Escape remembered session titles in history

Load source rollouts, extract visible conversation, persist a hidden remembered-context packet, and expose the v2 thread/remember RPC for UI integration.

Co-authored-by: Codex <noreply@openai.com>

.devcontainer/Dockerfile.secure

@@ -1,74 +0,0 @@
-FROM mcr.microsoft.com/devcontainers/base:ubuntu-24.04
-
-ARG TZ
-ARG DEBIAN_FRONTEND=noninteractive
-ARG NODE_MAJOR=22
-ARG RUST_TOOLCHAIN=1.92.0
-ARG CODEX_NPM_VERSION=latest
-
-ENV TZ="$TZ"
-
-SHELL ["/bin/bash", "-o", "pipefail", "-c"]
-
-# Devcontainers run as a non-root user, so enable bubblewrap's setuid mode.
-RUN apt-get update \
-    && apt-get install -y --no-install-recommends \
-        build-essential \
-        curl \
-        git \
-        ca-certificates \
-        pkg-config \
-        clang \
-        musl-tools \
-        libssl-dev \
-        libsqlite3-dev \
-        just \
-        python3 \
-        python3-pip \
-        jq \
-        less \
-        man-db \
-        unzip \
-        ripgrep \
-        fzf \
-        fd-find \
-        zsh \
-        dnsutils \
-        iproute2 \
-        ipset \
-        iptables \
-        aggregate \
-        bubblewrap \
-    && chmod u+s /usr/bin/bwrap \
-    && apt-get clean \
-    && rm -rf /var/lib/apt/lists/*
-
-RUN curl -fsSL "https://deb.nodesource.com/setup_${NODE_MAJOR}.x" | bash - \
-    && apt-get update \
-    && apt-get install -y --no-install-recommends nodejs \
-    && npm install -g corepack@latest "@openai/codex@${CODEX_NPM_VERSION}" \
-    && corepack enable \
-    && corepack prepare pnpm@10.28.2 --activate \
-    && apt-get clean \
-    && rm -rf /var/lib/apt/lists/*
-
-COPY .devcontainer/init-firewall.sh /usr/local/bin/init-firewall.sh
-COPY .devcontainer/post_install.py /opt/post_install.py
-COPY .devcontainer/post-start.sh /opt/post_start.sh
-
-RUN chmod 500 /usr/local/bin/init-firewall.sh \
-    && chmod 755 /opt/post_start.sh \
-    && chmod 644 /opt/post_install.py \
-    && chown vscode:vscode /opt/post_install.py
-
-RUN install -d -m 0775 -o vscode -g vscode /commandhistory /workspace \
-    && touch /commandhistory/.bash_history /commandhistory/.zsh_history \
-    && chown vscode:vscode /commandhistory/.bash_history /commandhistory/.zsh_history
-
-USER vscode
-ENV PATH="/home/vscode/.cargo/bin:${PATH}"
-WORKDIR /workspace
-
-RUN curl -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal --default-toolchain "${RUST_TOOLCHAIN}" \
-    && rustup component add clippy rustfmt rust-src \
-    && rustup target add x86_64-unknown-linux-musl aarch64-unknown-linux-musl

.devcontainer/README.md

@@ -1,38 +1,10 @@
 # Containerized Development
 
-We provide two container paths:
-
-- `devcontainer.json` keeps the existing Codex contributor setup for working on this repository.
-- `devcontainer.secure.json` adds a customer-oriented profile with stricter outbound network controls.
-
-## Codex contributor profile
-
-Use `devcontainer.json` when you are developing Codex itself. This is the same lightweight arm64 container that already exists in the repo.
-
-## Secure customer profile
-
-Use `devcontainer.secure.json` when you want a stricter runtime profile for running Codex inside a project container:
-
-- installs the Codex CLI plus common build tools
-- installs bubblewrap in setuid mode for Codex's Linux sandbox
-- disables Docker's outer seccomp and AppArmor profiles so bubblewrap can construct Codex's inner sandbox
-- enables firewall startup with an allowlist-driven outbound policy
-- blocks IPv6 by default so the allowlist cannot be bypassed over AAAA routes
-- requires `NET_ADMIN` and `NET_RAW` so the firewall can be installed at startup
-
-This profile keeps the stricter networking isolated to the customer path instead of changing the default Codex contributor container.
-
-Start it from the CLI with:
-
-```bash
-devcontainer up --workspace-folder . --config .devcontainer/devcontainer.secure.json
-```
-
-In VS Code, choose **Dev Containers: Open Folder in Container...** and select `.devcontainer/devcontainer.secure.json`.
+We provide the following options to facilitate Codex development in a container. This is particularly useful for verifying the Linux build when working on a macOS host.
 
 ## Docker
 
-To build the contributor image locally for x64 and then run it with the repo mounted under `/workspace`:
+To build the Docker image locally for x64 and then run it with the repo mounted under `/workspace`:
 
 ```shell
 CODEX_DOCKER_IMAGE_NAME=codex-linux-dev
@@ -42,8 +14,17 @@ docker run --platform=linux/amd64 --rm -it -e CARGO_TARGET_DIR=/workspace/codex-
 
 Note that `/workspace/target` will contain the binaries built for your host platform, so we include `-e CARGO_TARGET_DIR=/workspace/codex-rs/target-amd64` in the `docker run` command so that the binaries built inside your container are written to a separate directory.
 
-For arm64, specify `--platform=linux/arm64` instead for both `docker build` and `docker run`.
+For arm64, specify `--platform=linux/amd64` instead for both `docker build` and `docker run`.
 
-Currently, the contributor `Dockerfile` works for both x64 and arm64 Linux, though you need to run `rustup target add x86_64-unknown-linux-musl` yourself to install the musl toolchain for x64.
+Currently, the `Dockerfile` works for both x64 and arm64 Linux, though you need to run `rustup target add x86_64-unknown-linux-musl` yourself to install the musl toolchain for x64.
 
-The secure profile's capability, seccomp, and AppArmor options are required when you want Codex's bubblewrap sandbox to run inside Docker as the non-root devcontainer user. Without them, Docker's default runtime profile can block bubblewrap's namespace setup before Codex's own seccomp filter is installed. This keeps the Docker relaxation explicit in the profile that is meant to run Codex inside a project container, while the default contributor profile stays lightweight.
+## VS Code
+
+VS Code recognizes the `devcontainer.json` file and gives you the option to develop Codex in a container. Currently, `devcontainer.json` builds and runs the `arm64` flavor of the container.
+
+From the integrated terminal in VS Code, you can build either flavor of the `arm64` build (GNU or musl):
+
+```shell
+cargo build --target aarch64-unknown-linux-musl
+cargo build --target aarch64-unknown-linux-gnu
+```

.devcontainer/devcontainer.secure.json

@@ -1,83 +0,0 @@
-{
-  "$schema": "https://raw.githubusercontent.com/devcontainers/spec/main/schemas/devContainer.schema.json",
-  "name": "Codex (Secure)",
-  "build": {
-    "dockerfile": "Dockerfile.secure",
-    "context": "..",
-    "args": {
-      "TZ": "${localEnv:TZ:UTC}",
-      "NODE_MAJOR": "22",
-      "RUST_TOOLCHAIN": "1.92.0",
-      "CODEX_NPM_VERSION": "latest"
-    }
-  },
-  "runArgs": [
-    "--cap-add=SYS_ADMIN",
-    "--cap-add=SYS_CHROOT",
-    "--cap-add=SETUID",
-    "--cap-add=SETGID",
-    "--cap-add=SYS_PTRACE",
-    "--security-opt=seccomp=unconfined",
-    "--security-opt=apparmor=unconfined",
-    "--cap-add=NET_ADMIN",
-    "--cap-add=NET_RAW"
-  ],
-  "init": true,
-  "updateRemoteUserUID": true,
-  "remoteUser": "vscode",
-  "workspaceMount": "source=${localWorkspaceFolder},target=/workspace,type=bind,consistency=delegated",
-  "workspaceFolder": "/workspace",
-  "mounts": [
-    "source=codex-commandhistory-${devcontainerId},target=/commandhistory,type=volume",
-    "source=codex-home-${devcontainerId},target=/home/vscode/.codex,type=volume",
-    "source=codex-gh-${devcontainerId},target=/home/vscode/.config/gh,type=volume",
-    "source=codex-cargo-registry-${devcontainerId},target=/home/vscode/.cargo/registry,type=volume",
-    "source=codex-cargo-git-${devcontainerId},target=/home/vscode/.cargo/git,type=volume",
-    "source=codex-rustup-${devcontainerId},target=/home/vscode/.rustup,type=volume",
-    "source=${localEnv:HOME}/.gitconfig,target=/home/vscode/.gitconfig,type=bind,readonly"
-  ],
-  "containerEnv": {
-    "RUST_BACKTRACE": "1",
-    "CODEX_UNSAFE_ALLOW_NO_SANDBOX": "1",
-    "CODEX_ENABLE_FIREWALL": "1",
-    "CODEX_INCLUDE_GITHUB_META_RANGES": "1",
-    "OPENAI_ALLOWED_DOMAINS": "api.openai.com auth.openai.com github.com api.github.com codeload.github.com raw.githubusercontent.com objects.githubusercontent.com crates.io index.crates.io static.crates.io static.rust-lang.org registry.npmjs.org pypi.org files.pythonhosted.org",
-    "CARGO_TARGET_DIR": "/workspace/.cache/cargo-target",
-    "GIT_CONFIG_GLOBAL": "/home/vscode/.gitconfig.local",
-    "COREPACK_ENABLE_DOWNLOAD_PROMPT": "0",
-    "PYTHONDONTWRITEBYTECODE": "1",
-    "PIP_DISABLE_PIP_VERSION_CHECK": "1"
-  },
-  "remoteEnv": {
-    "OPENAI_API_KEY": "${localEnv:OPENAI_API_KEY}"
-  },
-  "postCreateCommand": "python3 /opt/post_install.py",
-  "postStartCommand": "bash /opt/post_start.sh",
-  "waitFor": "postStartCommand",
-  "customizations": {
-    "vscode": {
-      "settings": {
-        "terminal.integrated.defaultProfile.linux": "zsh",
-        "terminal.integrated.profiles.linux": {
-          "bash": {
-            "path": "bash",
-            "icon": "terminal-bash"
-          },
-          "zsh": {
-            "path": "zsh"
-          }
-        },
-        "files.trimTrailingWhitespace": true,
-        "files.insertFinalNewline": true,
-        "files.trimFinalNewlines": true
-      },
-      "extensions": [
-        "openai.chatgpt",
-        "rust-lang.rust-analyzer",
-        "tamasfe.even-better-toml",
-        "vadimcn.vscode-lldb",
-        "ms-azuretools.vscode-docker"
-      ]
-    }
-  }
-}

.devcontainer/init-firewall.sh

@@ -1,170 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-IFS=$'\n\t'
-
-allowed_domains_file="/etc/codex/allowed_domains.txt"
-include_github_meta_ranges="${CODEX_INCLUDE_GITHUB_META_RANGES:-1}"
-
-if [ -f "$allowed_domains_file" ]; then
-  mapfile -t allowed_domains < <(sed '/^\s*#/d;/^\s*$/d' "$allowed_domains_file")
-else
-  allowed_domains=("api.openai.com")
-fi
-
-if [ "${#allowed_domains[@]}" -eq 0 ]; then
-  echo "ERROR: No allowed domains configured"
-  exit 1
-fi
-
-add_ipv4_cidr_to_allowlist() {
-  local source="$1"
-  local cidr="$2"
-
-  if [[ ! "$cidr" =~ ^[0-9]{1,3}(\.[0-9]{1,3}){3}/[0-9]{1,2}$ ]]; then
-    echo "ERROR: Invalid ${source} CIDR range: $cidr"
-    exit 1
-  fi
-
-  ipset add allowed-domains "$cidr" -exist
-}
-
-configure_ipv6_default_deny() {
-  if ! command -v ip6tables >/dev/null 2>&1; then
-    echo "ERROR: ip6tables is required to enforce IPv6 default-deny policy"
-    exit 1
-  fi
-
-  ip6tables -F
-  ip6tables -X
-  ip6tables -t mangle -F
-  ip6tables -t mangle -X
-  ip6tables -t nat -F 2>/dev/null || true
-  ip6tables -t nat -X 2>/dev/null || true
-
-  ip6tables -A INPUT -i lo -j ACCEPT
-  ip6tables -A OUTPUT -o lo -j ACCEPT
-  ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-  ip6tables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-
-  ip6tables -P INPUT DROP
-  ip6tables -P FORWARD DROP
-  ip6tables -P OUTPUT DROP
-
-  echo "IPv6 firewall policy configured (default-deny)"
-}
-
-# Preserve docker-managed DNS NAT rules before clearing tables.
-docker_dns_rules="$(iptables-save -t nat | grep "127\\.0\\.0\\.11" || true)"
-
-iptables -F
-iptables -X
-iptables -t nat -F
-iptables -t nat -X
-iptables -t mangle -F
-iptables -t mangle -X
-ipset destroy allowed-domains 2>/dev/null || true
-
-if [ -n "$docker_dns_rules" ]; then
-  echo "Restoring Docker DNS NAT rules"
-  iptables -t nat -N DOCKER_OUTPUT 2>/dev/null || true
-  iptables -t nat -N DOCKER_POSTROUTING 2>/dev/null || true
-  while IFS= read -r rule; do
-    [ -z "$rule" ] && continue
-    iptables -t nat $rule
-  done <<< "$docker_dns_rules"
-fi
-
-# Allow DNS resolution and localhost communication.
-iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
-iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
-iptables -A INPUT -p udp --sport 53 -j ACCEPT
-iptables -A INPUT -p tcp --sport 53 -j ACCEPT
-iptables -A INPUT -i lo -j ACCEPT
-iptables -A OUTPUT -o lo -j ACCEPT
-
-ipset create allowed-domains hash:net
-
-for domain in "${allowed_domains[@]}"; do
-  echo "Resolving $domain"
-  ips="$(dig +short A "$domain" | sed '/^\s*$/d')"
-  if [ -z "$ips" ]; then
-    echo "ERROR: Failed to resolve $domain"
-    exit 1
-  fi
-
-  while IFS= read -r ip; do
-    if [[ ! "$ip" =~ ^[0-9]{1,3}(\.[0-9]{1,3}){3}$ ]]; then
-      echo "ERROR: Invalid IPv4 address from DNS for $domain: $ip"
-      exit 1
-    fi
-    ipset add allowed-domains "$ip" -exist
-  done <<< "$ips"
-done
-
-if [ "$include_github_meta_ranges" = "1" ]; then
-  echo "Fetching GitHub meta ranges"
-  github_meta="$(curl -fsSL --connect-timeout 10 https://api.github.com/meta)"
-
-  if ! echo "$github_meta" | jq -e '.web and .api and .git' >/dev/null; then
-    echo "ERROR: GitHub meta response missing expected fields"
-    exit 1
-  fi
-
-  while IFS= read -r cidr; do
-    [ -z "$cidr" ] && continue
-    if [[ "$cidr" == *:* ]]; then
-      # Current policy enforces IPv4-only ipset entries.
-      continue
-    fi
-    add_ipv4_cidr_to_allowlist "GitHub" "$cidr"
-  done < <(echo "$github_meta" | jq -r '((.web // []) + (.api // []) + (.git // []))[]' | sort -u)
-fi
-
-host_ip="$(ip route | awk '/default/ {print $3; exit}')"
-if [ -z "$host_ip" ]; then
-  echo "ERROR: Failed to detect host IP"
-  exit 1
-fi
-
-host_network="$(echo "$host_ip" | sed 's/\.[0-9]*$/.0\/24/')"
-iptables -A INPUT -s "$host_network" -j ACCEPT
-iptables -A OUTPUT -d "$host_network" -j ACCEPT
-
-iptables -P INPUT DROP
-iptables -P FORWARD DROP
-iptables -P OUTPUT DROP
-
-iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-iptables -A OUTPUT -m set --match-set allowed-domains dst -j ACCEPT
-
-# Reject rather than silently drop to make policy failures obvious.
-iptables -A INPUT -j REJECT --reject-with icmp-admin-prohibited
-iptables -A OUTPUT -j REJECT --reject-with icmp-admin-prohibited
-iptables -A FORWARD -j REJECT --reject-with icmp-admin-prohibited
-
-configure_ipv6_default_deny
-
-echo "Firewall configuration complete"
-
-if curl --connect-timeout 5 https://example.com >/dev/null 2>&1; then
-  echo "ERROR: Firewall verification failed - was able to reach https://example.com"
-  exit 1
-fi
-
-if ! curl --connect-timeout 5 https://api.openai.com >/dev/null 2>&1; then
-  echo "ERROR: Firewall verification failed - unable to reach https://api.openai.com"
-  exit 1
-fi
-
-if [ "$include_github_meta_ranges" = "1" ] && ! curl --connect-timeout 5 https://api.github.com/zen >/dev/null 2>&1; then
-  echo "ERROR: Firewall verification failed - unable to reach https://api.github.com"
-  exit 1
-fi
-
-if curl --connect-timeout 5 -6 https://example.com >/dev/null 2>&1; then
-  echo "ERROR: Firewall verification failed - was able to reach https://example.com over IPv6"
-  exit 1
-fi
-
-echo "Firewall verification passed"

.devcontainer/post-start.sh

@@ -1,36 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-if [ "${CODEX_ENABLE_FIREWALL:-1}" != "1" ]; then
-  echo "[devcontainer] Firewall mode: permissive (CODEX_ENABLE_FIREWALL=${CODEX_ENABLE_FIREWALL:-unset})."
-  exit 0
-fi
-
-echo "[devcontainer] Firewall mode: strict"
-
-domains_raw="${OPENAI_ALLOWED_DOMAINS:-api.openai.com}"
-mapfile -t domains < <(printf '%s\n' "$domains_raw" | tr ', ' '\n\n' | sed '/^$/d' | sort -u)
-
-if [ "${#domains[@]}" -eq 0 ]; then
-  echo "[devcontainer] No allowed domains configured."
-  exit 1
-fi
-
-tmp_file="$(mktemp)"
-for domain in "${domains[@]}"; do
-  if [[ ! "$domain" =~ ^[a-zA-Z0-9][a-zA-Z0-9.-]*\.[a-zA-Z]{2,}$ ]]; then
-    echo "[devcontainer] Invalid domain in OPENAI_ALLOWED_DOMAINS: $domain"
-    rm -f "$tmp_file"
-    exit 1
-  fi
-  printf '%s\n' "$domain" >> "$tmp_file"
-done
-
-sudo install -d -m 0755 /etc/codex
-sudo cp "$tmp_file" /etc/codex/allowed_domains.txt
-sudo chown root:root /etc/codex/allowed_domains.txt
-sudo chmod 0444 /etc/codex/allowed_domains.txt
-rm -f "$tmp_file"
-
-echo "[devcontainer] Applying firewall policy for domains: ${domains[*]}"
-sudo --preserve-env=CODEX_INCLUDE_GITHUB_META_RANGES /usr/local/bin/init-firewall.sh

.devcontainer/post_install.py

@@ -1,113 +0,0 @@
-#!/usr/bin/env python3
-"""Post-install configuration for the Codex devcontainer."""
-
-from __future__ import annotations
-
-import os
-import subprocess
-import sys
-from pathlib import Path
-
-
-def ensure_history_files() -> None:
-    command_history_dir = Path("/commandhistory")
-    command_history_dir.mkdir(parents=True, exist_ok=True)
-
-    for filename in (".bash_history", ".zsh_history"):
-        (command_history_dir / filename).touch(exist_ok=True)
-
-
-def fix_directory_ownership() -> None:
-    uid = os.getuid()
-    gid = os.getgid()
-
-    paths = [
-        Path.home() / ".codex",
-        Path.home() / ".config" / "gh",
-        Path.home() / ".cargo",
-        Path.home() / ".rustup",
-        Path("/commandhistory"),
-    ]
-
-    for path in paths:
-        if not path.exists():
-            continue
-
-        stat_info = path.stat()
-        if stat_info.st_uid == uid and stat_info.st_gid == gid:
-            continue
-
-        try:
-            subprocess.run(
-                ["sudo", "chown", "-R", f"{uid}:{gid}", str(path)],
-                check=True,
-                capture_output=True,
-                text=True,
-            )
-            print(f"[post_install] fixed ownership: {path}", file=sys.stderr)
-        except subprocess.CalledProcessError as err:
-            print(
-                f"[post_install] warning: could not fix ownership of {path}: {err.stderr.strip()}",
-                file=sys.stderr,
-            )
-
-
-def setup_git_config() -> None:
-    home = Path.home()
-    host_gitconfig = home / ".gitconfig"
-    local_gitconfig = home / ".gitconfig.local"
-    gitignore_global = home / ".gitignore_global"
-
-    gitignore_global.write_text(
-        """# Codex
-.codex/
-
-# Rust
-/target/
-
-# Node
-node_modules/
-
-# Python
-__pycache__/
-*.pyc
-
-# Editors
-.vscode/
-.idea/
-
-# macOS
-.DS_Store
-""",
-        encoding="utf-8",
-    )
-
-    include_line = (
-        f"[include]\n    path = {host_gitconfig}\n\n" if host_gitconfig.exists() else ""
-    )
-
-    local_gitconfig.write_text(
-        f"""# Container-local git configuration
-{include_line}[core]
-    excludesfile = {gitignore_global}
-
-[merge]
-    conflictstyle = diff3
-
-[diff]
-    colorMoved = default
-""",
-        encoding="utf-8",
-    )
-
-
-def main() -> None:
-    print("[post_install] configuring devcontainer...", file=sys.stderr)
-    ensure_history_files()
-    fix_directory_ownership()
-    setup_git_config()
-    print("[post_install] complete", file=sys.stderr)
-
-
-if __name__ == "__main__":
-    main()

.github/actions/linux-code-sign/action.yml

@@ -12,7 +12,7 @@ runs:
   using: composite
   steps:
     - name: Install cosign
-      uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
+      uses: sigstore/cosign-installer@v3.7.0
 
     - name: Cosign Linux artifacts
       shell: bash

.github/actions/prepare-bazel-ci/action.yml

@@ -1,44 +0,0 @@
-name: prepare-bazel-ci
-description: Prepare a Bazel CI job with shared setup, repository cache restore, and execution logs.
-inputs:
-  target:
-    description: Target triple used for setup and cache namespacing.
-    required: true
-  install-test-prereqs:
-    description: Install Node.js and DotSlash for Bazel-backed test jobs.
-    required: false
-    default: "false"
-outputs:
-  repository-cache-path:
-    description: Filesystem path used for the Bazel repository cache.
-    value: ${{ steps.setup_bazel.outputs.repository-cache-path }}
-
-runs:
-  using: composite
-  steps:
-    - name: Set up Bazel CI
-      id: setup_bazel
-      uses: ./.github/actions/setup-bazel-ci
-      with:
-        target: ${{ inputs.target }}
-        install-test-prereqs: ${{ inputs.install-test-prereqs }}
-
-    # Restore the Bazel repository cache explicitly so external dependencies
-    # do not need to be re-downloaded on every CI run. Keep restore failures
-    # non-fatal so transient cache-service errors degrade to a cold build
-    # instead of failing the job.
-    - name: Restore bazel repository cache
-      id: cache_bazel_repository_restore
-      continue-on-error: true
-      uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
-      with:
-        path: ${{ steps.setup_bazel.outputs.repository-cache-path }}
-        key: bazel-cache-${{ inputs.target }}-${{ hashFiles('MODULE.bazel', 'codex-rs/Cargo.lock', 'codex-rs/Cargo.toml') }}
-        restore-keys: |
-          bazel-cache-${{ inputs.target }}
-
-    - name: Set up Bazel execution logs
-      shell: bash
-      run: |
-        mkdir -p "${RUNNER_TEMP}/bazel-execution-logs"
-        echo "CODEX_BAZEL_EXECUTION_LOG_COMPACT_DIR=${RUNNER_TEMP}/bazel-execution-logs" >> "${GITHUB_ENV}"

.github/actions/setup-bazel-ci/action.yml

@@ -18,7 +18,7 @@ runs:
   steps:
     - name: Set up Node.js for js_repl tests
       if: inputs.install-test-prereqs == 'true'
-      uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+      uses: actions/setup-node@v6
       with:
         node-version-file: codex-rs/node-version.txt
 
@@ -26,7 +26,7 @@ runs:
     # See https://github.com/openai/codex/pull/7617.
     - name: Install DotSlash
       if: inputs.install-test-prereqs == 'true'
-      uses: facebook/install-dotslash@1e4e7b3e07eaca387acb98f1d4720e0bee8dbb6a # v2
+      uses: facebook/install-dotslash@v2
 
     - name: Make DotSlash available in PATH (Unix)
       if: inputs.install-test-prereqs == 'true' && runner.os != 'Windows'
@@ -39,7 +39,7 @@ runs:
       run: Copy-Item (Get-Command dotslash).Source -Destination "$env:LOCALAPPDATA\Microsoft\WindowsApps\dotslash.exe"
 
     - name: Set up Bazel
-      uses: bazelbuild/setup-bazelisk@b39c379c82683a5f25d34f0d062761f62693e0b2 # v3
+      uses: bazelbuild/setup-bazelisk@v3
 
     - name: Configure Bazel repository cache
       id: configure_bazel_repository_cache

.github/actions/setup-rusty-v8-musl/action.yml

@@ -1,49 +0,0 @@
-name: setup-rusty-v8-musl
-description: Download and verify musl rusty_v8 artifacts for Cargo builds.
-inputs:
-  target:
-    description: Rust musl target triple.
-    required: true
-
-runs:
-  using: composite
-  steps:
-    - name: Configure musl rusty_v8 artifact overrides and verify checksums
-      shell: bash
-      env:
-        TARGET: ${{ inputs.target }}
-      run: |
-        set -euo pipefail
-
-        case "${TARGET}" in
-          x86_64-unknown-linux-musl|aarch64-unknown-linux-musl)
-            ;;
-          *)
-            echo "Unsupported musl rusty_v8 target: ${TARGET}" >&2
-            exit 1
-            ;;
-        esac
-
-        version="$(python3 "${GITHUB_WORKSPACE}/.github/scripts/rusty_v8_bazel.py" resolved-v8-crate-version)"
-        release_tag="rusty-v8-v${version}"
-        base_url="https://github.com/openai/codex/releases/download/${release_tag}"
-        binding_dir="${RUNNER_TEMP}/rusty_v8"
-        archive_path="${binding_dir}/librusty_v8_release_${TARGET}.a.gz"
-        binding_path="${binding_dir}/src_binding_release_${TARGET}.rs"
-        checksums_path="${binding_dir}/rusty_v8_release_${TARGET}.sha256"
-        checksums_source="${GITHUB_WORKSPACE}/third_party/v8/rusty_v8_${version//./_}.sha256"
-
-        mkdir -p "${binding_dir}"
-        curl -fsSL "${base_url}/librusty_v8_release_${TARGET}.a.gz" -o "${archive_path}"
-        curl -fsSL "${base_url}/src_binding_release_${TARGET}.rs" -o "${binding_path}"
-        grep -E "  (librusty_v8_release_${TARGET}[.]a[.]gz|src_binding_release_${TARGET}[.]rs)$" \
-          "${checksums_source}" > "${checksums_path}"
-
-        if [[ "$(wc -l < "${checksums_path}")" -ne 2 ]]; then
-          echo "Expected exactly two checksums for ${TARGET} in ${checksums_source}" >&2
-          exit 1
-        fi
-
-        (cd "${binding_dir}" && sha256sum -c "${checksums_path}")
-        echo "RUSTY_V8_ARCHIVE=${archive_path}" >> "${GITHUB_ENV}"
-        echo "RUSTY_V8_SRC_BINDING_PATH=${binding_path}" >> "${GITHUB_ENV}"

.github/actions/windows-code-sign/action.yml

@@ -27,14 +27,14 @@ runs:
   using: composite
   steps:
     - name: Azure login for Trusted Signing (OIDC)
-      uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2
+      uses: azure/login@v2
       with:
         client-id: ${{ inputs.client-id }}
         tenant-id: ${{ inputs.tenant-id }}
         subscription-id: ${{ inputs.subscription-id }}
 
     - name: Sign Windows binaries with Azure Trusted Signing
-      uses: azure/trusted-signing-action@1d365fec12862c4aa68fcac418143d73f0cea293 # v0
+      uses: azure/trusted-signing-action@v0
       with:
         endpoint: ${{ inputs.endpoint }}
         trusted-signing-account-name: ${{ inputs.account-name }}

.github/scripts/run-bazel-ci.sh

@@ -92,7 +92,7 @@ print_bazel_test_log_tails() {
 
   for target in "${failed_targets[@]}"; do
     local rel_path="${target#//}"
-    rel_path="${rel_path/://}"
+    rel_path="${rel_path/:/\/}"
     local test_log="${testlogs_dir}/${rel_path}/test.log"
 
     echo "::group::Bazel test log tail for ${target}"

.github/scripts/rusty_v8_bazel.py

@@ -4,7 +4,6 @@ from __future__ import annotations
 
 import argparse
 import gzip
-import hashlib
 import re
 import shutil
 import subprocess
@@ -13,16 +12,8 @@ import tempfile
 import tomllib
 from pathlib import Path
 
-from rusty_v8_module_bazel import (
-    RustyV8ChecksumError,
-    check_module_bazel,
-    update_module_bazel,
-)
-
 
 ROOT = Path(__file__).resolve().parents[2]
-MODULE_BAZEL = ROOT / "MODULE.bazel"
-RUSTY_V8_CHECKSUMS_DIR = ROOT / "third_party" / "v8"
 MUSL_RUNTIME_ARCHIVE_LABELS = [
     "@llvm//runtimes/libcxx:libcxx.static",
     "@llvm//runtimes/libcxx:libcxxabi.static",
@@ -155,24 +146,6 @@ def resolved_v8_crate_version() -> str:
     return matches[0]
 
 
-def rusty_v8_checksum_manifest_path(version: str) -> Path:
-    return RUSTY_V8_CHECKSUMS_DIR / f"rusty_v8_{version.replace('.', '_')}.sha256"
-
-
-def command_version(version: str | None) -> str:
-    if version is not None:
-        return version
-    return resolved_v8_crate_version()
-
-
-def command_manifest_path(manifest: Path | None, version: str) -> Path:
-    if manifest is None:
-        return rusty_v8_checksum_manifest_path(version)
-    if manifest.is_absolute():
-        return manifest
-    return ROOT / manifest
-
-
 def staged_archive_name(target: str, source_path: Path) -> str:
     if source_path.suffix == ".lib":
         return f"rusty_v8_release_{target}.lib.gz"
@@ -271,18 +244,8 @@ def stage_release_pair(
 
     shutil.copyfile(binding_path, staged_binding)
 
-    staged_checksums = output_dir / f"rusty_v8_release_{target}.sha256"
-    with staged_checksums.open("w", encoding="utf-8") as checksums:
-        for path in [staged_library, staged_binding]:
-            digest = hashlib.sha256()
-            with path.open("rb") as artifact:
-                for chunk in iter(lambda: artifact.read(1024 * 1024), b""):
-                    digest.update(chunk)
-            checksums.write(f"{digest.hexdigest()}  {path.name}\n")
-
     print(staged_library)
     print(staged_binding)
-    print(staged_checksums)
 
 
 def parse_args() -> argparse.Namespace:
@@ -301,24 +264,6 @@ def parse_args() -> argparse.Namespace:
 
     subparsers.add_parser("resolved-v8-crate-version")
 
-    check_module_bazel_parser = subparsers.add_parser("check-module-bazel")
-    check_module_bazel_parser.add_argument("--version")
-    check_module_bazel_parser.add_argument("--manifest", type=Path)
-    check_module_bazel_parser.add_argument(
-        "--module-bazel",
-        type=Path,
-        default=MODULE_BAZEL,
-    )
-
-    update_module_bazel_parser = subparsers.add_parser("update-module-bazel")
-    update_module_bazel_parser.add_argument("--version")
-    update_module_bazel_parser.add_argument("--manifest", type=Path)
-    update_module_bazel_parser.add_argument(
-        "--module-bazel",
-        type=Path,
-        default=MODULE_BAZEL,
-    )
-
     return parser.parse_args()
 
 
@@ -335,22 +280,6 @@ def main() -> int:
     if args.command == "resolved-v8-crate-version":
         print(resolved_v8_crate_version())
         return 0
-    if args.command == "check-module-bazel":
-        version = command_version(args.version)
-        manifest_path = command_manifest_path(args.manifest, version)
-        try:
-            check_module_bazel(args.module_bazel, manifest_path, version)
-        except RustyV8ChecksumError as exc:
-            raise SystemExit(str(exc)) from exc
-        return 0
-    if args.command == "update-module-bazel":
-        version = command_version(args.version)
-        manifest_path = command_manifest_path(args.manifest, version)
-        try:
-            update_module_bazel(args.module_bazel, manifest_path, version)
-        except RustyV8ChecksumError as exc:
-            raise SystemExit(str(exc)) from exc
-        return 0
     raise SystemExit(f"unsupported command: {args.command}")
 
 

.github/scripts/rusty_v8_module_bazel.py

@@ -1,230 +0,0 @@
-#!/usr/bin/env python3
-
-from __future__ import annotations
-
-import re
-from dataclasses import dataclass
-from pathlib import Path
-
-
-SHA256_RE = re.compile(r"[0-9a-f]{64}")
-HTTP_FILE_BLOCK_RE = re.compile(r"(?ms)^http_file\(\n.*?^\)\n?")
