Address OAuth persistence review feedback

Keep local OAuth login flows on the no-proxy client while remote flows continue to use the runtime-selected HTTP client. Harden OAuth persistence so expires_in drift does not look like an external token update and transient keyring read failures do not clear in-memory credentials. Co-authored-by: Codex <noreply@openai.com>
Address MCP OAuth review feedback
2026-05-09 05:42:32 +00:00 · 2026-04-27 11:58:06 +00:00 · 2026-04-27 11:34:20 +00:00 · 2026-04-27 11:13:44 +00:00 · 2026-04-27 11:01:49 +00:00 · 2026-04-27 10:45:14 +00:00
1444 changed files with 76586 additions and 160554 deletions
--- a/.bazelrc
+++ b/.bazelrc
@@ -79,10 +79,6 @@ common:ci --disk_cache=
 # Shared config for the main Bazel CI workflow.
 common:ci-bazel --config=ci
 common:ci-bazel --build_metadata=TAG_workflow=bazel
-# Bazel CI cross-compiles in several legs, and the V8-backed code-mode tests
-# are not stable in that setup yet. Keep running the rest of the Rust
-# integration suites through the workspace-root launcher.
-common:ci-bazel --test_env=CODEX_BAZEL_TEST_SKIP_FILTERS=suite::code_mode::

 # Shared config for Bazel-backed Rust linting.
 build:clippy --aspects=@rules_rust//rust:defs.bzl%rust_clippy_aspect
@@ -157,25 +153,6 @@ common:ci-macos --config=remote
 common:ci-macos --strategy=remote
 common:ci-macos --strategy=TestRunner=darwin-sandbox,local

-# On Windows, use Linux remote execution for build actions but keep test actions
-# on the Windows runner so Bazel's normal test sharding and flaky-test retries
-# still run against Windows binaries.
-common:ci-windows-cross --config=ci-windows
-common:ci-windows-cross --build_metadata=TAG_windows_cross_compile=true
-common:ci-windows-cross --config=remote
-common:ci-windows-cross --host_platform=//:rbe
-common:ci-windows-cross --strategy=remote
-common:ci-windows-cross --strategy=TestRunner=local
-common:ci-windows-cross --local_test_jobs=4
-common:ci-windows-cross --test_env=RUST_TEST_THREADS=1
-# Native Windows CI still covers the PowerShell tests. The cross-built gnullvm
-# binaries currently hang in PowerShell AST parser tests when those binaries are
-# run on the Windows runner.
-common:ci-windows-cross --test_env=CODEX_BAZEL_TEST_SKIP_FILTERS=suite::code_mode::,powershell
-common:ci-windows-cross --platforms=//:windows_x86_64_gnullvm
-common:ci-windows-cross --extra_execution_platforms=//:rbe,//:windows_x86_64_msvc
-common:ci-windows-cross --extra_toolchains=//:windows_gnullvm_tests_on_msvc_host_toolchain
-
 # Linux-only V8 CI config.
 common:ci-v8 --config=ci
 common:ci-v8 --build_metadata=TAG_workflow=v8
@@ -183,15 +160,5 @@ common:ci-v8 --build_metadata=TAG_os=linux
 common:ci-v8 --config=remote
 common:ci-v8 --strategy=remote

