodexVersion": "1.2.3",
-                "socketPath": "codex.sock",
-                "cliVersion": "1.2.3",
-                "appServerVersion": "1.2.4",
-            })
-        );
-        assert_eq!(
-            serde_json::to_value(output).expect("serialize"),
-            serde_json::to_value(lifecycle_output).expect("serialize")
-        );
-
-        let bootstrap_output = BootstrapOutput {
-            status: BootstrapStatus::Bootstrapped,
-            backend: BackendKind::Pid,
-            auto_update_enabled: true,
-            remote_control_enabled: true,
-            managed_codex_path: "codex".into(),
-            managed_codex_version: Some("1.2.3".to_string()),
-            socket_path: "codex.sock".into(),
-            cli_version: "1.2.3".to_string(),
-            app_server_version: "1.2.4".to_string(),
-        };
-        let output = RemoteControlStartOutput::Bootstrap(bootstrap_output.clone());
-
-        assert_eq!(
-            serde_json::to_value(&bootstrap_output).expect("serialize"),
-            serde_json::json!({
-                "status": "bootstrapped",
-                "backend": "pid",
-                "autoUpdateEnabled": true,
-                "remoteControlEnabled": true,
-                "managedCodexPath": "codex",
-                "managedCodexVersion": "1.2.3",
-                "socketPath": "codex.sock",
-                "cliVersion": "1.2.3",
-                "appServerVersion": "1.2.4",
-            })
-        );
-        assert_eq!(
-            serde_json::to_value(output).expect("serialize"),
-            serde_json::to_value(bootstrap_output).expect("serialize")
-        );
-    }
-
-    #[tokio::test]
-    async fn not_ready_context_reports_daemon_app_server_before_stderr() {
-        let temp_dir = TempDir::new().expect("temp dir");
-        let daemon = Daemon {
-            socket_path: temp_dir.path().join("app-server-control.sock"),
-            pid_file: temp_dir.path().join("app-server.pid"),
-            update_pid_file: temp_dir.path().join("app-server-updater.pid"),
-            operation_lock_file: temp_dir.path().join("daemon.lock"),
-            settings_file: temp_dir.path().join("settings.json"),
-            managed_codex_bin: temp_dir.path().join("missing-codex"),
-        };
-        let stderr_log = daemon.pid_file.with_extension("stderr.log");
-        tokio::fs::write(&stderr_log, "unexpected argument")
-            .await
-            .expect("write stderr log");
-
-        assert_eq!(
-            daemon.app_server_not_ready_context().await,
-            format!(
-                "app server did not become ready on {}\n\n\
-                 Daemon used app-server:\n  path: {}\n  version: unknown\n\n\
-                 Managed app-server stderr ({}):\n  unexpected argument",
-                daemon.socket_path.display(),
-                daemon.managed_codex_bin.display(),
-                stderr_log.display()
-            )
-        );
-    }
 }

codex-rs/app-server-daemon/src/managed_install.rs

@@ -8,12 +8,6 @@ use anyhow::Result;
 #[cfg(unix)]
 use anyhow::anyhow;
 #[cfg(unix)]
-use sha2::Digest;
-#[cfg(unix)]
-use sha2::Sha256;
-#[cfg(unix)]
-use tokio::fs;
-#[cfg(unix)]
 use tokio::process::Command;
 
 pub(crate) fn managed_codex_bin(codex_home: &Path) -> PathBuf {
@@ -24,16 +18,6 @@ pub(crate) fn managed_codex_bin(codex_home: &Path) -> PathBuf {
         .join(managed_codex_file_name())
 }
 
-#[cfg(unix)]
-pub(crate) async fn resolved_managed_codex_bin(codex_bin: &Path) -> Result<PathBuf> {
-    fs::canonicalize(codex_bin).await.with_context(|| {
-        format!(
-            "failed to resolve managed Codex binary {}",
-            codex_bin.display()
-        )
-    })
-}
-
 #[cfg(unix)]
 pub(crate) async fn managed_codex_version(codex_bin: &Path) -> Result<String> {
     let output = Command::new(codex_bin)
@@ -63,27 +47,6 @@ pub(crate) async fn managed_codex_version(codex_bin: &Path) -> Result<String> {
     parse_codex_version(&stdout)
 }
 
-#[cfg(unix)]
-#[derive(Debug, Clone, PartialEq, Eq)]
-pub(crate) struct ExecutableIdentity {
-    digest: [u8; 32],
-}
-
-#[cfg(unix)]
-pub(crate) async fn executable_identity(executable: &Path) -> Result<ExecutableIdentity> {
-    let bytes = fs::read(executable)
-        .await
-        .with_context(|| format!("failed to read executable {}", executable.display()))?;
-    Ok(executable_identity_from_bytes(&bytes))
-}
-
-#[cfg(unix)]
-pub(crate) fn executable_identity_from_bytes(bytes: &[u8]) -> ExecutableIdentity {
-    ExecutableIdentity {
-        digest: Sha256::digest(bytes).into(),
-    }
-}
-
 fn managed_codex_file_name() -> &'static str {
     if cfg!(windows) { "codex.exe" } else { "codex" }
 }

codex-rs/app-server-daemon/src/managed_install_tests.rs

@@ -1,6 +1,5 @@
 use pretty_assertions::assert_eq;
 
-use super::executable_identity_from_bytes;
 use super::parse_codex_version;
 
 #[test]
@@ -15,13 +14,3 @@ fn parses_codex_cli_version_output() {
 fn rejects_malformed_codex_cli_version_output() {
     assert!(parse_codex_version("codex\n").is_err());
 }
-
-#[test]
-fn executable_identity_uses_binary_contents() {
-    let old = executable_identity_from_bytes(b"old");
-    let same = executable_identity_from_bytes(b"old");
-    let new = executable_identity_from_bytes(b"new");
-
-    assert_eq!(old, same);
-    assert_ne!(old, new);
-}

codex-rs/app-server-daemon/src/remote_control_client.rs

@@ -1,459 +0,0 @@
-use std::path::Path;
-use std::time::Duration;
-
-use anyhow::Context;
-use anyhow::Result;
-use anyhow::anyhow;
-use codex_app_server_protocol::JSONRPCMessage;
-use codex_app_server_protocol::JSONRPCNotification;
-use codex_app_server_protocol::JSONRPCRequest;
-use codex_app_server_protocol::RemoteControlConnectionStatus;
-use codex_app_server_protocol::RemoteControlEnableResponse;
-use codex_app_server_protocol::RemoteControlStatusChangedNotification;
-use codex_app_server_protocol::RequestId;
-use tokio::io::AsyncRead;
-use tokio::io::AsyncWrite;
-use tokio::time::Instant;
-use tokio::time::sleep;
-use tokio::time::timeout;
-use tokio_tungstenite::WebSocketStream;
-
-use crate::RemoteControlReadyStatus;
-use crate::client;
-
-const REMOTE_CONTROL_READY_TIMEOUT: Duration = Duration::from_secs(10);
-const REMOTE_CONTROL_ENABLE_REQUEST_ID: RequestId = RequestId::Integer(2);
-
-pub(crate) async fn enable_remote_control(socket_path: &Path) -> Result<RemoteControlReadyStatus> {
-    let mut websocket = client::connect(socket_path).await?;
-    enable_remote_control_with_timeout(&mut websocket, REMOTE_CONTROL_READY_TIMEOUT).await
-}
-
-pub(crate) async fn enable_remote_control_with_connect_retry(
-    socket_path: &Path,
-    connect_timeout: Duration,
-    connect_retry_delay: Duration,
-) -> Result<RemoteControlReadyStatus> {
-    let mut websocket =
-        connect_with_retry(socket_path, connect_timeout, connect_retry_delay).await?;
-    enable_remote_control_with_timeout(&mut websocket, REMOTE_CONTROL_READY_TIMEOUT).await
-}
-
-async fn enable_remote_control_with_timeout<S>(
-    websocket: &mut WebSocketStream<S>,
-    ready_timeout: Duration,
-) -> Result<RemoteControlReadyStatus>
-where
-    S: AsyncRead + AsyncWrite + Unpin,
-{
-    client::initialize(websocket, /*experimental_api*/ true).await?;
-    let initialized = JSONRPCMessage::Notification(JSONRPCNotification {
-        method: "initialized".to_string(),
-        params: None,
-    });
-    client::send_message(websocket, &initialized)
-        .await
-        .context("failed to send initialized notification")?;
-
-    let enable = JSONRPCMessage::Request(JSONRPCRequest {
-        id: REMOTE_CONTROL_ENABLE_REQUEST_ID,
-        method: "remoteControl/enable".to_string(),
-        params: None,
-        trace: None,
-    });
-    client::send_message(websocket, &enable)
-        .await
-        .context("failed to send remoteControl/enable request")?;
-
-    let mut latest = read_enable_response(websocket).await?;
-    if latest.status == RemoteControlConnectionStatus::Connecting {
-        latest = wait_for_remote_control_status(websocket, latest, ready_timeout).await?;
-    }
-    websocket.close(None).await.ok();
-    Ok(latest)
-}
-
-async fn connect_with_retry(
-    socket_path: &Path,
-    connect_timeout: Duration,
-    connect_retry_delay: Duration,
-) -> Result<WebSocketStream<codex_uds::UnixStream>> {
-    let deadline = Instant::now() + connect_timeout;
-    loop {
-        match client::connect(socket_path).await {
-            Ok(websocket) => return Ok(websocket),
-            Err(_) if Instant::now() < deadline => {
-                sleep(connect_retry_delay).await;
-            }
-            Err(error) => {
-                return Err(error).with_context(|| {
-                    format!(
-                        "app server did not become ready on {}",
-                        socket_path.display()
-                    )
-                });
-            }
-        }
-    }
-}
-
-async fn read_enable_response<S>(
-    websocket: &mut WebSocketStream<S>,
-) -> Result<RemoteControlReadyStatus>
-where
-    S: AsyncRead + AsyncWrite + Unpin,
-{
-    loop {
-        let message = timeout(
-            client::CONTROL_SOCKET_RESPONSE_TIMEOUT,
-            client::read_message(websocket),
-        )
-        .await
-        .context("timed out waiting for remoteControl/enable response")??;
-        match message {
-            JSONRPCMessage::Response(response)
-                if response.id == REMOTE_CONTROL_ENABLE_REQUEST_ID =>
-            {
-                let response =
-                    serde_json::from_value::<RemoteControlEnableResponse>(response.result)
-                        .context("failed to parse remoteControl/enable response")?;
-                return Ok(RemoteControlReadyStatus::from(response));
-            }
-            JSONRPCMessage::Error(err) if err.id == REMOTE_CONTROL_ENABLE_REQUEST_ID => {
-                return Err(anyhow!(
-                    "remoteControl/enable failed: {}",
-                    err.error.message
-                ));
-            }
-            JSONRPCMessage::Notification(notification)
-                if remote_control_status_notification(&notification).is_some() =>
-            {
-                continue;
-            }
-            _ => {}
-        }
-    }
-}
-
-async fn wait_for_remote_control_status<S>(
-    websocket: &mut WebSocketStream<S>,
-    mut latest: RemoteControlReadyStatus,
-    ready_timeout: Duration,
-) -> Result<RemoteControlReadyStatus>
-where
-    S: AsyncRead + AsyncWrite + Unpin,
-{
-    let deadline = tokio::time::Instant::now() + ready_timeout;
-    while tokio::time::Instant::now() < deadline {
-        let remaining = deadline.saturating_duration_since(tokio::time::Instant::now());
-        let message = match timeout(remaining, client::read_message(websocket)).await {
-            Ok(Ok(message)) => message,
-            Ok(Err(err)) => return Err(err),
-            Err(_) => {
-                latest.timed_out = true;
-                return Ok(latest);
-            }
-        };
-        let JSONRPCMessage::Notification(notification) = message else {
-            continue;
-        };
-        let Some(status) = remote_control_status_notification(&notification) else {
-            continue;
-        };
-        latest = RemoteControlReadyStatus::from(status);
-        if latest.status != RemoteControlConnectionStatus::Connecting {
-            return Ok(latest);
-        }
-    }
-    latest.timed_out = true;
-    Ok(latest)
-}
-
-fn remote_control_status_notification(
-    notification: &JSONRPCNotification,
-) -> Option<RemoteControlStatusChangedNotification> {
-    if notification.method != "remoteControl/status/changed" {
-        return None;
-    }
-    let params = notification.params.clone()?;
-    serde_json::from_value(params).ok()
-}
-
-impl From<RemoteControlEnableResponse> for RemoteControlReadyStatus {
-    fn from(response: RemoteControlEnableResponse) -> Self {
-        let RemoteControlEnableResponse {
-            status,
-            server_name,
-            installation_id: _,
-            environment_id,
-        } = response;
-        Self {
-            status,
-            server_name,
-            environment_id,
-            timed_out: false,
-        }
-    }
-}
-
-impl From<RemoteControlStatusChangedNotification> for RemoteControlReadyStatus {
-    fn from(notification: RemoteControlStatusChangedNotification) -> Self {
-        let RemoteControlStatusChangedNotification {
-            status,
-            server_name,
-            installation_id: _,
-            environment_id,
-        } = notification;
-        Self {
-            status,
-            server_name,
-            environment_id,
-            timed_out: false,
-        }
-    }
-}
-
-#[cfg(all(test, unix))]
-mod tests {
-    use anyhow::Result;
-    use codex_app_server_protocol::JSONRPCResponse;
-    use codex_uds::UnixListener;
-    use pretty_assertions::assert_eq;
-    use tempfile::TempDir;
-    use tokio_tungstenite::accept_async;
-
-    use super::*;
-
-    const INITIALIZE_REQUEST_ID: RequestId = RequestId::Integer(1);
-    const TEST_INSTALLATION_ID: &str = "11111111-1111-4111-8111-111111111111";
-    const TEST_SERVER_NAME: &str = "owen-mbp";
-    const TEST_CODEX_HOME: &str = "/tmp/codex-home";
-
-    #[tokio::test]
-    async fn enable_remote_control_uses_connected_enable_response_without_later_notification()
-    -> Result<()> {
-        let status = run_enable_remote_control_scenario(EnableScenario {
-            initial_notification: Some(remote_control_status(
-                RemoteControlConnectionStatus::Connected,
-                Some("env_test"),
-            )),
-            enable_response: remote_control_status(
-                RemoteControlConnectionStatus::Connected,
-                Some("env_test"),
-            ),
-            after_enable_notification: None,
-            ready_timeout: Duration::from_millis(20),
-        })
-        .await?;
-
-        assert_eq!(
-            status,
-            RemoteControlReadyStatus {
-                status: RemoteControlConnectionStatus::Connected,
-                server_name: TEST_SERVER_NAME.to_string(),
-                environment_id: Some("env_test".to_string()),
-                timed_out: false,
-            }
-        );
-        Ok(())
-    }
-
-    #[tokio::test]
-    async fn enable_remote_control_waits_for_connected_notification() -> Result<()> {
-        let status = run_enable_remote_control_scenario(EnableScenario {
-            initial_notification: None,
-            enable_response: remote_control_status(
-                RemoteControlConnectionStatus::Connecting,
-                /*environment_id*/ None,
-            ),
-            after_enable_notification: Some(remote_control_status(
-                RemoteControlConnectionStatus::Connected,
-                Some("env_test"),
-            )),
-            ready_timeout: Duration::from_secs(1),
-        })
-        .await?;
-
-        assert_eq!(
-            status,
-            RemoteControlReadyStatus {
-                status: RemoteControlConnectionStatus::Connected,
-                server_name: TEST_SERVER_NAME.to_string(),
-                environment_id: Some("env_test".to_string()),
-                timed_out: false,
-            }
-        );
-        Ok(())
-    }
-
-    #[tokio::test]
-    async fn enable_remote_control_reports_connecting_after_timeout() -> Result<()> {
-        let status = run_enable_remote_control_scenario(EnableScenario {
-            initial_notification: None,
-            enable_response: remote_control_status(
-                RemoteControlConnectionStatus::Connecting,
-                /*environment_id*/ None,
-            ),
-            after_enable_notification: None,
-            ready_timeout: Duration::from_millis(20),
-        })
-        .await?;
-
-        assert_eq!(
-            status,
-            RemoteControlReadyStatus {
-                status: RemoteControlConnectionStatus::Connecting,
-                server_name: TEST_SERVER_NAME.to_string(),
-                environment_id: None,
-                timed_out: true,
-            }
-        );
-        Ok(())
-    }
-
-    #[tokio::test]
-    async fn enable_remote_control_returns_errored_enable_response() -> Result<()> {
-        let status = run_enable_remote_control_scenario(EnableScenario {
-            initial_notification: None,
-            enable_response: remote_control_status(
-                RemoteControlConnectionStatus::Errored,
-                /*environment_id*/ None,
-            ),
-            after_enable_notification: None,
-            ready_timeout: Duration::from_millis(20),
-        })
-        .await?;
-
-        assert_eq!(
-            status,
-            RemoteControlReadyStatus {
-                status: RemoteControlConnectionStatus::Errored,
-                server_name: TEST_SERVER_NAME.to_string(),
-                environment_id: None,
-                timed_out: false,
-            }
-        );
-        Ok(())
-    }
-
-    struct EnableScenario {
-        initial_notification: Option<RemoteControlStatusChangedNotification>,
-        enable_response: RemoteControlStatusChangedNotification,
-        after_enable_notification: Option<RemoteControlStatusChangedNotification>,
-        ready_timeout: Duration,
-    }
-
-    async fn run_enable_remote_control_scenario(
-        scenario: EnableScenario,
-    ) -> Result<RemoteControlReadyStatus> {
-        let dir = TempDir::new()?;
-        let socket_path = dir.path().join("app-server.sock");
-        let listener = UnixListener::bind(&socket_path).await?;
-        let ready_timeout = scenario.ready_timeout;
-        let server_task = tokio::spawn(serve_enable_remote_control_scenario(listener, scenario));
-
-        let mut websocket = client::connect(&socket_path).await?;
-        let status = enable_remote_control_with_timeout(&mut websocket, ready_timeout).await?;
-        server_task.await??;
-        Ok(status)
-    }
-
-    async fn serve_enable_remote_control_scenario(
-        mut listener: UnixListener,
-        scenario: EnableScenario,
-    ) -> Result<()> {
-        let stream = listener.accept().await?;
-        let mut websocket = accept_async(stream).await?;
-
-        let initialize = client::read_message(&mut websocket).await?;
-        let JSONRPCMessage::Request(initialize) = initialize else {
-            panic!("expected initialize request");
-        };
-        assert_eq!(initialize.id, INITIALIZE_REQUEST_ID);
-        assert_eq!(initialize.method, "initialize");
-        let Some(initialize_params) = initialize.params else {
-            panic!("expected initialize params");
-        };
-        assert_eq!(
-            initialize_params["capabilities"]["experimentalApi"],
-            serde_json::Value::Bool(true)
-        );
-        client::send_message(
-            &mut websocket,
-            &JSONRPCMessage::Response(JSONRPCResponse {
-                id: INITIALIZE_REQUEST_ID,
-                result: serde_json::json!({
-                    "userAgent": "codex_app_server/1.2.3",
-                    "codexHome": TEST_CODEX_HOME,
-                    "platformFamily": "unix",
-                    "platformOs": "macos",
-                }),
-            }),
-        )
-        .await?;
-
-        let initialized = client::read_message(&mut websocket).await?;
-        let JSONRPCMessage::Notification(initialized) = initialized else {
-            panic!("expected initialized notification");
-        };
-        assert_eq!(initialized.method, "initialized");
-
-        if let Some(status) = scenario.initial_notification {
-            send_remote_control_status(&mut websocket, status).await?;
-        }
-
-        let enable = client::read_message(&mut websocket).await?;
-        let JSONRPCMessage::Request(enable) = enable else {
-            panic!("expected remoteControl/enable request");
-        };
-        assert_eq!(enable.id, REMOTE_CONTROL_ENABLE_REQUEST_ID);
-        assert_eq!(enable.method, "remoteControl/enable");
-        client::send_message(
-            &mut websocket,
-            &JSONRPCMessage::Response(JSONRPCResponse {
-                id: REMOTE_CONTROL_ENABLE_REQUEST_ID,
-                result: serde_json::to_value(RemoteControlEnableResponse::from(
-                    scenario.enable_response,
-                ))?,
-            }),
-        )
-        .await?;
-
-        if let Some(status) = scenario.after_enable_notification {
-            send_remote_control_status(&mut websocket, status).await?;
-        } else {
-            tokio::time::sleep(Duration::from_millis(50)).await;
-        }
-
-        Ok(())
-    }
-
-    async fn send_remote_control_status<S>(
-        websocket: &mut WebSocketStream<S>,
-        status: RemoteControlStatusChangedNotification,
-    ) -> Result<()>
-    where
-        S: tokio::io::AsyncRead + tokio::io::AsyncWrite + Unpin,
-    {
-        client::send_message(
-            websocket,
-            &JSONRPCMessage::Notification(JSONRPCNotification {
-                method: "remoteControl/status/changed".to_string(),
-                params: Some(serde_json::to_value(status)?),
-            }),
-        )
-        .await
-    }
-
-    fn remote_control_status(
-        status: RemoteControlConnectionStatus,
-        environment_id: Option<&str>,
-    ) -> RemoteControlStatusChangedNotification {
-        RemoteControlStatusChangedNotification {
-            status,
-            server_name: TEST_SERVER_NAME.to_string(),
-            installation_id: TEST_INSTALLATION_ID.to_string(),
-            environment_id: environment_id.map(str::to_string),
-        }
-    }
-}