-
-
-class RustyV8ChecksumError(ValueError):
-    pass
-
-
-@dataclass(frozen=True)
-class RustyV8HttpFile:
-    start: int
-    end: int
-    block: str
-    name: str
-    downloaded_file_path: str
-    sha256: str | None
-
-
-def parse_checksum_manifest(path: Path) -> dict[str, str]:
-    try:
-        lines = path.read_text(encoding="utf-8").splitlines()
-    except FileNotFoundError as exc:
-        raise RustyV8ChecksumError(f"missing checksum manifest: {path}") from exc
-
-    checksums: dict[str, str] = {}
-    for line_number, line in enumerate(lines, 1):
-        if not line.strip():
-            continue
-        parts = line.split()
-        if len(parts) != 2:
-            raise RustyV8ChecksumError(
-                f"{path}:{line_number}: expected '<sha256>  <filename>'"
-            )
-        checksum, filename = parts
-        if not SHA256_RE.fullmatch(checksum):
-            raise RustyV8ChecksumError(
-                f"{path}:{line_number}: invalid SHA-256 digest for {filename}"
-            )
-        if not filename or filename in {".", ".."} or "/" in filename:
-            raise RustyV8ChecksumError(
-                f"{path}:{line_number}: expected a bare artifact filename"
-            )
-        if filename in checksums:
-            raise RustyV8ChecksumError(
-                f"{path}:{line_number}: duplicate checksum for {filename}"
-            )
-        checksums[filename] = checksum
-
-    if not checksums:
-        raise RustyV8ChecksumError(f"empty checksum manifest: {path}")
-    return checksums
-
-
-def string_field(block: str, field: str) -> str | None:
-    # Matches one-line string fields inside http_file blocks, e.g. `sha256 = "...",`.
-    match = re.search(rf'^\s*{re.escape(field)}\s*=\s*"([^"]+)",\s*$', block, re.M)
-    if match:
-        return match.group(1)
-    return None
-
-
-def rusty_v8_http_files(module_bazel: str, version: str) -> list[RustyV8HttpFile]:
-    version_slug = version.replace(".", "_")
-    name_prefix = f"rusty_v8_{version_slug}_"
-    entries = []
-    for match in HTTP_FILE_BLOCK_RE.finditer(module_bazel):
-        block = match.group(0)
-        name = string_field(block, "name")
-        if not name or not name.startswith(name_prefix):
-            continue
-        downloaded_file_path = string_field(block, "downloaded_file_path")
-        if not downloaded_file_path:
-            raise RustyV8ChecksumError(
-                f"MODULE.bazel {name} is missing downloaded_file_path"
-            )
-        entries.append(
-            RustyV8HttpFile(
-                start=match.start(),
-                end=match.end(),
-                block=block,
-                name=name,
-                downloaded_file_path=downloaded_file_path,
-                sha256=string_field(block, "sha256"),
-            )
-        )
-    return entries
-
-
-def module_entry_set_errors(
-    entries: list[RustyV8HttpFile],
-    checksums: dict[str, str],
-    version: str,
-) -> list[str]:
-    errors = []
-    if not entries:
-        errors.append(f"MODULE.bazel has no rusty_v8 http_file entries for {version}")
-        return errors
-
-    module_files: dict[str, RustyV8HttpFile] = {}
-    duplicate_files = set()
-    for entry in entries:
-        if entry.downloaded_file_path in module_files:
-            duplicate_files.add(entry.downloaded_file_path)
-        module_files[entry.downloaded_file_path] = entry
-
-    for filename in sorted(duplicate_files):
-        errors.append(f"MODULE.bazel has duplicate http_file entries for {filename}")
-
-    for filename in sorted(set(module_files) - set(checksums)):
-        entry = module_files[filename]
-        errors.append(f"MODULE.bazel {entry.name} has no checksum in the manifest")
-
-    for filename in sorted(set(checksums) - set(module_files)):
-        errors.append(f"manifest has {filename}, but MODULE.bazel has no http_file")
-
-    return errors
-
-
-def module_checksum_errors(
-    entries: list[RustyV8HttpFile],
-    checksums: dict[str, str],
-) -> list[str]:
-    errors = []
-    for entry in entries:
-        expected = checksums.get(entry.downloaded_file_path)
-        if expected is None:
-            continue
-        if entry.sha256 is None:
-            errors.append(f"MODULE.bazel {entry.name} is missing sha256")
-        elif entry.sha256 != expected:
-            errors.append(
-                f"MODULE.bazel {entry.name} has sha256 {entry.sha256}, "
-                f"expected {expected}"
-            )
-    return errors
-
-
-def raise_checksum_errors(message: str, errors: list[str]) -> None:
-    if errors:
-        formatted_errors = "\n".join(f"- {error}" for error in errors)
-        raise RustyV8ChecksumError(f"{message}:\n{formatted_errors}")
-
-
-def check_module_bazel_text(
-    module_bazel: str,
-    checksums: dict[str, str],
-    version: str,
-) -> None:
-    entries = rusty_v8_http_files(module_bazel, version)
-    errors = [
-        *module_entry_set_errors(entries, checksums, version),
-        *module_checksum_errors(entries, checksums),
-    ]
-    raise_checksum_errors("rusty_v8 MODULE.bazel checksum drift", errors)
-
-
-def block_with_sha256(block: str, checksum: str) -> str:
-    sha256_line_re = re.compile(r'(?m)^(\s*)sha256\s*=\s*"[0-9a-f]+",\s*$')
-    if sha256_line_re.search(block):
-        return sha256_line_re.sub(
-            lambda match: f'{match.group(1)}sha256 = "{checksum}",',
-            block,
-            count=1,
-        )
-
-    downloaded_file_path_match = re.search(
-        r'(?m)^(\s*)downloaded_file_path\s*=\s*"[^"]+",\n',
-        block,
-    )
-    if not downloaded_file_path_match:
-        raise RustyV8ChecksumError("http_file block is missing downloaded_file_path")
-    insert_at = downloaded_file_path_match.end()
-    indent = downloaded_file_path_match.group(1)
-    return f'{block[:insert_at]}{indent}sha256 = "{checksum}",\n{block[insert_at:]}'
-
-
-def update_module_bazel_text(
-    module_bazel: str,
-    checksums: dict[str, str],
-    version: str,
-) -> str:
-    entries = rusty_v8_http_files(module_bazel, version)
-    errors = module_entry_set_errors(entries, checksums, version)
-    raise_checksum_errors("cannot update rusty_v8 MODULE.bazel checksums", errors)
-
-    updated = []
-    previous_end = 0
-    for entry in entries:
-        updated.append(module_bazel[previous_end : entry.start])
-        updated.append(
-            block_with_sha256(entry.block, checksums[entry.downloaded_file_path])
-        )
-        previous_end = entry.end
-    updated.append(module_bazel[previous_end:])
-    return "".join(updated)
-
-
-def check_module_bazel(
-    module_bazel_path: Path,
-    manifest_path: Path,
-    version: str,
-) -> None:
-    checksums = parse_checksum_manifest(manifest_path)
-    module_bazel = module_bazel_path.read_text(encoding="utf-8")
-    check_module_bazel_text(module_bazel, checksums, version)
-    print(f"{module_bazel_path} rusty_v8 {version} checksums match {manifest_path}")
-
-
-def update_module_bazel(
-    module_bazel_path: Path,
-    manifest_path: Path,
-    version: str,
-) -> None:
-    checksums = parse_checksum_manifest(manifest_path)
-    module_bazel = module_bazel_path.read_text(encoding="utf-8")
-    updated_module_bazel = update_module_bazel_text(module_bazel, checksums, version)
-    if updated_module_bazel == module_bazel:
-        print(f"{module_bazel_path} rusty_v8 {version} checksums are already current")
-        return
-    module_bazel_path.write_text(updated_module_bazel, encoding="utf-8")
-    print(f"updated {module_bazel_path} rusty_v8 {version} checksums")

.github/scripts/test_rusty_v8_bazel.py

@@ -1,126 +0,0 @@
-#!/usr/bin/env python3
-
-from __future__ import annotations
-
-import textwrap
-import unittest
-
-import rusty_v8_module_bazel
-
-
-class RustyV8BazelTest(unittest.TestCase):
-    def test_update_module_bazel_replaces_and_inserts_sha256(self) -> None:
-        module_bazel = textwrap.dedent(
-            """\
-            http_file(
-                name = "rusty_v8_146_4_0_x86_64_unknown_linux_gnu_archive",
-                downloaded_file_path = "librusty_v8_release_x86_64-unknown-linux-gnu.a.gz",
-                sha256 = "0000000000000000000000000000000000000000000000000000000000000000",
-                urls = [
-                    "https://example.test/librusty_v8_release_x86_64-unknown-linux-gnu.a.gz",
-                ],
-            )
-
-            http_file(
-                name = "rusty_v8_146_4_0_x86_64_unknown_linux_musl_binding",
-                downloaded_file_path = "src_binding_release_x86_64-unknown-linux-musl.rs",
-                urls = [
-                    "https://example.test/src_binding_release_x86_64-unknown-linux-musl.rs",
-                ],
-            )
-
-            http_file(
-                name = "rusty_v8_145_0_0_x86_64_unknown_linux_gnu_archive",
-                downloaded_file_path = "librusty_v8_release_x86_64-unknown-linux-gnu.a.gz",
-                sha256 = "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
-                urls = [
-                    "https://example.test/old.gz",
-                ],
-            )
-            """
-        )
-        checksums = {
-            "librusty_v8_release_x86_64-unknown-linux-gnu.a.gz": (
-                "1111111111111111111111111111111111111111111111111111111111111111"
-            ),
-            "src_binding_release_x86_64-unknown-linux-musl.rs": (
-                "2222222222222222222222222222222222222222222222222222222222222222"
-            ),
-        }
-
-        updated = rusty_v8_module_bazel.update_module_bazel_text(
-            module_bazel,
-            checksums,
-            "146.4.0",
-        )
-
-        self.assertEqual(
-            textwrap.dedent(
-                """\
-                http_file(
-                    name = "rusty_v8_146_4_0_x86_64_unknown_linux_gnu_archive",
-                    downloaded_file_path = "librusty_v8_release_x86_64-unknown-linux-gnu.a.gz",
-                    sha256 = "1111111111111111111111111111111111111111111111111111111111111111",
-                    urls = [
-                        "https://example.test/librusty_v8_release_x86_64-unknown-linux-gnu.a.gz",
-                    ],
-                )
-
-                http_file(
-                    name = "rusty_v8_146_4_0_x86_64_unknown_linux_musl_binding",
-                    downloaded_file_path = "src_binding_release_x86_64-unknown-linux-musl.rs",
-                    sha256 = "2222222222222222222222222222222222222222222222222222222222222222",
-                    urls = [
-                        "https://example.test/src_binding_release_x86_64-unknown-linux-musl.rs",
-                    ],
-                )
-
-                http_file(
-                    name = "rusty_v8_145_0_0_x86_64_unknown_linux_gnu_archive",
-                    downloaded_file_path = "librusty_v8_release_x86_64-unknown-linux-gnu.a.gz",
-                    sha256 = "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
-                    urls = [
-                        "https://example.test/old.gz",
-                    ],
-                )
-                """
-            ),
-            updated,
-        )
-        rusty_v8_module_bazel.check_module_bazel_text(updated, checksums, "146.4.0")
-
-    def test_check_module_bazel_rejects_manifest_drift(self) -> None:
-        module_bazel = textwrap.dedent(
-            """\
-            http_file(
-                name = "rusty_v8_146_4_0_x86_64_unknown_linux_gnu_archive",
-                downloaded_file_path = "librusty_v8_release_x86_64-unknown-linux-gnu.a.gz",
-                sha256 = "1111111111111111111111111111111111111111111111111111111111111111",
-                urls = [
-                    "https://example.test/librusty_v8_release_x86_64-unknown-linux-gnu.a.gz",
-                ],
-            )
-            """
-        )
-        checksums = {
-            "librusty_v8_release_x86_64-unknown-linux-gnu.a.gz": (
-                "1111111111111111111111111111111111111111111111111111111111111111"
-            ),
-            "orphan.gz": (
-                "2222222222222222222222222222222222222222222222222222222222222222"
-            ),
-        }
-
-        with self.assertRaisesRegex(
-            rusty_v8_module_bazel.RustyV8ChecksumError,
-            "manifest has orphan.gz",
-        ):
-            rusty_v8_module_bazel.check_module_bazel_text(
-                module_bazel,
-                checksums,
-                "146.4.0",
-            )
-
-
-if __name__ == "__main__":
-    unittest.main()

.github/scripts/verify_tui_core_boundary.py

@@ -1,89 +0,0 @@
-#!/usr/bin/env python3
-
-"""Verify codex-tui does not depend on or import codex-core directly."""
-
-from __future__ import annotations
-
-import re
-import sys
-import tomllib
-from pathlib import Path
-
-
-ROOT = Path(__file__).resolve().parents[2]
-TUI_ROOT = ROOT / "codex-rs" / "tui"
-TUI_MANIFEST = TUI_ROOT / "Cargo.toml"
-FORBIDDEN_PACKAGE = "codex-core"
-FORBIDDEN_SOURCE_PATTERNS = (
-    re.compile(r"\bcodex_core::"),
-    re.compile(r"\buse\s+codex_core\b"),
-    re.compile(r"\bextern\s+crate\s+codex_core\b"),
-)
-
-
-def main() -> int:
-    failures = []
-    failures.extend(manifest_failures())
-    failures.extend(source_failures())
-
-    if not failures:
-        return 0
-
-    print("codex-tui must not depend on or import codex-core directly.")
-    print(
-        "Use the app-server protocol/client boundary instead; temporary embedded "
-        "startup gaps belong behind codex_app_server_client::legacy_core."
-    )
-    print()
-    for failure in failures:
-        print(f"- {failure}")
-
-    return 1
-
-
-def manifest_failures() -> list[str]:
-    manifest = tomllib.loads(TUI_MANIFEST.read_text())
-    failures = []
-    for section_name, dependencies in dependency_sections(manifest):
-        if FORBIDDEN_PACKAGE in dependencies:
-            failures.append(
-                f"{relative_path(TUI_MANIFEST)} declares `{FORBIDDEN_PACKAGE}` "
-                f"in `[{section_name}]`"
-            )
-    return failures
-
-
-def dependency_sections(manifest: dict) -> list[tuple[str, dict]]:
-    sections: list[tuple[str, dict]] = []
-    for section_name in ("dependencies", "dev-dependencies", "build-dependencies"):
-        dependencies = manifest.get(section_name)
-        if isinstance(dependencies, dict):
-            sections.append((section_name, dependencies))
-
-    for target_name, target in manifest.get("target", {}).items():
-        if not isinstance(target, dict):
-            continue
-        for section_name in ("dependencies", "dev-dependencies", "build-dependencies"):
-            dependencies = target.get(section_name)
-            if isinstance(dependencies, dict):
-                sections.append((f'target.{target_name}.{section_name}', dependencies))
-
-    return sections
-
-
-def source_failures() -> list[str]:
-    failures = []
-    for path in sorted(TUI_ROOT.glob("**/*.rs")):
-        text = path.read_text()
-        for line_number, line in enumerate(text.splitlines(), start=1):
-            if any(pattern.search(line) for pattern in FORBIDDEN_SOURCE_PATTERNS):
-                failures.append(f"{relative_path(path)}:{line_number} imports `codex_core`")
-    return failures
-
-
-def relative_path(path: Path) -> str:
-    return str(path.relative_to(ROOT))
-
-
-if __name__ == "__main__":
-    sys.exit(main())

.github/workflows/bazel.yml

@@ -51,24 +51,38 @@ jobs:
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
-      - name: Check rusty_v8 MODULE.bazel checksums
-        if: matrix.os == 'ubuntu-24.04' && matrix.target == 'x86_64-unknown-linux-gnu'
-        shell: bash
-        run: |
-          python3 .github/scripts/rusty_v8_bazel.py check-module-bazel
-          python3 -m unittest discover -s .github/scripts -p test_rusty_v8_bazel.py
-
-      - name: Prepare Bazel CI
-        id: prepare_bazel
-        uses: ./.github/actions/prepare-bazel-ci
+      - name: Set up Bazel CI
+        id: setup_bazel
+        uses: ./.github/actions/setup-bazel-ci
         with:
           target: ${{ matrix.target }}
           install-test-prereqs: "true"
+
+      # Restore the Bazel repository cache explicitly so external dependencies
+      # do not need to be re-downloaded on every CI run. Keep restore failures
+      # non-fatal so transient cache-service errors degrade to a cold build
+      # instead of failing the job.
+      - name: Restore bazel repository cache
+        id: cache_bazel_repository_restore
+        continue-on-error: true
+        uses: actions/cache/restore@v5
+        with:
+          path: ${{ steps.setup_bazel.outputs.repository-cache-path }}
+          key: bazel-cache-${{ matrix.target }}-${{ hashFiles('MODULE.bazel', 'codex-rs/Cargo.lock', 'codex-rs/Cargo.toml') }}
+          restore-keys: |
+            bazel-cache-${{ matrix.target }}
+
       - name: Check MODULE.bazel.lock is up to date
         if: matrix.os == 'ubuntu-24.04' && matrix.target == 'x86_64-unknown-linux-gnu'
         shell: bash
         run: ./scripts/check-module-bazel-lock.sh
 
+      - name: Set up Bazel execution logs
+        shell: bash
+        run: |
+          mkdir -p "${RUNNER_TEMP}/bazel-execution-logs"
+          echo "CODEX_BAZEL_EXECUTION_LOG_COMPACT_DIR=${RUNNER_TEMP}/bazel-execution-logs" >> "${GITHUB_ENV}"
+
       - name: bazel test //...
         env:
           BUILDBUDDY_API_KEY: ${{ secrets.BUILDBUDDY_API_KEY }}
@@ -109,14 +123,14 @@ jobs:
           path: ${{ runner.temp }}/bazel-execution-logs
           if-no-files-found: ignore
 
-      # Save the Bazel repository cache after every non-cancelled run. Keep the
-      # upload non-fatal so cache service issues never fail the job itself.
+      # Save bazel repository cache explicitly; make non-fatal so cache uploading
+      # never fails the overall job. Only save when key wasn't hit.
       - name: Save bazel repository cache
-        if: always() && !cancelled()
+        if: always() && !cancelled() && steps.cache_bazel_repository_restore.outputs.cache-hit != 'true'
         continue-on-error: true
         uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
         with:
-          path: ${{ steps.prepare_bazel.outputs.repository-cache-path }}
+          path: ${{ steps.setup_bazel.outputs.repository-cache-path }}
           key: bazel-cache-${{ matrix.target }}-${{ hashFiles('MODULE.bazel', 'codex-rs/Cargo.lock', 'codex-rs/Cargo.toml') }}
 
   clippy:
@@ -141,12 +155,32 @@ jobs:
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
-      - name: Prepare Bazel CI
-        id: prepare_bazel
-        uses: ./.github/actions/prepare-bazel-ci
+      - name: Set up Bazel CI
+        id: setup_bazel
+        uses: ./.github/actions/setup-bazel-ci
         with:
           target: ${{ matrix.target }}
 
+      # Restore the Bazel repository cache explicitly so external dependencies
+      # do not need to be re-downloaded on every CI run. Keep restore failures
+      # non-fatal so transient cache-service errors degrade to a cold build
+      # instead of failing the job.
+      - name: Restore bazel repository cache
+        id: cache_bazel_repository_restore
+        continue-on-error: true
+        uses: actions/cache/restore@v5
+        with:
+          path: ${{ steps.setup_bazel.outputs.repository-cache-path }}
+          key: bazel-cache-${{ matrix.target }}-${{ hashFiles('MODULE.bazel', 'codex-rs/Cargo.lock', 'codex-rs/Cargo.toml') }}
+          restore-keys: |
+            bazel-cache-${{ matrix.target }}
+
+      - name: Set up Bazel execution logs
+        shell: bash
+        run: |
+          mkdir -p "${RUNNER_TEMP}/bazel-execution-logs"
+          echo "CODEX_BAZEL_EXECUTION_LOG_COMPACT_DIR=${RUNNER_TEMP}/bazel-execution-logs" >> "${GITHUB_ENV}"
+
       - name: bazel build --config=clippy lint targets
         env:
           BUILDBUDDY_API_KEY: ${{ secrets.BUILDBUDDY_API_KEY }}
@@ -186,94 +220,12 @@ jobs:
           path: ${{ runner.temp }}/bazel-execution-logs
           if-no-files-found: ignore
 
-      # Save the Bazel repository cache after every non-cancelled run. Keep the
-      # upload non-fatal so cache service issues never fail the job itself.
+      # Save bazel repository cache explicitly; make non-fatal so cache uploading
+      # never fails the overall job. Only save when key wasn't hit.
       - name: Save bazel repository cache
         if: always() && !cancelled()
         continue-on-error: true
         uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
         with:
-          path: ${{ steps.prepare_bazel.outputs.repository-cache-path }}
-          key: bazel-cache-${{ matrix.target }}-${{ hashFiles('MODULE.bazel', 'codex-rs/Cargo.lock', 'codex-rs/Cargo.toml') }}
-
-  verify-release-build:
-    timeout-minutes: 30
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - os: ubuntu-24.04
-            target: x86_64-unknown-linux-gnu
-          - os: macos-15-xlarge
-            target: aarch64-apple-darwin
-          - os: windows-latest
-            target: x86_64-pc-windows-gnullvm
-    runs-on: ${{ matrix.os }}
-    name: Verify release build on ${{ matrix.os }} for ${{ matrix.target }}
-
-    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-
-      - name: Prepare Bazel CI
-        id: prepare_bazel
-        uses: ./.github/actions/prepare-bazel-ci
-        with:
-          target: ${{ matrix.target }}
-
-      - name: bazel build verify-release-build targets
-        env:
-          BUILDBUDDY_API_KEY: ${{ secrets.BUILDBUDDY_API_KEY }}
-        shell: bash
-        run: |
-          # This job exists to compile Rust code behind
-          # `cfg(not(debug_assertions))` so PR CI catches failures that would
-          # otherwise show up only in a release build. We do not need the full
-          # optimizer and debug-info work that normally comes with a release
-          # build to get that signal, so keep Bazel in `fastbuild` and disable
-          # Rust debug assertions explicitly.
-          bazel_wrapper_args=()
-          if [[ "${RUNNER_OS}" == "Windows" ]]; then
-            bazel_wrapper_args+=(--windows-msvc-host-platform)
-          fi
-
-          bazel_build_args=(
-            --compilation_mode=fastbuild
-            --@rules_rust//rust/settings:extra_rustc_flag=-Cdebug-assertions=no
-            --@rules_rust//rust/settings:extra_exec_rustc_flag=-Cdebug-assertions=no
-            --build_metadata=COMMIT_SHA=${GITHUB_SHA}
-            --build_metadata=TAG_job=verify-release-build
-            --build_metadata=TAG_rust_debug_assertions=off
-          )
-
-          bazel_target_lines="$(bash ./scripts/list-bazel-release-targets.sh)"
-          bazel_targets=()
-          while IFS= read -r target; do
-            bazel_targets+=("${target}")
-          done <<< "${bazel_target_lines}"
-
-          ./.github/scripts/run-bazel-ci.sh \
-            "${bazel_wrapper_args[@]}" \
-            -- \
-            build \
-            "${bazel_build_args[@]}" \
-            -- \
-            "${bazel_targets[@]}"
-
-      - name: Upload Bazel execution logs
-        if: always() && !cancelled()
-        continue-on-error: true
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
-        with:
-          name: bazel-execution-logs-verify-release-build-${{ matrix.target }}
-          path: ${{ runner.temp }}/bazel-execution-logs
-          if-no-files-found: ignore
-
-      # Save the Bazel repository cache after every non-cancelled run. Keep the
-      # upload non-fatal so cache service issues never fail the job itself.
-      - name: Save bazel repository cache
-        if: always() && !cancelled()
-        continue-on-error: true
-        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
-        with:
-          path: ${{ steps.prepare_bazel.outputs.repository-cache-path }}
+          path: ${{ steps.setup_bazel.outputs.repository-cache-path }}
           key: bazel-cache-${{ matrix.target }}-${{ hashFiles('MODULE.bazel', 'codex-rs/Cargo.lock', 'codex-rs/Cargo.toml') }}

.github/workflows/ci.yml

@@ -17,9 +17,6 @@ jobs:
       - name: Verify codex-rs Cargo manifests inherit workspace settings
         run: python3 .github/scripts/verify_cargo_workspace_manifests.py
 
-      - name: Verify codex-tui does not import codex-core directly
-        run: python3 .github/scripts/verify_tui_core_boundary.py
-
       - name: Verify Bazel clippy flags match Cargo workspace lints
         run: python3 .github/scripts/verify_bazel_clippy_lints.py
 

.github/workflows/issue-labeler.yml

@@ -44,7 +44,6 @@ jobs:
             6. iOS — Issues with the Codex iOS app.
 
             - Additionally add zero or more of the following labels that are relevant to the issue content. Prefer a small set of precise labels over many broad ones.
-            - For agent-area issues, prefer the most specific applicable label. Use "agent" only as a fallback for agent-related issues that do not fit a more specific agent-area label. Prefer "app-server" over "session" or "config" when the issue is about app-server protocol, API, RPC, schema, launch, or bridge behavior.
             1. windows-os — Bugs or friction specific to Windows environments (always when PowerShell is mentioned, path handling, copy/paste, OS-specific auth or tooling failures).
             2. mcp — Topics involving Model Context Protocol servers/clients.
             3. mcp-server — Problems related to the codex mcp-server command, where codex runs as an MCP server.
@@ -62,13 +61,6 @@ jobs:
             15. sandbox - Issues related to local sandbox environments or tool call approvals to override sandbox restrictions.
             16. tool-calls - Problems related to specific tool call invocations including unexpected errors, failures, or hangs.
             17. TUI - Problems with the terminal user interface (TUI) including keyboard shortcuts, copy & pasting, menus, or screen update issues.
-            18. app-server - Issues involving the app-server protocol or interfaces, including SDK/API payloads, thread/* and turn/* RPCs, app-server launch behavior, external app/controller bridges, and app-server protocol/schema behavior.
-            19. connectivity - Network connectivity or endpoint issues, including reconnecting messages, stream dropped/disconnected errors, websocket/SSE/transport failures, timeout/network/VPN/proxy/API endpoint failures, and related retry behavior.
-            20. subagent - Issues involving subagents, sub-agents, or multi-agent behavior, including spawn_agent, wait_agent, close_agent, worker/explorer roles, delegation, agent teams, lifecycle, model/config inheritance, quotas, and orchestration.
-            21. session - Issues involving session or thread management, including resume, fork, archive, rename/title, thread history, rollout persistence, compaction, checkpoints, retention, and cross-session state.
-            22. config - Issues involving config.toml, config keys, config key merging, config updates, profiles, hooks config, project config, agent role TOMLs, instruction/personality config, and config schema behavior.
-            23. plan - Issues involving plan mode, planning workflows, or plan-specific tools/behavior.
-            24. agent - Fallback only for core agent loop or agent-related issues that do not fit app-server, connectivity, subagent, session, config, or plan.