-# Source-built Bazel V8 artifacts use the in-process sandbox by default. This
-# does not affect Cargo's default prebuilt rusty_v8 path.
-common --@v8//:v8_enable_pointer_compression=True
-common --@v8//:v8_enable_sandbox=True
-
-# Keep currently published rusty_v8 release artifacts non-sandboxed until the
-# artifact migration ships matching Rust feature selection for Cargo consumers.
-common:v8-release-compat --@v8//:v8_enable_pointer_compression=False
-common:v8-release-compat --@v8//:v8_enable_sandbox=False
-
 # Optional per-user local overrides.
 try-import %workspace%/user.bazelrc
--- a/.codex/environments/environment.toml
+++ b/.codex/environments/environment.toml
@@ -1,11 +0,0 @@
-# THIS IS AUTOGENERATED. DO NOT EDIT MANUALLY
-version = 1
-name = "codex"
-
-[setup]
-script = ""
-
-[[actions]]
-name = "Run"
-icon = "run"
-command = "cargo +1.93.0 run --manifest-path=codex-rs/Cargo.toml --bin codex -- -c mcp_oauth_credentials_store=file"
--- a/.codex/skills/babysit-pr/SKILL.md
+++ b/.codex/skills/babysit-pr/SKILL.md
@@ -27,10 +27,10 @@ Accept any of the following:
 2. Run the watcher script to snapshot PR/review/CI state (or consume each streamed snapshot from `--watch`).
 3. Inspect the `actions` list in the JSON response.
 4. If `diagnose_ci_failure` is present, inspect failed run logs and classify the failure.
-5. If the failure is likely caused by the current branch, patch code locally, commit, and push. Do not patch random flaky tests, CI infrastructure, dependency outages, runner issues, or other failures that are unrelated to the branch.
+5. If the failure is likely caused by the current branch, patch code locally, commit, and push.
 6. If `process_review_comment` is present, inspect surfaced review items and decide whether to address them.
 7. If a review item is actionable and correct, patch code locally, commit, push, and then mark the associated review thread/comment as resolved once the fix is on GitHub.
-8. Do not post replies to human-authored review comments/threads unless the user explicitly confirms the exact response. If a human review item is non-actionable, already addressed, or not valid, surface the item and recommended response to the user instead of replying on GitHub.
+8. If a review item from another author is non-actionable, already addressed, or not valid, post one reply on the comment/thread explaining that decision (for example answering the question or explaining why no change is needed). Prefix the GitHub reply body with `[codex]` so it is clear the response is automated. If the watcher later surfaces your own reply, treat that self-authored item as already handled and do not reply again.
 9. If the failure is likely flaky/unrelated and `retry_failed_checks` is present, rerun failed jobs with `--retry-failed-now`.
 10. If both actionable review feedback and `retry_failed_checks` are present, prioritize review feedback first; a new commit will retrigger CI, so avoid rerunning flaky checks on the old SHA unless you intentionally defer the review change.
 11. On every loop, look for newly surfaced review feedback before acting on CI failures or mergeability state, then verify mergeability / merge-conflict status (for example via `gh pr view`) alongside CI.
@@ -69,18 +69,12 @@ python3 .codex/skills/babysit-pr/scripts/gh_pr_watch.py --pr <number-or-url> --o
 Use `gh` commands to inspect failed runs before deciding to rerun.

 - `gh run view <run-id> --json jobs,name,workflowName,conclusion,status,url,headSha`
- `gh api repos/<owner>/<repo>/actions/runs/<run-id>/jobs -X GET -f per_page=100`
- `gh api repos/<owner>/<repo>/actions/jobs/<job-id>/logs > /tmp/codex-gh-job-<job-id>-logs.zip`
- `gh run view <run-id> --log-failed` as a fallback after the overall workflow run is complete
+- `gh run view <run-id> --log-failed`

-`gh run view --log-failed` is workflow-run scoped and may not expose failed-job logs until the overall run finishes. For faster diagnosis, poll the run's jobs first and, as soon as a specific job has failed, fetch that job's logs directly from the Actions job logs endpoint. The watcher includes a `failed_jobs` list with each failed job's `job_id` and `logs_endpoint` when GitHub exposes one.
-
-Prefer treating failures as branch-related when failed-job logs point to changed code (compile/test/lint/typecheck/snapshots/static analysis in touched areas).
+Prefer treating failures as branch-related when logs point to changed code (compile/test/lint/typecheck/snapshots/static analysis in touched areas).

 Prefer treating failures as flaky/unrelated when logs show transient infra/external issues (timeouts, runner provisioning failures, registry/network outages, GitHub Actions infra errors).

-Do not attempt to fix flaky/unrelated failures by changing tests, build scripts, CI configuration, dependency pins, or infrastructure-adjacent code unless the logs clearly connect the failure to the PR branch. For flaky/unrelated failures, rerun only when the watcher recommends `retry_failed_checks`; otherwise wait or stop for user help.
-
 If classification is ambiguous, perform one manual diagnosis attempt before choosing rerun.

 Read `.codex/skills/babysit-pr/references/heuristics.md` for a concise checklist.
@@ -105,8 +99,7 @@ When you agree with a comment and it is actionable:
 5. Resume watching on the new SHA immediately (do not stop after reporting the push).
 6. If monitoring was running in `--watch` mode, restart `--watch` immediately after the push in the same turn; do not wait for the user to ask again.