codex-rs/app-server-daemon/src/update_loop.rs

@@ -1,6 +1,4 @@
 #[cfg(unix)]
-use std::process::Command as StdCommand;
-#[cfg(unix)]
 use std::process::Stdio;
 #[cfg(unix)]
 use std::time::Duration;
@@ -13,8 +11,6 @@ use anyhow::bail;
 #[cfg(unix)]
 use futures::FutureExt;
 #[cfg(unix)]
-use std::os::unix::process::CommandExt;
-#[cfg(unix)]
 use tokio::io::AsyncWriteExt;
 #[cfg(unix)]
 use tokio::process::Command;
@@ -31,16 +27,6 @@ use tokio::time::sleep;
 use crate::Daemon;
 #[cfg(unix)]
 use crate::RestartIfRunningOutcome;
-#[cfg(unix)]
-use crate::RestartMode;
-#[cfg(unix)]
-use crate::UpdaterRefreshMode;
-#[cfg(unix)]
-use crate::managed_install::ExecutableIdentity;
-#[cfg(unix)]
-use crate::managed_install::executable_identity;
-#[cfg(unix)]
-use crate::managed_install::resolved_managed_codex_bin;
 
 #[cfg(unix)]
 const INITIAL_UPDATE_DELAY: Duration = Duration::from_secs(5 * 60);
@@ -53,12 +39,11 @@ const UPDATE_INTERVAL: Duration = Duration::from_secs(60 * 60);
 pub(crate) async fn run() -> Result<()> {
     let mut terminate =
         signal(SignalKind::terminate()).context("failed to install updater shutdown handler")?;
-    let running_updater_identity = current_updater_identity().await?;
     if sleep_or_terminate(INITIAL_UPDATE_DELAY, &mut terminate).await {
         return Ok(());
     }
     loop {
-        match update_once(&running_updater_identity, &mut terminate).await {
+        match update_once(&mut terminate).await {
             Ok(UpdateLoopControl::Continue) | Err(_) => {}
             Ok(UpdateLoopControl::Stop) => return Ok(()),
         }
@@ -88,71 +73,25 @@ enum UpdateLoopControl {
 }
 
 #[cfg(unix)]
-async fn update_once(
-    running_updater_identity: &ExecutableIdentity,
-    terminate: &mut Signal,
-) -> Result<UpdateLoopControl> {
+async fn update_once(terminate: &mut Signal) -> Result<UpdateLoopControl> {
     install_latest_standalone().await?;
 
     let daemon = Daemon::from_environment()?;
-    let managed_codex_bin = resolved_managed_codex_bin(&daemon.managed_codex_bin).await?;
-    let managed_identity = executable_identity(&managed_codex_bin).await?;
-    let (restart_mode, updater_refresh_mode) =
-        update_modes_for_identities(running_updater_identity, &managed_identity);
-
     loop {
         if terminate.recv().now_or_never().flatten().is_some() {
             return Ok(UpdateLoopControl::Stop);
         }
-        match daemon
-            .try_restart_if_running(restart_mode, updater_refresh_mode, &managed_codex_bin)
-            .await?
-        {
+        match daemon.try_restart_if_running().await? {
+            RestartIfRunningOutcome::Completed => return Ok(UpdateLoopControl::Continue),
             RestartIfRunningOutcome::Busy => {
                 if sleep_or_terminate(RESTART_RETRY_INTERVAL, terminate).await {
                     return Ok(UpdateLoopControl::Stop);
                 }
             }
-            _ => return Ok(UpdateLoopControl::Continue),
         }
     }
 }
 
-#[cfg(unix)]
-async fn current_updater_identity() -> Result<ExecutableIdentity> {
-    let current_exe =
-        std::env::current_exe().context("failed to resolve current updater executable")?;
-    executable_identity(&current_exe).await
-}
-
-#[cfg(unix)]
-fn update_modes_for_identities(
-    running_updater_identity: &ExecutableIdentity,
-    managed_identity: &ExecutableIdentity,
-) -> (RestartMode, UpdaterRefreshMode) {
-    if running_updater_identity == managed_identity {
-        (RestartMode::IfVersionChanged, UpdaterRefreshMode::None)
-    } else {
-        (
-            RestartMode::Always,
-            UpdaterRefreshMode::ReexecIfManagedBinaryChanged,
-        )
-    }
-}
-
-#[cfg(unix)]
-pub(crate) fn reexec_managed_updater(managed_codex_bin: &std::path::Path) -> Result<()> {
-    let err = StdCommand::new(managed_codex_bin)
-        .args(["app-server", "daemon", "pid-update-loop"])
-        .exec();
-    Err(err).with_context(|| {
-        format!(
-            "failed to replace updater with managed Codex binary {}",
-            managed_codex_bin.display()
-        )
-    })
-}
-
 #[cfg(unix)]
 async fn install_latest_standalone() -> Result<()> {
     let script = reqwest::get("https://chatgpt.com/codex/install.sh")
@@ -191,7 +130,3 @@ async fn install_latest_standalone() -> Result<()> {
         anyhow::bail!("standalone Codex updater exited with status {status}")
     }
 }
-
-#[cfg(all(test, unix))]
-#[path = "update_loop_tests.rs"]
-mod tests;

codex-rs/app-server-daemon/src/update_loop_tests.rs

@@ -1,31 +0,0 @@
-use pretty_assertions::assert_eq;
-
-use super::update_modes_for_identities;
-use crate::RestartMode;
-use crate::UpdaterRefreshMode;
-use crate::managed_install::executable_identity_from_bytes;
-
-#[test]
-fn unchanged_updater_uses_version_based_restart() {
-    assert_eq!(
-        update_modes_for_identities(
-            &executable_identity_from_bytes(b"same"),
-            &executable_identity_from_bytes(b"same"),
-        ),
-        (RestartMode::IfVersionChanged, UpdaterRefreshMode::None)
-    );
-}
-
-#[test]
-fn changed_updater_forces_refresh_even_when_version_may_match() {
-    assert_eq!(
-        update_modes_for_identities(
-            &executable_identity_from_bytes(b"old"),
-            &executable_identity_from_bytes(b"new"),
-        ),
-        (
-            RestartMode::Always,
-            UpdaterRefreshMode::ReexecIfManagedBinaryChanged,
-        )
-    );
-}

codex-rs/app-server-protocol/schema/json/ClientRequest.json

@@ -5,26 +5,6 @@
       "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
       "type": "string"
     },
-    "ActivePermissionProfile": {
-      "properties": {
-        "extends": {
-          "default": null,
-          "description": "Parent profile identifier once permissions profiles support inheritance. This is currently always `null`.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "id": {
-          "description": "Identifier from `default_permissions` or the implicit built-in default, such as `:workspace` or a user-defined `[permissions.<id>]` profile.",
-          "type": "string"
-        }
-      },
-      "required": [
-        "id"
-      ],
-      "type": "object"
-    },
     "AddCreditsNudgeCreditType": {
       "enum": [
         "credits",
@@ -611,13 +591,6 @@
             "integer",
             "null"
           ]
-        },
-        "threadId": {
-          "description": "Optional loaded thread id. Pass this when showing feature state for an existing thread so enablement is computed from that thread's refreshed config, including project-local config for the thread's cwd.",
-          "type": [
-            "string",
-            "null"
-          ]
         }
       },
       "type": "object"
@@ -746,6 +719,202 @@
       ],
       "type": "object"
     },
+    "FileSystemAccessMode": {
+      "enum": [
+        "read",
+        "write",
+        "none"
+      ],
+      "type": "string"
+    },
+    "FileSystemPath": {
+      "oneOf": [
+        {
+          "properties": {
+            "path": {
+              "$ref": "#/definitions/AbsolutePathBuf"
+            },
+            "type": {
+              "enum": [
+                "path"
+              ],
+              "title": "PathFileSystemPathType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "path",
+            "type"
+          ],
+          "title": "PathFileSystemPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "pattern": {
+              "type": "string"
+            },
+            "type": {
+              "enum": [
+                "glob_pattern"
+              ],
+              "title": "GlobPatternFileSystemPathType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "pattern",
+            "type"
+          ],
+          "title": "GlobPatternFileSystemPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "special"
+              ],
+              "title": "SpecialFileSystemPathType",
+              "type": "string"
+            },
+            "value": {
+              "$ref": "#/definitions/FileSystemSpecialPath"
+            }
+          },
+          "required": [
+            "type",
+            "value"
+          ],
+          "title": "SpecialFileSystemPath",
+          "type": "object"
+        }
+      ]
+    },
+    "FileSystemSandboxEntry": {
+      "properties": {
+        "access": {
+          "$ref": "#/definitions/FileSystemAccessMode"
+        },
+        "path": {
+          "$ref": "#/definitions/FileSystemPath"
+        }
+      },
+      "required": [
+        "access",
+        "path"
+      ],
+      "type": "object"
+    },
+    "FileSystemSpecialPath": {
+      "oneOf": [
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "root"
+              ],
+              "type": "string"
+            }
+          },
+          "required": [
+            "kind"
+          ],
+          "title": "RootFileSystemSpecialPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "minimal"
+              ],
+              "type": "string"
+            }
+          },
+          "required": [
+            "kind"
+          ],
+          "title": "MinimalFileSystemSpecialPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "project_roots"
+              ],
+              "type": "string"
+            },
+            "subpath": {
+              "type": [
+                "string",
+                "null"
+              ]
+            }
+          },
+          "required": [
+            "kind"
+          ],
+          "title": "KindFileSystemSpecialPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "tmpdir"
+              ],
+              "type": "string"
+            }
+          },
+          "required": [
+            "kind"
+          ],
+          "title": "TmpdirFileSystemSpecialPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "slash_tmp"
+              ],
+              "type": "string"
+            }
+          },
+          "required": [
+            "kind"
+          ],
+          "title": "SlashTmpFileSystemSpecialPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "unknown"
+              ],
+              "type": "string"
+            },
+            "path": {
+              "type": "string"
+            },
+            "subpath": {
+              "type": [
+                "string",
+                "null"
+              ]
+            }
+          },
+          "required": [
+            "kind",
+            "path"
+          ],
+          "type": "object"
+        }
+      ]
+    },
     "FsCopyParams": {
       "description": "Copy a file or directory tree on the host filesystem.",
       "properties": {
@@ -1066,6 +1235,8 @@
     },
     "ImageDetail": {
       "enum": [
+        "auto",
+        "low",
         "high",
         "original"
       ],
@@ -1561,6 +1732,194 @@
       ],
       "type": "string"
     },
+    "PermissionProfile": {
+      "oneOf": [
+        {
+          "description": "Codex owns sandbox construction for this profile.",
+          "properties": {
+            "fileSystem": {
+              "$ref": "#/definitions/PermissionProfileFileSystemPermissions"
+            },
+            "network": {
+              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
+            },
+            "type": {
+              "enum": [
+                "managed"
+              ],
+              "title": "ManagedPermissionProfileType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "fileSystem",
+            "network",
+            "type"
+          ],
+          "title": "ManagedPermissionProfile",
+          "type": "object"
+        },
+        {
+          "description": "Do not apply an outer sandbox.",
+          "properties": {
+            "type": {
+              "enum": [
+                "disabled"
+              ],
+              "title": "DisabledPermissionProfileType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "DisabledPermissionProfile",
+          "type": "object"
+        },
+        {
+          "description": "Filesystem isolation is enforced by an external caller.",
+          "properties": {
+            "network": {
+              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
+            },
+            "type": {
+              "enum": [
+                "external"
+              ],
+              "title": "ExternalPermissionProfileType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "network",
+            "type"
+          ],
+          "title": "ExternalPermissionProfile",
+          "type": "object"
+        }
+      ]
+    },
+    "PermissionProfileFileSystemPermissions": {
+      "oneOf": [
+        {
+          "properties": {
+            "entries": {
+              "items": {
+                "$ref": "#/definitions/FileSystemSandboxEntry"
+              },
+              "type": "array"
+            },
+            "globScanMaxDepth": {
+              "format": "uint",
+              "minimum": 1.0,
+              "type": [
+                "integer",
+                "null"
+              ]
+            },
+            "type": {
+              "enum": [
+                "restricted"
+              ],
+              "title": "RestrictedPermissionProfileFileSystemPermissionsType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "entries",
+            "type"
+          ],
+          "title": "RestrictedPermissionProfileFileSystemPermissions",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "unrestricted"
+              ],
+              "title": "UnrestrictedPermissionProfileFileSystemPermissionsType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "UnrestrictedPermissionProfileFileSystemPermissions",
+          "type": "object"
+        }
+      ]
+    },
+    "PermissionProfileModificationParams": {
+      "oneOf": [
+        {
+          "description": "Additional concrete directory that should be writable.",
+          "properties": {
+            "path": {
+              "$ref": "#/definitions/AbsolutePathBuf"
+            },
+            "type": {
+              "enum": [
+                "additionalWritableRoot"
+              ],
+              "title": "AdditionalWritableRootPermissionProfileModificationParamsType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "path",
+            "type"
+          ],
+          "title": "AdditionalWritableRootPermissionProfileModificationParams",
+          "type": "object"
+        }
+      ]
+    },
+    "PermissionProfileNetworkPermissions": {
+      "properties": {
+        "enabled": {
+          "type": "boolean"
+        }
+      },
+      "required": [
+        "enabled"
+      ],
+      "type": "object"
+    },
+    "PermissionProfileSelectionParams": {
+      "oneOf": [
+        {
+          "description": "Select a named built-in or user-defined profile and optionally apply bounded modifications that Codex knows how to validate.",
+          "properties": {
+            "id": {
+              "type": "string"
+            },
+            "modifications": {
+              "items": {
+                "$ref": "#/definitions/PermissionProfileModificationParams"
+              },
+              "type": [
+                "array",
+                "null"
+              ]
+            },
+            "type": {
+              "enum": [
+                "profile"
+              ],
+              "title": "ProfilePermissionProfileSelectionParamsType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "id",
+            "type"
+          ],
+          "title": "ProfilePermissionProfileSelectionParams",
+          "type": "object"
+        }
+      ]
+    },
     "Personality": {
       "enum": [
         "none",
@@ -1596,31 +1955,6 @@
       ],
       "type": "object"
     },
-    "PluginInstalledParams": {
-      "properties": {
-        "cwds": {
-          "description": "Optional working directories used to discover repo marketplaces.",
-          "items": {
-            "$ref": "#/definitions/AbsolutePathBuf"
-          },
-          "type": [
-            "array",
-            "null"
-          ]
-        },
-        "installSuggestionPluginNames": {
-          "description": "Additional uninstalled plugin names that should be returned when present locally. This is used by mention surfaces that intentionally expose install entrypoints.",
-          "items": {
-            "type": "string"
-          },
-          "type": [
-            "array",
-            "null"
-          ]
-        }
-      },
-      "type": "object"
-    },
     "PluginListMarketplaceKind": {
       "enum": [
         "local",
@@ -1681,17 +2015,6 @@
       ],
       "type": "object"
     },
-    "PluginShareCheckoutParams": {
-      "properties": {
-        "remotePluginId": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "remotePluginId"
-      ],
-      "type": "object"
-    },
     "PluginShareDeleteParams": {
       "properties": {
         "remotePluginId": {
@@ -2454,22 +2777,6 @@
           "title": "CompactionResponseItem",
           "type": "object"
         },
-        {
-          "properties": {
-            "type": {
-              "enum": [
-                "compaction_trigger"
-              ],
-              "title": "CompactionTriggerResponseItemType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "CompactionTriggerResponseItem",
-          "type": "object"
-        },
         {
           "properties": {
             "encrypted_content": {
@@ -3131,8 +3438,6 @@
       "enum": [
         "active",
         "paused",
-        "blocked",
-        "usageLimited",
         "budgetLimited",
         "complete"
       ],
@@ -3977,17 +4282,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "type": {
               "enum": [
                 "image"
@@ -4008,17 +4302,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "path": {
               "type": "string"
             },
@@ -4672,30 +4955,6 @@
       "title": "Plugin/listRequest",
       "type": "object"
     },
-    {
-      "properties": {
-        "id": {
-          "$ref": "#/definitions/RequestId"
-        },
-        "method": {
-          "enum": [
-            "plugin/installed"
-          ],
-          "title": "Plugin/installedRequestMethod",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "#/definitions/PluginInstalledParams"
-        }
-      },
-      "required": [
-        "id",
-        "method",
-        "params"
-      ],
-      "title": "Plugin/installedRequest",
-      "type": "object"
-    },
     {
       "properties": {
         "id": {
@@ -4816,30 +5075,6 @@
       "title": "Plugin/share/listRequest",
       "type": "object"
     },
-    {
-      "properties": {
-        "id": {
-          "$ref": "#/definitions/RequestId"
-        },
-        "method": {
-          "enum": [
-            "plugin/share/checkout"
-          ],
-          "title": "Plugin/share/checkoutRequestMethod",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "#/definitions/PluginShareCheckoutParams"
-        }
-      },
-      "required": [
-        "id",
-        "method",
-        "params"
-      ],
-      "title": "Plugin/share/checkoutRequest",
-      "type": "object"
-    },
     {
       "properties": {
         "id": {