 
             Issue number: ${{ github.event.issue.number }}
 

.github/workflows/rust-ci-full.yml

@@ -43,9 +43,6 @@ jobs:
   argument_comment_lint_package:
     name: Argument comment lint package
     runs-on: ubuntu-24.04
-    env:
-      CARGO_DYLINT_VERSION: 5.0.0
-      DYLINT_LINK_VERSION: 5.0.0
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
       - uses: dtolnay/rust-toolchain@a0b273b48ed29de4470960879e8381ff45632f26 # 1.93.0
@@ -62,13 +59,10 @@ jobs:
             ~/.cargo/registry/index
             ~/.cargo/registry/cache
             ~/.cargo/git/db
-          key: argument-comment-lint-${{ runner.os }}-${{ env.CARGO_DYLINT_VERSION }}-${{ env.DYLINT_LINK_VERSION }}-${{ hashFiles('tools/argument-comment-lint/Cargo.lock', 'tools/argument-comment-lint/rust-toolchain', '.github/workflows/rust-ci.yml', '.github/workflows/rust-ci-full.yml') }}
+          key: argument-comment-lint-${{ runner.os }}-${{ hashFiles('tools/argument-comment-lint/Cargo.lock', 'tools/argument-comment-lint/rust-toolchain', '.github/workflows/rust-ci.yml', '.github/workflows/rust-ci-full.yml') }}
       - name: Install cargo-dylint tooling
         if: ${{ steps.cargo_dylint_cache.outputs.cache-hit != 'true' }}
-        shell: bash
-        run: |
-          cargo install --locked cargo-dylint --version "$CARGO_DYLINT_VERSION"
-          cargo install --locked dylint-link --version "$DYLINT_LINK_VERSION"
+        run: cargo install --locked cargo-dylint dylint-link
       - name: Check Python wrapper syntax
         run: python3 -m py_compile tools/argument-comment-lint/wrapper_common.py tools/argument-comment-lint/run.py tools/argument-comment-lint/run-prebuilt-linter.py tools/argument-comment-lint/test_wrapper_common.py
       - name: Test Python wrapper helpers
@@ -421,10 +415,22 @@ jobs:
           echo "CXXFLAGS=${cxxflags}" >> "$GITHUB_ENV"
 
       - if: ${{ matrix.target == 'x86_64-unknown-linux-musl' || matrix.target == 'aarch64-unknown-linux-musl' }}
-        name: Configure musl rusty_v8 artifact overrides and verify checksums
-        uses: ./.github/actions/setup-rusty-v8-musl
-        with:
-          target: ${{ matrix.target }}
+        name: Configure musl rusty_v8 artifact overrides
+        env:
+          TARGET: ${{ matrix.target }}
+        shell: bash
+        run: |
+          set -euo pipefail
+          version="$(python3 "${GITHUB_WORKSPACE}/.github/scripts/rusty_v8_bazel.py" resolved-v8-crate-version)"
+          release_tag="rusty-v8-v${version}"
+          base_url="https://github.com/openai/codex/releases/download/${release_tag}"
+          archive="https://github.com/openai/codex/releases/download/rusty-v8-v${version}/librusty_v8_release_${TARGET}.a.gz"
+          binding_dir="${RUNNER_TEMP}/rusty_v8"
+          binding_path="${binding_dir}/src_binding_release_${TARGET}.rs"
+          mkdir -p "${binding_dir}"
+          curl -fsSL "${base_url}/src_binding_release_${TARGET}.rs" -o "${binding_path}"
+          echo "RUSTY_V8_ARCHIVE=${archive}" >> "$GITHUB_ENV"
+          echo "RUSTY_V8_SRC_BINDING_PATH=${binding_path}" >> "$GITHUB_ENV"
 
       - name: Install cargo-chef
         if: ${{ matrix.profile == 'release' }}
@@ -664,7 +670,6 @@ jobs:
           export CODEX_TEST_REMOTE_ENV_CONTAINER_NAME=codex-remote-test-env
           source "${GITHUB_WORKSPACE}/scripts/test-remote-env.sh"
           echo "CODEX_TEST_REMOTE_ENV=${CODEX_TEST_REMOTE_ENV}" >> "$GITHUB_ENV"
-          echo "CODEX_TEST_REMOTE_EXEC_SERVER_URL=${CODEX_TEST_REMOTE_EXEC_SERVER_URL}" >> "$GITHUB_ENV"
 
       - name: tests
         id: test

.github/workflows/rust-ci.yml

@@ -90,9 +90,6 @@ jobs:
     runs-on: ubuntu-24.04
     needs: changed
     if: ${{ needs.changed.outputs.argument_comment_lint_package == 'true' }}
-    env:
-      CARGO_DYLINT_VERSION: 5.0.0
-      DYLINT_LINK_VERSION: 5.0.0
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
       - uses: dtolnay/rust-toolchain@a0b273b48ed29de4470960879e8381ff45632f26 # 1.93.0
@@ -116,13 +113,10 @@ jobs:
             ~/.cargo/registry/index
             ~/.cargo/registry/cache
             ~/.cargo/git/db
-          key: argument-comment-lint-${{ runner.os }}-${{ env.CARGO_DYLINT_VERSION }}-${{ env.DYLINT_LINK_VERSION }}-${{ hashFiles('tools/argument-comment-lint/Cargo.lock', 'tools/argument-comment-lint/rust-toolchain', '.github/workflows/rust-ci.yml', '.github/workflows/rust-ci-full.yml') }}
+          key: argument-comment-lint-${{ runner.os }}-${{ hashFiles('tools/argument-comment-lint/Cargo.lock', 'tools/argument-comment-lint/rust-toolchain', '.github/workflows/rust-ci.yml', '.github/workflows/rust-ci-full.yml') }}
       - name: Install cargo-dylint tooling
         if: ${{ steps.cargo_dylint_cache.outputs.cache-hit != 'true' }}
-        shell: bash
-        run: |
-          cargo install --locked cargo-dylint --version "$CARGO_DYLINT_VERSION"
-          cargo install --locked dylint-link --version "$DYLINT_LINK_VERSION"
+        run: cargo install --locked cargo-dylint dylint-link
       - name: Check Python wrapper syntax
         run: python3 -m py_compile tools/argument-comment-lint/wrapper_common.py tools/argument-comment-lint/run.py tools/argument-comment-lint/run-prebuilt-linter.py tools/argument-comment-lint/test_wrapper_common.py
       - name: Test Python wrapper helpers

.github/workflows/rust-release-argument-comment-lint.yml

@@ -19,9 +19,6 @@ jobs:
     name: Build - ${{ matrix.runner }} - ${{ matrix.target }}
     runs-on: ${{ matrix.runs_on || matrix.runner }}
     timeout-minutes: 60
-    env:
-      CARGO_DYLINT_VERSION: 5.0.0
-      DYLINT_LINK_VERSION: 5.0.0
 
     strategy:
       fail-fast: false
@@ -68,8 +65,8 @@ jobs:
         shell: bash
         run: |
           install_root="${RUNNER_TEMP}/argument-comment-lint-tools"
-          cargo install --locked cargo-dylint --version "$CARGO_DYLINT_VERSION" --root "$install_root"
-          cargo install --locked dylint-link --version "$DYLINT_LINK_VERSION"
+          cargo install --locked cargo-dylint --root "$install_root"
+          cargo install --locked dylint-link
           echo "INSTALL_ROOT=$install_root" >> "$GITHUB_ENV"
 
       - name: Cargo build

.github/workflows/rust-release.yml

@@ -211,10 +211,22 @@ jobs:
           echo "CXXFLAGS=${cxxflags}" >> "$GITHUB_ENV"
 
       - if: ${{ matrix.target == 'x86_64-unknown-linux-musl' || matrix.target == 'aarch64-unknown-linux-musl' }}
-        name: Configure musl rusty_v8 artifact overrides and verify checksums
-        uses: ./.github/actions/setup-rusty-v8-musl
-        with:
-          target: ${{ matrix.target }}
+        name: Configure musl rusty_v8 artifact overrides
+        env:
+          TARGET: ${{ matrix.target }}
+        shell: bash
+        run: |
+          set -euo pipefail
+          version="$(python3 "${GITHUB_WORKSPACE}/.github/scripts/rusty_v8_bazel.py" resolved-v8-crate-version)"
+          release_tag="rusty-v8-v${version}"
+          base_url="https://github.com/openai/codex/releases/download/${release_tag}"
+          archive="https://github.com/openai/codex/releases/download/rusty-v8-v${version}/librusty_v8_release_${TARGET}.a.gz"
+          binding_dir="${RUNNER_TEMP}/rusty_v8"
+          binding_path="${binding_dir}/src_binding_release_${TARGET}.rs"
+          mkdir -p "${binding_dir}"
+          curl -fsSL "${base_url}/src_binding_release_${TARGET}.rs" -o "${binding_path}"
+          echo "RUSTY_V8_ARCHIVE=${archive}" >> "$GITHUB_ENV"
+          echo "RUSTY_V8_SRC_BINDING_PATH=${binding_path}" >> "$GITHUB_ENV"
 
       - name: Cargo build
         shell: bash

.github/workflows/rusty-v8-release.yml

@@ -78,7 +78,7 @@ jobs:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
       - name: Set up Bazel
-        uses: bazelbuild/setup-bazelisk@b39c379c82683a5f25d34f0d062761f62693e0b2 # v3
+        uses: bazelbuild/setup-bazelisk@6ecf4fd8b7d1f9721785f1dd656a689acf9add47 # v3
 
       - name: Set up Python
         uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6

.github/workflows/v8-canary.yml

@@ -75,7 +75,7 @@ jobs:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
       - name: Set up Bazel
-        uses: bazelbuild/setup-bazelisk@b39c379c82683a5f25d34f0d062761f62693e0b2 # v3
+        uses: bazelbuild/setup-bazelisk@6ecf4fd8b7d1f9721785f1dd656a689acf9add47 # v3
 
       - name: Set up Python
         uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6

MODULE.bazel

@@ -423,7 +423,6 @@ http_archive(
 http_file(
     name = "rusty_v8_146_4_0_aarch64_apple_darwin_archive",
     downloaded_file_path = "librusty_v8_release_aarch64-apple-darwin.a.gz",
-    sha256 = "bfe2c9be32a56c28546f0f965825ee68fbf606405f310cc4e17b448a568cf98a",
     urls = [
         "https://github.com/denoland/rusty_v8/releases/download/v146.4.0/librusty_v8_release_aarch64-apple-darwin.a.gz",
     ],
@@ -432,7 +431,6 @@ http_file(
 http_file(
     name = "rusty_v8_146_4_0_aarch64_unknown_linux_gnu_archive",
     downloaded_file_path = "librusty_v8_release_aarch64-unknown-linux-gnu.a.gz",
-    sha256 = "dbf165b07c81bdb054bc046b43d23e69fcf7bcc1a4c1b5b4776983a71062ecd8",
     urls = [
         "https://github.com/denoland/rusty_v8/releases/download/v146.4.0/librusty_v8_release_aarch64-unknown-linux-gnu.a.gz",
     ],
@@ -441,7 +439,6 @@ http_file(
 http_file(
     name = "rusty_v8_146_4_0_aarch64_pc_windows_msvc_archive",
     downloaded_file_path = "rusty_v8_release_aarch64-pc-windows-msvc.lib.gz",
-    sha256 = "ed13363659c6d08583ac8fdc40493445c5767d8b94955a4d5d7bb8d5a81f6bf8",
     urls = [
         "https://github.com/denoland/rusty_v8/releases/download/v146.4.0/rusty_v8_release_aarch64-pc-windows-msvc.lib.gz",
     ],
@@ -450,7 +447,6 @@ http_file(
 http_file(
     name = "rusty_v8_146_4_0_x86_64_apple_darwin_archive",
     downloaded_file_path = "librusty_v8_release_x86_64-apple-darwin.a.gz",
-    sha256 = "630cd240f1bbecdb071417dc18387ab81cf67c549c1c515a0b4fcf9eba647bb7",
     urls = [
         "https://github.com/denoland/rusty_v8/releases/download/v146.4.0/librusty_v8_release_x86_64-apple-darwin.a.gz",
     ],
@@ -459,7 +455,6 @@ http_file(
 http_file(
     name = "rusty_v8_146_4_0_x86_64_unknown_linux_gnu_archive",
     downloaded_file_path = "librusty_v8_release_x86_64-unknown-linux-gnu.a.gz",
-    sha256 = "e64b4d99e4ae293a2e846244a89b80178ba10382c13fb591c1fa6968f5291153",
     urls = [
         "https://github.com/denoland/rusty_v8/releases/download/v146.4.0/librusty_v8_release_x86_64-unknown-linux-gnu.a.gz",
     ],
@@ -468,7 +463,6 @@ http_file(
 http_file(
     name = "rusty_v8_146_4_0_x86_64_pc_windows_msvc_archive",
     downloaded_file_path = "rusty_v8_release_x86_64-pc-windows-msvc.lib.gz",
-    sha256 = "90a9a2346acd3685a355e98df85c24dbe406cb124367d16259a4b5d522621862",
     urls = [
         "https://github.com/denoland/rusty_v8/releases/download/v146.4.0/rusty_v8_release_x86_64-pc-windows-msvc.lib.gz",
     ],
@@ -477,7 +471,6 @@ http_file(
 http_file(
     name = "rusty_v8_146_4_0_aarch64_unknown_linux_musl_archive",
     downloaded_file_path = "librusty_v8_release_aarch64-unknown-linux-musl.a.gz",
-    sha256 = "27a08ed26c34297bfd93e514692ccc44b85f8b15c6aa39cf34e784f84fb37e8e",
     urls = [
         "https://github.com/openai/codex/releases/download/rusty-v8-v146.4.0/librusty_v8_release_aarch64-unknown-linux-musl.a.gz",
     ],
@@ -486,7 +479,6 @@ http_file(
 http_file(
     name = "rusty_v8_146_4_0_aarch64_unknown_linux_musl_binding",
     downloaded_file_path = "src_binding_release_aarch64-unknown-linux-musl.rs",
-    sha256 = "09f8900ced8297c229246c7a50b2e0ec23c54d0a554f369619cc29863f38dd1a",
     urls = [
         "https://github.com/openai/codex/releases/download/rusty-v8-v146.4.0/src_binding_release_aarch64-unknown-linux-musl.rs",
     ],
@@ -495,7 +487,6 @@ http_file(
 http_file(
     name = "rusty_v8_146_4_0_x86_64_unknown_linux_musl_archive",
     downloaded_file_path = "librusty_v8_release_x86_64-unknown-linux-musl.a.gz",
-    sha256 = "20d8271ad712323d352c1383c36e3c4b755abc41ece35819c49c75ec7134d2f8",
     urls = [
         "https://github.com/openai/codex/releases/download/rusty-v8-v146.4.0/librusty_v8_release_x86_64-unknown-linux-musl.a.gz",
     ],
@@ -504,7 +495,6 @@ http_file(
 http_file(
     name = "rusty_v8_146_4_0_x86_64_unknown_linux_musl_binding",
     downloaded_file_path = "src_binding_release_x86_64-unknown-linux-musl.rs",
-    sha256 = "09f8900ced8297c229246c7a50b2e0ec23c54d0a554f369619cc29863f38dd1a",
     urls = [
         "https://github.com/openai/codex/releases/download/rusty-v8-v146.4.0/src_binding_release_x86_64-unknown-linux-musl.rs",
     ],

SECURITY.md

@@ -11,7 +11,3 @@ Our security program is managed through Bugcrowd, and we ask that any validated
 ## Vulnerability Disclosure Program
 
 Our Vulnerability Program Guidelines are defined on our [Bugcrowd program page](https://bugcrowd.com/engagements/openai).
-
-## How to operate CODEX safely
-
-For details on Codex security boundaries, including sandboxing, approvals, and network controls, see [Agent approvals & security](https://developers.openai.com/codex/agent-approvals-security).

announcement_tip.toml

@@ -4,14 +4,20 @@
 # version_regex matches against the CLI version (env!("CARGO_PKG_VERSION")); omit to apply to all versions.
 # target_app specify which app should display the announcement (cli, vsce, ...).
 
-# Test announcement only for local build version until 2027-05-10 excluded
+[[announcements]]
+content = "Welcome to Codex! Check out the new onboarding flow."
+from_date = "2024-10-01"
+to_date = "2024-10-15"
+target_app = "cli"
+
+# Test announcement only for local build version until 2026-01-10 excluded (past)
 [[announcements]]
 content = "This is a test announcement"
 version_regex = "^0\\.0\\.0$"
-to_date = "2027-05-10"
+to_date = "2026-05-10"
 
 [[announcements]]
-content = "Update Required - This version will no longer be supported starting May 8th. Please upgrade to the latest version (https://github.com/openai/codex/releases/latest) using your preferred package manager."
-# Matches 0.x.y versions from 0.0.y through 0.119.y; excludes 0.120.0 and newer.
-version_regex = "^0\\.(?:[0-9]|[1-9][0-9]|1[01][0-9])\\."
-to_date = "2026-05-08"
+content = "**BREAKING NEWS**: `gpt-5.3-codex` is out! Upgrade to `0.98.0` for a faster, smarter, more steerable agent."
+from_date = "2026-02-01"
+to_date = "2026-02-16"
+version_regex = "^0\\.(?:[0-9]|[1-8][0-9]|9[0-7])\\."

codex-rs/.cargo/audit.toml

@@ -1,10 +1,6 @@
 [advisories]
-# Reviewed 2026-04-15. Keep this list in sync with ../deny.toml.
 ignore = [
     "RUSTSEC-2024-0388", # derivative 2.2.0 via starlark; upstream crate is unmaintained
     "RUSTSEC-2025-0057", # fxhash 0.2.1 via starlark_map; upstream crate is unmaintained
     "RUSTSEC-2024-0436", # paste 1.0.15 via starlark/ratatui; upstream crate is unmaintained
-    "RUSTSEC-2024-0320", # yaml-rust via syntect; remove when syntect drops or updates it
-    "RUSTSEC-2025-0141", # bincode via syntect; remove when syntect drops or updates it
-    "RUSTSEC-2026-0097", # rand 0.8.5 via age/codex-secrets and zbus/keyring; remove when transitive deps move to rand >=0.9.3
 ]

codex-rs/Cargo.lock

@@ -1366,6 +1366,16 @@ dependencies = [
  "unicode-width 0.1.14",
 ]
 
+[[package]]
+name = "codex-account"
+version = "0.0.0"
+dependencies = [
+ "anyhow",
+ "codex-backend-client",
+ "codex-login",
+ "thiserror 2.0.18",
+]
+
 [[package]]
 name = "codex-analytics"
 version = "0.0.0"
@@ -1375,7 +1385,6 @@ dependencies = [
  "codex-login",
  "codex-plugin",
  "codex-protocol",
- "codex-utils-absolute-path",
  "os_info",
  "pretty_assertions",
  "serde",
@@ -1461,7 +1470,6 @@ dependencies = [
  "codex-sandboxing",
  "codex-shell-command",
  "codex-state",
- "codex-thread-store",
  "codex-tools",
  "codex-utils-absolute-path",
  "codex-utils-cargo-bin",
@@ -1671,7 +1679,6 @@ dependencies = [
  "assert_matches",
  "clap",
  "clap_complete",
- "codex-api",
  "codex-app-server",
  "codex-app-server-protocol",
  "codex-app-server-test-client",
@@ -1695,7 +1702,6 @@ dependencies = [
  "codex-stdio-to-uds",
  "codex-terminal-detection",
  "codex-tui",
- "codex-utils-absolute-path",
  "codex-utils-cargo-bin",
  "codex-utils-cli",
  "codex-utils-path",
@@ -1730,7 +1736,7 @@ dependencies = [
  "opentelemetry",
  "opentelemetry_sdk",
  "pretty_assertions",
- "rand 0.9.3",
+ "rand 0.9.2",
  "reqwest",
  "rustls",
  "rustls-native-certs",
@@ -1832,8 +1838,6 @@ name = "codex-code-mode"
 version = "0.0.0"
 dependencies = [
  "async-trait",
- "codex-protocol",
- "deno_core_icudata",
  "pretty_assertions",
  "serde",
  "serde_json",
@@ -1904,6 +1908,7 @@ dependencies = [
  "bm25",
  "chrono",
  "clap",
+ "codex-account",
  "codex-analytics",
  "codex-api",
  "codex-app-server-protocol",
@@ -1938,8 +1943,6 @@ dependencies = [
  "codex-shell-escalation",
  "codex-state",
  "codex-terminal-detection",
- "codex-test-binary-support",
- "codex-thread-store",
  "codex-tools",
  "codex-utils-absolute-path",
  "codex-utils-cache",
@@ -1961,7 +1964,6 @@ dependencies = [
  "ctor 0.6.3",
  "dirs",
  "dunce",
- "ed25519-dalek",
  "env-flags",
  "eventsource-stream",
  "futures",
@@ -1979,7 +1981,7 @@ dependencies = [
  "opentelemetry_sdk",
  "predicates",
  "pretty_assertions",
- "rand 0.9.3",
+ "rand 0.9.2",
  "regex-lite",
  "reqwest",
  "rmcp",
@@ -2021,7 +2023,6 @@ dependencies = [
  "codex-analytics",
  "codex-app-server-protocol",
  "codex-config",
- "codex-exec-server",
  "codex-instructions",
  "codex-login",
  "codex-otel",
@@ -2107,19 +2108,16 @@ dependencies = [
  "arc-swap",
  "async-trait",
  "base64 0.22.1",
+ "clap",
  "codex-app-server-protocol",
- "codex-config",
  "codex-protocol",
- "codex-sandboxing",
- "codex-test-binary-support",
  "codex-utils-absolute-path",
+ "codex-utils-cargo-bin",
  "codex-utils-pty",
- "ctor 0.6.3",
  "futures",
  "pretty_assertions",
  "serde",
  "serde_json",
- "serial_test",
  "tempfile",
  "test-case",
  "thiserror 2.0.18",
@@ -2244,7 +2242,6 @@ dependencies = [
  "chrono",
  "codex-config",
  "codex-protocol",
- "codex-utils-absolute-path",
  "futures",
  "pretty_assertions",
  "regex",
@@ -2255,15 +2252,6 @@ dependencies = [
  "tokio",
 ]
 
-[[package]]
-name = "codex-install-context"
-version = "0.0.0"
-dependencies = [
- "codex-utils-home-dir",
- "pretty_assertions",
- "tempfile",
-]
-
 [[package]]
 name = "codex-instructions"
 version = "0.0.0"
@@ -2341,7 +2329,7 @@ dependencies = [
  "once_cell",
  "os_info",
  "pretty_assertions",
- "rand 0.9.3",
+ "rand 0.9.2",
  "regex-lite",
  "reqwest",
  "serde",
@@ -2372,7 +2360,6 @@ dependencies = [
  "codex-plugin",
  "codex-protocol",
  "codex-rmcp-client",
- "codex-utils-absolute-path",
  "codex-utils-plugins",
  "futures",
  "pretty_assertions",
@@ -2403,7 +2390,6 @@ dependencies = [
  "codex-models-manager",
  "codex-protocol",
  "codex-shell-command",
- "codex-utils-absolute-path",
  "codex-utils-cli",
  "codex-utils-json-to-toml",
  "core_test_support",
@@ -2709,8 +2695,6 @@ dependencies = [
 name = "codex-sandboxing"
 version = "0.0.0"
 dependencies = [
- "anyhow",
- "async-trait",
  "codex-network-proxy",
  "codex-protocol",
  "codex-utils-absolute-path",
@@ -2719,7 +2703,6 @@ dependencies = [
  "pretty_assertions",
  "serde_json",
  "tempfile",
- "tokio",
  "tracing",
  "url",
  "which 8.0.0",
@@ -2736,7 +2719,7 @@ dependencies = [
  "codex-keyring-store",
  "keyring",
  "pretty_assertions",
- "rand 0.9.3",
+ "rand 0.9.2",
  "regex",
  "schemars 0.8.22",
  "serde",
@@ -2838,33 +2821,6 @@ dependencies = [
  "tracing",
 ]
 
-[[package]]
-name = "codex-test-binary-support"
-version = "0.0.0"
-dependencies = [
- "codex-arg0",
- "tempfile",
-]
-
-[[package]]
-name = "codex-thread-store"
-version = "0.0.0"
-dependencies = [
- "async-trait",
- "chrono",
- "codex-git-utils",
- "codex-protocol",
- "codex-rollout",
- "codex-state",
- "pretty_assertions",
- "serde",
- "serde_json",
- "tempfile",
- "thiserror 2.0.18",
- "tokio",
- "uuid",
-]
-
 [[package]]
 name = "codex-tools"
 version = "0.0.0"
@@ -2900,12 +2856,12 @@ dependencies = [
  "codex-cli",
  "codex-cloud-requirements",
  "codex-config",
+ "codex-core",
  "codex-exec-server",
  "codex-features",
  "codex-feedback",
  "codex-file-search",
  "codex-git-utils",
- "codex-install-context",
  "codex-login",
  "codex-mcp",
  "codex-model-provider-info",
@@ -2944,7 +2900,7 @@ dependencies = [
  "pathdiff",
  "pretty_assertions",
  "pulldown-cmark",
- "rand 0.9.3",
+ "rand 0.9.2",
  "ratatui",
  "ratatui-macros",
  "regex-lite",
@@ -2986,7 +2942,6 @@ name = "codex-utils-absolute-path"
 version = "0.0.0"
 dependencies = [
  "dirs",
- "dunce",
  "pretty_assertions",
  "schemars 0.8.22",
  "serde",
@@ -3043,7 +2998,6 @@ version = "0.0.0"
 name = "codex-utils-home-dir"
 version = "0.0.0"
 dependencies = [
- "codex-utils-absolute-path",
  "dirs",
  "pretty_assertions",
  "tempfile",
@@ -3103,13 +3057,10 @@ dependencies = [
 name = "codex-utils-plugins"
 version = "0.0.0"
 dependencies = [
- "codex-exec-server",
  "codex-login",
- "codex-utils-absolute-path",
  "serde",
  "serde_json",
  "tempfile",
- "tokio",
 ]
 
 [[package]]
@@ -3583,7 +3534,7 @@ checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28"
 [[package]]
 name = "crossterm"
 version = "0.28.1"
-source = "git+https://github.com/nornagon/crossterm?rev=87db8bfa6dc99427fd3b071681b07fc31c6ce995#87db8bfa6dc99427fd3b071681b07fc31c6ce995"
+source = "git+https://github.com/nornagon/crossterm?branch=nornagon%2Fcolor-query#87db8bfa6dc99427fd3b071681b07fc31c6ce995"
 dependencies = [
  "bitflags 2.10.0",
  "crossterm_winapi",
@@ -3677,7 +3628,6 @@ dependencies = [
  "cfg-if",
  "cpufeatures",
  "curve25519-dalek-derive",
- "digest",
  "fiat-crypto",
  "rustc_version",
  "subtle",
@@ -3947,12 +3897,6 @@ version = "0.1.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "26bf8fc351c5ed29b5c2f0cbbac1b209b74f60ecd62e675a998df72c49af5204"
 
-[[package]]
-name = "deno_core_icudata"
-version = "0.77.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a9efff8990a82c1ae664292507e1a5c6749ddd2312898cdf9cd7cb1fd4bc64c6"
-
 [[package]]
 name = "der"
 version = "0.7.10"
@@ -4154,7 +4098,7 @@ dependencies = [
  "libc",
  "option-ext",
  "redox_users 0.5.2",
- "windows-sys 0.61.2",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -4258,30 +4202,6 @@ version = "1.0.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d0881ea181b1df73ff77ffaaf9c7544ecc11e82fba9b5f27b262a3c73a332555"
 
-[[package]]
-name = "ed25519"
-version = "2.2.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "115531babc129696a58c64a4fef0a8bf9e9698629fb97e9e40767d235cfbcd53"
-dependencies = [
- "pkcs8",
- "signature",
-]
-
-[[package]]
-name = "ed25519-dalek"
-version = "2.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "70e796c081cee67dc755e1a36a0a172b897fab85fc3f6bc48307991f64e4eca9"
-dependencies = [
- "curve25519-dalek",
- "ed25519",
- "serde",
- "sha2",
- "subtle",
- "zeroize",
-]
-
 [[package]]
 name = "either"
 version = "1.15.0"
@@ -5211,7 +5131,7 @@ dependencies = [
  "idna",
  "ipnet",
  "once_cell",
- "rand 0.9.3",
+ "rand 0.9.2",
  "ring",
  "thiserror 2.0.18",
  "tinyvec",
@@ -5233,7 +5153,7 @@ dependencies = [
  "moka",
  "once_cell",
  "parking_lot",
- "rand 0.9.3",
+ "rand 0.9.2",
  "resolv-conf",
  "smallvec",
  "thiserror 2.0.18",
@@ -6780,7 +6700,7 @@ version = "0.50.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7957b9740744892f114936ab4a57b3f487491bbeafaf8083688b16841a4240e5"
 dependencies = [
- "windows-sys 0.61.2",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -7379,7 +7299,7 @@ dependencies = [
  "futures-util",
  "opentelemetry",
  "percent-encoding",
- "rand 0.9.3",
+ "rand 0.9.2",
  "thiserror 2.0.18",
  "tokio",
  "tokio-stream",
@@ -7928,7 +7848,7 @@ checksum = "bee689443a2bd0a16ab0348b52ee43e3b2d1b1f931c8aa5c9f8de4c86fbe8c40"
 dependencies = [
  "bitflags 2.10.0",
  "num-traits",
- "rand 0.9.3",
+ "rand 0.9.2",
  "rand_chacha 0.9.0",
  "rand_xorshift",
  "regex-syntax 0.8.8",
@@ -8099,7 +8019,7 @@ dependencies = [
  "bytes",
  "getrandom 0.3.4",
  "lru-slab",
- "rand 0.9.3",
+ "rand 0.9.2",
  "ring",
  "rustc-hash 2.1.1",
  "rustls",
@@ -8231,7 +8151,7 @@ dependencies = [
  "rama-http-types",
  "rama-net",
  "rama-utils",
- "rand 0.9.3",
+ "rand 0.9.2",
  "serde",
  "serde_html_form",
  "serde_json",
@@ -8301,7 +8221,7 @@ dependencies = [
  "rama-macros",
  "rama-net",
  "rama-utils",
- "rand 0.9.3",
+ "rand 0.9.2",
  "serde",
  "sha1",
 ]
@@ -8329,7 +8249,7 @@ dependencies = [
  "rama-error",
  "rama-macros",
  "rama-utils",
- "rand 0.9.3",
+ "rand 0.9.2",
  "serde",
  "serde_json",
  "sync_wrapper",
@@ -8403,7 +8323,7 @@ dependencies = [
  "rama-http-types",
  "rama-net",
  "rama-utils",
- "rand 0.9.3",
+ "rand 0.9.2",
  "tokio",
 ]
 
@@ -8483,9 +8403,9 @@ dependencies = [
 
 [[package]]
 name = "rand"
-version = "0.9.3"
+version = "0.9.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7ec095654a25171c2124e9e3393a930bddbffdc939556c914957a4c3e0a87166"
+checksum = "6db2770f06117d490610c7488547d543617b21bfa07796d7a12f6f1bd53850d1"
 dependencies = [
  "rand_chacha 0.9.0",
  "rand_core 0.9.5",
@@ -8541,7 +8461,7 @@ dependencies = [
 [[package]]
 name = "ratatui"
 version = "0.29.0"
-source = "git+https://github.com/nornagon/ratatui?rev=9b2ad1298408c45918ee9f8241a6f95498cdbed2#9b2ad1298408c45918ee9f8241a6f95498cdbed2"
+source = "git+https://github.com/nornagon/ratatui?branch=nornagon-v0.29.0-patch#9b2ad1298408c45918ee9f8241a6f95498cdbed2"
 dependencies = [
  "bitflags 2.10.0",
  "cassowary",
@@ -8800,7 +8720,7 @@ dependencies = [
  "pastey",
  "pin-project-lite",
  "process-wrap",
- "rand 0.9.3",
+ "rand 0.9.2",
  "reqwest",
  "rmcp-macros",
  "schemars 1.2.1",
@@ -9007,9 +8927,9 @@ dependencies = [
 
 [[package]]
 name = "rustls-webpki"
-version = "0.103.12"
+version = "0.103.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8279bb85272c9f10811ae6a6c547ff594d6a7f3c6c6b02ee9726d1d0dcfcdd06"
+checksum = "df33b2b81ac578cabaf06b89b0631153a3f416b0a886e8a7a1707fb51abbd1ef"
 dependencies = [
  "aws-lc-rs",
  "ring",
@@ -9384,7 +9304,7 @@ version = "0.46.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "26ab054c34b87f96c3e4701bea1888317cde30cc7e4a6136d2c48454ab96661c"
 dependencies = [
- "rand 0.9.3",
+ "rand 0.9.2",
  "sentry-types",
  "serde",
  "serde_json",
@@ -9432,7 +9352,7 @@ checksum = "eecbd63e9d15a26a40675ed180d376fcb434635d2e33de1c24003f61e3e2230d"
 dependencies = [
  "debugid",
  "hex",
- "rand 0.9.3",
+ "rand 0.9.2",
  "serde",
  "serde_json",
  "thiserror 2.0.18",
@@ -11217,7 +11137,7 @@ dependencies = [
  "http 1.4.0",
  "httparse",
  "log",
- "rand 0.9.3",
+ "rand 0.9.2",
  "rustls",
  "rustls-pki-types",
  "sha1",
@@ -11904,7 +11824,7 @@ version = "0.1.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22"
 dependencies = [
- "windows-sys 0.61.2",
+ "windows-sys 0.48.0",
 ]
 
 [[package]]

codex-rs/Cargo.toml

@@ -1,5 +1,6 @@
 [workspace]
 members = [
+    "account",
     "analytics",
     "backend-client",
     "ansi-escape",
@@ -13,7 +14,6 @@ members = [
     "arg0",
     "feedback",
     "features",
-    "install-context",
     "codex-backend-openapi-models",
     "code-mode",
     "cloud-requirements",
@@ -87,8 +87,6 @@ members = [
     "codex-api",
     "state",
     "terminal-detection",
-    "test-binary-support",
-    "thread-store",
     "codex-experimental-api-macros",
     "plugin",
 ]
@@ -107,6 +105,7 @@ license = "Apache-2.0"
 # Internal
 app_test_support = { path = "app-server/tests/common" }
 codex-analytics = { path = "analytics" }
+codex-account = { path = "account" }
 codex-ansi-escape = { path = "ansi-escape" }
 codex-api = { path = "codex-api" }
 codex-app-server = { path = "app-server" }
@@ -135,7 +134,6 @@ codex-execpolicy = { path = "execpolicy" }
 codex-experimental-api-macros = { path = "codex-experimental-api-macros" }
 codex-features = { path = "features" }
 codex-feedback = { path = "feedback" }
-codex-install-context = { path = "install-context" }
 codex-file-search = { path = "file-search" }
 codex-git-utils = { path = "git-utils" }
 codex-hooks = { path = "hooks" }
@@ -167,8 +165,6 @@ codex-skills = { path = "skills" }
 codex-state = { path = "state" }
 codex-stdio-to-uds = { path = "stdio-to-uds" }
 codex-terminal-detection = { path = "terminal-detection" }
-codex-test-binary-support = { path = "test-binary-support" }
-codex-thread-store = { path = "thread-store" }
 codex-tools = { path = "tools" }
 codex-tui = { path = "tui" }
 codex-utils-absolute-path = { path = "utils/absolute-path" }
@@ -224,13 +220,11 @@ crossbeam-channel = "0.5.15"
 crossterm = "0.28.1"
 csv = "1.3.1"
 ctor = "0.6.3"
-deno_core_icudata = "0.77.0"
 derive_more = "2"
 diffy = "0.4.2"
 dirs = "6"
 dotenvy = "0.15.7"
 dunce = "1.0.4"
-ed25519-dalek = { version = "2.2.0", features = ["pkcs8"] }
 encoding_rs = "0.8.35"
 env-flags = "0.1.1"
 env_logger = "0.11.9"
@@ -435,8 +429,8 @@ opt-level = 0
 [patch.crates-io]
 # Uncomment to debug local changes.
 # ratatui = { path = "../../ratatui" }
-crossterm = { git = "https://github.com/nornagon/crossterm", rev = "87db8bfa6dc99427fd3b071681b07fc31c6ce995" }
-ratatui = { git = "https://github.com/nornagon/ratatui", rev = "9b2ad1298408c45918ee9f8241a6f95498cdbed2" }
+crossterm = { git = "https://github.com/nornagon/crossterm", branch = "nornagon/color-query" }
+ratatui = { git = "https://github.com/nornagon/ratatui", branch = "nornagon-v0.29.0-patch" }
 tokio-tungstenite = { git = "https://github.com/openai-oss-forks/tokio-tungstenite", rev = "132f5b39c862e3a970f731d709608b3e6276d5f6" }
 tungstenite = { git = "https://github.com/openai-oss-forks/tungstenite-rs", rev = "9200079d3b54a1ff51072e24d81fd354f085156f" }
 

codex-rs/README.md

@@ -1,6 +1,6 @@
 # Codex CLI (Rust Implementation)
 
-We provide Codex CLI as a standalone executable to ensure a zero-dependency install.
+We provide Codex CLI as a standalone, native executable to ensure a zero-dependency install.