-Do not post replies to human-authored GitHub review comments/threads automatically. If you disagree with a human comment, believe it is non-actionable/already addressed, or need to answer a question, report the item to the user with a suggested response and wait for explicit confirmation before posting anything on GitHub. If the user approves a response, prefix it with `[codex]` so it is clear the response is automated and not from the human user.
-If the watcher later surfaces your own approved reply because the authenticated operator is treated as a trusted review author, treat that self-authored item as already handled and do not reply again.
+If you disagree or the comment is non-actionable/already addressed, reply once directly on the GitHub comment/thread so the reviewer gets an explicit answer, then continue the watcher loop. Prefix any GitHub reply to a code review comment/thread with `[codex]` so it is clear the response is automated and not from the human user. If the watcher later surfaces your own reply because the authenticated operator is treated as a trusted review author, treat that self-authored item as already handled and do not reply again.
 If a code review comment/thread is already marked as resolved in GitHub, treat it as non-actionable and safely ignore it unless new unresolved follow-up feedback appears.

 ## Git Safety Rules
@@ -132,11 +125,11 @@ Use this loop in a live Codex session:
 2. Read `actions`.
 3. First check whether the PR is now merged or otherwise closed; if so, report that terminal state and stop polling immediately.
 4. Check CI summary, new review items, and mergeability/conflict status.
-5. Diagnose CI failures and classify branch-related vs flaky/unrelated. If the overall run is still pending but `failed_jobs` already includes a failed job, fetch that job's logs and diagnose immediately instead of waiting for the whole workflow run to finish. Patch only when the failure is branch-related.
-6. For each surfaced review item from another author, patch/commit/push and then resolve it if it is actionable. If it is non-actionable, already addressed, or requires a written answer, surface it to the user with a suggested response instead of posting automatically. If a later snapshot surfaces your own approved reply, treat it as informational and continue without responding again.
+5. Diagnose CI failures and classify branch-related vs flaky/unrelated.
+6. For each surfaced review item from another author, either reply once with an explanation if it is non-actionable or patch/commit/push and then resolve it if it is actionable. If a later snapshot surfaces your own reply, treat it as informational and continue without responding again.
 7. Process actionable review comments before flaky reruns when both are present; if a review fix requires a commit, push it and skip rerunning failed checks on the old SHA.
-8. Retry failed checks only when `retry_failed_checks` is present and you are not about to replace the current SHA with a review/CI fix commit. Do not make code changes for unrelated flakes or infrastructure failures just to get CI green.
-9. If you pushed a commit, resolved a review thread, or triggered a rerun, report the action briefly and continue polling (do not stop). If a human review comment needs a written GitHub response, stop and ask for confirmation before posting.
+8. Retry failed checks only when `retry_failed_checks` is present and you are not about to replace the current SHA with a review/CI fix commit.
+9. If you pushed a commit, resolved a review thread, replied to a review comment, or triggered a rerun, report the action briefly and continue polling (do not stop).
 10. After a review-fix push, proactively restart continuous monitoring (`--watch`) in the same turn unless a strict stop condition has already been reached.
 11. If everything is passing, mergeable, not blocked on required review approval, and there are no unaddressed review items, report that the PR is currently ready to merge but keep the watcher running so new review comments are surfaced quickly while the PR remains open.
 12. If blocked on a user-help-required issue (infra outage, exhausted flaky retries, unclear reviewer request, permissions), report the blocker and stop.
--- a/.codex/skills/babysit-pr/agents/openai.yaml
+++ b/.codex/skills/babysit-pr/agents/openai.yaml
@@ -1,4 +1,4 @@
 interface:
  display_name: "PR Babysitter"
  short_description: "Watch PR review comments, CI, and merge conflicts"
-  default_prompt: "Babysit the current PR: monitor reviewer comments, CI, and merge-conflict status (prefer the watcher’s --watch mode for live monitoring); surface new review feedback before acting on CI or mergeability work, fix valid issues, push updates, and rerun flaky failures up to 3 times. Do not post replies to human-authored review comments unless the user explicitly confirms the exact response. Do not patch unrelated flaky tests, CI infrastructure, dependency outages, runner issues, or other failures that are not caused by the branch. Keep exactly one watcher session active for the PR (do not leave duplicate --watch terminals running). If you pause monitoring to patch review/CI feedback, restart --watch yourself immediately after the push in the same turn. If a watcher is still running and no strict stop condition has been reached, the task is still in progress: keep consuming watcher output and sending progress updates instead of ending the turn. Do not treat a green + mergeable PR as a terminal stop while it is still open; continue polling autonomously after any push/rerun so newly posted review comments are surfaced until a strict terminal stop condition is reached or the user interrupts."
+  default_prompt: "Babysit the current PR: monitor reviewer comments, CI, and merge-conflict status (prefer the watcher’s --watch mode for live monitoring); surface new review feedback before acting on CI or mergeability work, fix valid issues, push updates, and rerun flaky failures up to 3 times. Keep exactly one watcher session active for the PR (do not leave duplicate --watch terminals running). If you pause monitoring to patch review/CI feedback, restart --watch yourself immediately after the push in the same turn. If a watcher is still running and no strict stop condition has been reached, the task is still in progress: keep consuming watcher output and sending progress updates instead of ending the turn. Do not treat a green + mergeable PR as a terminal stop while it is still open; continue polling autonomously after any push/rerun so newly posted review comments are surfaced until a strict terminal stop condition is reached or the user interrupts."
--- a/.codex/skills/babysit-pr/references/github-api-notes.md
+++ b/.codex/skills/babysit-pr/references/github-api-notes.md
@@ -23,11 +23,9 @@ Used to discover failed workflow runs and rerunnable run IDs.
 ### Failed log inspection