codex-rs/app-server-protocol/schema/json/ServerNotification.json

@@ -1932,13 +1932,6 @@
       ],
       "type": "object"
     },
-    "ImageDetail": {
-      "enum": [
-        "high",
-        "original"
-      ],
-      "type": "string"
-    },
     "ItemCompletedNotification": {
       "properties": {
         "completedAtMs": {
@@ -2755,16 +2748,12 @@
         "installationId": {
           "type": "string"
         },
-        "serverName": {
-          "type": "string"
-        },
         "status": {
           "$ref": "#/definitions/RemoteControlConnectionStatus"
         }
       },
       "required": [
         "installationId",
-        "serverName",
         "status"
       ],
       "type": "object"
@@ -3257,8 +3246,6 @@
       "enum": [
         "active",
         "paused",
-        "blocked",
-        "usageLimited",
         "budgetLimited",
         "complete"
       ],
@@ -4602,17 +4589,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "type": {
               "enum": [
                 "image"
@@ -4633,17 +4609,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "path": {
               "type": "string"
             },

codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.schemas.json

@@ -757,30 +757,6 @@
           "title": "Plugin/listRequest",
           "type": "object"
         },
-        {
-          "properties": {
-            "id": {
-              "$ref": "#/definitions/v2/RequestId"
-            },
-            "method": {
-              "enum": [
-                "plugin/installed"
-              ],
-              "title": "Plugin/installedRequestMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/v2/PluginInstalledParams"
-            }
-          },
-          "required": [
-            "id",
-            "method",
-            "params"
-          ],
-          "title": "Plugin/installedRequest",
-          "type": "object"
-        },
         {
           "properties": {
             "id": {
@@ -901,30 +877,6 @@
           "title": "Plugin/share/listRequest",
           "type": "object"
         },
-        {
-          "properties": {
-            "id": {
-              "$ref": "#/definitions/v2/RequestId"
-            },
-            "method": {
-              "enum": [
-                "plugin/share/checkout"
-              ],
-              "title": "Plugin/share/checkoutRequestMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/v2/PluginShareCheckoutParams"
-            }
-          },
-          "required": [
-            "id",
-            "method",
-            "params"
-          ],
-          "title": "Plugin/share/checkoutRequest",
-          "type": "object"
-        },
         {
           "properties": {
             "id": {
@@ -5631,6 +5583,14 @@
           "id": {
             "description": "Identifier from `default_permissions` or the implicit built-in default, such as `:workspace` or a user-defined `[permissions.<id>]` profile.",
             "type": "string"
+          },
+          "modifications": {
+            "default": [],
+            "description": "Bounded user-requested modifications applied on top of the named profile, if any.",
+            "items": {
+              "$ref": "#/definitions/v2/ActivePermissionProfileModification"
+            },
+            "type": "array"
           }
         },
         "required": [
@@ -5638,6 +5598,31 @@
         ],
         "type": "object"
       },
+      "ActivePermissionProfileModification": {
+        "oneOf": [
+          {
+            "description": "Additional concrete directory that should be writable.",
+            "properties": {
+              "path": {
+                "$ref": "#/definitions/v2/AbsolutePathBuf"
+              },
+              "type": {
+                "enum": [
+                  "additionalWritableRoot"
+                ],
+                "title": "AdditionalWritableRootActivePermissionProfileModificationType",
+                "type": "string"
+              }
+            },
+            "required": [
+              "path",
+              "type"
+            ],
+            "title": "AdditionalWritableRootActivePermissionProfileModification",
+            "type": "object"
+          }
+        ]
+      },
       "AddCreditsNudgeCreditType": {
         "enum": [
           "credits",
@@ -7110,13 +7095,6 @@
               "null"
             ]
           },
-          "desktop": {
-            "additionalProperties": true,
-            "type": [
-              "object",
-              "null"
-            ]
-          },
           "developer_instructions": {
             "type": [
               "string",
@@ -7124,13 +7102,9 @@
             ]
           },
           "forced_chatgpt_workspace_id": {
-            "anyOf": [
-              {
-                "$ref": "#/definitions/v2/ForcedChatgptWorkspaceIds"
-              },
-              {
-                "type": "null"
-              }
+            "type": [
+              "string",
+              "null"
             ]
           },
           "forced_login_method": {
@@ -7425,13 +7399,6 @@
                 ],
                 "description": "This is the path to the user's config.toml file, though it is not guaranteed to exist."
               },
-              "profile": {
-                "description": "Name of the selected profile-v2 config layered on top of the base user config, when this layer represents one.",
-                "type": [
-                  "string",
-                  "null"
-                ]
-              },
               "type": {
                 "enum": [
                   "user"
@@ -7573,12 +7540,6 @@
       },
       "ConfigRequirements": {
         "properties": {
-          "allowManagedHooksOnly": {
-            "type": [
-              "boolean",
-              "null"
-            ]
-          },
           "allowedApprovalPolicies": {
             "items": {
               "$ref": "#/definitions/v2/AskForApproval"
@@ -7763,12 +7724,6 @@
               "command": {
                 "type": "string"
               },
-              "commandWindows": {
-                "type": [
-                  "string",
-                  "null"
-                ]
-              },
               "statusMessage": {
                 "type": [
                   "string",
@@ -8194,13 +8149,6 @@
               "integer",
               "null"
             ]
-          },
-          "threadId": {
-            "description": "Optional loaded thread id. Pass this when showing feature state for an existing thread so enablement is computed from that thread's refreshed config, including project-local config for the thread's cwd.",
-            "type": [
-              "string",
-              "null"
-            ]
           }
         },
         "title": "ExperimentalFeatureListParams",
@@ -8706,20 +8654,6 @@
         ],
         "type": "object"
       },
-      "ForcedChatgptWorkspaceIds": {
-        "anyOf": [
-          {
-            "type": "string"
-          },
-          {
-            "items": {
-              "type": "string"
-            },
-            "type": "array"
-          }
-        ],
-        "description": "Backward-compatible API shape for ChatGPT workspace login restrictions."
-      },
       "ForcedLoginMethod": {
         "enum": [
           "chatgpt",
@@ -9951,6 +9885,8 @@
       },
       "ImageDetail": {
         "enum": [
+          "auto",
+          "low",
           "high",
           "original"
         ],
@@ -11650,6 +11586,194 @@
           }
         ]
       },
+      "PermissionProfile": {
+        "oneOf": [
+          {
+            "description": "Codex owns sandbox construction for this profile.",
+            "properties": {
+              "fileSystem": {
+                "$ref": "#/definitions/v2/PermissionProfileFileSystemPermissions"
+              },
+              "network": {
+                "$ref": "#/definitions/v2/PermissionProfileNetworkPermissions"
+              },
+              "type": {
+                "enum": [
+                  "managed"
+                ],
+                "title": "ManagedPermissionProfileType",
+                "type": "string"
+              }
+            },
+            "required": [
+              "fileSystem",
+              "network",
+              "type"
+            ],
+            "title": "ManagedPermissionProfile",
+            "type": "object"
+          },
+          {
+            "description": "Do not apply an outer sandbox.",
+            "properties": {
+              "type": {
+                "enum": [
+                  "disabled"
+                ],
+                "title": "DisabledPermissionProfileType",
+                "type": "string"
+              }
+            },
+            "required": [
+              "type"
+            ],
+            "title": "DisabledPermissionProfile",
+            "type": "object"
+          },
+          {
+            "description": "Filesystem isolation is enforced by an external caller.",
+            "properties": {
+              "network": {
+                "$ref": "#/definitions/v2/PermissionProfileNetworkPermissions"
+              },
+              "type": {
+                "enum": [
+                  "external"
+                ],
+                "title": "ExternalPermissionProfileType",
+                "type": "string"
+              }
+            },
+            "required": [
+              "network",
+              "type"
+            ],
+            "title": "ExternalPermissionProfile",
+            "type": "object"
+          }
+        ]
+      },
+      "PermissionProfileFileSystemPermissions": {
+        "oneOf": [
+          {
+            "properties": {
+              "entries": {
+                "items": {
+                  "$ref": "#/definitions/v2/FileSystemSandboxEntry"
+                },
+                "type": "array"
+              },
+              "globScanMaxDepth": {
+                "format": "uint",
+                "minimum": 1.0,
+                "type": [
+                  "integer",
+                  "null"
+                ]
+              },
+              "type": {
+                "enum": [
+                  "restricted"
+                ],
+                "title": "RestrictedPermissionProfileFileSystemPermissionsType",
+                "type": "string"
+              }
+            },
+            "required": [
+              "entries",
+              "type"
+            ],
+            "title": "RestrictedPermissionProfileFileSystemPermissions",
+            "type": "object"
+          },
+          {
+            "properties": {
+              "type": {
+                "enum": [
+                  "unrestricted"
+                ],
+                "title": "UnrestrictedPermissionProfileFileSystemPermissionsType",
+                "type": "string"
+              }
+            },
+            "required": [
+              "type"
+            ],
+            "title": "UnrestrictedPermissionProfileFileSystemPermissions",
+            "type": "object"
+          }
+        ]
+      },
+      "PermissionProfileModificationParams": {
+        "oneOf": [
+          {
+            "description": "Additional concrete directory that should be writable.",
+            "properties": {
+              "path": {
+                "$ref": "#/definitions/v2/AbsolutePathBuf"
+              },
+              "type": {
+                "enum": [
+                  "additionalWritableRoot"
+                ],
+                "title": "AdditionalWritableRootPermissionProfileModificationParamsType",
+                "type": "string"
+              }
+            },
+            "required": [
+              "path",
+              "type"
+            ],
+            "title": "AdditionalWritableRootPermissionProfileModificationParams",
+            "type": "object"
+          }
+        ]
+      },
+      "PermissionProfileNetworkPermissions": {
+        "properties": {
+          "enabled": {
+            "type": "boolean"
+          }
+        },
+        "required": [
+          "enabled"
+        ],
+        "type": "object"
+      },
+      "PermissionProfileSelectionParams": {
+        "oneOf": [
+          {
+            "description": "Select a named built-in or user-defined profile and optionally apply bounded modifications that Codex knows how to validate.",
+            "properties": {
+              "id": {
+                "type": "string"
+              },
+              "modifications": {
+                "items": {
+                  "$ref": "#/definitions/v2/PermissionProfileModificationParams"
+                },
+                "type": [
+                  "array",
+                  "null"
+                ]
+              },
+              "type": {
+                "enum": [
+                  "profile"
+                ],
+                "title": "ProfilePermissionProfileSelectionParamsType",
+                "type": "string"
+              }
+            },
+            "required": [
+              "id",
+              "type"
+            ],
+            "title": "ProfilePermissionProfileSelectionParams",
+            "type": "object"
+          }
+        ]
+      },
       "Personality": {
         "enum": [
           "none",
@@ -11856,56 +11980,6 @@
         "title": "PluginInstallResponse",
         "type": "object"
       },
-      "PluginInstalledParams": {
-        "$schema": "http://json-schema.org/draft-07/schema#",
-        "properties": {
-          "cwds": {
-            "description": "Optional working directories used to discover repo marketplaces.",
-            "items": {
-              "$ref": "#/definitions/v2/AbsolutePathBuf"
-            },
-            "type": [
-              "array",
-              "null"
-            ]
-          },
-          "installSuggestionPluginNames": {
-            "description": "Additional uninstalled plugin names that should be returned when present locally. This is used by mention surfaces that intentionally expose install entrypoints.",
-            "items": {
-              "type": "string"
-            },
-            "type": [
-              "array",
-              "null"
-            ]
-          }
-        },
-        "title": "PluginInstalledParams",
-        "type": "object"
-      },
-      "PluginInstalledResponse": {
-        "$schema": "http://json-schema.org/draft-07/schema#",
-        "properties": {
-          "marketplaceLoadErrors": {
-            "default": [],
-            "items": {
-              "$ref": "#/definitions/v2/MarketplaceLoadErrorInfo"
-            },
-            "type": "array"
-          },
-          "marketplaces": {
-            "items": {
-              "$ref": "#/definitions/v2/PluginMarketplaceEntry"
-            },
-            "type": "array"
-          }
-        },
-        "required": [
-          "marketplaces"
-        ],
-        "title": "PluginInstalledResponse",
-        "type": "object"
-      },
       "PluginInterface": {
         "properties": {
           "brandColor": {
@@ -12182,58 +12256,6 @@
         "title": "PluginReadResponse",
         "type": "object"
       },
-      "PluginShareCheckoutParams": {
-        "$schema": "http://json-schema.org/draft-07/schema#",
-        "properties": {
-          "remotePluginId": {
-            "type": "string"
-          }
-        },
-        "required": [
-          "remotePluginId"
-        ],
-        "title": "PluginShareCheckoutParams",
-        "type": "object"
-      },
-      "PluginShareCheckoutResponse": {
-        "$schema": "http://json-schema.org/draft-07/schema#",
-        "properties": {
-          "marketplaceName": {
-            "type": "string"
-          },
-          "marketplacePath": {
-            "$ref": "#/definitions/v2/AbsolutePathBuf"
-          },
-          "pluginId": {
-            "type": "string"
-          },
-          "pluginName": {
-            "type": "string"
-          },
-          "pluginPath": {
-            "$ref": "#/definitions/v2/AbsolutePathBuf"
-          },
-          "remotePluginId": {
-            "type": "string"
-          },
-          "remoteVersion": {
-            "type": [
-              "string",
-              "null"
-            ]
-          }
-        },
-        "required": [
-          "marketplaceName",
-          "marketplacePath",
-          "pluginId",
-          "pluginName",
-          "pluginPath",
-          "remotePluginId"
-        ],
-        "title": "PluginShareCheckoutResponse",
-        "type": "object"
-      },
       "PluginShareContext": {
         "properties": {
           "creatorAccountUserId": {
@@ -12261,14 +12283,6 @@
           "remotePluginId": {
             "type": "string"
           },
-          "remoteVersion": {
-            "default": null,
-            "description": "Version of the remote shared plugin release when available.",
-            "type": [
-              "string",
-              "null"
-            ]
-          },
           "sharePrincipals": {
             "items": {
               "$ref": "#/definitions/v2/PluginSharePrincipal"
@@ -12685,24 +12699,9 @@
             },
             "type": "array"
           },
-          "localVersion": {
-            "default": null,
-            "description": "Version of the locally materialized plugin package when available.",
-            "type": [
-              "string",
-              "null"
-            ]
-          },
           "name": {
             "type": "string"
           },
-          "remotePluginId": {
-            "description": "Backend remote plugin identifier when available.",
-            "type": [
-              "string",
-              "null"
-            ]
-          },
           "shareContext": {
             "anyOf": [
               {
@@ -13396,16 +13395,12 @@
           "installationId": {
             "type": "string"
           },
-          "serverName": {
-            "type": "string"
-          },
           "status": {
             "$ref": "#/definitions/v2/RemoteControlConnectionStatus"
           }
         },
         "required": [
           "installationId",
-          "serverName",
           "status"
         ],
         "title": "RemoteControlStatusChangedNotification",
@@ -14019,22 +14014,6 @@
             "title": "CompactionResponseItem",
             "type": "object"
           },
-          {
-            "properties": {
-              "type": {
-                "enum": [
-                  "compaction_trigger"
-                ],
-                "title": "CompactionTriggerResponseItemType",
-                "type": "string"
-              }
-            },
-            "required": [
-              "type"
-            ],
-            "title": "CompactionTriggerResponseItem",
-            "type": "object"
-          },
           {
             "properties": {
               "encrypted_content": {
@@ -15481,7 +15460,7 @@
                 "$ref": "#/definitions/v2/SandboxPolicy"
               }
             ],
-            "description": "Legacy sandbox policy retained for compatibility. Experimental clients should prefer `activePermissionProfile` for profile provenance."
+            "description": "Legacy sandbox policy retained for compatibility. Experimental clients should prefer `permissionProfile` when they need exact runtime permissions."
           },
           "serviceTier": {
             "type": [
@@ -15568,8 +15547,6 @@
         "enum": [
           "active",
           "paused",
-          "blocked",
-          "usageLimited",
           "budgetLimited",
           "complete"
         ],
@@ -16975,7 +16952,7 @@
                 "$ref": "#/definitions/v2/SandboxPolicy"
               }
             ],
-            "description": "Legacy sandbox policy retained for compatibility. Experimental clients should prefer `activePermissionProfile` for profile provenance."
+            "description": "Legacy sandbox policy retained for compatibility. Experimental clients should prefer `permissionProfile` when they need exact runtime permissions."
           },
           "serviceTier": {
             "type": [
@@ -17283,7 +17260,7 @@
                 "$ref": "#/definitions/v2/SandboxPolicy"
               }
             ],
-            "description": "Legacy sandbox policy retained for compatibility. Experimental clients should prefer `activePermissionProfile` for profile provenance."
+            "description": "Legacy sandbox policy retained for compatibility. Experimental clients should prefer `permissionProfile` when they need exact runtime permissions."
           },
           "serviceTier": {
             "type": [
@@ -17605,6 +17582,12 @@
       },
       "ToolsV2": {
         "properties": {
+          "view_image": {
+            "type": [
+              "boolean",
+              "null"
+            ]
+          },
           "web_search": {
             "anyOf": [
               {
@@ -18086,17 +18069,6 @@
           },
           {
             "properties": {
-              "detail": {
-                "anyOf": [
-                  {
-                    "$ref": "#/definitions/v2/ImageDetail"
-                  },
-                  {
-                    "type": "null"
-                  }
-                ],
-                "default": null
-              },
               "type": {
                 "enum": [
                   "image"
@@ -18117,17 +18089,6 @@
           },
           {
             "properties": {
-              "detail": {
-                "anyOf": [
-                  {
-                    "$ref": "#/definitions/v2/ImageDetail"
-                  },
-                  {
-                    "type": "null"
-                  }
-                ],
-                "default": null
-              },
               "path": {
                 "type": "string"
               },

codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.v2.schemas.json

@@ -143,6 +143,14 @@
         "id": {
           "description": "Identifier from `default_permissions` or the implicit built-in default, such as `:workspace` or a user-defined `[permissions.<id>]` profile.",
           "type": "string"
+        },
+        "modifications": {
+          "default": [],
+          "description": "Bounded user-requested modifications applied on top of the named profile, if any.",
+          "items": {
+            "$ref": "#/definitions/ActivePermissionProfileModification"
+          },
+          "type": "array"
         }
       },
       "required": [
@@ -150,6 +158,31 @@
       ],
       "type": "object"
     },
+    "ActivePermissionProfileModification": {
+      "oneOf": [
+        {
+          "description": "Additional concrete directory that should be writable.",
+          "properties": {
+            "path": {
+              "$ref": "#/definitions/AbsolutePathBuf"
+            },
+            "type": {
+              "enum": [
+                "additionalWritableRoot"
+              ],
+              "title": "AdditionalWritableRootActivePermissionProfileModificationType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "path",
+            "type"
+          ],
+          "title": "AdditionalWritableRootActivePermissionProfileModification",
+          "type": "object"
+        }
+      ]
+    },
     "AddCreditsNudgeCreditType": {
       "enum": [
         "credits",
@@ -1464,30 +1497,6 @@
           "title": "Plugin/listRequest",
           "type": "object"
         },
-        {
-          "properties": {
-            "id": {
-              "$ref": "#/definitions/RequestId"
-            },
-            "method": {
-              "enum": [
-                "plugin/installed"
-              ],
-              "title": "Plugin/installedRequestMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/PluginInstalledParams"
-            }
-          },
-          "required": [
-            "id",
-            "method",
-            "params"
-          ],
-          "title": "Plugin/installedRequest",
-          "type": "object"
-        },
         {
           "properties": {
             "id": {
@@ -1608,30 +1617,6 @@
           "title": "Plugin/share/listRequest",
           "type": "object"
         },
-        {
-          "properties": {
-            "id": {
-              "$ref": "#/definitions/RequestId"
-            },
-            "method": {
-              "enum": [
-                "plugin/share/checkout"
-              ],
-              "title": "Plugin/share/checkoutRequestMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/PluginShareCheckoutParams"
-            }
-          },
-          "required": [
-            "id",
-            "method",
-            "params"
-          ],
-          "title": "Plugin/share/checkoutRequest",
-          "type": "object"
-        },
         {
           "properties": {
             "id": {
@@ -3499,13 +3484,6 @@
             "null"
           ]
         },
-        "desktop": {
-          "additionalProperties": true,
-          "type": [
-            "object",
-            "null"
-          ]
-        },
         "developer_instructions": {
           "type": [
             "string",
@@ -3513,13 +3491,9 @@
           ]
         },
         "forced_chatgpt_workspace_id": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/ForcedChatgptWorkspaceIds"
-            },
-            {
-              "type": "null"
-            }
+          "type": [
+            "string",
+            "null"
           ]
         },
         "forced_login_method": {
@@ -3814,13 +3788,6 @@
               ],
               "description": "This is the path to the user's config.toml file, though it is not guaranteed to exist."
             },
-            "profile": {
-              "description": "Name of the selected profile-v2 config layered on top of the base user config, when this layer represents one.",
-              "type": [
-                "string",
-                "null"
-              ]
-            },
             "type": {
               "enum": [
                 "user"
@@ -3962,12 +3929,6 @@
     },
     "ConfigRequirements": {
       "properties": {
-        "allowManagedHooksOnly": {
-          "type": [
-            "boolean",
-            "null"
-          ]
-        },
         "allowedApprovalPolicies": {
           "items": {
             "$ref": "#/definitions/AskForApproval"
@@ -4152,12 +4113,6 @@
             "command": {
               "type": "string"
             },
-            "commandWindows": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
             "statusMessage": {
               "type": [
                 "string",
@@ -4583,13 +4538,6 @@
             "integer",
             "null"
           ]
-        },
-        "threadId": {
-          "description": "Optional loaded thread id. Pass this when showing feature state for an existing thread so enablement is computed from that thread's refreshed config, including project-local config for the thread's cwd.",
-          "type": [
-            "string",
-            "null"
-          ]
         }
       },
       "title": "ExperimentalFeatureListParams",
@@ -5095,20 +5043,6 @@
       ],
       "type": "object"
     },
-    "ForcedChatgptWorkspaceIds": {
-      "anyOf": [
-        {
-          "type": "string"
-        },
-        {
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      ],
-      "description": "Backward-compatible API shape for ChatGPT workspace login restrictions."
-    },
     "ForcedLoginMethod": {
       "enum": [
         "chatgpt",
@@ -6451,6 +6385,8 @@
     },
     "ImageDetail": {
       "enum": [
+        "auto",
+        "low",
         "high",
         "original"
       ],
@@ -8199,6 +8135,194 @@
         }
       ]
     },
+    "PermissionProfile": {
+      "oneOf": [
+        {
+          "description": "Codex owns sandbox construction for this profile.",
+          "properties": {
+            "fileSystem": {
+              "$ref": "#/definitions/PermissionProfileFileSystemPermissions"
+            },
+            "network": {
+              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
+            },
+            "type": {
+              "enum": [
+                "managed"
+              ],
+              "title": "ManagedPermissionProfileType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "fileSystem",
+            "network",
+            "type"
+          ],
+          "title": "ManagedPermissionProfile",
+          "type": "object"
+        },
+        {
+          "description": "Do not apply an outer sandbox.",
+          "properties": {
+            "type": {
+              "enum": [
+                "disabled"
+              ],
+              "title": "DisabledPermissionProfileType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "DisabledPermissionProfile",
+          "type": "object"
+        },
+        {
+          "description": "Filesystem isolation is enforced by an external caller.",
+          "properties": {
+            "network": {
+              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
+            },
+            "type": {
+              "enum": [
+                "external"
+              ],
+              "title": "ExternalPermissionProfileType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "network",
+            "type"
+          ],
+          "title": "ExternalPermissionProfile",
+          "type": "object"
+        }
+      ]
+    },
+    "PermissionProfileFileSystemPermissions": {
+      "oneOf": [
+        {
+          "properties": {
+            "entries": {
+              "items": {
+                "$ref": "#/definitions/FileSystemSandboxEntry"
+              },
+              "type": "array"
+            },
+            "globScanMaxDepth": {
+              "format": "uint",
+              "minimum": 1.0,
+              "type": [
+                "integer",
+                "null"
+              ]
+            },
+            "type": {
+              "enum": [
+                "restricted"
+              ],
+              "title": "RestrictedPermissionProfileFileSystemPermissionsType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "entries",
+            "type"
+          ],
+          "title": "RestrictedPermissionProfileFileSystemPermissions",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "unrestricted"
+              ],
+              "title": "UnrestrictedPermissionProfileFileSystemPermissionsType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "UnrestrictedPermissionProfileFileSystemPermissions",
+          "type": "object"
+        }
+      ]
+    },
+    "PermissionProfileModificationParams": {
+      "oneOf": [
+        {
+          "description": "Additional concrete directory that should be writable.",
+          "properties": {
+            "path": {
+              "$ref": "#/definitions/AbsolutePathBuf"
+            },
+            "type": {
+              "enum": [
+                "additionalWritableRoot"
+              ],
+              "title": "AdditionalWritableRootPermissionProfileModificationParamsType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "path",
+            "type"
+          ],
+          "title": "AdditionalWritableRootPermissionProfileModificationParams",
+          "type": "object"
+        }
+      ]
+    },
+    "PermissionProfileNetworkPermissions": {
+      "properties": {
+        "enabled": {
+          "type": "boolean"
+        }
+      },
+      "required": [
+        "enabled"
+      ],
+      "type": "object"
+    },
+    "PermissionProfileSelectionParams": {
+      "oneOf": [
+        {
+          "description": "Select a named built-in or user-defined profile and optionally apply bounded modifications that Codex knows how to validate.",
+          "properties": {
+            "id": {
+              "type": "string"
+            },
+            "modifications": {
+              "items": {
+                "$ref": "#/definitions/PermissionProfileModificationParams"
+              },
+              "type": [
+                "array",
+                "null"
+              ]
+            },
+            "type": {
+              "enum": [
+                "profile"
+              ],
+              "title": "ProfilePermissionProfileSelectionParamsType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "id",
+            "type"
+          ],
+          "title": "ProfilePermissionProfileSelectionParams",
+          "type": "object"
+        }
+      ]
+    },
     "Personality": {
       "enum": [
         "none",
@@ -8405,56 +8529,6 @@
       "title": "PluginInstallResponse",
       "type": "object"
     },
-    "PluginInstalledParams": {
-      "$schema": "http://json-schema.org/draft-07/schema#",
-      "properties": {
-        "cwds": {
-          "description": "Optional working directories used to discover repo marketplaces.",
-          "items": {
-            "$ref": "#/definitions/AbsolutePathBuf"
-          },
-          "type": [
-            "array",
-            "null"
-          ]
-        },
-        "installSuggestionPluginNames": {
-          "description": "Additional uninstalled plugin names that should be returned when present locally. This is used by mention surfaces that intentionally expose install entrypoints.",
-          "items": {
-            "type": "string"
-          },
-          "type": [
-            "array",
-            "null"
-          ]
-        }
-      },
-      "title": "PluginInstalledParams",
-      "type": "object"
-    },
-    "PluginInstalledResponse": {
-      "$schema": "http://json-schema.org/draft-07/schema#",
-      "properties": {
-        "marketplaceLoadErrors": {
-          "default": [],
-          "items": {
-            "$ref": "#/definitions/MarketplaceLoadErrorInfo"
-          },
-          "type": "array"
-        },
-        "marketplaces": {
-          "items": {
-            "$ref": "#/definitions/PluginMarketplaceEntry"
-          },
-          "type": "array"
-        }
-      },
-      "required": [
-        "marketplaces"
-      ],
-      "title": "PluginInstalledResponse",
-      "type": "object"
-    },
     "PluginInterface": {
       "properties": {
         "brandColor": {
@@ -8731,58 +8805,6 @@
       "title": "PluginReadResponse",
       "type": "object"
     },
-    "PluginShareCheckoutParams": {
-      "$schema": "http://json-schema.org/draft-07/schema#",
-      "properties": {
-        "remotePluginId": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "remotePluginId"
-      ],
-      "title": "PluginShareCheckoutParams",
-      "type": "object"
-    },
-    "PluginShareCheckoutResponse": {
-      "$schema": "http://json-schema.org/draft-07/schema#",
-      "properties": {
-        "marketplaceName": {
-          "type": "string"
-        },
-        "marketplacePath": {
-          "$ref": "#/definitions/AbsolutePathBuf"
-        },
-        "pluginId": {
-          "type": "string"
-        },
-        "pluginName": {
-          "type": "string"
-        },
-        "pluginPath": {
-          "$ref": "#/definitions/AbsolutePathBuf"
-        },
-        "remotePluginId": {
-          "type": "string"
-        },
-        "remoteVersion": {
-          "type": [
-            "string",
-            "null"
-          ]
-        }
-      },
-      "required": [
-        "marketplaceName",
-        "marketplacePath",
-        "pluginId",
-        "pluginName",
-        "pluginPath",
-        "remotePluginId"
-      ],
-      "title": "PluginShareCheckoutResponse",
-      "type": "object"
-    },
     "PluginShareContext": {
       "properties": {
         "creatorAccountUserId": {
@@ -8810,14 +8832,6 @@
         "remotePluginId": {
           "type": "string"
         },
-        "remoteVersion": {
-          "default": null,
-          "description": "Version of the remote shared plugin release when available.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
         "sharePrincipals": {
           "items": {
             "$ref": "#/definitions/PluginSharePrincipal"
@@ -9234,24 +9248,9 @@
           },
           "type": "array"
         },
-        "localVersion": {
-          "default": null,
-          "description": "Version of the locally materialized plugin package when available.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
         "name": {
           "type": "string"
         },
-        "remotePluginId": {
-          "description": "Backend remote plugin identifier when available.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
         "shareContext": {
           "anyOf": [
             {
@@ -9945,16 +9944,12 @@
         "installationId": {
           "type": "string"
         },
-        "serverName": {
-          "type": "string"
-        },
         "status": {
           "$ref": "#/definitions/RemoteControlConnectionStatus"
         }
       },
       "required": [
         "installationId",
-        "serverName",
         "status"
       ],
       "title": "RemoteControlStatusChangedNotification",
@@ -10568,22 +10563,6 @@
           "title": "CompactionResponseItem",
           "type": "object"
         },
-        {
-          "properties": {
-            "type": {
-              "enum": [
-                "compaction_trigger"
-              ],
-              "title": "CompactionTriggerResponseItemType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "CompactionTriggerResponseItem",
-          "type": "object"
-        },
         {
           "properties": {
             "encrypted_content": {
@@ -13305,7 +13284,7 @@
               "$ref": "#/definitions/SandboxPolicy"
             }
           ],
-          "description": "Legacy sandbox policy retained for compatibility. Experimental clients should prefer `activePermissionProfile` for profile provenance."
+          "description": "Legacy sandbox policy retained for compatibility. Experimental clients should prefer `permissionProfile` when they need exact runtime permissions."
         },
         "serviceTier": {
           "type": [
@@ -13392,8 +13371,6 @@
       "enum": [
         "active",
         "paused",
-        "blocked",
-        "usageLimited",
         "budgetLimited",
         "complete"
       ],
@@ -14799,7 +14776,7 @@
               "$ref": "#/definitions/SandboxPolicy"
             }
           ],
-          "description": "Legacy sandbox policy retained for compatibility. Experimental clients should prefer `activePermissionProfile` for profile provenance."
+          "description": "Legacy sandbox policy retained for compatibility. Experimental clients should prefer `permissionProfile` when they need exact runtime permissions."
         },
         "serviceTier": {
           "type": [
@@ -15107,7 +15084,7 @@
               "$ref": "#/definitions/SandboxPolicy"
             }
           ],
-          "description": "Legacy sandbox policy retained for compatibility. Experimental clients should prefer `activePermissionProfile` for profile provenance."
+          "description": "Legacy sandbox policy retained for compatibility. Experimental clients should prefer `permissionProfile` when they need exact runtime permissions."
         },
         "serviceTier": {
           "type": [
@@ -15429,6 +15406,12 @@
     },
     "ToolsV2": {
       "properties": {
+        "view_image": {
+          "type": [
+            "boolean",
+            "null"
+          ]
+        },
         "web_search": {
           "anyOf": [
             {
@@ -15910,17 +15893,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "type": {
               "enum": [
                 "image"
@@ -15941,17 +15913,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "path": {
               "type": "string"
             },