 
 ## Installing Codex
 

codex-rs/account/BUILD.bazel

@@ -0,0 +1,6 @@
+load("//:defs.bzl", "codex_rust_crate")
+
+codex_rust_crate(
+    name = "account",
+    crate_name = "codex_account",
+)

codex-rs/account/Cargo.toml

@@ -0,0 +1,19 @@
+[package]
+name = "codex-account"
+version.workspace = true
+edition.workspace = true
+license.workspace = true
+publish = false
+
+[lib]
+name = "codex_account"
+path = "src/lib.rs"
+
+[lints]
+workspace = true
+
+[dependencies]
+anyhow = { workspace = true }
+codex-backend-client = { workspace = true }
+codex-login = { workspace = true }
+thiserror = { workspace = true }

codex-rs/account/src/lib.rs

@@ -0,0 +1,121 @@
+use codex_backend_client::Client as BackendClient;
+use codex_backend_client::RequestError;
+use codex_backend_client::WorkspaceRole as BackendWorkspaceRole;
+use codex_login::AuthManager;
+use codex_login::CodexAuth;
+use thiserror::Error;
+
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+pub enum WorkspaceRole {
+    AccountOwner,
+    AccountAdmin,
+    StandardUser,
+}
+
+impl WorkspaceRole {
+    fn is_workspace_owner(self) -> bool {
+        matches!(self, Self::AccountOwner | Self::AccountAdmin)
+    }
+}
+
+impl From<BackendWorkspaceRole> for WorkspaceRole {
+    fn from(value: BackendWorkspaceRole) -> Self {
+        match value {
+            BackendWorkspaceRole::AccountOwner => Self::AccountOwner,
+            BackendWorkspaceRole::AccountAdmin => Self::AccountAdmin,
+            BackendWorkspaceRole::StandardUser => Self::StandardUser,
+        }
+    }
+}
+
+#[derive(Debug, Clone, Copy, Default, PartialEq, Eq)]
+pub struct WorkspaceOwnership {
+    pub workspace_role: Option<WorkspaceRole>,
+    pub is_workspace_owner: Option<bool>,
+}
+
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+pub enum AddCreditsNudgeEmailStatus {
+    Sent,
+    CooldownActive,
+}
+
+#[derive(Debug, Error)]
+pub enum SendAddCreditsNudgeEmailError {
+    #[error("codex account authentication required to notify workspace owner")]
+    AuthRequired,
+
+    #[error("chatgpt authentication required to notify workspace owner")]
+    ChatGptAuthRequired,
+
+    #[error("failed to construct backend client: {0}")]
+    CreateClient(#[from] anyhow::Error),
+
+    #[error("failed to notify workspace owner: {0}")]
+    Request(#[from] RequestError),
+}
+
+pub async fn send_add_credits_nudge_email(
+    chatgpt_base_url: impl Into<String>,
+    auth_manager: &AuthManager,
+) -> Result<AddCreditsNudgeEmailStatus, SendAddCreditsNudgeEmailError> {
+    let auth = auth_manager
+        .auth()
+        .await
+        .ok_or(SendAddCreditsNudgeEmailError::AuthRequired)?;
+    send_add_credits_nudge_email_for_auth(chatgpt_base_url, &auth).await
+}
+
+pub async fn send_add_credits_nudge_email_for_auth(
+    chatgpt_base_url: impl Into<String>,
+    auth: &CodexAuth,
+) -> Result<AddCreditsNudgeEmailStatus, SendAddCreditsNudgeEmailError> {
+    if !auth.is_chatgpt_auth() {
+        return Err(SendAddCreditsNudgeEmailError::ChatGptAuthRequired);
+    }
+
+    let client = BackendClient::from_auth(chatgpt_base_url, auth)?;
+    match client.send_add_credits_nudge_email().await {
+        Ok(()) => Ok(AddCreditsNudgeEmailStatus::Sent),
+        Err(err) if err.status().is_some_and(|status| status.as_u16() == 429) => {
+            Ok(AddCreditsNudgeEmailStatus::CooldownActive)
+        }
+        Err(err) => Err(err.into()),
+    }
+}
+
+pub async fn resolve_workspace_role_and_owner_for_auth(
+    chatgpt_base_url: &str,
+    auth: Option<&CodexAuth>,
+) -> WorkspaceOwnership {
+    let token_is_workspace_owner = auth.and_then(CodexAuth::is_workspace_owner);
+    let Some(auth) = auth else {
+        return WorkspaceOwnership::default();
+    };
+
+    let workspace_role = fetch_current_workspace_role_for_auth(chatgpt_base_url, auth).await;
+    let is_workspace_owner = workspace_role
+        .map(WorkspaceRole::is_workspace_owner)
+        .or(token_is_workspace_owner);
+    WorkspaceOwnership {
+        workspace_role,
+        is_workspace_owner,
+    }
+}
+
+async fn fetch_current_workspace_role_for_auth(
+    chatgpt_base_url: &str,
+    auth: &CodexAuth,
+) -> Option<WorkspaceRole> {
+    if !auth.is_chatgpt_auth() {
+        return None;
+    }
+
+    let client = BackendClient::from_auth(chatgpt_base_url.to_string(), auth).ok()?;
+    client
+        .get_current_workspace_role()
+        .await
+        .ok()
+        .flatten()
+        .map(WorkspaceRole::from)
+}

codex-rs/analytics/Cargo.toml

@@ -20,7 +20,6 @@ codex-plugin = { workspace = true }
 codex-protocol = { workspace = true }
 os_info = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
-serde_json = { workspace = true }
 sha1 = { workspace = true }
 tokio = { workspace = true, features = [
     "macros",
@@ -29,5 +28,5 @@ tokio = { workspace = true, features = [
 tracing = { workspace = true, features = ["log"] }
 
 [dev-dependencies]
-codex-utils-absolute-path = { workspace = true }
 pretty_assertions = { workspace = true }
+serde_json = { workspace = true }

codex-rs/analytics/src/client.rs

@@ -1,10 +1,8 @@
 use crate::events::AppServerRpcTransport;
-use crate::events::GuardianReviewEventParams;
 use crate::events::TrackEventRequest;
 use crate::events::TrackEventsRequest;
 use crate::events::current_runtime_metadata;
 use crate::facts::AnalyticsFact;
-use crate::facts::AnalyticsJsonRpcError;
 use crate::facts::AppInvocation;
 use crate::facts::AppMentionedInput;
 use crate::facts::AppUsedInput;
@@ -15,16 +13,9 @@ use crate::facts::SkillInvocation;
 use crate::facts::SkillInvokedInput;
 use crate::facts::SubAgentThreadStartedInput;
 use crate::facts::TrackEventsContext;
-use crate::facts::TurnResolvedConfigFact;
-use crate::facts::TurnTokenUsageFact;
 use crate::reducer::AnalyticsReducer;
-use crate::responses_api::CodexResponsesApiCallFact;
-use codex_app_server_protocol::ClientRequest;
 use codex_app_server_protocol::ClientResponse;
 use codex_app_server_protocol::InitializeParams;
-use codex_app_server_protocol::JSONRPCErrorError;
-use codex_app_server_protocol::RequestId;
-use codex_app_server_protocol::ServerNotification;
 use codex_login::AuthManager;
 use codex_login::default_client::create_client;
 use codex_plugin::PluginTelemetryMetadata;
@@ -160,12 +151,6 @@ impl AnalyticsEventsClient {
         ));
     }
 
-    pub fn track_guardian_review(&self, input: GuardianReviewEventParams) {
-        self.record_fact(AnalyticsFact::Custom(CustomAnalyticsFact::GuardianReview(
-            Box::new(input),
-        )));
-    }
-
     pub fn track_app_mentioned(&self, tracking: TrackEventsContext, mentions: Vec<AppInvocation>) {
         if mentions.is_empty() {
             return;
@@ -175,14 +160,6 @@ impl AnalyticsEventsClient {
         )));
     }
 
-    pub fn track_request(&self, connection_id: u64, request_id: RequestId, request: ClientRequest) {
-        self.record_fact(AnalyticsFact::Request {
-            connection_id,
-            request_id,
-            request: Box::new(request),
-        });
-    }
-
     pub fn track_app_used(&self, tracking: TrackEventsContext, app: AppInvocation) {
         if !self.queue.should_enqueue_app_used(&tracking, &app) {
             return;
@@ -201,30 +178,6 @@ impl AnalyticsEventsClient {
         )));
     }
 
-    pub fn track_compaction(&self, event: crate::facts::CodexCompactionEvent) {
-        self.record_fact(AnalyticsFact::Custom(CustomAnalyticsFact::Compaction(
-            Box::new(event),
-        )));
-    }
-
-    pub fn track_responses_api_call(&self, event: CodexResponsesApiCallFact) {
-        self.record_fact(AnalyticsFact::Custom(
-            CustomAnalyticsFact::ResponsesApiCall(Box::new(event)),
-        ));
-    }
-
-    pub fn track_turn_resolved_config(&self, fact: TurnResolvedConfigFact) {
-        self.record_fact(AnalyticsFact::Custom(
-            CustomAnalyticsFact::TurnResolvedConfig(Box::new(fact)),
-        ));
-    }
-
-    pub fn track_turn_token_usage(&self, fact: TurnTokenUsageFact) {
-        self.record_fact(AnalyticsFact::Custom(CustomAnalyticsFact::TurnTokenUsage(
-            Box::new(fact),
-        )));
-    }
-
     pub fn track_plugin_installed(&self, plugin: PluginTelemetryMetadata) {
         self.record_fact(AnalyticsFact::Custom(
             CustomAnalyticsFact::PluginStateChanged(PluginStateChangedInput {
@@ -274,25 +227,6 @@ impl AnalyticsEventsClient {
             response: Box::new(response),
         });
     }
-
-    pub fn track_error_response(
-        &self,
-        connection_id: u64,
-        request_id: RequestId,
-        error: JSONRPCErrorError,
-        error_type: Option<AnalyticsJsonRpcError>,
-    ) {
-        self.record_fact(AnalyticsFact::ErrorResponse {
-            connection_id,
-            request_id,
-            error,
-            error_type,
-        });
-    }
-
-    pub fn track_notification(&self, notification: ServerNotification) {
-        self.record_fact(AnalyticsFact::Notification(Box::new(notification)));
-    }
 }
 
 async fn send_track_events(

codex-rs/analytics/src/events.rs

@@ -1,22 +1,11 @@
 use crate::facts::AppInvocation;
-use crate::facts::CodexCompactionEvent;
 use crate::facts::InvocationType;
 use crate::facts::PluginState;
 use crate::facts::SubAgentThreadStartedInput;
-use crate::facts::ThreadInitializationMode;
 use crate::facts::TrackEventsContext;
-use crate::facts::TurnStatus;
-use crate::facts::TurnSteerRejectionReason;
-use crate::facts::TurnSteerResult;
-use crate::facts::TurnSubmissionType;
-use crate::responses_api::CodexResponsesApiCallStatus;
-use crate::responses_api::CodexResponsesApiItemMetadata;
-use codex_app_server_protocol::CodexErrorInfo;
 use codex_login::default_client::originator;
 use codex_plugin::PluginTelemetryMetadata;
-use codex_protocol::approvals::NetworkApprovalProtocol;
-use codex_protocol::models::PermissionProfile;
-use codex_protocol::models::SandboxPermissions;
+use codex_protocol::protocol::SessionSource;
 use codex_protocol::protocol::SubAgentSource;
 use serde::Serialize;
 
@@ -28,6 +17,14 @@ pub enum AppServerRpcTransport {
     InProcess,
 }
 
+#[derive(Clone, Copy, Debug, Serialize)]
+#[serde(rename_all = "snake_case")]
+pub(crate) enum ThreadInitializationMode {
+    New,
+    Forked,
+    Resumed,
+}
+
 #[derive(Serialize)]
 pub(crate) struct TrackEventsRequest {
     pub(crate) events: Vec<TrackEventRequest>,
@@ -38,13 +35,8 @@ pub(crate) struct TrackEventsRequest {
 pub(crate) enum TrackEventRequest {
     SkillInvocation(SkillInvocationEventRequest),
     ThreadInitialized(ThreadInitializedEvent),
-    GuardianReview(Box<GuardianReviewEventRequest>),
     AppMentioned(CodexAppMentionedEventRequest),
     AppUsed(CodexAppUsedEventRequest),
-    Compaction(Box<CodexCompactionEventRequest>),
-    ResponsesApiCall(Box<CodexResponsesApiCallEventRequest>),
-    TurnEvent(Box<CodexTurnEventRequest>),
-    TurnSteer(CodexTurnSteerEventRequest),
     PluginUsed(CodexPluginUsedEventRequest),
     PluginInstalled(CodexPluginEventRequest),
     PluginUninstalled(CodexPluginEventRequest),
@@ -107,179 +99,6 @@ pub(crate) struct ThreadInitializedEvent {
     pub(crate) event_params: ThreadInitializedEventParams,
 }
 
-#[derive(Serialize)]
-pub(crate) struct GuardianReviewEventRequest {
-    pub(crate) event_type: &'static str,
-    pub(crate) event_params: GuardianReviewEventPayload,
-}
-
-#[derive(Clone, Copy, Debug, Serialize)]
-#[serde(rename_all = "snake_case")]
-pub enum GuardianReviewDecision {
-    Approved,
-    Denied,
-    Aborted,
-}
-
-#[derive(Clone, Copy, Debug, Serialize)]
-#[serde(rename_all = "snake_case")]
-pub enum GuardianReviewTerminalStatus {
-    Approved,
-    Denied,
-    Aborted,
-    TimedOut,
-    FailedClosed,
-}
-
-#[derive(Clone, Copy, Debug, Serialize)]
-#[serde(rename_all = "snake_case")]
-pub enum GuardianReviewFailureReason {
-    Timeout,
-    Cancelled,
-    PromptBuildError,
-    SessionError,
-    ParseError,
-}
-
-#[derive(Clone, Copy, Debug, Serialize)]
-#[serde(rename_all = "snake_case")]
-pub enum GuardianReviewSessionKind {
-    TrunkNew,
-    TrunkReused,
-    EphemeralForked,
-}
-
-#[derive(Clone, Copy, Debug, Serialize)]
-#[serde(rename_all = "lowercase")]
-pub enum GuardianReviewRiskLevel {
-    Low,
-    Medium,
-    High,
-    Critical,
-}
-
-#[derive(Clone, Copy, Debug, Serialize)]
-#[serde(rename_all = "lowercase")]
-pub enum GuardianReviewUserAuthorization {
-    Unknown,
-    Low,
-    Medium,
-    High,
-}
-
-#[derive(Clone, Copy, Debug, Serialize)]
-#[serde(rename_all = "lowercase")]
-pub enum GuardianReviewOutcome {
-    Allow,
-    Deny,
-}
-
-#[derive(Clone, Copy, Debug, Serialize)]
-#[serde(rename_all = "snake_case")]
-pub enum GuardianApprovalRequestSource {
-    /// Approval requested directly by the main Codex turn.
-    MainTurn,
-    /// Approval requested by a delegated subagent and routed through the parent
-    /// session for guardian review.
-    DelegatedSubagent,
-}
-
-#[derive(Clone, Debug, Serialize)]
-#[serde(tag = "type", rename_all = "snake_case")]
-pub enum GuardianReviewedAction {
-    Shell {
-        command: Vec<String>,
-        command_display: String,
-        cwd: String,
-        sandbox_permissions: SandboxPermissions,
-        additional_permissions: Option<PermissionProfile>,
-        justification: Option<String>,
-    },
-    UnifiedExec {
-        command: Vec<String>,
-        command_display: String,
-        cwd: String,
-        sandbox_permissions: SandboxPermissions,
-        additional_permissions: Option<PermissionProfile>,
-        justification: Option<String>,
-        tty: bool,
-    },
-    Execve {
-        source: GuardianCommandSource,
-        program: String,
-        argv: Vec<String>,
-        cwd: String,
-        additional_permissions: Option<PermissionProfile>,
-    },
-    ApplyPatch {
-        cwd: String,
-        files: Vec<String>,
-    },
-    NetworkAccess {
-        target: String,
-        host: String,
-        protocol: NetworkApprovalProtocol,
-        port: u16,
-    },
-    McpToolCall {
-        server: String,
-        tool_name: String,
-        connector_id: Option<String>,
-        connector_name: Option<String>,
-        tool_title: Option<String>,
-    },
-}
-
-#[derive(Clone, Copy, Debug, Serialize)]
-#[serde(rename_all = "snake_case")]
-pub enum GuardianCommandSource {
-    Shell,
-    UnifiedExec,
-}
-
-#[derive(Clone, Serialize)]
-pub struct GuardianReviewEventParams {
-    pub thread_id: String,
-    pub turn_id: String,
-    pub review_id: String,
-    pub target_item_id: String,
-    pub retry_reason: Option<String>,
-    pub approval_request_source: GuardianApprovalRequestSource,
-    pub reviewed_action: GuardianReviewedAction,
-    pub reviewed_action_truncated: bool,
-    pub decision: GuardianReviewDecision,
-    pub terminal_status: GuardianReviewTerminalStatus,
-    pub failure_reason: Option<GuardianReviewFailureReason>,
-    pub risk_level: Option<GuardianReviewRiskLevel>,
-    pub user_authorization: Option<GuardianReviewUserAuthorization>,
-    pub outcome: Option<GuardianReviewOutcome>,
-    pub rationale: Option<String>,
-    pub guardian_thread_id: Option<String>,
-    pub guardian_session_kind: Option<GuardianReviewSessionKind>,
-    pub guardian_model: Option<String>,
-    pub guardian_reasoning_effort: Option<String>,
-    pub had_prior_review_context: Option<bool>,
-    pub review_timeout_ms: u64,
-    pub tool_call_count: u64,
-    pub time_to_first_token_ms: Option<u64>,
-    pub completion_latency_ms: Option<u64>,
-    pub started_at: u64,
-    pub completed_at: Option<u64>,
-    pub input_tokens: Option<i64>,
-    pub cached_input_tokens: Option<i64>,
-    pub output_tokens: Option<i64>,
-    pub reasoning_output_tokens: Option<i64>,
-    pub total_tokens: Option<i64>,
-}
-
-#[derive(Serialize)]
-pub(crate) struct GuardianReviewEventPayload {
-    pub(crate) app_server_client: CodexAppServerClientMetadata,
-    pub(crate) runtime: CodexRuntimeMetadata,
-    #[serde(flatten)]
-    pub(crate) guardian_review: GuardianReviewEventParams,
-}
-
 #[derive(Serialize)]
 pub(crate) struct CodexAppMetadata {
     pub(crate) connector_id: Option<String>,
@@ -303,150 +122,6 @@ pub(crate) struct CodexAppUsedEventRequest {
     pub(crate) event_params: CodexAppMetadata,
 }
 
-#[derive(Serialize)]
-pub(crate) struct CodexCompactionEventParams {
-    pub(crate) thread_id: String,
-    pub(crate) turn_id: String,
-    pub(crate) app_server_client: CodexAppServerClientMetadata,
-    pub(crate) runtime: CodexRuntimeMetadata,
-    pub(crate) thread_source: Option<&'static str>,
-    pub(crate) subagent_source: Option<String>,
-    pub(crate) parent_thread_id: Option<String>,
-    pub(crate) trigger: crate::facts::CompactionTrigger,
-    pub(crate) reason: crate::facts::CompactionReason,
-    pub(crate) implementation: crate::facts::CompactionImplementation,
-    pub(crate) phase: crate::facts::CompactionPhase,
-    pub(crate) strategy: crate::facts::CompactionStrategy,
-    pub(crate) status: crate::facts::CompactionStatus,
-    pub(crate) error: Option<String>,
-    pub(crate) active_context_tokens_before: i64,
-    pub(crate) active_context_tokens_after: i64,
-    pub(crate) started_at: u64,
-    pub(crate) completed_at: u64,
-    pub(crate) duration_ms: Option<u64>,
-}
-
-#[derive(Serialize)]
-pub(crate) struct CodexCompactionEventRequest {
-    pub(crate) event_type: &'static str,
-    pub(crate) event_params: CodexCompactionEventParams,
-}
-
-#[derive(Serialize)]
-pub(crate) struct CodexResponsesApiCallEventParams {
-    pub(crate) thread_id: String,
-    pub(crate) turn_id: String,
-    pub(crate) ephemeral: bool,
-    pub(crate) thread_source: Option<String>,
-    pub(crate) initialization_mode: ThreadInitializationMode,
-    pub(crate) subagent_source: Option<String>,
-    pub(crate) parent_thread_id: Option<String>,
-    pub(crate) app_server_client: CodexAppServerClientMetadata,
-    pub(crate) runtime: CodexRuntimeMetadata,
-    pub(crate) responses_id: Option<String>,
-    pub(crate) turn_responses_call_index: u64,
-    pub(crate) model: Option<String>,
-    pub(crate) model_provider: Option<String>,
-    pub(crate) reasoning_effort: Option<String>,
-    pub(crate) status: CodexResponsesApiCallStatus,
-    pub(crate) error: Option<String>,
-    pub(crate) started_at: u64,
-    pub(crate) completed_at: Option<u64>,
-    pub(crate) duration_ms: Option<u64>,
-    pub(crate) input_item_count: usize,
-    pub(crate) output_item_count: usize,
-    pub(crate) input_tokens: Option<i64>,
-    pub(crate) cached_input_tokens: Option<i64>,
-    pub(crate) output_tokens: Option<i64>,
-    pub(crate) reasoning_output_tokens: Option<i64>,
-    pub(crate) total_tokens: Option<i64>,
-    pub(crate) items: Vec<CodexResponsesApiItemMetadata>,
-}
-
-#[derive(Serialize)]
-pub(crate) struct CodexResponsesApiCallEventRequest {
-    pub(crate) event_type: &'static str,
-    pub(crate) event_params: CodexResponsesApiCallEventParams,
-}
-
-#[derive(Serialize)]
-pub(crate) struct CodexTurnEventParams {
-    pub(crate) thread_id: String,
-    pub(crate) turn_id: String,
-    // TODO(rhan-oai): Populate once queued/default submission type is plumbed from
-    // the turn/start callsites instead of always being reported as None.
-    pub(crate) submission_type: Option<TurnSubmissionType>,
-    pub(crate) app_server_client: CodexAppServerClientMetadata,
-    pub(crate) runtime: CodexRuntimeMetadata,
-    pub(crate) ephemeral: bool,
-    pub(crate) thread_source: Option<String>,
-    pub(crate) initialization_mode: ThreadInitializationMode,
-    pub(crate) subagent_source: Option<String>,
-    pub(crate) parent_thread_id: Option<String>,
-    pub(crate) model: Option<String>,
-    pub(crate) model_provider: String,
-    pub(crate) sandbox_policy: Option<&'static str>,
-    pub(crate) reasoning_effort: Option<String>,
-    pub(crate) reasoning_summary: Option<String>,
-    pub(crate) service_tier: String,
-    pub(crate) approval_policy: String,
-    pub(crate) approvals_reviewer: String,
-    pub(crate) sandbox_network_access: bool,
-    pub(crate) collaboration_mode: Option<&'static str>,
-    pub(crate) personality: Option<String>,
-    pub(crate) num_input_images: usize,
-    pub(crate) is_first_turn: bool,
-    pub(crate) status: Option<TurnStatus>,
-    pub(crate) turn_error: Option<CodexErrorInfo>,
-    pub(crate) steer_count: Option<usize>,
-    // TODO(rhan-oai): Populate these once tool-call accounting is emitted from
-    // core; the schema is reserved but these fields are currently always None.
-    pub(crate) total_tool_call_count: Option<usize>,
-    pub(crate) shell_command_count: Option<usize>,
-    pub(crate) file_change_count: Option<usize>,
-    pub(crate) mcp_tool_call_count: Option<usize>,
-    pub(crate) dynamic_tool_call_count: Option<usize>,
-    pub(crate) subagent_tool_call_count: Option<usize>,
-    pub(crate) web_search_count: Option<usize>,
-    pub(crate) image_generation_count: Option<usize>,
-    pub(crate) input_tokens: Option<i64>,
-    pub(crate) cached_input_tokens: Option<i64>,
-    pub(crate) output_tokens: Option<i64>,
-    pub(crate) reasoning_output_tokens: Option<i64>,
-    pub(crate) total_tokens: Option<i64>,
-    pub(crate) duration_ms: Option<u64>,
-    pub(crate) started_at: Option<u64>,
-    pub(crate) completed_at: Option<u64>,
-}
-
-#[derive(Serialize)]
-pub(crate) struct CodexTurnEventRequest {
-    pub(crate) event_type: &'static str,
-    pub(crate) event_params: CodexTurnEventParams,
-}
-
-#[derive(Serialize)]
-pub(crate) struct CodexTurnSteerEventParams {
-    pub(crate) thread_id: String,
-    pub(crate) expected_turn_id: Option<String>,
-    pub(crate) accepted_turn_id: Option<String>,
-    pub(crate) app_server_client: CodexAppServerClientMetadata,
-    pub(crate) runtime: CodexRuntimeMetadata,
-    pub(crate) thread_source: Option<String>,
-    pub(crate) subagent_source: Option<String>,
-    pub(crate) parent_thread_id: Option<String>,
-    pub(crate) num_input_images: usize,
-    pub(crate) result: TurnSteerResult,
-    pub(crate) rejection_reason: Option<TurnSteerRejectionReason>,
-    pub(crate) created_at: u64,
-}
-
-#[derive(Serialize)]
-pub(crate) struct CodexTurnSteerEventRequest {
-    pub(crate) event_type: &'static str,
-    pub(crate) event_params: CodexTurnSteerEventParams,
-}
-
 #[derive(Serialize)]
 pub(crate) struct CodexPluginMetadata {
     pub(crate) plugin_id: Option<String>,
@@ -526,37 +201,6 @@ pub(crate) fn codex_plugin_metadata(plugin: PluginTelemetryMetadata) -> CodexPlu
     }
 }
 
-pub(crate) fn codex_compaction_event_params(
-    input: CodexCompactionEvent,
-    app_server_client: CodexAppServerClientMetadata,
-    runtime: CodexRuntimeMetadata,
-    thread_source: Option<&'static str>,
-    subagent_source: Option<String>,
-    parent_thread_id: Option<String>,
-) -> CodexCompactionEventParams {
-    CodexCompactionEventParams {
-        thread_id: input.thread_id,
-        turn_id: input.turn_id,
-        app_server_client,
-        runtime,
-        thread_source,
-        subagent_source,
-        parent_thread_id,
-        trigger: input.trigger,
-        reason: input.reason,
-        implementation: input.implementation,
-        phase: input.phase,
-        strategy: input.strategy,
-        status: input.status,
-        error: input.error,
-        active_context_tokens_before: input.active_context_tokens_before,
-        active_context_tokens_after: input.active_context_tokens_after,
-        started_at: input.started_at,
-        completed_at: input.completed_at,
-        duration_ms: input.duration_ms,
-    }
-}
-
 pub(crate) fn codex_plugin_used_metadata(
     tracking: &TrackEventsContext,
     plugin: PluginTelemetryMetadata,
@@ -569,6 +213,14 @@ pub(crate) fn codex_plugin_used_metadata(
     }
 }
 
+pub(crate) fn thread_source_name(thread_source: &SessionSource) -> Option<&'static str> {
+    match thread_source {
+        SessionSource::Cli | SessionSource::VSCode | SessionSource::Exec => Some("user"),
+        SessionSource::SubAgent(_) => Some("subagent"),
+        SessionSource::Mcp | SessionSource::Custom(_) | SessionSource::Unknown => None,
+    }
+}
+
 pub(crate) fn current_runtime_metadata() -> CodexRuntimeMetadata {
     let os_info = os_info::get();
     CodexRuntimeMetadata {
@@ -608,7 +260,7 @@ pub(crate) fn subagent_thread_started_event_request(
     }
 }
 
-pub(crate) fn subagent_source_name(subagent_source: &SubAgentSource) -> String {
+fn subagent_source_name(subagent_source: &SubAgentSource) -> String {
     match subagent_source {
         SubAgentSource::Review => "review".to_string(),
         SubAgentSource::Compact => "compact".to_string(),
@@ -618,7 +270,7 @@ pub(crate) fn subagent_source_name(subagent_source: &SubAgentSource) -> String {
     }
 }
 
-pub(crate) fn subagent_parent_thread_id(subagent_source: &SubAgentSource) -> Option<String> {
+fn subagent_parent_thread_id(subagent_source: &SubAgentSource) -> Option<String> {
     match subagent_source {
         SubAgentSource::ThreadSpawn {
             parent_thread_id, ..

codex-rs/analytics/src/facts.rs

@@ -1,26 +1,13 @@
 use crate::events::AppServerRpcTransport;
 use crate::events::CodexRuntimeMetadata;
-use crate::events::GuardianReviewEventParams;
-use crate::responses_api::CodexResponsesApiCallFact;
 use codex_app_server_protocol::ClientRequest;
 use codex_app_server_protocol::ClientResponse;
 use codex_app_server_protocol::InitializeParams;
-use codex_app_server_protocol::JSONRPCErrorError;
 use codex_app_server_protocol::RequestId;
 use codex_app_server_protocol::ServerNotification;
 use codex_plugin::PluginTelemetryMetadata;
-use codex_protocol::config_types::ApprovalsReviewer;
-use codex_protocol::config_types::ModeKind;
-use codex_protocol::config_types::Personality;
-use codex_protocol::config_types::ReasoningSummary;
-use codex_protocol::config_types::ServiceTier;
-use codex_protocol::openai_models::ReasoningEffort;
-use codex_protocol::protocol::AskForApproval;
-use codex_protocol::protocol::SandboxPolicy;
-use codex_protocol::protocol::SessionSource;
 use codex_protocol::protocol::SkillScope;
 use codex_protocol::protocol::SubAgentSource;
-use codex_protocol::protocol::TokenUsage;
 use serde::Serialize;
 use std::path::PathBuf;
 
@@ -43,126 +30,6 @@ pub fn build_track_events_context(
     }
 }
 
-#[derive(Clone, Copy, Debug, Serialize)]
-#[serde(rename_all = "snake_case")]
-pub enum TurnSubmissionType {
-    Default,
-    Queued,
-}
-
-#[derive(Clone)]
-pub struct TurnResolvedConfigFact {
-    pub turn_id: String,
-    pub thread_id: String,
-    pub num_input_images: usize,
-    pub submission_type: Option<TurnSubmissionType>,
-    pub ephemeral: bool,
-    pub session_source: SessionSource,
-    pub model: String,
-    pub model_provider: String,
-    pub sandbox_policy: SandboxPolicy,
-    pub reasoning_effort: Option<ReasoningEffort>,
-    pub reasoning_summary: Option<ReasoningSummary>,
-    pub service_tier: Option<ServiceTier>,
-    pub approval_policy: AskForApproval,
-    pub approvals_reviewer: ApprovalsReviewer,
-    pub sandbox_network_access: bool,
-    pub collaboration_mode: ModeKind,
-    pub personality: Option<Personality>,
-    pub is_first_turn: bool,
-}
-
-#[derive(Clone, Copy, Debug, Serialize)]
-#[serde(rename_all = "snake_case")]
-pub enum ThreadInitializationMode {
-    New,
-    Forked,
-    Resumed,
-}
-
-#[derive(Clone)]
-pub struct TurnTokenUsageFact {
-    pub turn_id: String,
-    pub thread_id: String,
-    pub token_usage: TokenUsage,
-}
-
-#[derive(Clone, Copy, Debug, Serialize)]
-#[serde(rename_all = "snake_case")]
-pub enum TurnStatus {
-    Completed,
-    Failed,
-    Interrupted,
-}
-
-#[derive(Clone, Copy, Debug, Serialize)]
-#[serde(rename_all = "snake_case")]
-pub enum TurnSteerResult {
-    Accepted,
-    Rejected,
-}
-
-#[derive(Clone, Copy, Debug, Serialize)]
-#[serde(rename_all = "snake_case")]
-pub enum TurnSteerRejectionReason {
-    NoActiveTurn,
-    ExpectedTurnMismatch,
-    NonSteerableReview,
-    NonSteerableCompact,
-    EmptyInput,
-    InputTooLarge,
-}
-
-#[derive(Clone)]
-pub struct CodexTurnSteerEvent {
-    pub expected_turn_id: Option<String>,
-    pub accepted_turn_id: Option<String>,
-    pub num_input_images: usize,
-    pub result: TurnSteerResult,
-    pub rejection_reason: Option<TurnSteerRejectionReason>,
-    pub created_at: u64,
-}
-
-#[derive(Clone, Copy, Debug)]
-pub enum AnalyticsJsonRpcError {
-    TurnSteer(TurnSteerRequestError),
-    Input(InputError),
-}
-
-#[derive(Clone, Copy, Debug)]
-pub enum TurnSteerRequestError {
-    NoActiveTurn,
-    ExpectedTurnMismatch,
-    NonSteerableReview,
-    NonSteerableCompact,
-}
-
-#[derive(Clone, Copy, Debug)]
-pub enum InputError {
-    Empty,
-    TooLarge,
-}
-
-impl From<TurnSteerRequestError> for TurnSteerRejectionReason {
-    fn from(error: TurnSteerRequestError) -> Self {
-        match error {
-            TurnSteerRequestError::NoActiveTurn => Self::NoActiveTurn,
-            TurnSteerRequestError::ExpectedTurnMismatch => Self::ExpectedTurnMismatch,
-            TurnSteerRequestError::NonSteerableReview => Self::NonSteerableReview,
-            TurnSteerRequestError::NonSteerableCompact => Self::NonSteerableCompact,
-        }
-    }
-}
-
-impl From<InputError> for TurnSteerRejectionReason {
-    fn from(error: InputError) -> Self {
-        match error {
-            InputError::Empty => Self::EmptyInput,
-            InputError::TooLarge => Self::InputTooLarge,
-        }
-    }
-}
-
 #[derive(Clone, Debug)]
 pub struct SkillInvocation {
     pub skill_name: String,
@@ -197,69 +64,6 @@ pub struct SubAgentThreadStartedInput {
     pub created_at: u64,
 }
 
-#[derive(Clone, Copy, Debug, Serialize)]
-#[serde(rename_all = "snake_case")]
-pub enum CompactionTrigger {
-    Manual,
-    Auto,
-}
-
-#[derive(Clone, Copy, Debug, Serialize)]
-#[serde(rename_all = "snake_case")]
-pub enum CompactionReason {
-    UserRequested,
-    ContextLimit,
-    ModelDownshift,
-}
-
-#[derive(Clone, Copy, Debug, Serialize)]
-#[serde(rename_all = "snake_case")]
-pub enum CompactionImplementation {
-    Responses,
-    ResponsesCompact,
-}
-
-#[derive(Clone, Copy, Debug, Serialize)]
-#[serde(rename_all = "snake_case")]
-pub enum CompactionPhase {
-    StandaloneTurn,
-    PreTurn,
-    MidTurn,
-}
-
-#[derive(Clone, Copy, Debug, Serialize)]
-#[serde(rename_all = "snake_case")]
-pub enum CompactionStrategy {
-    Memento,
-    PrefixCompaction,
-}
-
-#[derive(Clone, Copy, Debug, Serialize)]
-#[serde(rename_all = "snake_case")]
-pub enum CompactionStatus {
-    Completed,
-    Failed,
-    Interrupted,
-}
-
-#[derive(Clone)]
-pub struct CodexCompactionEvent {
-    pub thread_id: String,
-    pub turn_id: String,
-    pub trigger: CompactionTrigger,
-    pub reason: CompactionReason,
-    pub implementation: CompactionImplementation,
-    pub phase: CompactionPhase,
-    pub strategy: CompactionStrategy,
-    pub status: CompactionStatus,
-    pub error: Option<String>,
-    pub active_context_tokens_before: i64,
-    pub active_context_tokens_after: i64,
-    pub started_at: u64,
-    pub completed_at: u64,
-    pub duration_ms: Option<u64>,
-}
-
 #[allow(dead_code)]
 pub(crate) enum AnalyticsFact {
     Initialize {
@@ -278,12 +82,6 @@ pub(crate) enum AnalyticsFact {
         connection_id: u64,
         response: Box<ClientResponse>,
     },
-    ErrorResponse {
-        connection_id: u64,
-        request_id: RequestId,
-        error: JSONRPCErrorError,
-        error_type: Option<AnalyticsJsonRpcError>,
-    },
     Notification(Box<ServerNotification>),
     // Facts that do not naturally exist on the app-server protocol surface, or
     // would require non-trivial protocol reshaping on this branch.