 - `gh run view <run-id> --json jobs,name,workflowName,conclusion,status,url,headSha`
- `gh api repos/{owner}/{repo}/actions/runs/{run_id}/jobs -X GET -f per_page=100`
- `gh api repos/{owner}/{repo}/actions/jobs/{job_id}/logs > /tmp/codex-gh-job-{job_id}-logs.zip`
 - `gh run view <run-id> --log-failed`

-Used by Codex to classify branch-related vs flaky/unrelated failures. Prefer the direct job log endpoint as soon as a job has failed because `gh run view --log-failed` may not produce failed-job logs until the overall workflow run completes.
+Used by Codex to classify branch-related vs flaky/unrelated failures.

 ### Retry failed jobs only

@@ -72,11 +70,3 @@ Reruns only failed jobs (and dependencies) for a workflow run.
 - `conclusion`
 - `html_url`
 - `head_sha`
-
-### Actions run jobs API (`jobs[]`)
-
- `id`
- `name`
- `status`
- `conclusion`
- `html_url`
--- a/.codex/skills/babysit-pr/references/heuristics.md
+++ b/.codex/skills/babysit-pr/references/heuristics.md
@@ -18,8 +18,6 @@ Treat as **likely flaky or unrelated** when evidence points to transient or exte
 - Cloud/service rate limits or transient API outages
 - Non-deterministic failures in unrelated integration tests with known flake patterns

-Do not patch likely flaky/unrelated failures. Use the retry budget for rerunnable failures, wait for pending jobs, or stop and report the blocker when the failure is persistent or infrastructure-owned.
-
 If uncertain, inspect failed logs once before choosing rerun.

 ## Decision tree (fix vs rerun vs stop)
@@ -27,11 +25,9 @@ If uncertain, inspect failed logs once before choosing rerun.
 1. If PR is merged/closed: stop.
 2. If there are failed checks:
   - Diagnose first.
-   - If checks are still pending but an individual job has already failed: fetch that job's logs and diagnose now.
   - If branch-related: fix locally, commit, push.
   - If likely flaky/unrelated and all checks for the current SHA are terminal: rerun failed jobs.
-   - If likely flaky/unrelated and not safely rerunnable: stop and report the blocker; do not edit unrelated tests, build scripts, CI configuration, dependency pins, or infrastructure code.
-   - If checks are still pending and no failed job is available yet: wait.
+   - If checks are still pending: wait.
 3. If flaky reruns for the same SHA reach the configured limit (default 3): stop and report persistent failure.
 4. Independently, process any new human review comments.

@@ -44,15 +40,12 @@ Address the comment when:
 - The requested change does not conflict with the user’s intent or recent guidance.
 - The change can be made safely without unrelated refactors.

-Fix valid human review feedback in code when possible, but do not post a GitHub reply to a human-authored comment/thread unless the user explicitly confirms the exact response.
-
 Do not auto-fix when:

 - The comment is ambiguous and needs clarification.
 - The request conflicts with explicit user instructions.
 - The proposed change requires product/design decisions the user has not made.
 - The codebase is in a dirty/unrelated state that makes safe editing uncertain.
- The comment only needs a written answer or disagreement response; propose the reply to the user instead of posting it automatically.