codex-rs/app-server-protocol/schema/json/v2/CommandExecParams.json

@@ -5,26 +5,6 @@
       "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
       "type": "string"
     },
-    "ActivePermissionProfile": {
-      "properties": {
-        "extends": {
-          "default": null,
-          "description": "Parent profile identifier once permissions profiles support inheritance. This is currently always `null`.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "id": {
-          "description": "Identifier from `default_permissions` or the implicit built-in default, such as `:workspace` or a user-defined `[permissions.<id>]` profile.",
-          "type": "string"
-        }
-      },
-      "required": [
-        "id"
-      ],
-      "type": "object"
-    },
     "CommandExecTerminalSize": {
       "description": "PTY size in character cells for `command/exec` PTY sessions.",
       "properties": {
@@ -47,6 +27,202 @@
       ],
       "type": "object"
     },
+    "FileSystemAccessMode": {
+      "enum": [
+        "read",
+        "write",
+        "none"
+      ],
+      "type": "string"
+    },
+    "FileSystemPath": {
+      "oneOf": [
+        {
+          "properties": {
+            "path": {
+              "$ref": "#/definitions/AbsolutePathBuf"
+            },
+            "type": {
+              "enum": [
+                "path"
+              ],
+              "title": "PathFileSystemPathType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "path",
+            "type"
+          ],
+          "title": "PathFileSystemPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "pattern": {
+              "type": "string"
+            },
+            "type": {
+              "enum": [
+                "glob_pattern"
+              ],
+              "title": "GlobPatternFileSystemPathType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "pattern",
+            "type"
+          ],
+          "title": "GlobPatternFileSystemPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "special"
+              ],
+              "title": "SpecialFileSystemPathType",
+              "type": "string"
+            },
+            "value": {
+              "$ref": "#/definitions/FileSystemSpecialPath"
+            }
+          },
+          "required": [
+            "type",
+            "value"
+          ],
+          "title": "SpecialFileSystemPath",
+          "type": "object"
+        }
+      ]
+    },
+    "FileSystemSandboxEntry": {
+      "properties": {
+        "access": {
+          "$ref": "#/definitions/FileSystemAccessMode"
+        },
+        "path": {
+          "$ref": "#/definitions/FileSystemPath"
+        }
+      },
+      "required": [
+        "access",
+        "path"
+      ],
+      "type": "object"
+    },
+    "FileSystemSpecialPath": {
+      "oneOf": [
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "root"
+              ],
+              "type": "string"
+            }
+          },
+          "required": [
+            "kind"
+          ],
+          "title": "RootFileSystemSpecialPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "minimal"
+              ],
+              "type": "string"
+            }
+          },
+          "required": [
+            "kind"
+          ],
+          "title": "MinimalFileSystemSpecialPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "project_roots"
+              ],
+              "type": "string"
+            },
+            "subpath": {
+              "type": [
+                "string",
+                "null"
+              ]
+            }
+          },
+          "required": [
+            "kind"
+          ],
+          "title": "KindFileSystemSpecialPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "tmpdir"
+              ],
+              "type": "string"
+            }
+          },
+          "required": [
+            "kind"
+          ],
+          "title": "TmpdirFileSystemSpecialPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "slash_tmp"
+              ],
+              "type": "string"
+            }
+          },
+          "required": [
+            "kind"
+          ],
+          "title": "SlashTmpFileSystemSpecialPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "unknown"
+              ],
+              "type": "string"
+            },
+            "path": {
+              "type": "string"
+            },
+            "subpath": {
+              "type": [
+                "string",
+                "null"
+              ]
+            }
+          },
+          "required": [
+            "kind",
+            "path"
+          ],
+          "type": "object"
+        }
+      ]
+    },
     "NetworkAccess": {
       "enum": [
         "restricted",
@@ -54,6 +230,135 @@
       ],
       "type": "string"
     },
+    "PermissionProfile": {
+      "oneOf": [
+        {
+          "description": "Codex owns sandbox construction for this profile.",
+          "properties": {
+            "fileSystem": {
+              "$ref": "#/definitions/PermissionProfileFileSystemPermissions"
+            },
+            "network": {
+              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
+            },
+            "type": {
+              "enum": [
+                "managed"
+              ],
+              "title": "ManagedPermissionProfileType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "fileSystem",
+            "network",
+            "type"
+          ],
+          "title": "ManagedPermissionProfile",
+          "type": "object"
+        },
+        {
+          "description": "Do not apply an outer sandbox.",
+          "properties": {
+            "type": {
+              "enum": [
+                "disabled"
+              ],
+              "title": "DisabledPermissionProfileType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "DisabledPermissionProfile",
+          "type": "object"
+        },
+        {
+          "description": "Filesystem isolation is enforced by an external caller.",
+          "properties": {
+            "network": {
+              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
+            },
+            "type": {
+              "enum": [
+                "external"
+              ],
+              "title": "ExternalPermissionProfileType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "network",
+            "type"
+          ],
+          "title": "ExternalPermissionProfile",
+          "type": "object"
+        }
+      ]
+    },
+    "PermissionProfileFileSystemPermissions": {
+      "oneOf": [
+        {
+          "properties": {
+            "entries": {
+              "items": {
+                "$ref": "#/definitions/FileSystemSandboxEntry"
+              },
+              "type": "array"
+            },
+            "globScanMaxDepth": {
+              "format": "uint",
+              "minimum": 1.0,
+              "type": [
+                "integer",
+                "null"
+              ]
+            },
+            "type": {
+              "enum": [
+                "restricted"
+              ],
+              "title": "RestrictedPermissionProfileFileSystemPermissionsType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "entries",
+            "type"
+          ],
+          "title": "RestrictedPermissionProfileFileSystemPermissions",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "unrestricted"
+              ],
+              "title": "UnrestrictedPermissionProfileFileSystemPermissionsType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "UnrestrictedPermissionProfileFileSystemPermissions",
+          "type": "object"
+        }
+      ]
+    },
+    "PermissionProfileNetworkPermissions": {
+      "properties": {
+        "enabled": {
+          "type": "boolean"
+        }
+      },
+      "required": [
+        "enabled"
+      ],
+      "type": "object"
+    },
     "SandboxPolicy": {
       "oneOf": [
         {

codex-rs/app-server-protocol/schema/json/v2/ConfigReadResponse.json

@@ -228,13 +228,6 @@
             "null"
           ]
         },
-        "desktop": {
-          "additionalProperties": true,
-          "type": [
-            "object",
-            "null"
-          ]
-        },
         "developer_instructions": {
           "type": [
             "string",
@@ -242,13 +235,9 @@
           ]
         },
         "forced_chatgpt_workspace_id": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/ForcedChatgptWorkspaceIds"
-            },
-            {
-              "type": "null"
-            }
+          "type": [
+            "string",
+            "null"
           ]
         },
         "forced_login_method": {
@@ -493,13 +482,6 @@
               ],
               "description": "This is the path to the user's config.toml file, though it is not guaranteed to exist."
             },
-            "profile": {
-              "description": "Name of the selected profile-v2 config layered on top of the base user config, when this layer represents one.",
-              "type": [
-                "string",
-                "null"
-              ]
-            },
             "type": {
               "enum": [
                 "user"
@@ -592,20 +574,6 @@
         }
       ]
     },
-    "ForcedChatgptWorkspaceIds": {
-      "anyOf": [
-        {
-          "type": "string"
-        },
-        {
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      ],
-      "description": "Backward-compatible API shape for ChatGPT workspace login restrictions."
-    },
     "ForcedLoginMethod": {
       "enum": [
         "chatgpt",
@@ -780,6 +748,12 @@
     },
     "ToolsV2": {
       "properties": {
+        "view_image": {
+          "type": [
+            "boolean",
+            "null"
+          ]
+        },
         "web_search": {
           "anyOf": [
             {

codex-rs/app-server-protocol/schema/json/v2/ConfigRequirementsReadResponse.json

@@ -62,12 +62,6 @@
     },
     "ConfigRequirements": {
       "properties": {
-        "allowManagedHooksOnly": {
-          "type": [
-            "boolean",
-            "null"
-          ]
-        },
         "allowedApprovalPolicies": {
           "items": {
             "$ref": "#/definitions/AskForApproval"
@@ -127,12 +121,6 @@
             "command": {
               "type": "string"
             },
-            "commandWindows": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
             "statusMessage": {
               "type": [
                 "string",

codex-rs/app-server-protocol/schema/json/v2/ConfigWriteResponse.json

@@ -84,13 +84,6 @@
               ],
               "description": "This is the path to the user's config.toml file, though it is not guaranteed to exist."
             },
-            "profile": {
-              "description": "Name of the selected profile-v2 config layered on top of the base user config, when this layer represents one.",
-              "type": [
-                "string",
-                "null"
-              ]
-            },
             "type": {
               "enum": [
                 "user"

codex-rs/app-server-protocol/schema/json/v2/ExperimentalFeatureListParams.json

@@ -16,13 +16,6 @@
         "integer",
         "null"
       ]
-    },
-    "threadId": {
-      "description": "Optional loaded thread id. Pass this when showing feature state for an existing thread so enablement is computed from that thread's refreshed config, including project-local config for the thread's cwd.",
-      "type": [
-        "string",
-        "null"
-      ]
     }
   },
   "title": "ExperimentalFeatureListParams",

codex-rs/app-server-protocol/schema/json/v2/ItemCompletedNotification.json

@@ -285,13 +285,6 @@
       ],
       "type": "object"
     },
-    "ImageDetail": {
-      "enum": [
-        "high",
-        "original"
-      ],
-      "type": "string"
-    },
     "McpToolCallError": {
       "properties": {
         "message": {
@@ -1186,17 +1179,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "type": {
               "enum": [
                 "image"
@@ -1217,17 +1199,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "path": {
               "type": "string"
             },

codex-rs/app-server-protocol/schema/json/v2/ItemStartedNotification.json

@@ -285,13 +285,6 @@
       ],
       "type": "object"
     },
-    "ImageDetail": {
-      "enum": [
-        "high",
-        "original"
-      ],
-      "type": "string"
-    },
     "McpToolCallError": {
       "properties": {
         "message": {
@@ -1186,17 +1179,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "type": {
               "enum": [
                 "image"
@@ -1217,17 +1199,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "path": {
               "type": "string"
             },

codex-rs/app-server-protocol/schema/json/v2/PluginInstalledParams.json

@@ -1,33 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "AbsolutePathBuf": {
-      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
-      "type": "string"
-    }
-  },
-  "properties": {
-    "cwds": {
-      "description": "Optional working directories used to discover repo marketplaces.",
-      "items": {
-        "$ref": "#/definitions/AbsolutePathBuf"
-      },
-      "type": [
-        "array",
-        "null"
-      ]
-    },
-    "installSuggestionPluginNames": {
-      "description": "Additional uninstalled plugin names that should be returned when present locally. This is used by mention surfaces that intentionally expose install entrypoints.",
-      "items": {
-        "type": "string"
-      },
-      "type": [
-        "array",
-        "null"
-      ]
-    }
-  },
-  "title": "PluginInstalledParams",
-  "type": "object"
-}

codex-rs/app-server-protocol/schema/json/v2/PluginInstalledResponse.json

@@ -1,525 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "AbsolutePathBuf": {
-      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
-      "type": "string"
-    },
-    "MarketplaceInterface": {
-      "properties": {
-        "displayName": {
-          "type": [
-            "string",
-            "null"
-          ]
-        }
-      },
-      "type": "object"
-    },
-    "MarketplaceLoadErrorInfo": {
-      "properties": {
-        "marketplacePath": {
-          "$ref": "#/definitions/AbsolutePathBuf"
-        },
-        "message": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "marketplacePath",
-        "message"
-      ],
-      "type": "object"
-    },
-    "PluginAuthPolicy": {
-      "enum": [
-        "ON_INSTALL",
-        "ON_USE"
-      ],
-      "type": "string"
-    },
-    "PluginAvailability": {
-      "oneOf": [
-        {
-          "enum": [
-            "DISABLED_BY_ADMIN"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "Plugin-service currently sends `\"ENABLED\"` for available remote plugins. Codex app-server exposes `\"AVAILABLE\"` in its API; the alias keeps decoding compatible with that upstream response.",
-          "enum": [
-            "AVAILABLE"
-          ],
-          "type": "string"
-        }
-      ]
-    },
-    "PluginInstallPolicy": {
-      "enum": [
-        "NOT_AVAILABLE",
-        "AVAILABLE",
-        "INSTALLED_BY_DEFAULT"
-      ],
-      "type": "string"
-    },
-    "PluginInterface": {
-      "properties": {
-        "brandColor": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "capabilities": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "category": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "composerIcon": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/AbsolutePathBuf"
-            },
-            {
-              "type": "null"
-            }
-          ],
-          "description": "Local composer icon path, resolved from the installed plugin package."
-        },
-        "composerIconUrl": {
-          "description": "Remote composer icon URL from the plugin catalog.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "defaultPrompt": {
-          "description": "Starter prompts for the plugin. Capped at 3 entries with a maximum of 128 characters per entry.",
-          "items": {
-            "type": "string"
-          },
-          "type": [
-            "array",
-            "null"
-          ]
-        },
-        "developerName": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "displayName": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "logo": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/AbsolutePathBuf"
-            },
-            {
-              "type": "null"
-            }
-          ],
-          "description": "Local logo path, resolved from the installed plugin package."
-        },
-        "logoUrl": {
-          "description": "Remote logo URL from the plugin catalog.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "longDescription": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "privacyPolicyUrl": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "screenshotUrls": {
-          "description": "Remote screenshot URLs from the plugin catalog.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "screenshots": {
-          "description": "Local screenshot paths, resolved from the installed plugin package.",
-          "items": {
-            "$ref": "#/definitions/AbsolutePathBuf"
-          },
-          "type": "array"
-        },
-        "shortDescription": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "termsOfServiceUrl": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "websiteUrl": {
-          "type": [
-            "string",
-            "null"
-          ]
-        }
-      },
-      "required": [
-        "capabilities",
-        "screenshotUrls",
-        "screenshots"
-      ],
-      "type": "object"
-    },
-    "PluginMarketplaceEntry": {
-      "properties": {
-        "interface": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/MarketplaceInterface"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
-        "name": {
-          "type": "string"
-        },
-        "path": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/AbsolutePathBuf"
-            },
-            {
-              "type": "null"
-            }
-          ],
-          "description": "Local marketplace file path when the marketplace is backed by a local file. Remote-only catalog marketplaces do not have a local path."
-        },
-        "plugins": {
-          "items": {
-            "$ref": "#/definitions/PluginSummary"
-          },
-          "type": "array"
-        }
-      },
-      "required": [
-        "name",
-        "plugins"
-      ],
-      "type": "object"
-    },
-    "PluginShareContext": {
-      "properties": {
-        "creatorAccountUserId": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "creatorName": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "discoverability": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PluginShareDiscoverability"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
-        "remotePluginId": {
-          "type": "string"
-        },
-        "remoteVersion": {
-          "default": null,
-          "description": "Version of the remote shared plugin release when available.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "sharePrincipals": {
-          "items": {
-            "$ref": "#/definitions/PluginSharePrincipal"
-          },
-          "type": [
-            "array",
-            "null"
-          ]
-        },
-        "shareUrl": {
-          "type": [
-            "string",
-            "null"
-          ]
-        }
-      },
-      "required": [
-        "remotePluginId"
-      ],
-      "type": "object"
-    },
-    "PluginShareDiscoverability": {
-      "enum": [
-        "LISTED",
-        "UNLISTED",
-        "PRIVATE"
-      ],
-      "type": "string"
-    },
-    "PluginSharePrincipal": {
-      "properties": {
-        "name": {
-          "type": "string"
-        },
-        "principalId": {
-          "type": "string"
-        },
-        "principalType": {
-          "$ref": "#/definitions/PluginSharePrincipalType"
-        },
-        "role": {
-          "$ref": "#/definitions/PluginSharePrincipalRole"
-        }
-      },
-      "required": [
-        "name",
-        "principalId",
-        "principalType",
-        "role"
-      ],
-      "type": "object"
-    },
-    "PluginSharePrincipalRole": {
-      "enum": [
-        "reader",
-        "editor",
-        "owner"
-      ],
-      "type": "string"
-    },
-    "PluginSharePrincipalType": {
-      "enum": [
-        "user",
-        "group",
-        "workspace"
-      ],
-      "type": "string"
-    },
-    "PluginSource": {
-      "oneOf": [
-        {
-          "properties": {
-            "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
-            },
-            "type": {
-              "enum": [
-                "local"
-              ],
-              "title": "LocalPluginSourceType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "path",
-            "type"
-          ],
-          "title": "LocalPluginSource",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "path": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "refName": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "sha": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "git"
-              ],
-              "title": "GitPluginSourceType",
-              "type": "string"
-            },
-            "url": {
-              "type": "string"
-            }
-          },
-          "required": [
-            "type",
-            "url"
-          ],
-          "title": "GitPluginSource",
-          "type": "object"
-        },
-        {
-          "description": "The plugin is available in the remote catalog. Download metadata is kept server-side and is not exposed through the app-server API.",
-          "properties": {
-            "type": {
-              "enum": [
-                "remote"
-              ],
-              "title": "RemotePluginSourceType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "RemotePluginSource",
-          "type": "object"
-        }
-      ]
-    },
-    "PluginSummary": {
-      "properties": {
-        "authPolicy": {
-          "$ref": "#/definitions/PluginAuthPolicy"
-        },
-        "availability": {
-          "allOf": [
-            {
-              "$ref": "#/definitions/PluginAvailability"
-            }
-          ],
-          "default": "AVAILABLE",
-          "description": "Availability state for installing and using the plugin."
-        },
-        "enabled": {
-          "type": "boolean"
-        },
-        "id": {
-          "type": "string"
-        },
-        "installPolicy": {
-          "$ref": "#/definitions/PluginInstallPolicy"
-        },
-        "installed": {
-          "type": "boolean"
-        },
-        "interface": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PluginInterface"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
-        "keywords": {
-          "default": [],
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "localVersion": {
-          "default": null,
-          "description": "Version of the locally materialized plugin package when available.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "name": {
-          "type": "string"
-        },
-        "remotePluginId": {
-          "description": "Backend remote plugin identifier when available.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "shareContext": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PluginShareContext"
-            },
-            {
-              "type": "null"
-            }
-          ],
-          "description": "Remote sharing context associated with this plugin when available."
-        },
-        "source": {
-          "$ref": "#/definitions/PluginSource"
-        }
-      },
-      "required": [
-        "authPolicy",
-        "enabled",
-        "id",
-        "installPolicy",
-        "installed",
-        "name",
-        "source"
-      ],
-      "type": "object"
-    }
-  },
-  "properties": {
-    "marketplaceLoadErrors": {
-      "default": [],
-      "items": {
-        "$ref": "#/definitions/MarketplaceLoadErrorInfo"
-      },
-      "type": "array"
-    },
-    "marketplaces": {
-      "items": {
-        "$ref": "#/definitions/PluginMarketplaceEntry"
-      },
-      "type": "array"
-    }
-  },
-  "required": [
-    "marketplaces"
-  ],
-  "title": "PluginInstalledResponse",
-  "type": "object"
-}

codex-rs/app-server-protocol/schema/json/v2/PluginListResponse.json

@@ -259,14 +259,6 @@
         "remotePluginId": {
           "type": "string"
         },
-        "remoteVersion": {
-          "default": null,
-          "description": "Version of the remote shared plugin release when available.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
         "sharePrincipals": {
           "items": {
             "$ref": "#/definitions/PluginSharePrincipal"
@@ -457,24 +449,9 @@
           },
           "type": "array"
         },
-        "localVersion": {
-          "default": null,
-          "description": "Version of the locally materialized plugin package when available.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
         "name": {
           "type": "string"
         },
-        "remotePluginId": {
-          "description": "Backend remote plugin identifier when available.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
         "shareContext": {
           "anyOf": [
             {