@@ -292,11 +90,6 @@ pub(crate) enum AnalyticsFact {
 
 pub(crate) enum CustomAnalyticsFact {
     SubAgentThreadStarted(SubAgentThreadStartedInput),
-    Compaction(Box<CodexCompactionEvent>),
-    ResponsesApiCall(Box<CodexResponsesApiCallFact>),
-    GuardianReview(Box<GuardianReviewEventParams>),
-    TurnResolvedConfig(Box<TurnResolvedConfigFact>),
-    TurnTokenUsage(Box<TurnTokenUsageFact>),
     SkillInvoked(SkillInvokedInput),
     AppMentioned(AppMentionedInput),
     AppUsed(AppUsedInput),

codex-rs/analytics/src/lib.rs

@@ -2,62 +2,15 @@ mod client;
 mod events;
 mod facts;
 mod reducer;
-mod responses_api;
-
-use std::time::SystemTime;
-use std::time::UNIX_EPOCH;
 
 pub use client::AnalyticsEventsClient;
 pub use events::AppServerRpcTransport;
-pub use events::GuardianApprovalRequestSource;
-pub use events::GuardianCommandSource;
-pub use events::GuardianReviewDecision;
-pub use events::GuardianReviewEventParams;
-pub use events::GuardianReviewFailureReason;
-pub use events::GuardianReviewOutcome;
-pub use events::GuardianReviewRiskLevel;
-pub use events::GuardianReviewSessionKind;
-pub use events::GuardianReviewTerminalStatus;
-pub use events::GuardianReviewUserAuthorization;
-pub use events::GuardianReviewedAction;
-pub use facts::AnalyticsJsonRpcError;
 pub use facts::AppInvocation;
-pub use facts::CodexCompactionEvent;
-pub use facts::CodexTurnSteerEvent;
-pub use facts::CompactionImplementation;
-pub use facts::CompactionPhase;
-pub use facts::CompactionReason;
-pub use facts::CompactionStatus;
-pub use facts::CompactionStrategy;
-pub use facts::CompactionTrigger;
-pub use facts::InputError;
 pub use facts::InvocationType;
 pub use facts::SkillInvocation;
 pub use facts::SubAgentThreadStartedInput;
-pub use facts::ThreadInitializationMode;
 pub use facts::TrackEventsContext;
-pub use facts::TurnResolvedConfigFact;
-pub use facts::TurnStatus;
-pub use facts::TurnSteerRejectionReason;
-pub use facts::TurnSteerRequestError;
-pub use facts::TurnSteerResult;
-pub use facts::TurnTokenUsageFact;
 pub use facts::build_track_events_context;
-pub use responses_api::CodexResponseItemRole;
-pub use responses_api::CodexResponseItemType;
-pub use responses_api::CodexResponseMessagePhase;
-pub use responses_api::CodexResponsesApiCallFact;
-pub use responses_api::CodexResponsesApiCallStatus;
-pub use responses_api::CodexResponsesApiItemMetadata;
-pub use responses_api::CodexResponsesApiItemPhase;
-pub use responses_api::response_items_metadata;
 
 #[cfg(test)]
 mod analytics_client_tests;
-
-pub fn now_unix_seconds() -> u64 {
-    SystemTime::now()
-        .duration_since(UNIX_EPOCH)
-        .unwrap_or_default()
-        .as_secs()
-}

codex-rs/analytics/src/reducer.rs

@@ -2,80 +2,44 @@ use crate::events::AppServerRpcTransport;
 use crate::events::CodexAppMentionedEventRequest;
 use crate::events::CodexAppServerClientMetadata;
 use crate::events::CodexAppUsedEventRequest;
-use crate::events::CodexCompactionEventRequest;
 use crate::events::CodexPluginEventRequest;
 use crate::events::CodexPluginUsedEventRequest;
-use crate::events::CodexResponsesApiCallEventParams;
-use crate::events::CodexResponsesApiCallEventRequest;
 use crate::events::CodexRuntimeMetadata;
-use crate::events::CodexTurnEventParams;
-use crate::events::CodexTurnEventRequest;
-use crate::events::CodexTurnSteerEventParams;
-use crate::events::CodexTurnSteerEventRequest;
-use crate::events::GuardianReviewEventParams;
-use crate::events::GuardianReviewEventPayload;
-use crate::events::GuardianReviewEventRequest;
 use crate::events::SkillInvocationEventParams;
 use crate::events::SkillInvocationEventRequest;
+use crate::events::ThreadInitializationMode;
 use crate::events::ThreadInitializedEvent;
 use crate::events::ThreadInitializedEventParams;
 use crate::events::TrackEventRequest;
 use crate::events::codex_app_metadata;
-use crate::events::codex_compaction_event_params;
 use crate::events::codex_plugin_metadata;
 use crate::events::codex_plugin_used_metadata;
 use crate::events::plugin_state_event_type;
-use crate::events::subagent_parent_thread_id;
-use crate::events::subagent_source_name;
 use crate::events::subagent_thread_started_event_request;
+use crate::events::thread_source_name;
 use crate::facts::AnalyticsFact;
-use crate::facts::AnalyticsJsonRpcError;
 use crate::facts::AppMentionedInput;
 use crate::facts::AppUsedInput;
-use crate::facts::CodexCompactionEvent;
 use crate::facts::CustomAnalyticsFact;
 use crate::facts::PluginState;
 use crate::facts::PluginStateChangedInput;
 use crate::facts::PluginUsedInput;
 use crate::facts::SkillInvokedInput;
 use crate::facts::SubAgentThreadStartedInput;
-use crate::facts::ThreadInitializationMode;
-use crate::facts::TurnResolvedConfigFact;
-use crate::facts::TurnStatus;
-use crate::facts::TurnSteerRejectionReason;
-use crate::facts::TurnSteerResult;
-use crate::facts::TurnTokenUsageFact;
-use crate::now_unix_seconds;
-use crate::responses_api::CodexResponsesApiCallFact;
-use codex_app_server_protocol::ClientRequest;
 use codex_app_server_protocol::ClientResponse;
-use codex_app_server_protocol::CodexErrorInfo;
 use codex_app_server_protocol::InitializeParams;
-use codex_app_server_protocol::RequestId;
-use codex_app_server_protocol::ServerNotification;
-use codex_app_server_protocol::TurnSteerResponse;
-use codex_app_server_protocol::UserInput;
 use codex_git_utils::collect_git_info;
 use codex_git_utils::get_git_repo_root;
 use codex_login::default_client::originator;
-use codex_protocol::config_types::ModeKind;
-use codex_protocol::config_types::Personality;
-use codex_protocol::config_types::ReasoningSummary;
-use codex_protocol::protocol::SandboxPolicy;
 use codex_protocol::protocol::SessionSource;
 use codex_protocol::protocol::SkillScope;
-use codex_protocol::protocol::TokenUsage;
 use sha1::Digest;
 use std::collections::HashMap;
 use std::path::Path;
 
 #[derive(Default)]
 pub(crate) struct AnalyticsReducer {
-    requests: HashMap<(u64, RequestId), RequestState>,
-    turns: HashMap<String, TurnState>,
     connections: HashMap<u64, ConnectionState>,
-    thread_connections: HashMap<String, u64>,
-    thread_metadata: HashMap<String, ThreadMetadataState>,
 }
 
 struct ConnectionState {
@@ -83,76 +47,6 @@ struct ConnectionState {
     runtime: CodexRuntimeMetadata,
 }
 
-#[derive(Clone)]
-struct ThreadMetadataState {
-    thread_source: Option<&'static str>,
-    initialization_mode: ThreadInitializationMode,
-    subagent_source: Option<String>,
-    parent_thread_id: Option<String>,
-}
-
-impl ThreadMetadataState {
-    fn from_thread_metadata(
-        session_source: &SessionSource,
-        initialization_mode: ThreadInitializationMode,
-    ) -> Self {
-        let (subagent_source, parent_thread_id) = match session_source {
-            SessionSource::SubAgent(subagent_source) => (
-                Some(subagent_source_name(subagent_source)),
-                subagent_parent_thread_id(subagent_source),
-            ),
-            SessionSource::Cli
-            | SessionSource::VSCode
-            | SessionSource::Exec
-            | SessionSource::Mcp
-            | SessionSource::Custom(_)
-            | SessionSource::Unknown => (None, None),
-        };
-        Self {
-            thread_source: session_source.thread_source_name(),
-            initialization_mode,
-            subagent_source,
-            parent_thread_id,
-        }
-    }
-}
-
-enum RequestState {
-    TurnStart(PendingTurnStartState),
-    TurnSteer(PendingTurnSteerState),
-}
-
-struct PendingTurnStartState {
-    thread_id: String,
-    num_input_images: usize,
-}
-
-struct PendingTurnSteerState {
-    thread_id: String,
-    expected_turn_id: String,
-    num_input_images: usize,
-    created_at: u64,
-}
-
-#[derive(Clone)]
-struct CompletedTurnState {
-    status: Option<TurnStatus>,
-    turn_error: Option<CodexErrorInfo>,
-    completed_at: u64,
-    duration_ms: Option<u64>,
-}
-
-struct TurnState {
-    connection_id: Option<u64>,
-    thread_id: Option<String>,
-    num_input_images: Option<usize>,
-    resolved_config: Option<TurnResolvedConfigFact>,
-    started_at: Option<u64>,
-    token_usage: Option<TokenUsage>,
-    completed: Option<CompletedTurnState>,
-    steer_count: usize,
-}
-
 impl AnalyticsReducer {
     pub(crate) async fn ingest(&mut self, input: AnalyticsFact, out: &mut Vec<TrackEventRequest>) {
         match input {
@@ -172,48 +66,21 @@ impl AnalyticsReducer {
                 );
             }
             AnalyticsFact::Request {
-                connection_id,
-                request_id,
-                request,
-            } => {
-                self.ingest_request(connection_id, request_id, *request);
-            }
+                connection_id: _connection_id,
+                request_id: _request_id,
+                request: _request,
+            } => {}
             AnalyticsFact::Response {
                 connection_id,
                 response,
             } => {
                 self.ingest_response(connection_id, *response, out);
             }
-            AnalyticsFact::ErrorResponse {
-                connection_id,
-                request_id,
-                error: _,
-                error_type,
-            } => {
-                self.ingest_error_response(connection_id, request_id, error_type, out);
-            }
-            AnalyticsFact::Notification(notification) => {
-                self.ingest_notification(*notification, out);
-            }
+            AnalyticsFact::Notification(_notification) => {}
             AnalyticsFact::Custom(input) => match input {
                 CustomAnalyticsFact::SubAgentThreadStarted(input) => {
                     self.ingest_subagent_thread_started(input, out);
                 }
-                CustomAnalyticsFact::Compaction(input) => {
-                    self.ingest_compaction(*input, out);
-                }
-                CustomAnalyticsFact::ResponsesApiCall(input) => {
-                    self.ingest_responses_api_call(*input, out);
-                }
-                CustomAnalyticsFact::GuardianReview(input) => {
-                    self.ingest_guardian_review(*input, out);
-                }
-                CustomAnalyticsFact::TurnResolvedConfig(input) => {
-                    self.ingest_turn_resolved_config(*input, out);
-                }
-                CustomAnalyticsFact::TurnTokenUsage(input) => {
-                    self.ingest_turn_token_usage(*input, out);
-                }
                 CustomAnalyticsFact::SkillInvoked(input) => {
                     self.ingest_skill_invoked(input, out).await;
                 }
@@ -268,118 +135,6 @@ impl AnalyticsReducer {
         ));
     }
 
-    fn ingest_guardian_review(
-        &mut self,
-        input: GuardianReviewEventParams,
-        out: &mut Vec<TrackEventRequest>,
-    ) {
-        let Some(connection_id) = self.thread_connections.get(&input.thread_id) else {
-            tracing::warn!(
-                thread_id = %input.thread_id,
-                turn_id = %input.turn_id,
-                review_id = %input.review_id,
-                "dropping guardian analytics event: missing thread connection metadata"
-            );
-            return;
-        };
-        let Some(connection_state) = self.connections.get(connection_id) else {
-            tracing::warn!(
-                thread_id = %input.thread_id,
-                turn_id = %input.turn_id,
-                review_id = %input.review_id,
-                connection_id,
-                "dropping guardian analytics event: missing connection metadata"
-            );
-            return;
-        };
-        out.push(TrackEventRequest::GuardianReview(Box::new(
-            GuardianReviewEventRequest {
-                event_type: "codex_guardian_review",
-                event_params: GuardianReviewEventPayload {
-                    app_server_client: connection_state.app_server_client.clone(),
-                    runtime: connection_state.runtime.clone(),
-                    guardian_review: input,
-                },
-            },
-        )));
-    }
-
-    fn ingest_request(
-        &mut self,
-        connection_id: u64,
-        request_id: RequestId,
-        request: ClientRequest,
-    ) {
-        match request {
-            ClientRequest::TurnStart { params, .. } => {
-                self.requests.insert(
-                    (connection_id, request_id),
-                    RequestState::TurnStart(PendingTurnStartState {
-                        thread_id: params.thread_id,
-                        num_input_images: num_input_images(&params.input),
-                    }),
-                );
-            }
-            ClientRequest::TurnSteer { params, .. } => {
-                self.requests.insert(
-                    (connection_id, request_id),
-                    RequestState::TurnSteer(PendingTurnSteerState {
-                        thread_id: params.thread_id,
-                        expected_turn_id: params.expected_turn_id,
-                        num_input_images: num_input_images(&params.input),
-                        created_at: now_unix_seconds(),
-                    }),
-                );
-            }
-            _ => {}
-        }
-    }
-
-    fn ingest_turn_resolved_config(
-        &mut self,
-        input: TurnResolvedConfigFact,
-        out: &mut Vec<TrackEventRequest>,
-    ) {
-        let turn_id = input.turn_id.clone();
-        let thread_id = input.thread_id.clone();
-        let num_input_images = input.num_input_images;
-        let turn_state = self.turns.entry(turn_id.clone()).or_insert(TurnState {
-            connection_id: None,
-            thread_id: None,
-            num_input_images: None,
-            resolved_config: None,
-            started_at: None,
-            token_usage: None,
-            completed: None,
-            steer_count: 0,
-        });
-        turn_state.thread_id = Some(thread_id);
-        turn_state.num_input_images = Some(num_input_images);
-        turn_state.resolved_config = Some(input);
-        self.maybe_emit_turn_event(&turn_id, out);
-    }
-
-    fn ingest_turn_token_usage(
-        &mut self,
-        input: TurnTokenUsageFact,
-        out: &mut Vec<TrackEventRequest>,
-    ) {
-        let turn_id = input.turn_id.clone();
-        let turn_state = self.turns.entry(turn_id.clone()).or_insert(TurnState {
-            connection_id: None,
-            thread_id: None,
-            num_input_images: None,
-            resolved_config: None,
-            started_at: None,
-            token_usage: None,
-            completed: None,
-            steer_count: 0,
-        });
-        turn_state.thread_id = Some(input.thread_id);
-        turn_state.token_usage = Some(input.token_usage);
-        self.maybe_emit_turn_event(&turn_id, out);
-    }
-
     async fn ingest_skill_invoked(
         &mut self,
         input: SkillInvokedInput,
@@ -480,610 +235,46 @@ impl AnalyticsReducer {
         response: ClientResponse,
         out: &mut Vec<TrackEventRequest>,
     ) {
-        match response {
-            ClientResponse::ThreadStart { response, .. } => {
-                self.emit_thread_initialized(
-                    connection_id,
-                    response.thread,
-                    response.model,
-                    ThreadInitializationMode::New,
-                    out,
-                );
-            }
-            ClientResponse::ThreadResume { response, .. } => {
-                self.emit_thread_initialized(
-                    connection_id,
-                    response.thread,
-                    response.model,
-                    ThreadInitializationMode::Resumed,
-                    out,
-                );
-            }
-            ClientResponse::ThreadFork { response, .. } => {
-                self.emit_thread_initialized(
-                    connection_id,
-                    response.thread,
-                    response.model,
-                    ThreadInitializationMode::Forked,
-                    out,
-                );
-            }
-            ClientResponse::TurnStart {
-                request_id,
-                response,
-            } => {
-                let turn_id = response.turn.id;
-                let Some(RequestState::TurnStart(pending_request)) =
-                    self.requests.remove(&(connection_id, request_id))
-                else {
-                    return;
-                };
-                let turn_state = self.turns.entry(turn_id.clone()).or_insert(TurnState {
-                    connection_id: None,
-                    thread_id: None,
-                    num_input_images: None,
-                    resolved_config: None,
-                    started_at: None,
-                    token_usage: None,
-                    completed: None,
-                    steer_count: 0,
-                });
-                turn_state.connection_id = Some(connection_id);
-                turn_state.thread_id = Some(pending_request.thread_id);
-                turn_state.num_input_images = Some(pending_request.num_input_images);
-                self.maybe_emit_turn_event(&turn_id, out);
-            }
-            ClientResponse::TurnSteer {
-                request_id,
-                response,
-            } => {
-                self.ingest_turn_steer_response(connection_id, request_id, response, out);
-            }
-            _ => {}
-        }
-    }
-
-    fn ingest_error_response(
-        &mut self,
-        connection_id: u64,
-        request_id: RequestId,
-        error_type: Option<AnalyticsJsonRpcError>,
-        out: &mut Vec<TrackEventRequest>,
-    ) {
-        let Some(request) = self.requests.remove(&(connection_id, request_id)) else {
-            return;
+        let (thread, model, initialization_mode) = match response {
+            ClientResponse::ThreadStart { response, .. } => (
+                response.thread,
+                response.model,
+                ThreadInitializationMode::New,
+            ),
+            ClientResponse::ThreadResume { response, .. } => (
+                response.thread,
+                response.model,
+                ThreadInitializationMode::Resumed,
+            ),
+            ClientResponse::ThreadFork { response, .. } => (
+                response.thread,
+                response.model,
+                ThreadInitializationMode::Forked,
+            ),
+            _ => return,
         };
-        self.ingest_request_error_response(connection_id, request, error_type, out);
-    }
-
-    fn ingest_request_error_response(
-        &mut self,
-        connection_id: u64,
-        request: RequestState,
-        error_type: Option<AnalyticsJsonRpcError>,
-        out: &mut Vec<TrackEventRequest>,
-    ) {
-        match request {
-            RequestState::TurnStart(_) => {}
-            RequestState::TurnSteer(pending_request) => {
-                self.ingest_turn_steer_error_response(
-                    connection_id,
-                    pending_request,
-                    error_type,
-                    out,
-                );
-            }
-        }
-    }
-
-    fn ingest_turn_steer_error_response(
-        &mut self,
-        connection_id: u64,
-        pending_request: PendingTurnSteerState,
-        error_type: Option<AnalyticsJsonRpcError>,
-        out: &mut Vec<TrackEventRequest>,
-    ) {
-        self.emit_turn_steer_event(
-            connection_id,
-            pending_request,
-            /*accepted_turn_id*/ None,
-            TurnSteerResult::Rejected,
-            rejection_reason_from_error_type(error_type),
-            out,
-        );
-    }
-
-    fn ingest_notification(
-        &mut self,
-        notification: ServerNotification,
-        out: &mut Vec<TrackEventRequest>,
-    ) {
-        match notification {
-            ServerNotification::TurnStarted(notification) => {
-                let turn_state = self.turns.entry(notification.turn.id).or_insert(TurnState {
-                    connection_id: None,
-                    thread_id: None,
-                    num_input_images: None,
-                    resolved_config: None,
-                    started_at: None,
-                    token_usage: None,
-                    completed: None,
-                    steer_count: 0,
-                });
-                turn_state.started_at = notification
-                    .turn
-                    .started_at
-                    .and_then(|started_at| u64::try_from(started_at).ok());
-            }
-            ServerNotification::TurnCompleted(notification) => {
-                let turn_state =
-                    self.turns
-                        .entry(notification.turn.id.clone())
-                        .or_insert(TurnState {
-                            connection_id: None,
-                            thread_id: None,
-                            num_input_images: None,
-                            resolved_config: None,
-                            started_at: None,
-                            token_usage: None,
-                            completed: None,
-                            steer_count: 0,
-                        });
-                turn_state.completed = Some(CompletedTurnState {
-                    status: analytics_turn_status(notification.turn.status),
-                    turn_error: notification
-                        .turn
-                        .error
-                        .and_then(|error| error.codex_error_info),
-                    completed_at: notification
-                        .turn
-                        .completed_at
-                        .and_then(|completed_at| u64::try_from(completed_at).ok())
-                        .unwrap_or_default(),
-                    duration_ms: notification
-                        .turn
-                        .duration_ms
-                        .and_then(|duration_ms| u64::try_from(duration_ms).ok()),
-                });
-                let turn_id = notification.turn.id;
-                self.maybe_emit_turn_event(&turn_id, out);
-            }
-            _ => {}
-        }
-    }
-
-    fn emit_thread_initialized(
-        &mut self,
-        connection_id: u64,
-        thread: codex_app_server_protocol::Thread,
-        model: String,
-        initialization_mode: ThreadInitializationMode,
-        out: &mut Vec<TrackEventRequest>,
-    ) {
         let thread_source: SessionSource = thread.source.into();
-        let thread_id = thread.id;
         let Some(connection_state) = self.connections.get(&connection_id) else {
             return;
         };
-        let thread_metadata =
-            ThreadMetadataState::from_thread_metadata(&thread_source, initialization_mode);
-        self.thread_connections
-            .insert(thread_id.clone(), connection_id);
-        self.thread_metadata
-            .insert(thread_id.clone(), thread_metadata.clone());
         out.push(TrackEventRequest::ThreadInitialized(
             ThreadInitializedEvent {
                 event_type: "codex_thread_initialized",
                 event_params: ThreadInitializedEventParams {
-                    thread_id,
+                    thread_id: thread.id,
                     app_server_client: connection_state.app_server_client.clone(),
                     runtime: connection_state.runtime.clone(),
                     model,
                     ephemeral: thread.ephemeral,
-                    thread_source: thread_metadata.thread_source,
+                    thread_source: thread_source_name(&thread_source),
                     initialization_mode,
-                    subagent_source: thread_metadata.subagent_source,
-                    parent_thread_id: thread_metadata.parent_thread_id,
+                    subagent_source: None,
+                    parent_thread_id: None,
                     created_at: u64::try_from(thread.created_at).unwrap_or_default(),
                 },
             },
         ));
     }
-
-    fn ingest_compaction(&mut self, input: CodexCompactionEvent, out: &mut Vec<TrackEventRequest>) {
-        let Some(connection_id) = self.thread_connections.get(&input.thread_id) else {
-            tracing::warn!(
-                thread_id = %input.thread_id,
-                turn_id = %input.turn_id,
-                "dropping compaction analytics event: missing thread connection metadata"
-            );
-            return;
-        };
-        let Some(connection_state) = self.connections.get(connection_id) else {
-            tracing::warn!(
-                thread_id = %input.thread_id,
-                turn_id = %input.turn_id,
-                connection_id,
-                "dropping compaction analytics event: missing connection metadata"
-            );
-            return;
-        };
-        let Some(thread_metadata) = self.thread_metadata.get(&input.thread_id) else {
-            tracing::warn!(
-                thread_id = %input.thread_id,
-                turn_id = %input.turn_id,
-                "dropping compaction analytics event: missing thread lifecycle metadata"
-            );
-            return;
-        };
-        out.push(TrackEventRequest::Compaction(Box::new(
-            CodexCompactionEventRequest {
-                event_type: "codex_compaction_event",
-                event_params: codex_compaction_event_params(
-                    input,
-                    connection_state.app_server_client.clone(),
-                    connection_state.runtime.clone(),
-                    thread_metadata.thread_source,
-                    thread_metadata.subagent_source.clone(),
-                    thread_metadata.parent_thread_id.clone(),
-                ),
-            },
-        )));
-    }
-
-    fn ingest_responses_api_call(
-        &mut self,
-        input: CodexResponsesApiCallFact,
-        out: &mut Vec<TrackEventRequest>,
-    ) {
-        let Some(connection_id) = self.thread_connections.get(&input.thread_id) else {
-            tracing::warn!(
-                thread_id = %input.thread_id,
-                turn_id = %input.turn_id,
-                "dropping responses api call analytics event: missing thread connection metadata"
-            );
-            return;
-        };
-        let Some(connection_state) = self.connections.get(connection_id) else {
-            tracing::warn!(
-                thread_id = %input.thread_id,
-                turn_id = %input.turn_id,
-                connection_id,
-                "dropping responses api call analytics event: missing connection metadata"
-            );
-            return;
-        };
-        let Some(thread_metadata) = self.thread_metadata.get(&input.thread_id) else {
-            tracing::warn!(
-                thread_id = %input.thread_id,
-                turn_id = %input.turn_id,
-                "dropping responses api call analytics event: missing thread lifecycle metadata"
-            );
-            return;
-        };
-        let Some(turn_state) = self.turns.get(&input.turn_id) else {
-            tracing::warn!(
-                thread_id = %input.thread_id,
-                turn_id = %input.turn_id,
-                "dropping responses api call analytics event: missing turn metadata"
-            );
-            return;
-        };
-        let Some(resolved_config) = turn_state.resolved_config.as_ref() else {
-            tracing::warn!(
-                thread_id = %input.thread_id,
-                turn_id = %input.turn_id,
-                "dropping responses api call analytics event: missing turn resolved config"
-            );
-            return;
-        };
-
-        out.push(TrackEventRequest::ResponsesApiCall(Box::new(
-            CodexResponsesApiCallEventRequest {
-                event_type: "codex_responses_api_call_event",
-                event_params: CodexResponsesApiCallEventParams {
-                    thread_id: input.thread_id,
-                    turn_id: input.turn_id,
-                    ephemeral: resolved_config.ephemeral,
-                    thread_source: thread_metadata.thread_source.map(str::to_string),
-                    initialization_mode: thread_metadata.initialization_mode,
-                    subagent_source: thread_metadata.subagent_source.clone(),
-                    parent_thread_id: thread_metadata.parent_thread_id.clone(),
-                    app_server_client: connection_state.app_server_client.clone(),
-                    runtime: connection_state.runtime.clone(),
-                    responses_id: input.responses_id,
-                    turn_responses_call_index: input.turn_responses_call_index,
-                    model: Some(resolved_config.model.clone()),
-                    model_provider: Some(resolved_config.model_provider.clone()),
-                    reasoning_effort: resolved_config
-                        .reasoning_effort
-                        .map(|value| value.to_string()),
-                    status: input.status,
-                    error: input.error,
-                    started_at: input.started_at,
-                    completed_at: input.completed_at,
-                    duration_ms: input.duration_ms,
-                    input_item_count: input.input_item_count,
-                    output_item_count: input.output_item_count,
-                    input_tokens: input.input_tokens,
-                    cached_input_tokens: input.cached_input_tokens,
-                    output_tokens: input.output_tokens,
-                    reasoning_output_tokens: input.reasoning_output_tokens,
-                    total_tokens: input.total_tokens,
-                    items: input.items,
-                },
-            },
-        )));
-    }
-
-    fn ingest_turn_steer_response(
-        &mut self,
-        connection_id: u64,
-        request_id: RequestId,
-        response: TurnSteerResponse,
-        out: &mut Vec<TrackEventRequest>,
-    ) {
-        let Some(RequestState::TurnSteer(pending_request)) =
-            self.requests.remove(&(connection_id, request_id))
-        else {
-            return;
-        };
-        if let Some(turn_state) = self.turns.get_mut(&response.turn_id) {
-            turn_state.steer_count += 1;
-        }
-        self.emit_turn_steer_event(
-            connection_id,
-            pending_request,
-            Some(response.turn_id),
-            TurnSteerResult::Accepted,
-            /*rejection_reason*/ None,
-            out,
-        );
-    }
-
-    fn emit_turn_steer_event(
-        &mut self,
-        connection_id: u64,
-        pending_request: PendingTurnSteerState,
-        accepted_turn_id: Option<String>,
-        result: TurnSteerResult,
-        rejection_reason: Option<TurnSteerRejectionReason>,
-        out: &mut Vec<TrackEventRequest>,
-    ) {
-        let Some(connection_state) = self.connections.get(&connection_id) else {
-            return;
-        };
-        let Some(thread_metadata) = self.thread_metadata.get(&pending_request.thread_id) else {
-            tracing::warn!(
-                thread_id = %pending_request.thread_id,
-                "dropping turn steer analytics event: missing thread lifecycle metadata"
-            );
-            return;
-        };
-        out.push(TrackEventRequest::TurnSteer(CodexTurnSteerEventRequest {
-            event_type: "codex_turn_steer_event",
-            event_params: CodexTurnSteerEventParams {
-                thread_id: pending_request.thread_id,
-                expected_turn_id: Some(pending_request.expected_turn_id),
-                accepted_turn_id,
-                app_server_client: connection_state.app_server_client.clone(),
-                runtime: connection_state.runtime.clone(),
-                thread_source: thread_metadata.thread_source.map(str::to_string),
-                subagent_source: thread_metadata.subagent_source.clone(),
-                parent_thread_id: thread_metadata.parent_thread_id.clone(),
-                num_input_images: pending_request.num_input_images,
-                result,
-                rejection_reason,
-                created_at: pending_request.created_at,
-            },
-        }));
-    }
-
-    fn maybe_emit_turn_event(&mut self, turn_id: &str, out: &mut Vec<TrackEventRequest>) {
-        let Some(turn_state) = self.turns.get(turn_id) else {
-            return;
-        };
-        if turn_state.thread_id.is_none()
-            || turn_state.num_input_images.is_none()
-            || turn_state.resolved_config.is_none()
-            || turn_state.completed.is_none()
-        {
-            return;
-        }
-        let connection_metadata = turn_state
-            .connection_id
-            .and_then(|connection_id| self.connections.get(&connection_id))
-            .map(|connection_state| {
-                (
-                    connection_state.app_server_client.clone(),
-                    connection_state.runtime.clone(),
-                )
-            });
-        let Some((app_server_client, runtime)) = connection_metadata else {
-            if let Some(connection_id) = turn_state.connection_id {
-                tracing::warn!(
-                    turn_id,
-                    connection_id,
-                    "dropping turn analytics event: missing connection metadata"
-                );
-            }
-            return;
-        };
-        let Some(thread_id) = turn_state.thread_id.as_ref() else {
-            return;
-        };
-        let Some(thread_metadata) = self.thread_metadata.get(thread_id) else {
-            tracing::warn!(
-                thread_id,
-                turn_id,
-                "dropping turn analytics event: missing thread lifecycle metadata"
-            );
-            return;
-        };
-        out.push(TrackEventRequest::TurnEvent(Box::new(
-            CodexTurnEventRequest {
-                event_type: "codex_turn_event",
-                event_params: codex_turn_event_params(
-                    app_server_client,
-                    runtime,
-                    turn_id.to_string(),
-                    turn_state,
-                    thread_metadata,
-                ),
-            },
-        )));
-        self.turns.remove(turn_id);
-    }
-}
-
-fn codex_turn_event_params(
-    app_server_client: CodexAppServerClientMetadata,
-    runtime: CodexRuntimeMetadata,
-    turn_id: String,
-    turn_state: &TurnState,
-    thread_metadata: &ThreadMetadataState,
-) -> CodexTurnEventParams {
-    let (Some(thread_id), Some(num_input_images), Some(resolved_config), Some(completed)) = (
-        turn_state.thread_id.clone(),
-        turn_state.num_input_images,
-        turn_state.resolved_config.clone(),
-        turn_state.completed.clone(),
-    ) else {
-        unreachable!("turn event params require a fully populated turn state");
-    };
-    let started_at = turn_state.started_at;
-    let TurnResolvedConfigFact {
-        turn_id: _resolved_turn_id,
-        thread_id: _resolved_thread_id,
-        num_input_images: _resolved_num_input_images,
-        submission_type,
-        ephemeral,
-        session_source: _session_source,
-        model,
-        model_provider,
-        sandbox_policy,
-        reasoning_effort,
-        reasoning_summary,
-        service_tier,
-        approval_policy,
-        approvals_reviewer,
-        sandbox_network_access,
-        collaboration_mode,
-        personality,
-        is_first_turn,
-    } = resolved_config;
-    let token_usage = turn_state.token_usage.clone();
-    CodexTurnEventParams {
-        thread_id,
-        turn_id,
-        app_server_client,
-        runtime,
-        submission_type,
-        ephemeral,
-        thread_source: thread_metadata.thread_source.map(str::to_string),
-        initialization_mode: thread_metadata.initialization_mode,
-        subagent_source: thread_metadata.subagent_source.clone(),
-        parent_thread_id: thread_metadata.parent_thread_id.clone(),
-        model: Some(model),
-        model_provider,
-        sandbox_policy: Some(sandbox_policy_mode(&sandbox_policy)),
-        reasoning_effort: reasoning_effort.map(|value| value.to_string()),
-        reasoning_summary: reasoning_summary_mode(reasoning_summary),
-        service_tier: service_tier
-            .map(|value| value.to_string())
-            .unwrap_or_else(|| "default".to_string()),
-        approval_policy: approval_policy.to_string(),
-        approvals_reviewer: approvals_reviewer.to_string(),
-        sandbox_network_access,
-        collaboration_mode: Some(collaboration_mode_mode(collaboration_mode)),
-        personality: personality_mode(personality),
-        num_input_images,
-        is_first_turn,
-        status: completed.status,
-        turn_error: completed.turn_error,
-        steer_count: Some(turn_state.steer_count),
-        total_tool_call_count: None,
-        shell_command_count: None,
-        file_change_count: None,
-        mcp_tool_call_count: None,
-        dynamic_tool_call_count: None,
-        subagent_tool_call_count: None,
-        web_search_count: None,
-        image_generation_count: None,
-        input_tokens: token_usage
-            .as_ref()
-            .map(|token_usage| token_usage.input_tokens),
-        cached_input_tokens: token_usage
-            .as_ref()
-            .map(|token_usage| token_usage.cached_input_tokens),
-        output_tokens: token_usage
-            .as_ref()
-            .map(|token_usage| token_usage.output_tokens),
-        reasoning_output_tokens: token_usage
-            .as_ref()
-            .map(|token_usage| token_usage.reasoning_output_tokens),
-        total_tokens: token_usage
-            .as_ref()
-            .map(|token_usage| token_usage.total_tokens),
-        duration_ms: completed.duration_ms,
-        started_at,
-        completed_at: Some(completed.completed_at),
-    }
-}
-
-fn sandbox_policy_mode(sandbox_policy: &SandboxPolicy) -> &'static str {
-    match sandbox_policy {
-        SandboxPolicy::DangerFullAccess => "full_access",
-        SandboxPolicy::ReadOnly { .. } => "read_only",
-        SandboxPolicy::WorkspaceWrite { .. } => "workspace_write",
-        SandboxPolicy::ExternalSandbox { .. } => "external_sandbox",
-    }
-}
-
-fn collaboration_mode_mode(mode: ModeKind) -> &'static str {
-    match mode {
-        ModeKind::Plan => "plan",
-        ModeKind::Default | ModeKind::PairProgramming | ModeKind::Execute => "default",
-    }
-}
-
-fn reasoning_summary_mode(summary: Option<ReasoningSummary>) -> Option<String> {
-    match summary {
-        Some(ReasoningSummary::None) | None => None,
-        Some(summary) => Some(summary.to_string()),
-    }
-}
-
-fn personality_mode(personality: Option<Personality>) -> Option<String> {
-    match personality {
-        Some(Personality::None) | None => None,
-        Some(personality) => Some(personality.to_string()),
-    }
-}
-
-fn analytics_turn_status(status: codex_app_server_protocol::TurnStatus) -> Option<TurnStatus> {
-    match status {
-        codex_app_server_protocol::TurnStatus::Completed => Some(TurnStatus::Completed),
-        codex_app_server_protocol::TurnStatus::Failed => Some(TurnStatus::Failed),
-        codex_app_server_protocol::TurnStatus::Interrupted => Some(TurnStatus::Interrupted),
-        codex_app_server_protocol::TurnStatus::InProgress => None,
-    }
-}
-
-fn num_input_images(input: &[UserInput]) -> usize {
-    input
-        .iter()
-        .filter(|item| matches!(item, UserInput::Image { .. } | UserInput::LocalImage { .. }))
-        .count()
-}
-
-fn rejection_reason_from_error_type(
-    error_type: Option<AnalyticsJsonRpcError>,
-) -> Option<TurnSteerRejectionReason> {
-    match error_type? {
-        AnalyticsJsonRpcError::TurnSteer(error) => Some(error.into()),
-        AnalyticsJsonRpcError::Input(error) => Some(error.into()),
-    }
 }
 
 pub(crate) fn skill_id_for_local_skill(

codex-rs/analytics/src/responses_api.rs

@@ -1,486 +0,0 @@
-use codex_protocol::models::ContentItem;
-use codex_protocol::models::FunctionCallOutputBody;
-use codex_protocol::models::FunctionCallOutputContentItem;
-use codex_protocol::models::FunctionCallOutputPayload;
-use codex_protocol::models::MessagePhase;
-use codex_protocol::models::ReasoningItemContent;
-use codex_protocol::models::ReasoningItemReasoningSummary;
-use codex_protocol::models::ResponseItem;
-use serde::Serialize;
-
-#[derive(Clone, Copy, Debug, Serialize, PartialEq, Eq)]
-#[serde(rename_all = "snake_case")]
-pub enum CodexResponsesApiCallStatus {
-    Completed,
-    Failed,
-    Interrupted,
-}
-
-#[derive(Clone, Copy, Debug, Serialize, PartialEq, Eq)]
-#[serde(rename_all = "lowercase")]
-pub enum CodexResponsesApiItemPhase {
-    Input,
-    Output,
-}
-
-#[derive(Clone, Copy, Debug, Serialize, PartialEq, Eq)]
-#[serde(rename_all = "snake_case")]
-pub enum CodexResponseItemType {
-    Message,
-    Reasoning,
-    LocalShellCall,
-    FunctionCall,
-    FunctionCallOutput,
-    CustomToolCall,
-    CustomToolCallOutput,
-    ToolSearchCall,
-    ToolSearchOutput,
-    WebSearchCall,
-    ImageGenerationCall,
-    GhostSnapshot,
-    Compaction,
-    Other,
-}
-
-#[derive(Clone, Copy, Debug, Serialize, PartialEq, Eq)]
-#[serde(rename_all = "lowercase")]
-pub enum CodexResponseItemRole {
-    User,
-    Assistant,
-    System,
-    Developer,
-    Tool,
-}
-
-#[derive(Clone, Copy, Debug, Serialize, PartialEq, Eq)]
-#[serde(rename_all = "snake_case")]
-pub enum CodexResponseMessagePhase {
-    Commentary,
-    FinalAnswer,
-}
-
-#[derive(Clone, Debug, Serialize, PartialEq, Eq)]
-pub struct CodexResponsesApiItemMetadata {
-    pub item_phase: CodexResponsesApiItemPhase,
-    pub item_index: usize,
-    pub response_item_type: CodexResponseItemType,
-    pub role: Option<CodexResponseItemRole>,
-    pub status: Option<String>,
-    pub message_phase: Option<CodexResponseMessagePhase>,
-    pub call_id: Option<String>,
-    pub tool_name: Option<String>,
-    pub content_bytes: Option<i64>,
-    pub arguments_bytes: Option<i64>,
-    pub output_bytes: Option<i64>,
-    pub encrypted_content_bytes: Option<i64>,
-    pub image_generation_revised_prompt_bytes: Option<i64>,
-    pub image_generation_result_bytes: Option<i64>,
-    pub text_part_count: Option<usize>,
-    pub image_part_count: Option<usize>,
-}
-
-#[derive(Clone, Debug)]
-pub struct CodexResponsesApiCallFact {
-    pub thread_id: String,
-    pub turn_id: String,
-    pub responses_id: Option<String>,
-    pub turn_responses_call_index: u64,
-    pub status: CodexResponsesApiCallStatus,
-    pub error: Option<String>,
-    pub started_at: u64,
-    pub completed_at: Option<u64>,
-    pub duration_ms: Option<u64>,
-    pub input_item_count: usize,
-    pub output_item_count: usize,
-    pub input_tokens: Option<i64>,
-    pub cached_input_tokens: Option<i64>,
-    pub output_tokens: Option<i64>,
-    pub reasoning_output_tokens: Option<i64>,
-    pub total_tokens: Option<i64>,
-    pub items: Vec<CodexResponsesApiItemMetadata>,
-}
-
-pub fn response_items_metadata(
-    phase: CodexResponsesApiItemPhase,
-    items: &[ResponseItem],
-) -> Vec<CodexResponsesApiItemMetadata> {
-    items
-        .iter()
-        .enumerate()
-        .map(|(item_index, item)| response_item_metadata(phase, item_index, item))
-        .collect()
-}
-
-fn response_item_metadata(
-    item_phase: CodexResponsesApiItemPhase,
-    item_index: usize,
-    item: &ResponseItem,
-) -> CodexResponsesApiItemMetadata {
-    let mut metadata =
-        CodexResponsesApiItemMetadata::new(item_phase, item_index, response_item_type(item));
-
-    match item {
-        ResponseItem::Message {
-            role,
-            content,
-            phase,
-            ..
-        } => {
-            metadata.role = response_item_role(role);
-            metadata.message_phase = phase.as_ref().and_then(response_message_phase);
-            metadata.content_bytes = nonzero_i64(message_content_text_bytes(content));
-            let (text_part_count, image_part_count) = message_content_part_counts(content);
-            metadata.text_part_count = Some(text_part_count);
-            metadata.image_part_count = Some(image_part_count);
-        }
-        ResponseItem::Reasoning {
-            summary,
-            content,
-            encrypted_content,
-            ..
-        } => {
-            metadata.content_bytes = nonzero_i64(reasoning_content_bytes(summary, content));
-            metadata.encrypted_content_bytes =
-                encrypted_content.as_ref().map(|value| byte_len(value));
-            metadata.text_part_count = Some(
-                summary.len()
-                    + content
-                        .as_ref()
-                        .map(|content| content.len())
-                        .unwrap_or_default(),
-            );
-            metadata.image_part_count = Some(0);
-        }
-        ResponseItem::LocalShellCall {
-            call_id,
-            status,
-            action,
-            ..
-        } => {
-            metadata.call_id = call_id.clone();
-            metadata.tool_name = Some("local_shell".to_string());
-            metadata.status = serialized_string(status);
-            metadata.arguments_bytes = serialized_bytes(action);
-        }
-        ResponseItem::FunctionCall {
-            name,
-            arguments,
-            call_id,
-            ..
-        } => {
-            metadata.call_id = Some(call_id.clone());
-            metadata.tool_name = Some(name.clone());
-            metadata.arguments_bytes = Some(byte_len(arguments));
-        }
-        ResponseItem::ToolSearchCall {
-            call_id,
-            status,
-            arguments,
-            ..
-        } => {
-            metadata.call_id = call_id.clone();
-            metadata.tool_name = Some("tool_search".to_string());
-            metadata.status = status.clone();
-            metadata.arguments_bytes = serialized_bytes(arguments);
-        }
-        ResponseItem::FunctionCallOutput { call_id, output } => {
-            metadata.call_id = Some(call_id.clone());
-            metadata.output_bytes = function_call_output_bytes(output);
-            let (text_part_count, image_part_count) = function_call_output_part_counts(output);
-            metadata.text_part_count = text_part_count;
-            metadata.image_part_count = image_part_count;
-        }
-        ResponseItem::CustomToolCall {
-            status,
-            call_id,
-            name,
-            input,
-            ..
-        } => {
-            metadata.call_id = Some(call_id.clone());
-            metadata.tool_name = Some(name.clone());
-            metadata.status = status.clone();
-            metadata.arguments_bytes = Some(byte_len(input));
-        }
-        ResponseItem::CustomToolCallOutput {
-            call_id,
-            name,
-            output,
-        } => {
-            metadata.call_id = Some(call_id.clone());
-            metadata.tool_name = name.clone();
-            metadata.output_bytes = function_call_output_bytes(output);
-            let (text_part_count, image_part_count) = function_call_output_part_counts(output);
-            metadata.text_part_count = text_part_count;
-            metadata.image_part_count = image_part_count;
-        }
-        ResponseItem::ToolSearchOutput {
-            call_id,
-            status,
-            tools,
-            ..
-        } => {
-            metadata.call_id = call_id.clone();
-            metadata.tool_name = Some("tool_search".to_string());
-            metadata.status = Some(status.clone());
-            metadata.output_bytes = serialized_bytes(tools);
-        }
-        ResponseItem::WebSearchCall { status, action, .. } => {
-            metadata.tool_name = Some("web_search".to_string());
-            metadata.status = status.clone();
-            metadata.arguments_bytes = action.as_ref().and_then(serialized_bytes);
-        }
-        ResponseItem::ImageGenerationCall {
-            id,
-            status,
-            revised_prompt,
-            result,
-        } => {
-            metadata.call_id = Some(id.clone());
-            metadata.tool_name = Some("image_generation".to_string());
-            metadata.status = Some(status.clone());
-            metadata.image_generation_revised_prompt_bytes =
-                revised_prompt.as_ref().map(|value| byte_len(value));
-            metadata.image_generation_result_bytes = Some(byte_len(result));
-        }
-        ResponseItem::Compaction { encrypted_content } => {
-            metadata.encrypted_content_bytes = Some(byte_len(encrypted_content));
-        }
-        ResponseItem::GhostSnapshot { .. } | ResponseItem::Other => {}
-    }
-
-    metadata
-}
-
-impl CodexResponsesApiItemMetadata {
-    fn new(
-        item_phase: CodexResponsesApiItemPhase,
-        item_index: usize,
-        response_item_type: CodexResponseItemType,
-    ) -> Self {
-        Self {
-            item_phase,
-            item_index,
-            response_item_type,
-            role: None,
-            status: None,
-            message_phase: None,
-            call_id: None,
-            tool_name: None,
-            content_bytes: None,
-            arguments_bytes: None,
-            output_bytes: None,
-            encrypted_content_bytes: None,
-            image_generation_revised_prompt_bytes: None,
-            image_generation_result_bytes: None,
-            text_part_count: None,
-            image_part_count: None,
-        }
-    }
-}
-
-fn response_item_type(item: &ResponseItem) -> CodexResponseItemType {
-    match item {
-        ResponseItem::Message { .. } => CodexResponseItemType::Message,
-        ResponseItem::Reasoning { .. } => CodexResponseItemType::Reasoning,
-        ResponseItem::LocalShellCall { .. } => CodexResponseItemType::LocalShellCall,
-        ResponseItem::FunctionCall { .. } => CodexResponseItemType::FunctionCall,
-        ResponseItem::ToolSearchCall { .. } => CodexResponseItemType::ToolSearchCall,
-        ResponseItem::FunctionCallOutput { .. } => CodexResponseItemType::FunctionCallOutput,
-        ResponseItem::CustomToolCall { .. } => CodexResponseItemType::CustomToolCall,
-        ResponseItem::CustomToolCallOutput { .. } => CodexResponseItemType::CustomToolCallOutput,
-        ResponseItem::ToolSearchOutput { .. } => CodexResponseItemType::ToolSearchOutput,
-        ResponseItem::WebSearchCall { .. } => CodexResponseItemType::WebSearchCall,
-        ResponseItem::ImageGenerationCall { .. } => CodexResponseItemType::ImageGenerationCall,
-        ResponseItem::GhostSnapshot { .. } => CodexResponseItemType::GhostSnapshot,
-        ResponseItem::Compaction { .. } => CodexResponseItemType::Compaction,
-        ResponseItem::Other => CodexResponseItemType::Other,
-    }
-}
-
-fn response_item_role(role: &str) -> Option<CodexResponseItemRole> {
-    match role {
-        "user" => Some(CodexResponseItemRole::User),
-        "assistant" => Some(CodexResponseItemRole::Assistant),
-        "system" => Some(CodexResponseItemRole::System),
-        "developer" => Some(CodexResponseItemRole::Developer),
-        "tool" => Some(CodexResponseItemRole::Tool),
-        _ => None,
-    }
-}
-
-fn response_message_phase(phase: &MessagePhase) -> Option<CodexResponseMessagePhase> {
-    match phase {
-        MessagePhase::Commentary => Some(CodexResponseMessagePhase::Commentary),
-        MessagePhase::FinalAnswer => Some(CodexResponseMessagePhase::FinalAnswer),
-    }
-}
-
-fn message_content_text_bytes(content: &[ContentItem]) -> i64 {
-    content
-        .iter()
-        .map(|item| match item {
-            ContentItem::InputText { text } | ContentItem::OutputText { text } => byte_len(text),
-            ContentItem::InputImage { .. } => 0,
-        })
-        .sum()
-}
-
-fn message_content_part_counts(content: &[ContentItem]) -> (usize, usize) {
-    let mut text_part_count = 0;
-    let mut image_part_count = 0;
-    for item in content {
-        match item {
-            ContentItem::InputText { .. } | ContentItem::OutputText { .. } => {
-                text_part_count += 1;
-            }
-            ContentItem::InputImage { .. } => {
-                image_part_count += 1;
-            }
-        }
-    }
-    (text_part_count, image_part_count)
-}
-
-fn reasoning_content_bytes(
-    summary: &[ReasoningItemReasoningSummary],
-    content: &Option<Vec<ReasoningItemContent>>,
-) -> i64 {
-    let summary_bytes = summary
-        .iter()
-        .map(|summary| match summary {
-            ReasoningItemReasoningSummary::SummaryText { text } => byte_len(text),
-        })
-        .sum::<i64>();
-    let content_bytes = content
-        .as_ref()
-        .map(|content| {
-            content
-                .iter()
-                .map(|content| match content {
-                    ReasoningItemContent::ReasoningText { text }
-                    | ReasoningItemContent::Text { text } => byte_len(text),
-                })
-                .sum::<i64>()
-        })
-        .unwrap_or_default();
-    summary_bytes + content_bytes
-}
-
-fn function_call_output_bytes(output: &FunctionCallOutputPayload) -> Option<i64> {
-    match &output.body {
-        FunctionCallOutputBody::Text(text) => Some(byte_len(text)),
-        FunctionCallOutputBody::ContentItems(items) => serialized_bytes(items),
-    }
-}
-
-fn function_call_output_part_counts(
-    output: &FunctionCallOutputPayload,
-) -> (Option<usize>, Option<usize>) {
-    let Some(content_items) = output.content_items() else {
-        return (None, None);
-    };
-    let mut text_part_count = 0;
-    let mut image_part_count = 0;
-    for item in content_items {
-        match item {
-            FunctionCallOutputContentItem::InputText { .. } => {
-                text_part_count += 1;
-            }
-            FunctionCallOutputContentItem::InputImage { .. } => {
-                image_part_count += 1;
-            }
-        }
-    }
-    (Some(text_part_count), Some(image_part_count))
-}
-
-fn serialized_string<T: Serialize>(value: &T) -> Option<String> {
-    match serde_json::to_value(value).ok()? {
-        serde_json::Value::String(value) => Some(value),
-        value => Some(value.to_string()),
-    }
-}
-
-fn serialized_bytes<T: Serialize>(value: &T) -> Option<i64> {
-    serde_json::to_string(value)
-        .ok()
-        .map(|value| byte_len(&value))
-}
-
-fn nonzero_i64(value: i64) -> Option<i64> {
-    (value > 0).then_some(value)
-}
-
-fn byte_len(value: &str) -> i64 {
-    i64::try_from(value.len()).unwrap_or(i64::MAX)
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use codex_protocol::models::ImageDetail;
-
-    #[test]
-    fn maps_message_metadata() {
-        let items = vec![ResponseItem::Message {
-            id: None,
-            role: "assistant".to_string(),
-            content: vec![
-                ContentItem::OutputText {
-                    text: "hello".to_string(),
-                },
-                ContentItem::InputImage {
-                    image_url: "data:image/png;base64,abc".to_string(),
-                },
-            ],
-            end_turn: None,
-            phase: Some(MessagePhase::FinalAnswer),
-        }];
-
-        let metadata = response_items_metadata(CodexResponsesApiItemPhase::Output, &items);
-
-        assert_eq!(metadata[0].item_phase, CodexResponsesApiItemPhase::Output);
-        assert_eq!(
-            metadata[0].response_item_type,
-            CodexResponseItemType::Message
-        );
-        assert_eq!(metadata[0].role, Some(CodexResponseItemRole::Assistant));
-        assert_eq!(
-            metadata[0].message_phase,
-            Some(CodexResponseMessagePhase::FinalAnswer)
-        );
-        assert_eq!(metadata[0].content_bytes, Some(5));
-        assert_eq!(metadata[0].text_part_count, Some(1));
-        assert_eq!(metadata[0].image_part_count, Some(1));
-    }
-
-    #[test]
-    fn maps_tool_call_output_metadata() {
-        let items = vec![ResponseItem::CustomToolCallOutput {
-            call_id: "call_1".to_string(),
-            name: Some("custom_tool".to_string()),
-            output: FunctionCallOutputPayload::from_content_items(vec![
-                FunctionCallOutputContentItem::InputText {
-                    text: "result".to_string(),
-                },
-                FunctionCallOutputContentItem::InputImage {
-                    image_url: "https://example.test/image.png".to_string(),
-                    detail: Some(ImageDetail::High),
-                },
-            ]),
-        }];
-
-        let metadata = response_items_metadata(CodexResponsesApiItemPhase::Output, &items);
-
-        assert_eq!(
-            metadata[0].response_item_type,
-            CodexResponseItemType::CustomToolCallOutput
-        );
-        assert_eq!(metadata[0].call_id.as_deref(), Some("call_1"));
-        assert_eq!(metadata[0].tool_name.as_deref(), Some("custom_tool"));
-        assert!(metadata[0].output_bytes.unwrap_or_default() > 0);
-        assert_eq!(metadata[0].text_part_count, Some(1));
-        assert_eq!(metadata[0].image_part_count, Some(1));
-    }
-}

codex-rs/app-server-client/src/lib.rs

@@ -28,7 +28,6 @@ use std::time::Duration;
 pub use codex_app_server::in_process::DEFAULT_IN_PROCESS_CHANNEL_CAPACITY;
 pub use codex_app_server::in_process::InProcessServerEvent;
 use codex_app_server::in_process::InProcessStartArgs;
-use codex_app_server::in_process::LogDbLayer;
 use codex_app_server_protocol::ClientInfo;
 use codex_app_server_protocol::ClientNotification;
 use codex_app_server_protocol::ClientRequest;
@@ -45,7 +44,6 @@ use codex_core::config::Config;
 use codex_core::config_loader::CloudRequirementsLoader;
 use codex_core::config_loader::LoaderOverrides;
 pub use codex_exec_server::EnvironmentManager;
-pub use codex_exec_server::ExecServerRuntimePaths;
 use codex_feedback::CodexFeedback;
 use codex_protocol::protocol::SessionSource;
 use serde::de::DeserializeOwned;
@@ -58,90 +56,6 @@ use tracing::warn;
 pub use crate::remote::RemoteAppServerClient;
 pub use crate::remote::RemoteAppServerConnectArgs;
 
-/// Transitional access to core-only embedded app-server types.
-///
-/// New TUI behavior should prefer the app-server protocol methods. This
-/// module exists so clients can remove a direct `codex-core` dependency
-/// while legacy startup/config paths are migrated to RPCs.
-pub mod legacy_core {
-    pub use codex_core::Cursor;
-    pub use codex_core::DEFAULT_PROJECT_DOC_FILENAME;
-    pub use codex_core::INTERACTIVE_SESSION_SOURCES;
-    pub use codex_core::LOCAL_PROJECT_DOC_FILENAME;
-    pub use codex_core::McpManager;
-    pub use codex_core::PLUGIN_TEXT_MENTION_SIGIL;
-    pub use codex_core::RolloutRecorder;
-    pub use codex_core::TOOL_MENTION_SIGIL;
-    pub use codex_core::ThreadItem;
-    pub use codex_core::ThreadSortKey;
-    pub use codex_core::ThreadsPage;
-    pub use codex_core::append_message_history_entry;
-    pub use codex_core::check_execpolicy_for_warnings;
-    pub use codex_core::discover_project_doc_paths;
-    pub use codex_core::find_thread_meta_by_name_str;
-    pub use codex_core::find_thread_name_by_id;
-    pub use codex_core::find_thread_names_by_ids;
-    pub use codex_core::format_exec_policy_error_with_source;
-    pub use codex_core::grant_read_root_non_elevated;
-    pub use codex_core::lookup_message_history_entry;
-    pub use codex_core::message_history_metadata;
-    pub use codex_core::path_utils;
-    pub use codex_core::read_session_meta_line;
-    pub use codex_core::web_search_detail;
-
-    pub mod config {
-        pub use codex_core::config::*;
-
-        pub mod edit {
-            pub use codex_core::config::edit::*;
-        }
-    }
-
-    pub mod config_loader {
-        pub use codex_core::config_loader::*;
-    }
-
-    pub mod connectors {
-        pub use codex_core::connectors::*;
-    }
-
-    pub mod otel_init {
-        pub use codex_core::otel_init::*;
-    }
-
-    pub mod personality_migration {
-        pub use codex_core::personality_migration::*;
-    }
-
-    pub mod plugins {
-        pub use codex_core::plugins::*;
-    }
-
-    pub mod review_format {
-        pub use codex_core::review_format::*;
-    }
-
-    pub mod review_prompts {
-        pub use codex_core::review_prompts::*;
-    }
-
-    pub mod skills {
-        pub use codex_core::skills::*;
-    }
-
-    pub mod test_support {
-        pub use codex_core::test_support::*;
-    }
-
-    pub mod util {
-        pub use codex_core::util::*;
-    }
-
-    pub mod windows_sandbox {
-        pub use codex_core::windows_sandbox::*;
-    }
-}
-
 const SHUTDOWN_TIMEOUT: Duration = Duration::from_secs(5);
 
 /// Raw app-server request result for typed in-process requests.
@@ -355,8 +269,6 @@ pub struct InProcessClientStartArgs {
     pub cloud_requirements: CloudRequirementsLoader,
     /// Feedback sink used by app-server/core telemetry and logs.
     pub feedback: CodexFeedback,
-    /// SQLite tracing layer used to flush recently emitted logs before feedback upload.
-    pub log_db: Option<LogDbLayer>,
     /// Environment manager used by core execution and filesystem operations.
     pub environment_manager: Arc<EnvironmentManager>,
     /// Startup warnings emitted after initialize succeeds.