codex-rs/app-server-protocol/schema/json/v2/PluginReadResponse.json

@@ -313,14 +313,6 @@
         "remotePluginId": {
           "type": "string"
         },
-        "remoteVersion": {
-          "default": null,
-          "description": "Version of the remote shared plugin release when available.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
         "sharePrincipals": {
           "items": {
             "$ref": "#/definitions/PluginSharePrincipal"
@@ -511,24 +503,9 @@
           },
           "type": "array"
         },
-        "localVersion": {
-          "default": null,
-          "description": "Version of the locally materialized plugin package when available.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
         "name": {
           "type": "string"
         },
-        "remotePluginId": {
-          "description": "Backend remote plugin identifier when available.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
         "shareContext": {
           "anyOf": [
             {

codex-rs/app-server-protocol/schema/json/v2/PluginShareCheckoutParams.json

@@ -1,13 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "remotePluginId": {
-      "type": "string"
-    }
-  },
-  "required": [
-    "remotePluginId"
-  ],
-  "title": "PluginShareCheckoutParams",
-  "type": "object"
-}

codex-rs/app-server-protocol/schema/json/v2/PluginShareCheckoutResponse.json

@@ -1,45 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "AbsolutePathBuf": {
-      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
-      "type": "string"
-    }
-  },
-  "properties": {
-    "marketplaceName": {
-      "type": "string"
-    },
-    "marketplacePath": {
-      "$ref": "#/definitions/AbsolutePathBuf"
-    },
-    "pluginId": {
-      "type": "string"
-    },
-    "pluginName": {
-      "type": "string"
-    },
-    "pluginPath": {
-      "$ref": "#/definitions/AbsolutePathBuf"
-    },
-    "remotePluginId": {
-      "type": "string"
-    },
-    "remoteVersion": {
-      "type": [
-        "string",
-        "null"
-      ]
-    }
-  },
-  "required": [
-    "marketplaceName",
-    "marketplacePath",
-    "pluginId",
-    "pluginName",
-    "pluginPath",
-    "remotePluginId"
-  ],
-  "title": "PluginShareCheckoutResponse",
-  "type": "object"
-}

codex-rs/app-server-protocol/schema/json/v2/PluginShareListResponse.json

@@ -194,14 +194,6 @@
         "remotePluginId": {
           "type": "string"
         },
-        "remoteVersion": {
-          "default": null,
-          "description": "Version of the remote shared plugin release when available.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
         "sharePrincipals": {
           "items": {
             "$ref": "#/definitions/PluginSharePrincipal"
@@ -413,24 +405,9 @@
           },
           "type": "array"
         },
-        "localVersion": {
-          "default": null,
-          "description": "Version of the locally materialized plugin package when available.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
         "name": {
           "type": "string"
         },
-        "remotePluginId": {
-          "description": "Backend remote plugin identifier when available.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
         "shareContext": {
           "anyOf": [
             {

codex-rs/app-server-protocol/schema/json/v2/RawResponseItemCompletedNotification.json

@@ -145,6 +145,8 @@
     },
     "ImageDetail": {
       "enum": [
+        "auto",
+        "low",
         "high",
         "original"
       ],
@@ -730,22 +732,6 @@
           "title": "CompactionResponseItem",
           "type": "object"
         },
-        {
-          "properties": {
-            "type": {
-              "enum": [
-                "compaction_trigger"
-              ],
-              "title": "CompactionTriggerResponseItemType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "CompactionTriggerResponseItem",
-          "type": "object"
-        },
         {
           "properties": {
             "encrypted_content": {

codex-rs/app-server-protocol/schema/json/v2/RemoteControlStatusChangedNotification.json

@@ -22,16 +22,12 @@
     "installationId": {
       "type": "string"
     },
-    "serverName": {
-      "type": "string"
-    },
     "status": {
       "$ref": "#/definitions/RemoteControlConnectionStatus"
     }
   },
   "required": [
     "installationId",
-    "serverName",
     "status"
   ],
   "title": "RemoteControlStatusChangedNotification",

codex-rs/app-server-protocol/schema/json/v2/ReviewStartResponse.json

@@ -422,13 +422,6 @@
       ],
       "type": "object"
     },
-    "ImageDetail": {
-      "enum": [
-        "high",
-        "original"
-      ],
-      "type": "string"
-    },
     "McpToolCallError": {
       "properties": {
         "message": {
@@ -1459,17 +1452,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "type": {
               "enum": [
                 "image"
@@ -1490,17 +1472,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "path": {
               "type": "string"
             },

codex-rs/app-server-protocol/schema/json/v2/ThreadForkParams.json

@@ -1,6 +1,10 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
   "definitions": {
+    "AbsolutePathBuf": {
+      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
+      "type": "string"
+    },
     "ApprovalsReviewer": {
       "description": "Configures who approval requests are routed to for review. Examples include sandbox escapes, blocked network access, MCP approval prompts, and ARC escalations. Defaults to `user`. `auto_review` uses a carefully prompted subagent to gather relevant context and apply a risk-based decision framework before approving or denying the request. The legacy value `guardian_subagent` is accepted for compatibility.",
       "enum": [
@@ -60,6 +64,65 @@
         }
       ]
     },
+    "PermissionProfileModificationParams": {
+      "oneOf": [
+        {
+          "description": "Additional concrete directory that should be writable.",
+          "properties": {
+            "path": {
+              "$ref": "#/definitions/AbsolutePathBuf"
+            },
+            "type": {
+              "enum": [
+                "additionalWritableRoot"
+              ],
+              "title": "AdditionalWritableRootPermissionProfileModificationParamsType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "path",
+            "type"
+          ],
+          "title": "AdditionalWritableRootPermissionProfileModificationParams",
+          "type": "object"
+        }
+      ]
+    },
+    "PermissionProfileSelectionParams": {
+      "oneOf": [
+        {
+          "description": "Select a named built-in or user-defined profile and optionally apply bounded modifications that Codex knows how to validate.",
+          "properties": {
+            "id": {
+              "type": "string"
+            },
+            "modifications": {
+              "items": {
+                "$ref": "#/definitions/PermissionProfileModificationParams"
+              },
+              "type": [
+                "array",
+                "null"
+              ]
+            },
+            "type": {
+              "enum": [
+                "profile"
+              ],
+              "title": "ProfilePermissionProfileSelectionParamsType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "id",
+            "type"
+          ],
+          "title": "ProfilePermissionProfileSelectionParams",
+          "type": "object"
+        }
+      ]
+    },
     "SandboxMode": {
       "enum": [
         "read-only",

codex-rs/app-server-protocol/schema/json/v2/ThreadForkResponse.json

@@ -18,6 +18,14 @@
         "id": {
           "description": "Identifier from `default_permissions` or the implicit built-in default, such as `:workspace` or a user-defined `[permissions.<id>]` profile.",
           "type": "string"
+        },
+        "modifications": {
+          "default": [],
+          "description": "Bounded user-requested modifications applied on top of the named profile, if any.",
+          "items": {
+            "$ref": "#/definitions/ActivePermissionProfileModification"
+          },
+          "type": "array"
         }
       },
       "required": [
@@ -25,6 +33,31 @@
       ],
       "type": "object"
     },
+    "ActivePermissionProfileModification": {
+      "oneOf": [
+        {
+          "description": "Additional concrete directory that should be writable.",
+          "properties": {
+            "path": {
+              "$ref": "#/definitions/AbsolutePathBuf"
+            },
+            "type": {
+              "enum": [
+                "additionalWritableRoot"
+              ],
+              "title": "AdditionalWritableRootActivePermissionProfileModificationType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "path",
+            "type"
+          ],
+          "title": "AdditionalWritableRootActivePermissionProfileModification",
+          "type": "object"
+        }
+      ]
+    },
     "AgentPath": {
       "type": "string"
     },
@@ -470,6 +503,202 @@
       ],
       "type": "string"
     },
+    "FileSystemAccessMode": {
+      "enum": [
+        "read",
+        "write",
+        "none"
+      ],
+      "type": "string"
+    },
+    "FileSystemPath": {
+      "oneOf": [
+        {
+          "properties": {
+            "path": {
+              "$ref": "#/definitions/AbsolutePathBuf"
+            },
+            "type": {
+              "enum": [
+                "path"
+              ],
+              "title": "PathFileSystemPathType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "path",
+            "type"
+          ],
+          "title": "PathFileSystemPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "pattern": {
+              "type": "string"
+            },
+            "type": {
+              "enum": [
+                "glob_pattern"
+              ],
+              "title": "GlobPatternFileSystemPathType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "pattern",
+            "type"
+          ],
+          "title": "GlobPatternFileSystemPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "special"
+              ],
+              "title": "SpecialFileSystemPathType",
+              "type": "string"
+            },
+            "value": {
+              "$ref": "#/definitions/FileSystemSpecialPath"
+            }
+          },
+          "required": [
+            "type",
+            "value"
+          ],
+          "title": "SpecialFileSystemPath",
+          "type": "object"
+        }
+      ]
+    },
+    "FileSystemSandboxEntry": {
+      "properties": {
+        "access": {
+          "$ref": "#/definitions/FileSystemAccessMode"
+        },
+        "path": {
+          "$ref": "#/definitions/FileSystemPath"
+        }
+      },
+      "required": [
+        "access",
+        "path"
+      ],
+      "type": "object"
+    },
+    "FileSystemSpecialPath": {
+      "oneOf": [
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "root"
+              ],
+              "type": "string"
+            }
+          },
+          "required": [
+            "kind"
+          ],
+          "title": "RootFileSystemSpecialPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "minimal"
+              ],
+              "type": "string"
+            }
+          },
+          "required": [
+            "kind"
+          ],
+          "title": "MinimalFileSystemSpecialPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "project_roots"
+              ],
+              "type": "string"
+            },
+            "subpath": {
+              "type": [
+                "string",
+                "null"
+              ]
+            }
+          },
+          "required": [
+            "kind"
+          ],
+          "title": "KindFileSystemSpecialPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "tmpdir"
+              ],
+              "type": "string"
+            }
+          },
+          "required": [
+            "kind"
+          ],
+          "title": "TmpdirFileSystemSpecialPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "slash_tmp"
+              ],
+              "type": "string"
+            }
+          },
+          "required": [
+            "kind"
+          ],
+          "title": "SlashTmpFileSystemSpecialPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "unknown"
+              ],
+              "type": "string"
+            },
+            "path": {
+              "type": "string"
+            },
+            "subpath": {
+              "type": [
+                "string",
+                "null"
+              ]
+            }
+          },
+          "required": [
+            "kind",
+            "path"
+          ],
+          "type": "object"
+        }
+      ]
+    },
     "FileUpdateChange": {
       "properties": {
         "diff": {
@@ -527,13 +756,6 @@
       ],
       "type": "object"
     },
-    "ImageDetail": {
-      "enum": [
-        "high",
-        "original"
-      ],
-      "type": "string"
-    },
     "McpToolCallError": {
       "properties": {
         "message": {
@@ -715,6 +937,135 @@
         }
       ]
     },
+    "PermissionProfile": {
+      "oneOf": [
+        {
+          "description": "Codex owns sandbox construction for this profile.",
+          "properties": {
+            "fileSystem": {
+              "$ref": "#/definitions/PermissionProfileFileSystemPermissions"
+            },
+            "network": {
+              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
+            },
+            "type": {
+              "enum": [
+                "managed"
+              ],
+              "title": "ManagedPermissionProfileType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "fileSystem",
+            "network",
+            "type"
+          ],
+          "title": "ManagedPermissionProfile",
+          "type": "object"
+        },
+        {
+          "description": "Do not apply an outer sandbox.",
+          "properties": {
+            "type": {
+              "enum": [
+                "disabled"
+              ],
+              "title": "DisabledPermissionProfileType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "DisabledPermissionProfile",
+          "type": "object"
+        },
+        {
+          "description": "Filesystem isolation is enforced by an external caller.",
+          "properties": {
+            "network": {
+              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
+            },
+            "type": {
+              "enum": [
+                "external"
+              ],
+              "title": "ExternalPermissionProfileType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "network",
+            "type"
+          ],
+          "title": "ExternalPermissionProfile",
+          "type": "object"
+        }
+      ]
+    },
+    "PermissionProfileFileSystemPermissions": {
+      "oneOf": [
+        {
+          "properties": {
+            "entries": {
+              "items": {
+                "$ref": "#/definitions/FileSystemSandboxEntry"
+              },
+              "type": "array"
+            },
+            "globScanMaxDepth": {
+              "format": "uint",
+              "minimum": 1.0,
+              "type": [
+                "integer",
+                "null"
+              ]
+            },
+            "type": {
+              "enum": [
+                "restricted"
+              ],
+              "title": "RestrictedPermissionProfileFileSystemPermissionsType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "entries",
+            "type"
+          ],
+          "title": "RestrictedPermissionProfileFileSystemPermissions",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "unrestricted"
+              ],
+              "title": "UnrestrictedPermissionProfileFileSystemPermissionsType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "UnrestrictedPermissionProfileFileSystemPermissions",
+          "type": "object"
+        }
+      ]
+    },
+    "PermissionProfileNetworkPermissions": {
+      "properties": {
+        "enabled": {
+          "type": "boolean"
+        }
+      },
+      "required": [
+        "enabled"
+      ],
+      "type": "object"
+    },
     "ReasoningEffort": {
       "description": "See https://platform.openai.com/docs/guides/reasoning?api-mode=responses#get-started-with-reasoning",
       "enum": [
@@ -2019,17 +2370,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "type": {
               "enum": [
                 "image"
@@ -2050,17 +2390,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "path": {
               "type": "string"
             },
@@ -2276,7 +2605,7 @@
           "$ref": "#/definitions/SandboxPolicy"
         }
       ],
-      "description": "Legacy sandbox policy retained for compatibility. Experimental clients should prefer `activePermissionProfile` for profile provenance."
+      "description": "Legacy sandbox policy retained for compatibility. Experimental clients should prefer `permissionProfile` when they need exact runtime permissions."
     },
     "serviceTier": {
       "type": [

codex-rs/app-server-protocol/schema/json/v2/ThreadGoalUpdatedNotification.json

@@ -51,8 +51,6 @@
       "enum": [
         "active",
         "paused",
-        "blocked",
-        "usageLimited",
         "budgetLimited",
         "complete"
       ],

codex-rs/app-server-protocol/schema/json/v2/ThreadListResponse.json

@@ -448,13 +448,6 @@
       ],
       "type": "object"
     },
-    "ImageDetail": {
-      "enum": [
-        "high",
-        "original"
-      ],
-      "type": "string"
-    },
     "McpToolCallError": {
       "properties": {
         "message": {
@@ -1834,17 +1827,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "type": {
               "enum": [
                 "image"
@@ -1865,17 +1847,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "path": {
               "type": "string"
             },

codex-rs/app-server-protocol/schema/json/v2/ThreadMetadataUpdateResponse.json

@@ -448,13 +448,6 @@
       ],
       "type": "object"
     },
-    "ImageDetail": {
-      "enum": [
-        "high",
-        "original"
-      ],
-      "type": "string"
-    },
     "McpToolCallError": {
       "properties": {
         "message": {
@@ -1834,17 +1827,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "type": {
               "enum": [
                 "image"
@@ -1865,17 +1847,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "path": {
               "type": "string"
             },

codex-rs/app-server-protocol/schema/json/v2/ThreadReadResponse.json

@@ -448,13 +448,6 @@
       ],
       "type": "object"
     },
-    "ImageDetail": {
-      "enum": [
-        "high",
-        "original"
-      ],
-      "type": "string"
-    },
     "McpToolCallError": {
       "properties": {
         "message": {
@@ -1834,17 +1827,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "type": {
               "enum": [
                 "image"
@@ -1865,17 +1847,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "path": {
               "type": "string"
             },

codex-rs/app-server-protocol/schema/json/v2/ThreadResumeParams.json

@@ -1,6 +1,10 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
   "definitions": {
+    "AbsolutePathBuf": {
+      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
+      "type": "string"
+    },
     "ApprovalsReviewer": {
       "description": "Configures who approval requests are routed to for review. Examples include sandbox escapes, blocked network access, MCP approval prompts, and ARC escalations. Defaults to `user`. `auto_review` uses a carefully prompted subagent to gather relevant context and apply a risk-based decision framework before approving or denying the request. The legacy value `guardian_subagent` is accepted for compatibility.",
       "enum": [
@@ -204,6 +208,8 @@
     },
     "ImageDetail": {
       "enum": [
+        "auto",
+        "low",
         "high",
         "original"
       ],
@@ -292,6 +298,65 @@
         }
       ]
     },
+    "PermissionProfileModificationParams": {
+      "oneOf": [
+        {
+          "description": "Additional concrete directory that should be writable.",
+          "properties": {
+            "path": {
+              "$ref": "#/definitions/AbsolutePathBuf"
+            },
+            "type": {
+              "enum": [
+                "additionalWritableRoot"
+              ],
+              "title": "AdditionalWritableRootPermissionProfileModificationParamsType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "path",
+            "type"
+          ],
+          "title": "AdditionalWritableRootPermissionProfileModificationParams",
+          "type": "object"
+        }
+      ]
+    },
+    "PermissionProfileSelectionParams": {
+      "oneOf": [
+        {
+          "description": "Select a named built-in or user-defined profile and optionally apply bounded modifications that Codex knows how to validate.",
+          "properties": {
+            "id": {
+              "type": "string"
+            },
+            "modifications": {
+              "items": {
+                "$ref": "#/definitions/PermissionProfileModificationParams"
+              },
+              "type": [
+                "array",
+                "null"
+              ]
+            },
+            "type": {
+              "enum": [
+                "profile"
+              ],
+              "title": "ProfilePermissionProfileSelectionParamsType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "id",
+            "type"
+          ],
+          "title": "ProfilePermissionProfileSelectionParams",
+          "type": "object"
+        }
+      ]
+    },
     "Personality": {
       "enum": [
         "none",
@@ -797,22 +862,6 @@
           "title": "CompactionResponseItem",
           "type": "object"
         },
-        {
-          "properties": {
-            "type": {
-              "enum": [
-                "compaction_trigger"
-              ],
-              "title": "CompactionTriggerResponseItemType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "CompactionTriggerResponseItem",
-          "type": "object"
-        },
         {
           "properties": {
             "encrypted_content": {