@@ -408,7 +320,6 @@ impl InProcessClientStartArgs {
             loader_overrides: self.loader_overrides,
             cloud_requirements: self.cloud_requirements,
             feedback: self.feedback,
-            log_db: self.log_db,
             environment_manager: self.environment_manager,
             config_warnings: self.config_warnings,
             session_source: self.session_source,
@@ -986,7 +897,6 @@ mod tests {
             loader_overrides: LoaderOverrides::default(),
             cloud_requirements: CloudRequirementsLoader::default(),
             feedback: CodexFeedback::new(),
-            log_db: None,
             environment_manager: Arc::new(EnvironmentManager::new(/*exec_server_url*/ None)),
             config_warnings: Vec::new(),
             session_source,
@@ -1377,6 +1287,8 @@ mod tests {
                     id: request.id,
                     result: serde_json::to_value(GetAccountResponse {
                         account: None,
+                        workspace_role: None,
+                        is_workspace_owner: None,
                         requires_openai_auth: false,
                     })
                     .expect("response should serialize"),
@@ -1485,6 +1397,8 @@ mod tests {
                     id: request.id,
                     result: serde_json::to_value(GetAccountResponse {
                         account: None,
+                        workspace_role: None,
+                        is_workspace_owner: None,
                         requires_openai_auth: false,
                     })
                     .expect("response should serialize"),
@@ -1538,6 +1452,8 @@ mod tests {
             first_response,
             GetAccountResponse {
                 account: None,
+                workspace_role: None,
+                is_workspace_owner: None,
                 requires_openai_auth: false,
             }
         );
@@ -1557,6 +1473,8 @@ mod tests {
                             AccountUpdatedNotification {
                                 auth_mode: None,
                                 plan_type: None,
+                                workspace_role: None,
+                                is_workspace_owner: None,
                             },
                         ))
                         .expect("notification should serialize"),
@@ -1999,7 +1917,6 @@ mod tests {
             loader_overrides: LoaderOverrides::default(),
             cloud_requirements: CloudRequirementsLoader::default(),
             feedback: CodexFeedback::new(),
-            log_db: None,
             environment_manager: environment_manager.clone(),
             config_warnings: Vec::new(),
             session_source: SessionSource::Exec,

codex-rs/app-server-protocol/schema/json/ApplyPatchApprovalResponse.json

@@ -94,13 +94,6 @@
           ],
           "type": "string"
         },
-        {
-          "description": "Automatic approval review timed out before reaching a decision.",
-          "enum": [
-            "timed_out"
-          ],
-          "type": "string"
-        },
         {
           "description": "User has denied this command and the agent should not do anything until the user's next command.",
           "enum": [

codex-rs/app-server-protocol/schema/json/ClientRequest.json

@@ -605,16 +605,6 @@
         "description": {
           "type": "string"
         },
-        "details": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/MigrationDetails"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
         "itemType": {
           "$ref": "#/definitions/ExternalAgentConfigMigrationItemType"
         }
@@ -630,7 +620,6 @@
         "AGENTS_MD",
         "CONFIG",
         "SKILLS",
-        "PLUGINS",
         "MCP_SERVER_CONFIG"
       ],
       "type": "string"
@@ -658,15 +647,6 @@
             "null"
           ]
         },
-        "tags": {
-          "additionalProperties": {
-            "type": "string"
-          },
-          "type": [
-            "object",
-            "null"
-          ]
-        },
         "threadId": {
           "type": [
             "string",
@@ -1244,32 +1224,6 @@
         }
       ]
     },
-    "MarketplaceAddParams": {
-      "properties": {
-        "refName": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "source": {
-          "type": "string"
-        },
-        "sparsePaths": {
-          "items": {
-            "type": "string"
-          },
-          "type": [
-            "array",
-            "null"
-          ]
-        }
-      },
-      "required": [
-        "source"
-      ],
-      "type": "object"
-    },
     "McpResourceReadParams": {
       "properties": {
         "server": {
@@ -1323,27 +1277,6 @@
       ],
       "type": "string"
     },
-    "McpServerToolCallParams": {
-      "properties": {
-        "_meta": true,
-        "arguments": true,
-        "server": {
-          "type": "string"
-        },
-        "threadId": {
-          "type": "string"
-        },
-        "tool": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "server",
-        "threadId",
-        "tool"
-      ],
-      "type": "object"
-    },
     "MergeStrategy": {
       "enum": [
         "replace",
@@ -1370,20 +1303,6 @@
         }
       ]
     },
-    "MigrationDetails": {
-      "properties": {
-        "plugins": {
-          "items": {
-            "$ref": "#/definitions/PluginsMigration"
-          },
-          "type": "array"
-        }
-      },
-      "required": [
-        "plugins"
-      ],
-      "type": "object"
-    },
     "ModeKind": {
       "description": "Initial collaboration mode to use when the TUI starts.",
       "enum": [
@@ -1503,24 +1422,6 @@
       ],
       "type": "object"
     },
-    "PluginsMigration": {
-      "properties": {
-        "marketplaceName": {
-          "type": "string"
-        },
-        "pluginNames": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "required": [
-        "marketplaceName",
-        "pluginNames"
-      ],
-      "type": "object"
-    },
     "ReadOnlyAccess": {
       "oneOf": [
         {
@@ -1568,13 +1469,6 @@
         }
       ]
     },
-    "RealtimeOutputModality": {
-      "enum": [
-        "text",
-        "audio"
-      ],
-      "type": "string"
-    },
     "RealtimeVoice": {
       "enum": [
         "alloy",
@@ -2668,6 +2562,17 @@
       ],
       "type": "object"
     },
+    "ThreadAddCreditsNudgeEmailParams": {
+      "properties": {
+        "threadId": {
+          "type": "string"
+        }
+      },
+      "required": [
+        "threadId"
+      ],
+      "type": "object"
+    },
     "ThreadArchiveParams": {
       "properties": {
         "threadId": {
@@ -2791,23 +2696,6 @@
       ],
       "type": "object"
     },
-    "ThreadInjectItemsParams": {
-      "properties": {
-        "items": {
-          "description": "Raw Responses API items to append to the thread's model-visible history.",
-          "items": true,
-          "type": "array"
-        },
-        "threadId": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "items",
-        "threadId"
-      ],
-      "type": "object"
-    },
     "ThreadListParams": {
       "properties": {
         "archived": {
@@ -2902,13 +2790,6 @@
       },
       "type": "object"
     },
-    "ThreadMemoryMode": {
-      "enum": [
-        "enabled",
-        "disabled"
-      ],
-      "type": "string"
-    },
     "ThreadMetadataGitInfoUpdateParams": {
       "properties": {
         "branch": {
@@ -3053,6 +2934,24 @@
         }
       ]
     },
+    "ThreadRememberParams": {
+      "properties": {
+        "sourceThreadIds": {
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "threadId": {
+          "type": "string"
+        }
+      },
+      "required": [
+        "sourceThreadIds",
+        "threadId"
+      ],
+      "type": "object"
+    },
     "ThreadResumeParams": {
       "description": "There are three ways to resume a thread: 1. By thread_id: load the thread from disk by thread_id and resume it. 2. By history: instantiate the thread from memory and resume it. 3. By path: load the thread from disk by path and resume it.\n\nThe precedence is: history > path > thread_id. If using history or path, the thread_id param will be ignored.\n\nPrefer using thread_id whenever possible.",
       "properties": {
@@ -3340,27 +3239,10 @@
               "type": "null"
             }
           ]
-        },
-        "sessionStartSource": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/ThreadStartSource"
-            },
-            {
-              "type": "null"
-            }
-          ]
         }
       },
       "type": "object"
     },
-    "ThreadStartSource": {
-      "enum": [
-        "startup",
-        "clear"
-      ],
-      "type": "string"
-    },
     "ThreadUnarchiveParams": {
       "properties": {
         "threadId": {
@@ -3956,6 +3838,30 @@
       "title": "Thread/shellCommandRequest",
       "type": "object"
     },
+    {
+      "properties": {
+        "id": {
+          "$ref": "#/definitions/RequestId"
+        },
+        "method": {
+          "enum": [
+            "thread/addCreditsNudgeEmail"
+          ],
+          "title": "Thread/addCreditsNudgeEmailRequestMethod",
+          "type": "string"
+        },
+        "params": {
+          "$ref": "#/definitions/ThreadAddCreditsNudgeEmailParams"
+        }
+      },
+      "required": [
+        "id",
+        "method",
+        "params"
+      ],
+      "title": "Thread/addCreditsNudgeEmailRequest",
+      "type": "object"
+    },
     {
       "properties": {
         "id": {
@@ -4053,20 +3959,19 @@
       "type": "object"
     },
     {
-      "description": "Append raw Responses API items to the thread history without starting a user turn.",
       "properties": {
         "id": {
           "$ref": "#/definitions/RequestId"
         },
         "method": {
           "enum": [
-            "thread/inject_items"
+            "thread/remember"
           ],
-          "title": "Thread/injectItemsRequestMethod",
+          "title": "Thread/rememberRequestMethod",
           "type": "string"
         },
         "params": {
-          "$ref": "#/definitions/ThreadInjectItemsParams"
+          "$ref": "#/definitions/ThreadRememberParams"
         }
       },
       "required": [
@@ -4074,7 +3979,7 @@
         "method",
         "params"
       ],
-      "title": "Thread/injectItemsRequest",
+      "title": "Thread/rememberRequest",
       "type": "object"
     },
     {
@@ -4101,30 +4006,6 @@
       "title": "Skills/listRequest",
       "type": "object"
     },
-    {
-      "properties": {
-        "id": {
-          "$ref": "#/definitions/RequestId"
-        },
-        "method": {
-          "enum": [
-            "marketplace/add"
-          ],
-          "title": "Marketplace/addRequestMethod",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "#/definitions/MarketplaceAddParams"
-        }
-      },
-      "required": [
-        "id",
-        "method",
-        "params"
-      ],
-      "title": "Marketplace/addRequest",
-      "type": "object"
-    },
     {
       "properties": {
         "id": {
@@ -4748,30 +4629,6 @@
       "title": "McpServer/resource/readRequest",
       "type": "object"
     },
-    {
-      "properties": {
-        "id": {
-          "$ref": "#/definitions/RequestId"
-        },
-        "method": {
-          "enum": [
-            "mcpServer/tool/call"
-          ],
-          "title": "McpServer/tool/callRequestMethod",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "#/definitions/McpServerToolCallParams"
-        }
-      },
-      "required": [
-        "id",
-        "method",
-        "params"
-      ],
-      "title": "McpServer/tool/callRequest",
-      "type": "object"
-    },
     {
       "properties": {
         "id": {

codex-rs/app-server-protocol/schema/json/CommandExecutionRequestApprovalParams.json

@@ -75,7 +75,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -326,15 +326,11 @@
       ]
     },
     "cwd": {
-      "anyOf": [
-        {
-          "$ref": "#/definitions/AbsolutePathBuf"
-        },
-        {
-          "type": "null"
-        }
-      ],
-      "description": "The command's working directory."
+      "description": "The command's working directory.",
+      "type": [
+        "string",
+        "null"
+      ]
     },
     "itemId": {
       "type": "string"

codex-rs/app-server-protocol/schema/json/ExecCommandApprovalResponse.json

@@ -94,13 +94,6 @@
           ],
           "type": "string"
         },
-        {
-          "description": "Automatic approval review timed out before reaching a decision.",
-          "enum": [
-            "timed_out"
-          ],
-          "type": "string"
-        },
         {
           "description": "User has denied this command and the agent should not do anything until the user's next command.",
           "enum": [

codex-rs/app-server-protocol/schema/json/ServerNotification.json

@@ -51,6 +51,12 @@
             }
           ]
         },
+        "isWorkspaceOwner": {
+          "type": [
+            "boolean",
+            "null"
+          ]
+        },
         "planType": {
           "anyOf": [
             {
@@ -60,10 +66,89 @@
               "type": "null"
             }
           ]
+        },
+        "workspaceRole": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/WorkspaceRole"
+            },
+            {
+              "type": "null"
+            }
+          ]
         }
       },
       "type": "object"
     },
+    "AddCreditsNudgeEmailNotification": {
+      "properties": {
+        "result": {
+          "$ref": "#/definitions/AddCreditsNudgeEmailResult"
+        },
+        "threadId": {
+          "type": "string"
+        }
+      },
+      "required": [
+        "result",
+        "threadId"
+      ],
+      "type": "object"
+    },
+    "AddCreditsNudgeEmailResult": {
+      "oneOf": [
+        {
+          "properties": {
+            "status": {
+              "enum": [
+                "sent"
+              ],
+              "title": "SentAddCreditsNudgeEmailResultStatus",
+              "type": "string"
+            }
+          },
+          "required": [
+            "status"
+          ],
+          "title": "SentAddCreditsNudgeEmailResult",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "status": {
+              "enum": [
+                "cooldownActive"
+              ],
+              "title": "CooldownActiveAddCreditsNudgeEmailResultStatus",
+              "type": "string"
+            }
+          },
+          "required": [
+            "status"
+          ],
+          "title": "CooldownActiveAddCreditsNudgeEmailResult",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "message": {
+              "type": "string"
+            },
+            "status": {
+              "enum": [
+                "failed"
+              ],
+              "type": "string"
+            }
+          },
+          "required": [
+            "message",
+            "status"
+          ],
+          "type": "object"
+        }
+      ]
+    },
     "AgentMessageDeltaNotification": {
       "properties": {
         "delta": {
@@ -388,13 +473,6 @@
         }
       ]
     },
-    "AutoReviewDecisionSource": {
-      "description": "[UNSTABLE] Source that produced a terminal guardian approval review decision.",
-      "enum": [
-        "agent"
-      ],
-      "type": "string"
-    },
     "ByteRange": {
       "properties": {
         "end": {
@@ -608,7 +686,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -1180,7 +1258,7 @@
               "type": "string"
             },
             "cwd": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "source": {
               "$ref": "#/definitions/GuardianCommandSource"
@@ -1211,7 +1289,7 @@
               "type": "array"
             },
             "cwd": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "program": {
               "type": "string"
@@ -1240,11 +1318,11 @@
         {
           "properties": {
             "cwd": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "files": {
               "items": {
-                "$ref": "#/definitions/AbsolutePathBuf"
+                "type": "string"
               },
               "type": "array"
             },
@@ -1348,7 +1426,6 @@
         "inProgress",
         "approved",
         "denied",
-        "timedOut",
         "aborted"
       ],
       "type": "string"
@@ -1518,7 +1595,7 @@
           "$ref": "#/definitions/HookScope"
         },
         "sourcePath": {
-          "$ref": "#/definitions/AbsolutePathBuf"
+          "type": "string"
         },
         "startedAt": {
           "format": "int64",
@@ -1596,27 +1673,16 @@
       "type": "object"
     },
     "ItemGuardianApprovalReviewCompletedNotification": {
-      "description": "[UNSTABLE] Temporary notification payload for guardian automatic approval review. This shape is expected to change soon.",
+      "description": "[UNSTABLE] Temporary notification payload for guardian automatic approval review. This shape is expected to change soon.\n\nTODO(ccunningham): Attach guardian review state to the reviewed tool item's lifecycle instead of sending separate standalone review notifications so the app-server API can persist and replay review state via `thread/read`.",
       "properties": {
         "action": {
           "$ref": "#/definitions/GuardianApprovalReviewAction"
         },
-        "decisionSource": {
-          "$ref": "#/definitions/AutoReviewDecisionSource"
-        },
         "review": {
           "$ref": "#/definitions/GuardianApprovalReview"
         },
-        "reviewId": {
-          "description": "Stable identifier for this review.",
-          "type": "string"
-        },
         "targetItemId": {
-          "description": "Identifier for the reviewed item or tool call when one exists.\n\nIn most cases, one review maps to one target item. The exceptions are - execve reviews, where a single command may contain multiple execve calls to review (only possible when using the shell_zsh_fork feature) - network policy reviews, where there is no target item\n\nA network call is triggered by a CommandExecution item, so having a target_item_id set to the CommandExecution item would be misleading because the review is about the network call, not the command execution. Therefore, target_item_id is set to None for network policy reviews.",
-          "type": [
-            "string",
-            "null"
-          ]
+          "type": "string"
         },
         "threadId": {
           "type": "string"
@@ -1627,16 +1693,15 @@
       },
       "required": [
         "action",
-        "decisionSource",
         "review",
-        "reviewId",
+        "targetItemId",
         "threadId",
         "turnId"
       ],
       "type": "object"
     },
     "ItemGuardianApprovalReviewStartedNotification": {
-      "description": "[UNSTABLE] Temporary notification payload for guardian automatic approval review. This shape is expected to change soon.",
+      "description": "[UNSTABLE] Temporary notification payload for guardian automatic approval review. This shape is expected to change soon.\n\nTODO(ccunningham): Attach guardian review state to the reviewed tool item's lifecycle instead of sending separate standalone review notifications so the app-server API can persist and replay review state via `thread/read`.",
       "properties": {
         "action": {
           "$ref": "#/definitions/GuardianApprovalReviewAction"
@@ -1644,16 +1709,8 @@
         "review": {
           "$ref": "#/definitions/GuardianApprovalReview"
         },
-        "reviewId": {
-          "description": "Stable identifier for this review.",
-          "type": "string"
-        },
         "targetItemId": {
-          "description": "Identifier for the reviewed item or tool call when one exists.\n\nIn most cases, one review maps to one target item. The exceptions are - execve reviews, where a single command may contain multiple execve calls to review (only possible when using the shell_zsh_fork feature) - network policy reviews, where there is no target item\n\nA network call is triggered by a CommandExecution item, so having a target_item_id set to the CommandExecution item would be misleading because the review is about the network call, not the command execution. Therefore, target_item_id is set to None for network policy reviews.",
-          "type": [
-            "string",
-            "null"
-          ]
+          "type": "string"
         },
         "threadId": {
           "type": "string"
@@ -1665,7 +1722,7 @@
       "required": [
         "action",
         "review",
-        "reviewId",
+        "targetItemId",
         "threadId",
         "turnId"
       ],
@@ -2010,7 +2067,6 @@
         "go",
         "plus",
         "pro",
-        "prolite",
         "team",
         "self_serve_business_usage_based",
         "business",
@@ -2074,6 +2130,16 @@
               "type": "null"
             }
           ]
+        },
+        "spendControl": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/SpendControlSnapshot"
+            },
+            {
+              "type": "null"
+            }
+          ]
         }
       },
       "type": "object"
@@ -2273,6 +2339,17 @@
       "description": "Notification emitted when watched local skill files change.\n\nTreat this as an invalidation signal and re-run `skills/list` with the client's current parameters when refreshed skill metadata is needed.",
       "type": "object"
     },
+    "SpendControlSnapshot": {
+      "properties": {
+        "reached": {
+          "type": "boolean"
+        }
+      },
+      "required": [
+        "reached"
+      ],
+      "type": "object"
+    },
     "SubAgentSource": {
       "oneOf": [
         {
@@ -2461,12 +2538,8 @@
           "type": "integer"
         },
         "cwd": {
-          "allOf": [
-            {
-              "$ref": "#/definitions/AbsolutePathBuf"
-            }
-          ],
-          "description": "Working directory captured for the thread."
+          "description": "Working directory captured for the thread.",
+          "type": "string"
         },
         "ephemeral": {
           "description": "Whether the thread is ephemeral and should not be materialized on disk.",
@@ -2773,12 +2846,8 @@
               "type": "array"
             },
             "cwd": {
-              "allOf": [
-                {
-                  "$ref": "#/definitions/AbsolutePathBuf"
-                }
-              ],
-              "description": "The command's working directory."
+              "description": "The command's working directory.",
+              "type": "string"
             },
             "durationMs": {
               "description": "The duration of the command execution in milliseconds.",
@@ -3107,7 +3176,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -3140,13 +3209,9 @@
               ]
             },
             "savedPath": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/AbsolutePathBuf"
-                },
-                {
-                  "type": "null"
-                }
+              "type": [
+                "string",
+                "null"
               ]
             },
             "status": {
@@ -3396,35 +3461,13 @@
       ],
       "type": "object"
     },
-    "ThreadRealtimeTranscriptDeltaNotification": {
+    "ThreadRealtimeTranscriptUpdatedNotification": {
       "description": "EXPERIMENTAL - flat transcript delta emitted whenever realtime transcript text changes.",
-      "properties": {
-        "delta": {
-          "description": "Live transcript delta from the realtime event.",
-          "type": "string"
-        },
-        "role": {
-          "type": "string"
-        },
-        "threadId": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "delta",
-        "role",
-        "threadId"
-      ],
-      "type": "object"
-    },
-    "ThreadRealtimeTranscriptDoneNotification": {
-      "description": "EXPERIMENTAL - final transcript text emitted when realtime completes a transcript part.",
       "properties": {
         "role": {
           "type": "string"
         },
         "text": {
-          "description": "Final complete text for the transcript part.",
           "type": "string"
         },
         "threadId": {
@@ -4091,6 +4134,14 @@
         "samplePaths"
       ],
       "type": "object"
+    },
+    "WorkspaceRole": {
+      "enum": [
+        "account-owner",
+        "account-admin",
+        "standard-user"
+      ],
+      "type": "string"
     }
   },
   "description": "Notification sent from the server to the client.",
@@ -4718,6 +4769,26 @@
       "title": "Account/rateLimits/updatedNotification",
       "type": "object"
     },
+    {
+      "properties": {
+        "method": {
+          "enum": [
+            "account/addCreditsNudgeEmail/completed"
+          ],
+          "title": "Account/addCreditsNudgeEmail/completedNotificationMethod",
+          "type": "string"
+        },
+        "params": {
+          "$ref": "#/definitions/AddCreditsNudgeEmailNotification"
+        }
+      },
+      "required": [
+        "method",
+        "params"
+      ],
+      "title": "Account/addCreditsNudgeEmail/completedNotification",
+      "type": "object"
+    },
     {
       "properties": {
         "method": {
@@ -4983,40 +5054,20 @@
       "properties": {
         "method": {
           "enum": [
-            "thread/realtime/transcript/delta"
+            "thread/realtime/transcriptUpdated"
           ],
-          "title": "Thread/realtime/transcript/deltaNotificationMethod",
+          "title": "Thread/realtime/transcriptUpdatedNotificationMethod",
           "type": "string"
         },
         "params": {
-          "$ref": "#/definitions/ThreadRealtimeTranscriptDeltaNotification"
+          "$ref": "#/definitions/ThreadRealtimeTranscriptUpdatedNotification"
         }
       },
       "required": [
         "method",
         "params"
       ],
-      "title": "Thread/realtime/transcript/deltaNotification",
-      "type": "object"
-    },
-    {
-      "properties": {
-        "method": {
-          "enum": [
-            "thread/realtime/transcript/done"
-          ],
-          "title": "Thread/realtime/transcript/doneNotificationMethod",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "#/definitions/ThreadRealtimeTranscriptDoneNotification"
-        }
-      },
-      "required": [
-        "method",
-        "params"
-      ],
-      "title": "Thread/realtime/transcript/doneNotification",
+      "title": "Thread/realtime/transcriptUpdatedNotification",
       "type": "object"
     },
     {

codex-rs/app-server-protocol/schema/json/ServerRequest.json

@@ -141,7 +141,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -346,15 +346,11 @@
           ]
         },
         "cwd": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/AbsolutePathBuf"
-            },
-            {
-              "type": "null"
-            }
-          ],
-          "description": "The command's working directory."
+          "description": "The command's working directory.",
+          "type": [
+            "string",
+            "null"
+          ]
         },
         "itemId": {
           "type": "string"

codex-rs/app-server-protocol/schema/json/v2/AccountRateLimitsUpdatedNotification.json

@@ -28,7 +28,6 @@
         "go",
         "plus",
         "pro",
-        "prolite",
         "team",
         "self_serve_business_usage_based",
         "business",
@@ -92,6 +91,16 @@
               "type": "null"
             }
           ]
+        },
+        "spendControl": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/SpendControlSnapshot"
+            },
+            {
+              "type": "null"
+            }
+          ]
         }
       },
       "type": "object"
@@ -121,6 +130,17 @@
         "usedPercent"
       ],
       "type": "object"
+    },
+    "SpendControlSnapshot": {
+      "properties": {
+        "reached": {
+          "type": "boolean"
+        }
+      },
+      "required": [
+        "reached"
+      ],
+      "type": "object"
     }
   },
   "properties": {

codex-rs/app-server-protocol/schema/json/v2/AccountUpdatedNotification.json

@@ -33,7 +33,6 @@
         "go",
         "plus",
         "pro",
-        "prolite",
         "team",
         "self_serve_business_usage_based",
         "business",
@@ -43,6 +42,14 @@
         "unknown"
       ],
       "type": "string"
+    },
+    "WorkspaceRole": {
+      "enum": [
+        "account-owner",
+        "account-admin",
+        "standard-user"
+      ],
+      "type": "string"
     }
   },
   "properties": {
@@ -56,6 +63,12 @@
         }
       ]
     },
+    "isWorkspaceOwner": {
+      "type": [
+        "boolean",
+        "null"
+      ]
+    },
     "planType": {
       "anyOf": [
         {
@@ -65,6 +78,16 @@
           "type": "null"
         }
       ]
+    },
+    "workspaceRole": {
+      "anyOf": [
+        {
+          "$ref": "#/definitions/WorkspaceRole"
+        },
+        {
+          "type": "null"
+        }
+      ]
     }
   },
   "title": "AccountUpdatedNotification",

codex-rs/app-server-protocol/schema/json/v2/AddCreditsNudgeEmailNotification.json

@@ -0,0 +1,73 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "definitions": {
+    "AddCreditsNudgeEmailResult": {
+      "oneOf": [
+        {
+          "properties": {
+            "status": {
+              "enum": [
+                "sent"
+              ],
+              "title": "SentAddCreditsNudgeEmailResultStatus",
+              "type": "string"
+            }
+          },
+          "required": [
+            "status"
+          ],
+          "title": "SentAddCreditsNudgeEmailResult",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "status": {
+              "enum": [
+                "cooldownActive"
+              ],
+              "title": "CooldownActiveAddCreditsNudgeEmailResultStatus",
+              "type": "string"
+            }
+          },
+          "required": [
+            "status"
+          ],
+          "title": "CooldownActiveAddCreditsNudgeEmailResult",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "message": {
+              "type": "string"
+            },
+            "status": {
+              "enum": [
+                "failed"
+              ],
+              "type": "string"
+            }
+          },
+          "required": [
+            "message",
+            "status"
+          ],
+          "type": "object"
+        }
+      ]
+    }
+  },
+  "properties": {
+    "result": {
+      "$ref": "#/definitions/AddCreditsNudgeEmailResult"
+    },
+    "threadId": {
+      "type": "string"
+    }
+  },
+  "required": [
+    "result",
+    "threadId"
+  ],
+  "title": "AddCreditsNudgeEmailNotification",
+  "type": "object"
+}

codex-rs/app-server-protocol/schema/json/v2/ConfigRequirementsReadResponse.json

@@ -151,6 +151,12 @@
             "null"
           ]
         },
+        "dangerFullAccessDenylistOnly": {
+          "type": [
+            "boolean",
+            "null"
+          ]
+        },
         "dangerouslyAllowAllUnixSockets": {
           "type": [
             "boolean",

codex-rs/app-server-protocol/schema/json/v2/ExternalAgentConfigDetectResponse.json

@@ -13,16 +13,6 @@
         "description": {
           "type": "string"
         },
-        "details": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/MigrationDetails"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
         "itemType": {
           "$ref": "#/definitions/ExternalAgentConfigMigrationItemType"
         }
@@ -38,42 +28,9 @@
         "AGENTS_MD",
         "CONFIG",
         "SKILLS",
-        "PLUGINS",
         "MCP_SERVER_CONFIG"
       ],
       "type": "string"
-    },
-    "MigrationDetails": {
-      "properties": {
-        "plugins": {
-          "items": {
-            "$ref": "#/definitions/PluginsMigration"
-          },
-          "type": "array"
-        }
-      },
-      "required": [
-        "plugins"
-      ],
-      "type": "object"
-    },
-    "PluginsMigration": {
-      "properties": {
-        "marketplaceName": {
-          "type": "string"
-        },
-        "pluginNames": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "required": [
-        "marketplaceName",
-        "pluginNames"
-      ],
-      "type": "object"
     }
   },
   "properties": {

codex-rs/app-server-protocol/schema/json/v2/ExternalAgentConfigImportParams.json

@@ -13,16 +13,6 @@
         "description": {
           "type": "string"
         },
-        "details": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/MigrationDetails"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
         "itemType": {
           "$ref": "#/definitions/ExternalAgentConfigMigrationItemType"
         }
@@ -38,42 +28,9 @@
         "AGENTS_MD",
         "CONFIG",
         "SKILLS",
-        "PLUGINS",
         "MCP_SERVER_CONFIG"
       ],
       "type": "string"
-    },
-    "MigrationDetails": {
-      "properties": {
-        "plugins": {
-          "items": {
-            "$ref": "#/definitions/PluginsMigration"
-          },
-          "type": "array"
-        }
-      },
-      "required": [
-        "plugins"
-      ],
-      "type": "object"
-    },
-    "PluginsMigration": {
-      "properties": {
-        "marketplaceName": {
-          "type": "string"
-        },
-        "pluginNames": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "required": [
-        "marketplaceName",
-        "pluginNames"
-      ],
-      "type": "object"
     }
   },
   "properties": {

codex-rs/app-server-protocol/schema/json/v2/FeedbackUploadParams.json

@@ -22,15 +22,6 @@
         "null"
       ]
     },
-    "tags": {
-      "additionalProperties": {
-        "type": "string"
-      },
-      "type": [
-        "object",
-        "null"
-      ]
-    },
     "threadId": {
       "type": [
         "string",

codex-rs/app-server-protocol/schema/json/v2/FsGetMetadataResponse.json

@@ -8,15 +8,11 @@
       "type": "integer"
     },
     "isDirectory": {
-      "description": "Whether the path resolves to a directory.",
+      "description": "Whether the path currently resolves to a directory.",
       "type": "boolean"
     },
     "isFile": {
-      "description": "Whether the path resolves to a regular file.",
-      "type": "boolean"
-    },
-    "isSymlink": {
-      "description": "Whether the path itself is a symbolic link.",
+      "description": "Whether the path currently resolves to a regular file.",
       "type": "boolean"
     },
     "modifiedAtMs": {
@@ -29,7 +25,6 @@
     "createdAtMs",
     "isDirectory",
     "isFile",
-    "isSymlink",
     "modifiedAtMs"
   ],
   "title": "FsGetMetadataResponse",

codex-rs/app-server-protocol/schema/json/v2/GetAccountRateLimitsResponse.json

@@ -28,7 +28,6 @@
         "go",
         "plus",
         "pro",
-        "prolite",
         "team",
         "self_serve_business_usage_based",
         "business",
@@ -92,6 +91,16 @@
               "type": "null"
             }
           ]
+        },
+        "spendControl": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/SpendControlSnapshot"
+            },
+            {
+              "type": "null"
+            }
+          ]
         }
       },
       "type": "object"
@@ -121,6 +130,17 @@
         "usedPercent"
       ],
       "type": "object"
+    },
+    "SpendControlSnapshot": {
+      "properties": {
+        "reached": {
+          "type": "boolean"
+        }
+      },
+      "required": [
+        "reached"
+      ],
+      "type": "object"
     }
   },
   "properties": {

codex-rs/app-server-protocol/schema/json/v2/GetAccountResponse.json

@@ -51,7 +51,6 @@
         "go",
         "plus",
         "pro",
-        "prolite",
         "team",
         "self_serve_business_usage_based",
         "business",
@@ -61,6 +60,14 @@
         "unknown"
       ],
       "type": "string"
+    },
+    "WorkspaceRole": {
+      "enum": [
+        "account-owner",
+        "account-admin",
+        "standard-user"
+      ],
+      "type": "string"
     }
   },
   "properties": {
@@ -74,8 +81,24 @@
         }
       ]
     },
+    "isWorkspaceOwner": {
+      "type": [
+        "boolean",
+        "null"
+      ]
+    },
     "requiresOpenaiAuth": {
       "type": "boolean"
+    },
+    "workspaceRole": {
+      "anyOf": [
+        {
+          "$ref": "#/definitions/WorkspaceRole"
+        },
+        {
+          "type": "null"
+        }
+      ]
     }
   },
   "required": [

codex-rs/app-server-protocol/schema/json/v2/HookCompletedNotification.json

@@ -1,10 +1,6 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
   "definitions": {
-    "AbsolutePathBuf": {
-      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
-      "type": "string"
-    },
     "HookEventName": {
       "enum": [
         "preToolUse",
@@ -107,7 +103,7 @@
           "$ref": "#/definitions/HookScope"
         },
         "sourcePath": {
-          "$ref": "#/definitions/AbsolutePathBuf"
+          "type": "string"
         },
         "startedAt": {
           "format": "int64",

codex-rs/app-server-protocol/schema/json/v2/HookStartedNotification.json

@@ -1,10 +1,6 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
   "definitions": {
-    "AbsolutePathBuf": {
-      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
-      "type": "string"
-    },
     "HookEventName": {
       "enum": [
         "preToolUse",
@@ -107,7 +103,7 @@
           "$ref": "#/definitions/HookScope"
         },
         "sourcePath": {
-          "$ref": "#/definitions/AbsolutePathBuf"
+          "type": "string"
         },
         "startedAt": {
           "format": "int64",

codex-rs/app-server-protocol/schema/json/v2/ItemCompletedNotification.json

@@ -1,10 +1,6 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
   "definitions": {
-    "AbsolutePathBuf": {
-      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
-      "type": "string"
-    },
     "ByteRange": {
       "properties": {
         "end": {
@@ -82,7 +78,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -669,12 +665,8 @@
               "type": "array"
             },
             "cwd": {
-              "allOf": [
-                {
-                  "$ref": "#/definitions/AbsolutePathBuf"
-                }
-              ],
-              "description": "The command's working directory."
+              "description": "The command's working directory.",
+              "type": "string"
             },
             "durationMs": {
               "description": "The duration of the command execution in milliseconds.",
@@ -1003,7 +995,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -1036,13 +1028,9 @@
               ]
             },
             "savedPath": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/AbsolutePathBuf"
-                },
-                {
-                  "type": "null"
-                }
+              "type": [
+                "string",
+                "null"
               ]
             },
             "status": {

codex-rs/app-server-protocol/schema/json/v2/ItemGuardianApprovalReviewCompletedNotification.json

@@ -1,17 +1,6 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
   "definitions": {
-    "AbsolutePathBuf": {
-      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
-      "type": "string"
-    },
-    "AutoReviewDecisionSource": {
-      "description": "[UNSTABLE] Source that produced a terminal guardian approval review decision.",
-      "enum": [
-        "agent"
-      ],
-      "type": "string"
-    },
     "GuardianApprovalReview": {
       "description": "[UNSTABLE] Temporary guardian approval review payload used by `item/autoApprovalReview/*` notifications. This shape is expected to change soon.",
       "properties": {
@@ -58,7 +47,7 @@
               "type": "string"
             },
             "cwd": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "source": {
               "$ref": "#/definitions/GuardianCommandSource"
@@ -89,7 +78,7 @@
               "type": "array"
             },
             "cwd": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "program": {
               "type": "string"
@@ -118,11 +107,11 @@
         {
           "properties": {
             "cwd": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "files": {
               "items": {
-                "$ref": "#/definitions/AbsolutePathBuf"
+                "type": "string"
               },
               "type": "array"
             },
@@ -226,7 +215,6 @@
         "inProgress",
         "approved",
         "denied",
-        "timedOut",
         "aborted"
       ],
       "type": "string"
@@ -268,27 +256,16 @@
       "type": "string"
     }
   },
-  "description": "[UNSTABLE] Temporary notification payload for guardian automatic approval review. This shape is expected to change soon.",
+  "description": "[UNSTABLE] Temporary notification payload for guardian automatic approval review. This shape is expected to change soon.\n\nTODO(ccunningham): Attach guardian review state to the reviewed tool item's lifecycle instead of sending separate standalone review notifications so the app-server API can persist and replay review state via `thread/read`.",
   "properties": {
     "action": {
       "$ref": "#/definitions/GuardianApprovalReviewAction"
     },
-    "decisionSource": {
-      "$ref": "#/definitions/AutoReviewDecisionSource"
-    },
     "review": {
       "$ref": "#/definitions/GuardianApprovalReview"
     },
-    "reviewId": {
-      "description": "Stable identifier for this review.",
-      "type": "string"
-    },
     "targetItemId": {
-      "description": "Identifier for the reviewed item or tool call when one exists.\n\nIn most cases, one review maps to one target item. The exceptions are - execve reviews, where a single command may contain multiple execve calls to review (only possible when using the shell_zsh_fork feature) - network policy reviews, where there is no target item\n\nA network call is triggered by a CommandExecution item, so having a target_item_id set to the CommandExecution item would be misleading because the review is about the network call, not the command execution. Therefore, target_item_id is set to None for network policy reviews.",
-      "type": [
-        "string",
-        "null"
-      ]
+      "type": "string"
     },
     "threadId": {
       "type": "string"
@@ -299,9 +276,8 @@
   },
   "required": [
     "action",
-    "decisionSource",
     "review",
-    "reviewId",
+    "targetItemId",
     "threadId",
     "turnId"
   ],

codex-rs/app-server-protocol/schema/json/v2/ItemGuardianApprovalReviewStartedNotification.json

@@ -1,10 +1,6 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
   "definitions": {
-    "AbsolutePathBuf": {
-      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
-      "type": "string"
-    },
     "GuardianApprovalReview": {
       "description": "[UNSTABLE] Temporary guardian approval review payload used by `item/autoApprovalReview/*` notifications. This shape is expected to change soon.",
       "properties": {
@@ -51,7 +47,7 @@
               "type": "string"
             },
             "cwd": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "source": {
               "$ref": "#/definitions/GuardianCommandSource"
@@ -82,7 +78,7 @@
               "type": "array"
             },
             "cwd": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "program": {
               "type": "string"
@@ -111,11 +107,11 @@
         {
           "properties": {
             "cwd": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "files": {
               "items": {
-                "$ref": "#/definitions/AbsolutePathBuf"
+                "type": "string"
               },
               "type": "array"
             },
@@ -219,7 +215,6 @@
         "inProgress",
         "approved",
         "denied",
-        "timedOut",
         "aborted"
       ],
       "type": "string"
@@ -261,7 +256,7 @@
       "type": "string"
     }
   },
-  "description": "[UNSTABLE] Temporary notification payload for guardian automatic approval review. This shape is expected to change soon.",
+  "description": "[UNSTABLE] Temporary notification payload for guardian automatic approval review. This shape is expected to change soon.\n\nTODO(ccunningham): Attach guardian review state to the reviewed tool item's lifecycle instead of sending separate standalone review notifications so the app-server API can persist and replay review state via `thread/read`.",
   "properties": {
     "action": {
       "$ref": "#/definitions/GuardianApprovalReviewAction"
@@ -269,16 +264,8 @@
     "review": {
       "$ref": "#/definitions/GuardianApprovalReview"
     },
-    "reviewId": {
-      "description": "Stable identifier for this review.",
-      "type": "string"
-    },
     "targetItemId": {
-      "description": "Identifier for the reviewed item or tool call when one exists.\n\nIn most cases, one review maps to one target item. The exceptions are - execve reviews, where a single command may contain multiple execve calls to review (only possible when using the shell_zsh_fork feature) - network policy reviews, where there is no target item\n\nA network call is triggered by a CommandExecution item, so having a target_item_id set to the CommandExecution item would be misleading because the review is about the network call, not the command execution. Therefore, target_item_id is set to None for network policy reviews.",
-      "type": [
-        "string",
-        "null"
-      ]
+      "type": "string"
     },
     "threadId": {
       "type": "string"
@@ -290,7 +277,7 @@
   "required": [
     "action",
     "review",
-    "reviewId",
+    "targetItemId",
     "threadId",
     "turnId"
   ],

codex-rs/app-server-protocol/schema/json/v2/ItemStartedNotification.json

@@ -1,10 +1,6 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
   "definitions": {
-    "AbsolutePathBuf": {
-      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
-      "type": "string"
-    },
     "ByteRange": {
       "properties": {
         "end": {
@@ -82,7 +78,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -669,12 +665,8 @@
               "type": "array"
             },
             "cwd": {
-              "allOf": [
-                {
-                  "$ref": "#/definitions/AbsolutePathBuf"
-                }
-              ],
-              "description": "The command's working directory."
+              "description": "The command's working directory.",
+              "type": "string"
             },
             "durationMs": {
               "description": "The duration of the command execution in milliseconds.",
@@ -1003,7 +995,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -1036,13 +1028,9 @@
               ]
             },
             "savedPath": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/AbsolutePathBuf"
-                },
-                {
-                  "type": "null"
-                }
+              "type": [
+                "string",
+                "null"
               ]
             },
             "status": {

codex-rs/app-server-protocol/schema/json/v2/MarketplaceAddParams.json

@@ -1,28 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "refName": {
-      "type": [
-        "string",
-        "null"
-      ]
-    },
-    "source": {
-      "type": "string"
-    },
-    "sparsePaths": {
-      "items": {
-        "type": "string"
-      },
-      "type": [
-        "array",
-        "null"
-      ]
-    }
-  },
-  "required": [
-    "source"
-  ],
-  "title": "MarketplaceAddParams",
-  "type": "object"
-}

codex-rs/app-server-protocol/schema/json/v2/MarketplaceAddResponse.json

@@ -1,27 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "AbsolutePathBuf": {
-      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
-      "type": "string"
-    }
-  },
-  "properties": {
-    "alreadyAdded": {
-      "type": "boolean"
-    },
-    "installedRoot": {
-      "$ref": "#/definitions/AbsolutePathBuf"
-    },
-    "marketplaceName": {
-      "type": "string"
-    }
-  },
-  "required": [
-    "alreadyAdded",
-    "installedRoot",
-    "marketplaceName"
-  ],
-  "title": "MarketplaceAddResponse",
-  "type": "object"
-}

codex-rs/app-server-protocol/schema/json/v2/McpServerToolCallParams.json

@@ -1,23 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "_meta": true,
-    "arguments": true,
-    "server": {
-      "type": "string"
-    },
-    "threadId": {
-      "type": "string"
-    },
-    "tool": {
-      "type": "string"
-    }
-  },
-  "required": [
-    "server",
-    "threadId",
-    "tool"
-  ],
-  "title": "McpServerToolCallParams",
-  "type": "object"
-}

codex-rs/app-server-protocol/schema/json/v2/McpServerToolCallResponse.json

@@ -1,22 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "_meta": true,
-    "content": {
-      "items": true,
-      "type": "array"
-    },
-    "isError": {
-      "type": [
-        "boolean",
-        "null"
-      ]
-    },
-    "structuredContent": true
-  },
-  "required": [
-    "content"
-  ],
-  "title": "McpServerToolCallResponse",
-  "type": "object"
-}

codex-rs/app-server-protocol/schema/json/v2/PluginReadResponse.json

@@ -293,23 +293,15 @@
           ]
         },
         "iconLarge": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/AbsolutePathBuf"
-            },
-            {
-              "type": "null"
-            }
+          "type": [
+            "string",
+            "null"
           ]
         },
         "iconSmall": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/AbsolutePathBuf"
-            },
-            {
-              "type": "null"
-            }
+          "type": [
+            "string",
+            "null"
           ]
         },
         "shortDescription": {
@@ -343,7 +335,7 @@
           "type": "string"
         },
         "path": {
-          "$ref": "#/definitions/AbsolutePathBuf"
+          "type": "string"
         },
         "shortDescription": {
           "type": [

codex-rs/app-server-protocol/schema/json/v2/ReviewStartResponse.json

@@ -1,10 +1,6 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
   "definitions": {
-    "AbsolutePathBuf": {
-      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
-      "type": "string"
-    },
     "ByteRange": {
       "properties": {
         "end": {
@@ -218,7 +214,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -812,12 +808,8 @@
               "type": "array"
             },
             "cwd": {
-              "allOf": [
-                {
-                  "$ref": "#/definitions/AbsolutePathBuf"
-                }
-              ],
-              "description": "The command's working directory."
+              "description": "The command's working directory.",
+              "type": "string"
             },
             "durationMs": {
               "description": "The duration of the command execution in milliseconds.",
@@ -1146,7 +1138,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -1179,13 +1171,9 @@
               ]
             },
             "savedPath": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/AbsolutePathBuf"
-                },
-                {
-                  "type": "null"
-                }
+              "type": [
+                "string",
+                "null"
               ]
             },
             "status": {

codex-rs/app-server-protocol/schema/json/v2/SkillsListResponse.json

@@ -1,10 +1,6 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
   "definitions": {
-    "AbsolutePathBuf": {
-      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
-      "type": "string"
-    },
     "SkillDependencies": {
       "properties": {
         "tools": {
@@ -55,23 +51,15 @@
           ]
         },
         "iconLarge": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/AbsolutePathBuf"
-            },
-            {
-              "type": "null"
-            }
+          "type": [
+            "string",
+            "null"
           ]
         },
         "iconSmall": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/AbsolutePathBuf"
-            },
-            {
-              "type": "null"
-            }
+          "type": [
+            "string",
+            "null"
           ]
         },
         "shortDescription": {
@@ -115,7 +103,7 @@
           "type": "string"
         },
         "path": {
-          "$ref": "#/definitions/AbsolutePathBuf"
+          "type": "string"
         },
         "scope": {
           "$ref": "#/definitions/SkillScope"

codex-rs/app-server-protocol/schema/json/v2/ThreadAddCreditsNudgeEmailParams.json

@@ -0,0 +1,13 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "properties": {
+    "threadId": {
+      "type": "string"
+    }
+  },
+  "required": [
+    "threadId"
+  ],
+  "title": "ThreadAddCreditsNudgeEmailParams",
+  "type": "object"
+}

codex-rs/app-server-protocol/schema/json/v2/ThreadAddCreditsNudgeEmailResponse.json

@@ -1,5 +1,5 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
-  "title": "ThreadInjectItemsResponse",
+  "title": "ThreadAddCreditsNudgeEmailResponse",
   "type": "object"
 }

codex-rs/app-server-protocol/schema/json/v2/ThreadForkResponse.json

@@ -279,7 +279,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -1036,12 +1036,8 @@
           "type": "integer"
         },
         "cwd": {
-          "allOf": [
-            {
-              "$ref": "#/definitions/AbsolutePathBuf"
-            }
-          ],
-          "description": "Working directory captured for the thread."
+          "description": "Working directory captured for the thread.",
+          "type": "string"
         },
         "ephemeral": {
           "description": "Whether the thread is ephemeral and should not be materialized on disk.",
@@ -1326,12 +1322,8 @@
               "type": "array"
             },
             "cwd": {
-              "allOf": [
-                {
-                  "$ref": "#/definitions/AbsolutePathBuf"
-                }
-              ],
-              "description": "The command's working directory."
+              "description": "The command's working directory.",
+              "type": "string"
             },
             "durationMs": {
               "description": "The duration of the command execution in milliseconds.",
@@ -1660,7 +1652,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -1693,13 +1685,9 @@
               ]
             },
             "savedPath": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/AbsolutePathBuf"
-                },
-                {
-                  "type": "null"
-                }
+              "type": [
+                "string",
+                "null"
               ]
             },
             "status": {
@@ -2197,15 +2185,7 @@
       "description": "Reviewer currently used for approval requests on this thread."
     },
     "cwd": {
-      "$ref": "#/definitions/AbsolutePathBuf"
-    },
-    "instructionSources": {
-      "default": [],
-      "description": "Instruction source files currently loaded for this thread.",
-      "items": {
-        "$ref": "#/definitions/AbsolutePathBuf"
-      },
-      "type": "array"
+      "type": "string"
     },
     "model": {
       "type": "string"

codex-rs/app-server-protocol/schema/json/v2/ThreadListResponse.json

@@ -1,10 +1,6 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
   "definitions": {
-    "AbsolutePathBuf": {
-      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
-      "type": "string"
-    },
     "AgentPath": {
       "type": "string"
     },
@@ -221,7 +217,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -798,12 +794,8 @@
           "type": "integer"
         },
         "cwd": {
-          "allOf": [
-            {
-              "$ref": "#/definitions/AbsolutePathBuf"
-            }
-          ],
-          "description": "Working directory captured for the thread."
+          "description": "Working directory captured for the thread.",
+          "type": "string"
         },
         "ephemeral": {
           "description": "Whether the thread is ephemeral and should not be materialized on disk.",
@@ -1088,12 +1080,8 @@
               "type": "array"
             },
             "cwd": {
-              "allOf": [
-                {
-                  "$ref": "#/definitions/AbsolutePathBuf"
-                }
-              ],
-              "description": "The command's working directory."
+              "description": "The command's working directory.",
+              "type": "string"
             },
             "durationMs": {
               "description": "The duration of the command execution in milliseconds.",
@@ -1422,7 +1410,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -1455,13 +1443,9 @@
               ]
             },
             "savedPath": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/AbsolutePathBuf"
-                },
-                {
-                  "type": "null"
-                }
+              "type": [
+                "string",
+                "null"
               ]
             },
             "status": {

codex-rs/app-server-protocol/schema/json/v2/ThreadMetadataUpdateResponse.json

@@ -1,10 +1,6 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
   "definitions": {
-    "AbsolutePathBuf": {
-      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
-      "type": "string"
-    },
     "AgentPath": {
       "type": "string"
     },
@@ -221,7 +217,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -798,12 +794,8 @@
           "type": "integer"
         },
         "cwd": {
-          "allOf": [
-            {
-              "$ref": "#/definitions/AbsolutePathBuf"
-            }
-          ],
-          "description": "Working directory captured for the thread."
+          "description": "Working directory captured for the thread.",
+          "type": "string"
         },
         "ephemeral": {
           "description": "Whether the thread is ephemeral and should not be materialized on disk.",
@@ -1088,12 +1080,8 @@
               "type": "array"
             },
             "cwd": {
-              "allOf": [
-                {
-                  "$ref": "#/definitions/AbsolutePathBuf"
-                }
-              ],
-              "description": "The command's working directory."
+              "description": "The command's working directory.",
+              "type": "string"
             },
             "durationMs": {
               "description": "The duration of the command execution in milliseconds.",
@@ -1422,7 +1410,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -1455,13 +1443,9 @@
               ]
             },
             "savedPath": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/AbsolutePathBuf"
-                },
-                {
-                  "type": "null"
-                }
+              "type": [
+                "string",
+                "null"
               ]
             },
             "status": {

codex-rs/app-server-protocol/schema/json/v2/ThreadReadResponse.json

@@ -1,10 +1,6 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
   "definitions": {
-    "AbsolutePathBuf": {
-      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
-      "type": "string"
-    },
     "AgentPath": {
       "type": "string"
     },
@@ -221,7 +217,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -798,12 +794,8 @@
           "type": "integer"
         },
         "cwd": {
-          "allOf": [
-            {
-              "$ref": "#/definitions/AbsolutePathBuf"
-            }
-          ],
-          "description": "Working directory captured for the thread."
+          "description": "Working directory captured for the thread.",
+          "type": "string"
         },
         "ephemeral": {
           "description": "Whether the thread is ephemeral and should not be materialized on disk.",
@@ -1088,12 +1080,8 @@
               "type": "array"
             },
             "cwd": {
-              "allOf": [
-                {
-                  "$ref": "#/definitions/AbsolutePathBuf"
-                }
-              ],
-              "description": "The command's working directory."
+              "description": "The command's working directory.",
+              "type": "string"
             },
             "durationMs": {
               "description": "The duration of the command execution in milliseconds.",
@@ -1422,7 +1410,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -1455,13 +1443,9 @@
               ]
             },
             "savedPath": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/AbsolutePathBuf"
-                },
-                {
-                  "type": "null"
-                }
+              "type": [
+                "string",
+                "null"
               ]
             },
             "status": {

codex-rs/app-server-protocol/schema/json/v2/ThreadRealtimeTranscriptDoneNotification.json

@@ -1,23 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "description": "EXPERIMENTAL - final transcript text emitted when realtime completes a transcript part.",
-  "properties": {
-    "role": {
-      "type": "string"
-    },
-    "text": {
-      "description": "Final complete text for the transcript part.",
-      "type": "string"
-    },
-    "threadId": {
-      "type": "string"
-    }
-  },
-  "required": [
-    "role",
-    "text",
-    "threadId"
-  ],
-  "title": "ThreadRealtimeTranscriptDoneNotification",
-  "type": "object"
-}

codex-rs/app-server-protocol/schema/json/v2/ThreadRealtimeTranscriptUpdatedNotification.json

@@ -2,11 +2,10 @@
   "$schema": "http://json-schema.org/draft-07/schema#",
   "description": "EXPERIMENTAL - flat transcript delta emitted whenever realtime transcript text changes.",
   "properties": {
-    "delta": {
-      "description": "Live transcript delta from the realtime event.",
+    "role": {
       "type": "string"
     },
-    "role": {
+    "text": {
       "type": "string"
     },
     "threadId": {
@@ -14,10 +13,10 @@
     }
   },
   "required": [
-    "delta",
     "role",
+    "text",
     "threadId"
   ],
-  "title": "ThreadRealtimeTranscriptDeltaNotification",
+  "title": "ThreadRealtimeTranscriptUpdatedNotification",
   "type": "object"
 }

codex-rs/app-server-protocol/schema/json/v2/ThreadRememberParams.json

@@ -1,9 +1,10 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
   "properties": {
-    "items": {
-      "description": "Raw Responses API items to append to the thread's model-visible history.",
-      "items": true,
+    "sourceThreadIds": {
+      "items": {
+        "type": "string"
+      },
       "type": "array"
     },
     "threadId": {
@@ -11,9 +12,9 @@
     }
   },
   "required": [
-    "items",
+    "sourceThreadIds",
     "threadId"
   ],
-  "title": "ThreadInjectItemsParams",
+  "title": "ThreadRememberParams",
   "type": "object"
 }

codex-rs/app-server-protocol/schema/json/v2/ThreadRememberResponse.json

@@ -0,0 +1,20 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "properties": {
+    "contextPreview": {
+      "type": "string"
+    },
+    "rememberedThreadIds": {
+      "items": {
+        "type": "string"
+      },
+      "type": "array"
+    }
+  },
+  "required": [
+    "contextPreview",
+    "rememberedThreadIds"
+  ],
+  "title": "ThreadRememberResponse",
+  "type": "object"
+}

codex-rs/app-server-protocol/schema/json/v2/ThreadResumeResponse.json

@@ -279,7 +279,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -1036,12 +1036,8 @@
           "type": "integer"
         },
         "cwd": {
-          "allOf": [
-            {
-              "$ref": "#/definitions/AbsolutePathBuf"
-            }
-          ],
-          "description": "Working directory captured for the thread."
+          "description": "Working directory captured for the thread.",
+          "type": "string"
         },
         "ephemeral": {
           "description": "Whether the thread is ephemeral and should not be materialized on disk.",
@@ -1326,12 +1322,8 @@
               "type": "array"
             },
             "cwd": {
-              "allOf": [
-                {
-                  "$ref": "#/definitions/AbsolutePathBuf"
-                }
-              ],
-              "description": "The command's working directory."
+              "description": "The command's working directory.",
+              "type": "string"
             },
             "durationMs": {
               "description": "The duration of the command execution in milliseconds.",
@@ -1660,7 +1652,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -1693,13 +1685,9 @@
               ]
             },
             "savedPath": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/AbsolutePathBuf"
-                },
-                {
-                  "type": "null"
-                }
+              "type": [
+                "string",
+                "null"
               ]
             },
             "status": {
@@ -2197,15 +2185,7 @@
       "description": "Reviewer currently used for approval requests on this thread."
     },
     "cwd": {
-      "$ref": "#/definitions/AbsolutePathBuf"
-    },
-    "instructionSources": {
-      "default": [],
-      "description": "Instruction source files currently loaded for this thread.",
-      "items": {
-        "$ref": "#/definitions/AbsolutePathBuf"
-      },
-      "type": "array"
+      "type": "string"
     },
     "model": {
       "type": "string"

codex-rs/app-server-protocol/schema/json/v2/ThreadRollbackResponse.json

@@ -1,10 +1,6 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
   "definitions": {
-    "AbsolutePathBuf": {
-      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
-      "type": "string"
-    },
     "AgentPath": {
       "type": "string"
     },
@@ -221,7 +217,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -798,12 +794,8 @@
           "type": "integer"
         },
         "cwd": {
-          "allOf": [
-            {
-              "$ref": "#/definitions/AbsolutePathBuf"
-            }
-          ],
-          "description": "Working directory captured for the thread."
+          "description": "Working directory captured for the thread.",
+          "type": "string"
         },
         "ephemeral": {
           "description": "Whether the thread is ephemeral and should not be materialized on disk.",
@@ -1088,12 +1080,8 @@
               "type": "array"
             },
             "cwd": {
-              "allOf": [
-                {
-                  "$ref": "#/definitions/AbsolutePathBuf"
-                }
-              ],
-              "description": "The command's working directory."
+              "description": "The command's working directory.",
+              "type": "string"
             },
             "durationMs": {
               "description": "The duration of the command execution in milliseconds.",
@@ -1422,7 +1410,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -1455,13 +1443,9 @@
               ]
             },
             "savedPath": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/AbsolutePathBuf"
-                },
-                {
-                  "type": "null"
-                }
+              "type": [
+                "string",
+                "null"
               ]
             },
             "status": {

codex-rs/app-server-protocol/schema/json/v2/ThreadStartParams.json

@@ -101,13 +101,6 @@
         "flex"
       ],
       "type": "string"
-    },
-    "ThreadStartSource": {
-      "enum": [
-        "startup",
-        "clear"
-      ],
-      "type": "string"
     }
   },
   "properties": {
@@ -217,16 +210,6 @@
           "type": "null"
         }
       ]
-    },
-    "sessionStartSource": {
-      "anyOf": [
-        {
-          "$ref": "#/definitions/ThreadStartSource"
-        },
-        {
-          "type": "null"
-        }
-      ]
     }
   },
   "title": "ThreadStartParams",

codex-rs/app-server-protocol/schema/json/v2/ThreadStartResponse.json

@@ -279,7 +279,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -1036,12 +1036,8 @@
           "type": "integer"
         },
         "cwd": {
-          "allOf": [
-            {
-              "$ref": "#/definitions/AbsolutePathBuf"
-            }
-          ],
-          "description": "Working directory captured for the thread."
+          "description": "Working directory captured for the thread.",
+          "type": "string"
         },
         "ephemeral": {
           "description": "Whether the thread is ephemeral and should not be materialized on disk.",
@@ -1326,12 +1322,8 @@
               "type": "array"
             },
             "cwd": {
-              "allOf": [
-                {
-                  "$ref": "#/definitions/AbsolutePathBuf"
-                }
-              ],
-              "description": "The command's working directory."
+              "description": "The command's working directory.",
+              "type": "string"
             },
             "durationMs": {
               "description": "The duration of the command execution in milliseconds.",
@@ -1660,7 +1652,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -1693,13 +1685,9 @@
               ]
             },
             "savedPath": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/AbsolutePathBuf"
-                },
-                {
-                  "type": "null"
-                }
+              "type": [
+                "string",
+                "null"
               ]
             },
             "status": {
@@ -2197,15 +2185,7 @@
       "description": "Reviewer currently used for approval requests on this thread."
     },
     "cwd": {
-      "$ref": "#/definitions/AbsolutePathBuf"
-    },
-    "instructionSources": {
-      "default": [],
-      "description": "Instruction source files currently loaded for this thread.",
-      "items": {
-        "$ref": "#/definitions/AbsolutePathBuf"
-      },
-      "type": "array"
+      "type": "string"
     },
     "model": {
       "type": "string"

codex-rs/app-server-protocol/schema/json/v2/ThreadStartedNotification.json

@@ -1,10 +1,6 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
   "definitions": {
-    "AbsolutePathBuf": {
-      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
-      "type": "string"
-    },
     "AgentPath": {
       "type": "string"
     },
@@ -221,7 +217,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -798,12 +794,8 @@
           "type": "integer"
         },
         "cwd": {
-          "allOf": [
-            {
-              "$ref": "#/definitions/AbsolutePathBuf"
-            }
-          ],
-          "description": "Working directory captured for the thread."
+          "description": "Working directory captured for the thread.",
+          "type": "string"
         },
         "ephemeral": {
           "description": "Whether the thread is ephemeral and should not be materialized on disk.",
@@ -1088,12 +1080,8 @@
               "type": "array"
             },
             "cwd": {
-              "allOf": [
-                {
-                  "$ref": "#/definitions/AbsolutePathBuf"
-                }
-              ],
-              "description": "The command's working directory."
+              "description": "The command's working directory.",
+              "type": "string"
             },
             "durationMs": {
               "description": "The duration of the command execution in milliseconds.",
@@ -1422,7 +1410,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -1455,13 +1443,9 @@
               ]
             },
             "savedPath": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/AbsolutePathBuf"
-                },
-                {
-                  "type": "null"
-                }
+              "type": [
+                "string",
+                "null"
               ]
             },
             "status": {

codex-rs/app-server-protocol/schema/json/v2/ThreadUnarchiveResponse.json

@@ -1,10 +1,6 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
   "definitions": {
-    "AbsolutePathBuf": {
-      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
-      "type": "string"
-    },
     "AgentPath": {
       "type": "string"
     },
@@ -221,7 +217,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -798,12 +794,8 @@
           "type": "integer"
         },
         "cwd": {
-          "allOf": [
-            {
-              "$ref": "#/definitions/AbsolutePathBuf"
-            }
-          ],
-          "description": "Working directory captured for the thread."
+          "description": "Working directory captured for the thread.",
+          "type": "string"
         },
         "ephemeral": {
           "description": "Whether the thread is ephemeral and should not be materialized on disk.",
@@ -1088,12 +1080,8 @@
               "type": "array"
             },
             "cwd": {
-              "allOf": [
-                {
-                  "$ref": "#/definitions/AbsolutePathBuf"
-                }
-              ],
-              "description": "The command's working directory."
+              "description": "The command's working directory.",
+              "type": "string"
             },
             "durationMs": {
               "description": "The duration of the command execution in milliseconds.",
@@ -1422,7 +1410,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -1455,13 +1443,9 @@
               ]
             },
             "savedPath": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/AbsolutePathBuf"
-                },
-                {
-                  "type": "null"
-                }
+              "type": [
+                "string",
+                "null"
               ]
             },
             "status": {

codex-rs/app-server-protocol/schema/json/v2/TurnCompletedNotification.json

@@ -1,10 +1,6 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
   "definitions": {
-    "AbsolutePathBuf": {
-      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
-      "type": "string"
-    },
     "ByteRange": {
       "properties": {
         "end": {
@@ -218,7 +214,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -812,12 +808,8 @@
               "type": "array"
             },
             "cwd": {
-              "allOf": [
-                {
-                  "$ref": "#/definitions/AbsolutePathBuf"
-                }
-              ],
-              "description": "The command's working directory."
+              "description": "The command's working directory.",
+              "type": "string"
             },
             "durationMs": {
               "description": "The duration of the command execution in milliseconds.",
@@ -1146,7 +1138,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -1179,13 +1171,9 @@
               ]
             },
             "savedPath": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/AbsolutePathBuf"
-                },
-                {
-                  "type": "null"
-                }
+              "type": [
+                "string",
+                "null"
               ]
             },
             "status": {

codex-rs/app-server-protocol/schema/json/v2/TurnStartResponse.json

@@ -1,10 +1,6 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
   "definitions": {
-    "AbsolutePathBuf": {
-      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
-      "type": "string"
-    },
     "ByteRange": {
       "properties": {
         "end": {
@@ -218,7 +214,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -812,12 +808,8 @@
               "type": "array"
             },
             "cwd": {
-              "allOf": [
-                {
-                  "$ref": "#/definitions/AbsolutePathBuf"
-                }
-              ],
-              "description": "The command's working directory."
+              "description": "The command's working directory.",
+              "type": "string"
             },
             "durationMs": {
               "description": "The duration of the command execution in milliseconds.",
@@ -1146,7 +1138,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -1179,13 +1171,9 @@
               ]
             },
             "savedPath": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/AbsolutePathBuf"
-                },
-                {
-                  "type": "null"
-                }
+              "type": [
+                "string",
+                "null"
               ]
             },
             "status": {

codex-rs/app-server-protocol/schema/json/v2/TurnStartedNotification.json

@@ -1,10 +1,6 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
   "definitions": {
-    "AbsolutePathBuf": {
-      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
-      "type": "string"
-    },
     "ByteRange": {
       "properties": {
         "end": {
@@ -218,7 +214,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -812,12 +808,8 @@
               "type": "array"
             },
             "cwd": {
-              "allOf": [
-                {
-                  "$ref": "#/definitions/AbsolutePathBuf"
-                }
-              ],
-              "description": "The command's working directory."
+              "description": "The command's working directory.",
+              "type": "string"
             },
             "durationMs": {
               "description": "The duration of the command execution in milliseconds.",
@@ -1146,7 +1138,7 @@
               "type": "string"
             },
             "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
+              "type": "string"
             },
             "type": {
               "enum": [
@@ -1179,13 +1171,9 @@
               ]
             },
             "savedPath": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/AbsolutePathBuf"
-                },
-                {
-                  "type": "null"
-                }
+              "type": [
+                "string",
+                "null"
               ]
             },
             "status": {

codex-rs/app-server-protocol/schema/typescript/ApplyPatchApprovalParams.ts

@@ -4,16 +4,16 @@
 import type { FileChange } from "./FileChange";
 import type { ThreadId } from "./ThreadId";
 
-export type ApplyPatchApprovalParams = { conversationId: ThreadId,
+export type ApplyPatchApprovalParams = { conversationId: ThreadId, 
 /**
  * Use to correlate this with [codex_protocol::protocol::PatchApplyBeginEvent]
  * and [codex_protocol::protocol::PatchApplyEndEvent].
  */
-callId: string, fileChanges: { [key in string]?: FileChange },
+callId: string, fileChanges: { [key in string]?: FileChange }, 
 /**
  * Optional explanatory reason (e.g. request for extra write access).
  */
-reason: string | null,
+reason: string | null, 
 /**
  * When set, the agent is asking the user to allow writes under this root
  * for the remainder of the session (unclear if this is honored today).

codex-rs/app-server-protocol/schema/typescript/ExecCommandApprovalParams.ts

@@ -4,12 +4,12 @@
 import type { ParsedCommand } from "./ParsedCommand";
 import type { ThreadId } from "./ThreadId";
 
-export type ExecCommandApprovalParams = { conversationId: ThreadId,
+export type ExecCommandApprovalParams = { conversationId: ThreadId, 
 /**
  * Use to correlate this with [codex_protocol::protocol::ExecCommandBeginEvent]
  * and [codex_protocol::protocol::ExecCommandEndEvent].
  */
-callId: string,
+callId: string, 
 /**
  * Identifier for this specific approval callback.
  */

codex-rs/app-server-protocol/schema/typescript/InitializeCapabilities.ts

@@ -5,11 +5,11 @@
 /**
  * Client-declared capabilities negotiated during initialize.
  */
-export type InitializeCapabilities = {
+export type InitializeCapabilities = { 
 /**
  * Opt into receiving experimental API methods and fields.
  */
-experimentalApi: boolean,
+experimentalApi: boolean, 
 /**
  * Exact notification method names that should be suppressed for this
  * connection (for example `thread/started`).

codex-rs/app-server-protocol/schema/typescript/InitializeResponse.ts

@@ -3,16 +3,16 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { AbsolutePathBuf } from "./AbsolutePathBuf";
 
-export type InitializeResponse = { userAgent: string,
+export type InitializeResponse = { userAgent: string, 
 /**
  * Absolute path to the server's $CODEX_HOME directory.
  */
-codexHome: AbsolutePathBuf,
+codexHome: AbsolutePathBuf, 
 /**
  * Platform family for the running app-server target, for example
  * `"unix"` or `"windows"`.
  */
-platformFamily: string,
+platformFamily: string, 
 /**
  * Operating system for the running app-server target, for example
  * `"macos"`, `"linux"`, or `"windows"`.