codex-rs/app-server-protocol/schema/json/v2/ThreadResumeResponse.json

@@ -18,6 +18,14 @@
         "id": {
           "description": "Identifier from `default_permissions` or the implicit built-in default, such as `:workspace` or a user-defined `[permissions.<id>]` profile.",
           "type": "string"
+        },
+        "modifications": {
+          "default": [],
+          "description": "Bounded user-requested modifications applied on top of the named profile, if any.",
+          "items": {
+            "$ref": "#/definitions/ActivePermissionProfileModification"
+          },
+          "type": "array"
         }
       },
       "required": [
@@ -25,6 +33,31 @@
       ],
       "type": "object"
     },
+    "ActivePermissionProfileModification": {
+      "oneOf": [
+        {
+          "description": "Additional concrete directory that should be writable.",
+          "properties": {
+            "path": {
+              "$ref": "#/definitions/AbsolutePathBuf"
+            },
+            "type": {
+              "enum": [
+                "additionalWritableRoot"
+              ],
+              "title": "AdditionalWritableRootActivePermissionProfileModificationType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "path",
+            "type"
+          ],
+          "title": "AdditionalWritableRootActivePermissionProfileModification",
+          "type": "object"
+        }
+      ]
+    },
     "AgentPath": {
       "type": "string"
     },
@@ -470,6 +503,202 @@
       ],
       "type": "string"
     },
+    "FileSystemAccessMode": {
+      "enum": [
+        "read",
+        "write",
+        "none"
+      ],
+      "type": "string"
+    },
+    "FileSystemPath": {
+      "oneOf": [
+        {
+          "properties": {
+            "path": {
+              "$ref": "#/definitions/AbsolutePathBuf"
+            },
+            "type": {
+              "enum": [
+                "path"
+              ],
+              "title": "PathFileSystemPathType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "path",
+            "type"
+          ],
+          "title": "PathFileSystemPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "pattern": {
+              "type": "string"
+            },
+            "type": {
+              "enum": [
+                "glob_pattern"
+              ],
+              "title": "GlobPatternFileSystemPathType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "pattern",
+            "type"
+          ],
+          "title": "GlobPatternFileSystemPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "special"
+              ],
+              "title": "SpecialFileSystemPathType",
+              "type": "string"
+            },
+            "value": {
+              "$ref": "#/definitions/FileSystemSpecialPath"
+            }
+          },
+          "required": [
+            "type",
+            "value"
+          ],
+          "title": "SpecialFileSystemPath",
+          "type": "object"
+        }
+      ]
+    },
+    "FileSystemSandboxEntry": {
+      "properties": {
+        "access": {
+          "$ref": "#/definitions/FileSystemAccessMode"
+        },
+        "path": {
+          "$ref": "#/definitions/FileSystemPath"
+        }
+      },
+      "required": [
+        "access",
+        "path"
+      ],
+      "type": "object"
+    },
+    "FileSystemSpecialPath": {
+      "oneOf": [
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "root"
+              ],
+              "type": "string"
+            }
+          },
+          "required": [
+            "kind"
+          ],
+          "title": "RootFileSystemSpecialPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "minimal"
+              ],
+              "type": "string"
+            }
+          },
+          "required": [
+            "kind"
+          ],
+          "title": "MinimalFileSystemSpecialPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "project_roots"
+              ],
+              "type": "string"
+            },
+            "subpath": {
+              "type": [
+                "string",
+                "null"
+              ]
+            }
+          },
+          "required": [
+            "kind"
+          ],
+          "title": "KindFileSystemSpecialPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "tmpdir"
+              ],
+              "type": "string"
+            }
+          },
+          "required": [
+            "kind"
+          ],
+          "title": "TmpdirFileSystemSpecialPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "slash_tmp"
+              ],
+              "type": "string"
+            }
+          },
+          "required": [
+            "kind"
+          ],
+          "title": "SlashTmpFileSystemSpecialPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "unknown"
+              ],
+              "type": "string"
+            },
+            "path": {
+              "type": "string"
+            },
+            "subpath": {
+              "type": [
+                "string",
+                "null"
+              ]
+            }
+          },
+          "required": [
+            "kind",
+            "path"
+          ],
+          "type": "object"
+        }
+      ]
+    },
     "FileUpdateChange": {
       "properties": {
         "diff": {
@@ -527,13 +756,6 @@
       ],
       "type": "object"
     },
-    "ImageDetail": {
-      "enum": [
-        "high",
-        "original"
-      ],
-      "type": "string"
-    },
     "McpToolCallError": {
       "properties": {
         "message": {
@@ -715,6 +937,135 @@
         }
       ]
     },
+    "PermissionProfile": {
+      "oneOf": [
+        {
+          "description": "Codex owns sandbox construction for this profile.",
+          "properties": {
+            "fileSystem": {
+              "$ref": "#/definitions/PermissionProfileFileSystemPermissions"
+            },
+            "network": {
+              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
+            },
+            "type": {
+              "enum": [
+                "managed"
+              ],
+              "title": "ManagedPermissionProfileType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "fileSystem",
+            "network",
+            "type"
+          ],
+          "title": "ManagedPermissionProfile",
+          "type": "object"
+        },
+        {
+          "description": "Do not apply an outer sandbox.",
+          "properties": {
+            "type": {
+              "enum": [
+                "disabled"
+              ],
+              "title": "DisabledPermissionProfileType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "DisabledPermissionProfile",
+          "type": "object"
+        },
+        {
+          "description": "Filesystem isolation is enforced by an external caller.",
+          "properties": {
+            "network": {
+              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
+            },
+            "type": {
+              "enum": [
+                "external"
+              ],
+              "title": "ExternalPermissionProfileType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "network",
+            "type"
+          ],
+          "title": "ExternalPermissionProfile",
+          "type": "object"
+        }
+      ]
+    },
+    "PermissionProfileFileSystemPermissions": {
+      "oneOf": [
+        {
+          "properties": {
+            "entries": {
+              "items": {
+                "$ref": "#/definitions/FileSystemSandboxEntry"
+              },
+              "type": "array"
+            },
+            "globScanMaxDepth": {
+              "format": "uint",
+              "minimum": 1.0,
+              "type": [
+                "integer",
+                "null"
+              ]
+            },
+            "type": {
+              "enum": [
+                "restricted"
+              ],
+              "title": "RestrictedPermissionProfileFileSystemPermissionsType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "entries",
+            "type"
+          ],
+          "title": "RestrictedPermissionProfileFileSystemPermissions",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "unrestricted"
+              ],
+              "title": "UnrestrictedPermissionProfileFileSystemPermissionsType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "UnrestrictedPermissionProfileFileSystemPermissions",
+          "type": "object"
+        }
+      ]
+    },
+    "PermissionProfileNetworkPermissions": {
+      "properties": {
+        "enabled": {
+          "type": "boolean"
+        }
+      },
+      "required": [
+        "enabled"
+      ],
+      "type": "object"
+    },
     "ReasoningEffort": {
       "description": "See https://platform.openai.com/docs/guides/reasoning?api-mode=responses#get-started-with-reasoning",
       "enum": [
@@ -2019,17 +2370,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "type": {
               "enum": [
                 "image"
@@ -2050,17 +2390,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "path": {
               "type": "string"
             },
@@ -2276,7 +2605,7 @@
           "$ref": "#/definitions/SandboxPolicy"
         }
       ],
-      "description": "Legacy sandbox policy retained for compatibility. Experimental clients should prefer `activePermissionProfile` for profile provenance."
+      "description": "Legacy sandbox policy retained for compatibility. Experimental clients should prefer `permissionProfile` when they need exact runtime permissions."
     },
     "serviceTier": {
       "type": [

codex-rs/app-server-protocol/schema/json/v2/ThreadRollbackResponse.json

@@ -448,13 +448,6 @@
       ],
       "type": "object"
     },
-    "ImageDetail": {
-      "enum": [
-        "high",
-        "original"
-      ],
-      "type": "string"
-    },
     "McpToolCallError": {
       "properties": {
         "message": {
@@ -1834,17 +1827,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "type": {
               "enum": [
                 "image"
@@ -1865,17 +1847,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "path": {
               "type": "string"
             },

codex-rs/app-server-protocol/schema/json/v2/ThreadStartParams.json

@@ -90,6 +90,65 @@
       ],
       "type": "object"
     },
+    "PermissionProfileModificationParams": {
+      "oneOf": [
+        {
+          "description": "Additional concrete directory that should be writable.",
+          "properties": {
+            "path": {
+              "$ref": "#/definitions/AbsolutePathBuf"
+            },
+            "type": {
+              "enum": [
+                "additionalWritableRoot"
+              ],
+              "title": "AdditionalWritableRootPermissionProfileModificationParamsType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "path",
+            "type"
+          ],
+          "title": "AdditionalWritableRootPermissionProfileModificationParams",
+          "type": "object"
+        }
+      ]
+    },
+    "PermissionProfileSelectionParams": {
+      "oneOf": [
+        {
+          "description": "Select a named built-in or user-defined profile and optionally apply bounded modifications that Codex knows how to validate.",
+          "properties": {
+            "id": {
+              "type": "string"
+            },
+            "modifications": {
+              "items": {
+                "$ref": "#/definitions/PermissionProfileModificationParams"
+              },
+              "type": [
+                "array",
+                "null"
+              ]
+            },
+            "type": {
+              "enum": [
+                "profile"
+              ],
+              "title": "ProfilePermissionProfileSelectionParamsType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "id",
+            "type"
+          ],
+          "title": "ProfilePermissionProfileSelectionParams",
+          "type": "object"
+        }
+      ]
+    },
     "Personality": {
       "enum": [
         "none",

codex-rs/app-server-protocol/schema/json/v2/ThreadStartResponse.json

@@ -18,6 +18,14 @@
         "id": {
           "description": "Identifier from `default_permissions` or the implicit built-in default, such as `:workspace` or a user-defined `[permissions.<id>]` profile.",
           "type": "string"
+        },
+        "modifications": {
+          "default": [],
+          "description": "Bounded user-requested modifications applied on top of the named profile, if any.",
+          "items": {
+            "$ref": "#/definitions/ActivePermissionProfileModification"
+          },
+          "type": "array"
         }
       },
       "required": [
@@ -25,6 +33,31 @@
       ],
       "type": "object"
     },
+    "ActivePermissionProfileModification": {
+      "oneOf": [
+        {
+          "description": "Additional concrete directory that should be writable.",
+          "properties": {
+            "path": {
+              "$ref": "#/definitions/AbsolutePathBuf"
+            },
+            "type": {
+              "enum": [
+                "additionalWritableRoot"
+              ],
+              "title": "AdditionalWritableRootActivePermissionProfileModificationType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "path",
+            "type"
+          ],
+          "title": "AdditionalWritableRootActivePermissionProfileModification",
+          "type": "object"
+        }
+      ]
+    },
     "AgentPath": {
       "type": "string"
     },
@@ -470,6 +503,202 @@
       ],
       "type": "string"
     },
+    "FileSystemAccessMode": {
+      "enum": [
+        "read",
+        "write",
+        "none"
+      ],
+      "type": "string"
+    },
+    "FileSystemPath": {
+      "oneOf": [
+        {
+          "properties": {
+            "path": {
+              "$ref": "#/definitions/AbsolutePathBuf"
+            },
+            "type": {
+              "enum": [
+                "path"
+              ],
+              "title": "PathFileSystemPathType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "path",
+            "type"
+          ],
+          "title": "PathFileSystemPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "pattern": {
+              "type": "string"
+            },
+            "type": {
+              "enum": [
+                "glob_pattern"
+              ],
+              "title": "GlobPatternFileSystemPathType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "pattern",
+            "type"
+          ],
+          "title": "GlobPatternFileSystemPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "special"
+              ],
+              "title": "SpecialFileSystemPathType",
+              "type": "string"
+            },
+            "value": {
+              "$ref": "#/definitions/FileSystemSpecialPath"
+            }
+          },
+          "required": [
+            "type",
+            "value"
+          ],
+          "title": "SpecialFileSystemPath",
+          "type": "object"
+        }
+      ]
+    },
+    "FileSystemSandboxEntry": {
+      "properties": {
+        "access": {
+          "$ref": "#/definitions/FileSystemAccessMode"
+        },
+        "path": {
+          "$ref": "#/definitions/FileSystemPath"
+        }
+      },
+      "required": [
+        "access",
+        "path"
+      ],
+      "type": "object"
+    },
+    "FileSystemSpecialPath": {
+      "oneOf": [
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "root"
+              ],
+              "type": "string"
+            }
+          },
+          "required": [
+            "kind"
+          ],
+          "title": "RootFileSystemSpecialPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "minimal"
+              ],
+              "type": "string"
+            }
+          },
+          "required": [
+            "kind"
+          ],
+          "title": "MinimalFileSystemSpecialPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "project_roots"
+              ],
+              "type": "string"
+            },
+            "subpath": {
+              "type": [
+                "string",
+                "null"
+              ]
+            }
+          },
+          "required": [
+            "kind"
+          ],
+          "title": "KindFileSystemSpecialPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "tmpdir"
+              ],
+              "type": "string"
+            }
+          },
+          "required": [
+            "kind"
+          ],
+          "title": "TmpdirFileSystemSpecialPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "slash_tmp"
+              ],
+              "type": "string"
+            }
+          },
+          "required": [
+            "kind"
+          ],
+          "title": "SlashTmpFileSystemSpecialPath",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "unknown"
+              ],
+              "type": "string"
+            },
+            "path": {
+              "type": "string"
+            },
+            "subpath": {
+              "type": [
+                "string",
+                "null"
+              ]
+            }
+          },
+          "required": [
+            "kind",
+            "path"
+          ],
+          "type": "object"
+        }
+      ]
+    },
     "FileUpdateChange": {
       "properties": {
         "diff": {
@@ -527,13 +756,6 @@
       ],
       "type": "object"
     },
-    "ImageDetail": {
-      "enum": [
-        "high",
-        "original"
-      ],
-      "type": "string"
-    },
     "McpToolCallError": {
       "properties": {
         "message": {
@@ -715,6 +937,135 @@
         }
       ]
     },
+    "PermissionProfile": {
+      "oneOf": [
+        {
+          "description": "Codex owns sandbox construction for this profile.",
+          "properties": {
+            "fileSystem": {
+              "$ref": "#/definitions/PermissionProfileFileSystemPermissions"
+            },
+            "network": {
+              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
+            },
+            "type": {
+              "enum": [
+                "managed"
+              ],
+              "title": "ManagedPermissionProfileType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "fileSystem",
+            "network",
+            "type"
+          ],
+          "title": "ManagedPermissionProfile",
+          "type": "object"
+        },
+        {
+          "description": "Do not apply an outer sandbox.",
+          "properties": {
+            "type": {
+              "enum": [
+                "disabled"
+              ],
+              "title": "DisabledPermissionProfileType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "DisabledPermissionProfile",
+          "type": "object"
+        },
+        {
+          "description": "Filesystem isolation is enforced by an external caller.",
+          "properties": {
+            "network": {
+              "$ref": "#/definitions/PermissionProfileNetworkPermissions"
+            },
+            "type": {
+              "enum": [
+                "external"
+              ],
+              "title": "ExternalPermissionProfileType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "network",
+            "type"
+          ],
+          "title": "ExternalPermissionProfile",
+          "type": "object"
+        }
+      ]
+    },
+    "PermissionProfileFileSystemPermissions": {
+      "oneOf": [
+        {
+          "properties": {
+            "entries": {
+              "items": {
+                "$ref": "#/definitions/FileSystemSandboxEntry"
+              },
+              "type": "array"
+            },
+            "globScanMaxDepth": {
+              "format": "uint",
+              "minimum": 1.0,
+              "type": [
+                "integer",
+                "null"
+              ]
+            },
+            "type": {
+              "enum": [
+                "restricted"
+              ],
+              "title": "RestrictedPermissionProfileFileSystemPermissionsType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "entries",
+            "type"
+          ],
+          "title": "RestrictedPermissionProfileFileSystemPermissions",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "unrestricted"
+              ],
+              "title": "UnrestrictedPermissionProfileFileSystemPermissionsType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "UnrestrictedPermissionProfileFileSystemPermissions",
+          "type": "object"
+        }
+      ]
+    },
+    "PermissionProfileNetworkPermissions": {
+      "properties": {
+        "enabled": {
+          "type": "boolean"
+        }
+      },
+      "required": [
+        "enabled"
+      ],
+      "type": "object"
+    },
     "ReasoningEffort": {
       "description": "See https://platform.openai.com/docs/guides/reasoning?api-mode=responses#get-started-with-reasoning",
       "enum": [
@@ -2019,17 +2370,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "type": {
               "enum": [
                 "image"
@@ -2050,17 +2390,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "path": {
               "type": "string"
             },
@@ -2276,7 +2605,7 @@
           "$ref": "#/definitions/SandboxPolicy"
         }
       ],
-      "description": "Legacy sandbox policy retained for compatibility. Experimental clients should prefer `activePermissionProfile` for profile provenance."
+      "description": "Legacy sandbox policy retained for compatibility. Experimental clients should prefer `permissionProfile` when they need exact runtime permissions."
     },
     "serviceTier": {
       "type": [

codex-rs/app-server-protocol/schema/json/v2/ThreadStartedNotification.json

@@ -448,13 +448,6 @@
       ],
       "type": "object"
     },
-    "ImageDetail": {
-      "enum": [
-        "high",
-        "original"
-      ],
-      "type": "string"
-    },
     "McpToolCallError": {
       "properties": {
         "message": {
@@ -1834,17 +1827,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "type": {
               "enum": [
                 "image"
@@ -1865,17 +1847,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "path": {
               "type": "string"
             },

codex-rs/app-server-protocol/schema/json/v2/ThreadUnarchiveResponse.json

@@ -448,13 +448,6 @@
       ],
       "type": "object"
     },
-    "ImageDetail": {
-      "enum": [
-        "high",
-        "original"
-      ],
-      "type": "string"
-    },
     "McpToolCallError": {
       "properties": {
         "message": {
@@ -1834,17 +1827,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "type": {
               "enum": [
                 "image"
@@ -1865,17 +1847,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "path": {
               "type": "string"
             },

codex-rs/app-server-protocol/schema/json/v2/TurnCompletedNotification.json

@@ -422,13 +422,6 @@
       ],
       "type": "object"
     },
-    "ImageDetail": {
-      "enum": [
-        "high",
-        "original"
-      ],
-      "type": "string"
-    },
     "McpToolCallError": {
       "properties": {
         "message": {
@@ -1459,17 +1452,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "type": {
               "enum": [
                 "image"
@@ -1490,17 +1472,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "path": {
               "type": "string"
             },

codex-rs/app-server-protocol/schema/json/v2/TurnStartParams.json

@@ -99,13 +99,6 @@
       ],
       "type": "object"
     },
-    "ImageDetail": {
-      "enum": [
-        "high",
-        "original"
-      ],
-      "type": "string"
-    },
     "ModeKind": {
       "description": "Initial collaboration mode to use when the TUI starts.",
       "enum": [
@@ -121,6 +114,65 @@
       ],
       "type": "string"
     },
+    "PermissionProfileModificationParams": {
+      "oneOf": [
+        {
+          "description": "Additional concrete directory that should be writable.",
+          "properties": {
+            "path": {
+              "$ref": "#/definitions/AbsolutePathBuf"
+            },
+            "type": {
+              "enum": [
+                "additionalWritableRoot"
+              ],
+              "title": "AdditionalWritableRootPermissionProfileModificationParamsType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "path",
+            "type"
+          ],
+          "title": "AdditionalWritableRootPermissionProfileModificationParams",
+          "type": "object"
+        }
+      ]
+    },
+    "PermissionProfileSelectionParams": {
+      "oneOf": [
+        {
+          "description": "Select a named built-in or user-defined profile and optionally apply bounded modifications that Codex knows how to validate.",
+          "properties": {
+            "id": {
+              "type": "string"
+            },
+            "modifications": {
+              "items": {
+                "$ref": "#/definitions/PermissionProfileModificationParams"
+              },
+              "type": [
+                "array",
+                "null"
+              ]
+            },
+            "type": {
+              "enum": [
+                "profile"
+              ],
+              "title": "ProfilePermissionProfileSelectionParamsType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "id",
+            "type"
+          ],
+          "title": "ProfilePermissionProfileSelectionParams",
+          "type": "object"
+        }
+      ]
+    },
     "Personality": {
       "enum": [
         "none",
@@ -358,17 +410,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "type": {
               "enum": [
                 "image"
@@ -389,17 +430,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "path": {
               "type": "string"
             },

codex-rs/app-server-protocol/schema/json/v2/TurnStartResponse.json

@@ -422,13 +422,6 @@
       ],
       "type": "object"
     },
-    "ImageDetail": {
-      "enum": [
-        "high",
-        "original"
-      ],
-      "type": "string"
-    },
     "McpToolCallError": {
       "properties": {
         "message": {
@@ -1459,17 +1452,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "type": {
               "enum": [
                 "image"
@@ -1490,17 +1472,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "path": {
               "type": "string"
             },

codex-rs/app-server-protocol/schema/json/v2/TurnStartedNotification.json

@@ -422,13 +422,6 @@
       ],
       "type": "object"
     },
-    "ImageDetail": {
-      "enum": [
-        "high",
-        "original"
-      ],
-      "type": "string"
-    },
     "McpToolCallError": {
       "properties": {
         "message": {
@@ -1459,17 +1452,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "type": {
               "enum": [
                 "image"
@@ -1490,17 +1472,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "path": {
               "type": "string"
             },

codex-rs/app-server-protocol/schema/json/v2/TurnSteerParams.json

@@ -20,13 +20,6 @@
       ],
       "type": "object"
     },
-    "ImageDetail": {
-      "enum": [
-        "high",
-        "original"
-      ],
-      "type": "string"
-    },
     "TextElement": {
       "properties": {
         "byteRange": {
@@ -82,17 +75,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "type": {
               "enum": [
                 "image"
@@ -113,17 +95,6 @@
         },
         {
           "properties": {
-            "detail": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ImageDetail"
-                },
-                {
-                  "type": "null"
-                }
-              ],
-              "default": null
-            },
             "path": {
               "type": "string"
             },

codex-rs/app-server-protocol/schema/typescript/ImageDetail.ts

@@ -2,4 +2,4 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type ImageDetail = "high" | "original";
+export type ImageDetail = "auto" | "low" | "high" | "original";

codex-rs/app-server-protocol/schema/typescript/ResponseItem.ts

@@ -14,4 +14,4 @@ export type ResponseItem = { "type": "message", role: string, content: Array<Con
 /**
  * Set when using the Responses API.
  */
-call_id: string | null, status: LocalShellStatus, action: LocalShellAction, } | { "type": "function_call", name: string, namespace?: string, arguments: string, call_id: string, } | { "type": "tool_search_call", call_id: string | null, status?: string, execution: string, arguments: unknown, } | { "type": "function_call_output", call_id: string, output: FunctionCallOutputBody, } | { "type": "custom_tool_call", status?: string, call_id: string, name: string, input: string, } | { "type": "custom_tool_call_output", call_id: string, name?: string, output: FunctionCallOutputBody, } | { "type": "tool_search_output", call_id: string | null, status: string, execution: string, tools: unknown[], } | { "type": "web_search_call", status?: string, action?: WebSearchAction, } | { "type": "image_generation_call", id: string, status: string, revised_prompt?: string, result: string, } | { "type": "compaction", encrypted_content: string, } | { "type": "compaction_trigger" } | { "type": "context_compaction", encrypted_content?: string, } | { "type": "other" };
+call_id: string | null, status: LocalShellStatus, action: LocalShellAction, } | { "type": "function_call", name: string, namespace?: string, arguments: string, call_id: string, } | { "type": "tool_search_call", call_id: string | null, status?: string, execution: string, arguments: unknown, } | { "type": "function_call_output", call_id: string, output: FunctionCallOutputBody, } | { "type": "custom_tool_call", status?: string, call_id: string, name: string, input: string, } | { "type": "custom_tool_call_output", call_id: string, name?: string, output: FunctionCallOutputBody, } | { "type": "tool_search_output", call_id: string | null, status: string, execution: string, tools: unknown[], } | { "type": "web_search_call", status?: string, action?: WebSearchAction, } | { "type": "image_generation_call", id: string, status: string, revised_prompt?: string, result: string, } | { "type": "compaction", encrypted_content: string, } | { "type": "context_compaction", encrypted_content?: string, } | { "type": "other" };

codex-rs/app-server-protocol/schema/typescript/v2/ActivePermissionProfile.ts

@@ -1,6 +1,7 @@
 // GENERATED CODE! DO NOT MODIFY BY HAND!
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { ActivePermissionProfileModification } from "./ActivePermissionProfileModification";
 
 export type ActivePermissionProfile = {
 /**
@@ -12,4 +13,9 @@ id: string,
  * Parent profile identifier once permissions profiles support
  * inheritance. This is currently always `null`.
  */
-extends: string | null, };
+extends: string | null,
+/**
+ * Bounded user-requested modifications applied on top of the named
+ * profile, if any.
+ */
+modifications: Array<ActivePermissionProfileModification>, };

codex-rs/app-server-protocol/schema/typescript/v2/ActivePermissionProfileModification.ts

@@ -0,0 +1,6 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { AbsolutePathBuf } from "../AbsolutePathBuf";
+
+export type ActivePermissionProfileModification = { "type": "additionalWritableRoot", path: AbsolutePathBuf, };

codex-rs/app-server-protocol/schema/typescript/v2/Config.ts

@@ -10,7 +10,6 @@ import type { JsonValue } from "../serde_json/JsonValue";
 import type { AnalyticsConfig } from "./AnalyticsConfig";
 import type { ApprovalsReviewer } from "./ApprovalsReviewer";
 import type { AskForApproval } from "./AskForApproval";
-import type { ForcedChatgptWorkspaceIds } from "./ForcedChatgptWorkspaceIds";
 import type { ProfileV2 } from "./ProfileV2";
 import type { SandboxMode } from "./SandboxMode";
 import type { SandboxWorkspaceWrite } from "./SandboxWorkspaceWrite";
@@ -20,4 +19,4 @@ export type Config = {model: string | null, review_model: string | null, model_c
  * [UNSTABLE] Optional default for where approval requests are routed for
  * review.
  */
-approvals_reviewer: ApprovalsReviewer | null, sandbox_mode: SandboxMode | null, sandbox_workspace_write: SandboxWorkspaceWrite | null, forced_chatgpt_workspace_id: ForcedChatgptWorkspaceIds | null, forced_login_method: ForcedLoginMethod | null, web_search: WebSearchMode | null, tools: ToolsV2 | null, profile: string | null, profiles: { [key in string]?: ProfileV2 }, instructions: string | null, developer_instructions: string | null, compact_prompt: string | null, model_reasoning_effort: ReasoningEffort | null, model_reasoning_summary: ReasoningSummary | null, model_verbosity: Verbosity | null, service_tier: string | null, analytics: AnalyticsConfig | null, desktop: { [key in string]?: JsonValue } | null} & ({ [key in string]?: number | string | boolean | Array<JsonValue> | { [key in string]?: JsonValue } | null });
+approvals_reviewer: ApprovalsReviewer | null, sandbox_mode: SandboxMode | null, sandbox_workspace_write: SandboxWorkspaceWrite | null, forced_chatgpt_workspace_id: string | null, forced_login_method: ForcedLoginMethod | null, web_search: WebSearchMode | null, tools: ToolsV2 | null, profile: string | null, profiles: { [key in string]?: ProfileV2 }, instructions: string | null, developer_instructions: string | null, compact_prompt: string | null, model_reasoning_effort: ReasoningEffort | null, model_reasoning_summary: ReasoningSummary | null, model_verbosity: Verbosity | null, service_tier: string | null, analytics: AnalyticsConfig | null} & ({ [key in string]?: number | string | boolean | Array<JsonValue> | { [key in string]?: JsonValue } | null });

codex-rs/app-server-protocol/schema/typescript/v2/ConfigLayerSource.ts

@@ -13,9 +13,4 @@ file: AbsolutePathBuf, } | { "type": "user",
  * This is the path to the user's config.toml file, though it is not
  * guaranteed to exist.
  */
-file: AbsolutePathBuf,
-/**
- * Name of the selected profile-v2 config layered on top of the base
- * user config, when this layer represents one.
- */
-profile: string | null, } | { "type": "project", dotCodexFolder: AbsolutePathBuf, } | { "type": "sessionFlags" } | { "type": "legacyManagedConfigTomlFromFile", file: AbsolutePathBuf, } | { "type": "legacyManagedConfigTomlFromMdm" };
+file: AbsolutePathBuf, } | { "type": "project", dotCodexFolder: AbsolutePathBuf, } | { "type": "sessionFlags" } | { "type": "legacyManagedConfigTomlFromFile", file: AbsolutePathBuf, } | { "type": "legacyManagedConfigTomlFromMdm" };

codex-rs/app-server-protocol/schema/typescript/v2/ConfigRequirements.ts

@@ -6,4 +6,4 @@ import type { AskForApproval } from "./AskForApproval";
 import type { ResidencyRequirement } from "./ResidencyRequirement";
 import type { SandboxMode } from "./SandboxMode";
 
-export type ConfigRequirements = {allowedApprovalPolicies: Array<AskForApproval> | null, allowedSandboxModes: Array<SandboxMode> | null, allowedWebSearchModes: Array<WebSearchMode> | null, allowManagedHooksOnly: boolean | null, featureRequirements: { [key in string]?: boolean } | null, enforceResidency: ResidencyRequirement | null};
+export type ConfigRequirements = {allowedApprovalPolicies: Array<AskForApproval> | null, allowedSandboxModes: Array<SandboxMode> | null, allowedWebSearchModes: Array<WebSearchMode> | null, featureRequirements: { [key in string]?: boolean } | null, enforceResidency: ResidencyRequirement | null};

codex-rs/app-server-protocol/schema/typescript/v2/ConfiguredHookHandler.ts

@@ -2,4 +2,4 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type ConfiguredHookHandler = { "type": "command", command: string, commandWindows: string | null, timeoutSec: bigint | null, async: boolean, statusMessage: string | null, } | { "type": "prompt", } | { "type": "agent", };
+export type ConfiguredHookHandler = { "type": "command", command: string, timeoutSec: bigint | null, async: boolean, statusMessage: string | null, } | { "type": "prompt", } | { "type": "agent", };

codex-rs/app-server-protocol/schema/typescript/v2/ExperimentalFeatureListParams.ts

@@ -10,10 +10,4 @@ cursor?: string | null,
 /**
  * Optional page size; defaults to a reasonable server-side value.
  */
-limit?: number | null,
-/**
- * Optional loaded thread id. Pass this when showing feature state for an
- * existing thread so enablement is computed from that thread's refreshed
- * config, including project-local config for the thread's cwd.
- */
-threadId?: string | null, };
+limit?: number | null, };

codex-rs/app-server-protocol/schema/typescript/v2/ForcedChatgptWorkspaceIds.ts

@@ -1,8 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-
-/**
- * Backward-compatible API shape for ChatGPT workspace login restrictions.
- */
-export type ForcedChatgptWorkspaceIds = string | Array<string>;

codex-rs/app-server-protocol/schema/typescript/v2/PermissionProfile.ts

@@ -0,0 +1,7 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { PermissionProfileFileSystemPermissions } from "./PermissionProfileFileSystemPermissions";
+import type { PermissionProfileNetworkPermissions } from "./PermissionProfileNetworkPermissions";
+
+export type PermissionProfile = { "type": "managed", network: PermissionProfileNetworkPermissions, fileSystem: PermissionProfileFileSystemPermissions, } | { "type": "disabled" } | { "type": "external", network: PermissionProfileNetworkPermissions, };

codex-rs/app-server-protocol/schema/typescript/v2/PermissionProfileFileSystemPermissions.ts

@@ -0,0 +1,6 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { FileSystemSandboxEntry } from "./FileSystemSandboxEntry";
+
+export type PermissionProfileFileSystemPermissions = { "type": "restricted", entries: Array<FileSystemSandboxEntry>, globScanMaxDepth?: number, } | { "type": "unrestricted" };

codex-rs/app-server-protocol/schema/typescript/v2/PermissionProfileModificationParams.ts

@@ -0,0 +1,6 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { AbsolutePathBuf } from "../AbsolutePathBuf";
+
+export type PermissionProfileModificationParams = { "type": "additionalWritableRoot", path: AbsolutePathBuf, };

codex-rs/app-server-protocol/schema/typescript/v2/PermissionProfileNetworkPermissions.ts

@@ -2,4 +2,4 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type PluginShareCheckoutParams = { remotePluginId: string, };
+export type PermissionProfileNetworkPermissions = { enabled: boolean, };

codex-rs/app-server-protocol/schema/typescript/v2/PermissionProfileSelectionParams.ts

@@ -0,0 +1,6 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { PermissionProfileModificationParams } from "./PermissionProfileModificationParams";
+
+export type PermissionProfileSelectionParams = { "type": "profile", id: string, modifications?: Array<PermissionProfileModificationParams> | null, };

codex-rs/app-server-protocol/schema/typescript/v2/PluginInstalledParams.ts

@@ -1,15 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { AbsolutePathBuf } from "../AbsolutePathBuf";
-
-export type PluginInstalledParams = {
-/**
- * Optional working directories used to discover repo marketplaces.
- */
-cwds?: Array<AbsolutePathBuf> | null,
-/**
- * Additional uninstalled plugin names that should be returned when present locally.
- * This is used by mention surfaces that intentionally expose install entrypoints.
- */
-installSuggestionPluginNames?: Array<string> | null, };

codex-rs/app-server-protocol/schema/typescript/v2/PluginInstalledResponse.ts

@@ -1,7 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { MarketplaceLoadErrorInfo } from "./MarketplaceLoadErrorInfo";
-import type { PluginMarketplaceEntry } from "./PluginMarketplaceEntry";
-
-export type PluginInstalledResponse = { marketplaces: Array<PluginMarketplaceEntry>, marketplaceLoadErrors: Array<MarketplaceLoadErrorInfo>, };

codex-rs/app-server-protocol/schema/typescript/v2/PluginShareCheckoutResponse.ts

@@ -1,6 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { AbsolutePathBuf } from "../AbsolutePathBuf";
-
-export type PluginShareCheckoutResponse = { remotePluginId: string, pluginId: string, pluginName: string, pluginPath: AbsolutePathBuf, marketplaceName: string, marketplacePath: AbsolutePathBuf, remoteVersion: string | null, };

codex-rs/app-server-protocol/schema/typescript/v2/PluginShareContext.ts

@@ -4,8 +4,4 @@
 import type { PluginShareDiscoverability } from "./PluginShareDiscoverability";
 import type { PluginSharePrincipal } from "./PluginSharePrincipal";
 
-export type PluginShareContext = { remotePluginId: string,
-/**
- * Version of the remote shared plugin release when available.
- */
-remoteVersion: string | null, discoverability: PluginShareDiscoverability | null, shareUrl: string | null, creatorAccountUserId: string | null, creatorName: string | null, sharePrincipals: Array<PluginSharePrincipal> | null, };
+export type PluginShareContext = { remotePluginId: string, discoverability: PluginShareDiscoverability | null, shareUrl: string | null, creatorAccountUserId: string | null, creatorName: string | null, sharePrincipals: Array<PluginSharePrincipal> | null, };

codex-rs/app-server-protocol/schema/typescript/v2/PluginSummary.ts

@@ -8,15 +8,7 @@ import type { PluginInterface } from "./PluginInterface";
 import type { PluginShareContext } from "./PluginShareContext";
 import type { PluginSource } from "./PluginSource";
 
-export type PluginSummary = { id: string,
-/**
- * Backend remote plugin identifier when available.
- */
-remotePluginId: string | null,
-/**
- * Version of the locally materialized plugin package when available.
- */
-localVersion: string | null, name: string,
+export type PluginSummary = { id: string, name: string,
 /**
  * Remote sharing context associated with this plugin when available.
  */