 ## Stop-and-ask conditions

@@ -63,4 +56,3 @@ Stop and ask the user instead of continuing automatically when:
 - The PR branch cannot be pushed.
 - CI failures persist after the flaky retry budget.
 - Reviewer feedback requires a product decision or cross-team coordination.
- A human review comment requires a written GitHub reply instead of a code change.
--- a/.codex/skills/babysit-pr/scripts/gh_pr_watch.py
+++ b/.codex/skills/babysit-pr/scripts/gh_pr_watch.py
@@ -338,66 +338,6 @@ def failed_runs_from_workflow_runs(runs, head_sha):
    return failed_runs


-def get_jobs_for_run(repo, run_id):
-    endpoint = f"repos/{repo}/actions/runs/{run_id}/jobs"
-    data = gh_json(["api", endpoint, "-X", "GET", "-f", "per_page=100"], repo=repo)
-    if not isinstance(data, dict):
-        raise GhCommandError("Unexpected payload from actions run jobs API")
-    jobs = data.get("jobs") or []
-    if not isinstance(jobs, list):
-        raise GhCommandError("Expected `jobs` to be a list")
-    return jobs
-
-
-def failed_jobs_from_workflow_runs(repo, runs, head_sha):
-    failed_jobs = []
-    for run in runs:
-        if not isinstance(run, dict):
-            continue
-        if str(run.get("head_sha") or "") != head_sha:
-            continue
-        run_id = run.get("id")
-        if run_id in (None, ""):
-            continue
-        run_status = str(run.get("status") or "")
-        run_conclusion = str(run.get("conclusion") or "")
-        if run_status.lower() == "completed" and run_conclusion not in FAILED_RUN_CONCLUSIONS:
-            continue
-        jobs = get_jobs_for_run(repo, run_id)
-        for job in jobs:
-            if not isinstance(job, dict):
-                continue
-            conclusion = str(job.get("conclusion") or "")
-            if conclusion not in FAILED_RUN_CONCLUSIONS:
-                continue
-            job_id = job.get("id")
-            logs_endpoint = None
-            if job_id not in (None, ""):
-                logs_endpoint = f"repos/{repo}/actions/jobs/{job_id}/logs"
-            failed_jobs.append(
-                {
-                    "run_id": run_id,
-                    "workflow_name": run.get("name") or run.get("display_title") or "",
-                    "run_status": run_status,
-                    "run_conclusion": run_conclusion,
-                    "job_id": job_id,
-                    "job_name": str(job.get("name") or ""),
-                    "status": str(job.get("status") or ""),
-                    "conclusion": conclusion,
-                    "html_url": str(job.get("html_url") or ""),
-                    "logs_endpoint": logs_endpoint,
-                }
-            )
-    failed_jobs.sort(
-        key=lambda item: (
-            str(item.get("workflow_name") or ""),
-            str(item.get("job_name") or ""),
-            str(item.get("job_id") or ""),
-        )
-    )
-    return failed_jobs
-
-
 def get_authenticated_login():
    data = gh_json(["api", "user"])
    if not isinstance(data, dict) or not data.get("login"):
@@ -628,7 +568,7 @@ def is_pr_ready_to_merge(pr, checks_summary, new_review_items):
    return True


-def recommend_actions(pr, checks_summary, failed_runs, failed_jobs, new_review_items, retries_used, max_retries):
+def recommend_actions(pr, checks_summary, failed_runs, new_review_items, retries_used, max_retries):
    actions = []
    if pr["closed"] or pr["merged"]:
        if new_review_items:
@@ -643,7 +583,7 @@ def recommend_actions(pr, checks_summary, failed_runs, failed_jobs, new_review_i
    if new_review_items:
        actions.append("process_review_comment")

-    has_failed_pr_checks = checks_summary["failed_count"] > 0 or bool(failed_jobs)
+    has_failed_pr_checks = checks_summary["failed_count"] > 0
    if has_failed_pr_checks:
        if checks_summary["all_terminal"] and retries_used >= max_retries:
            actions.append("stop_exhausted_retries")
@@ -681,14 +621,12 @@ def collect_snapshot(args):
    checks_summary = summarize_checks(checks)
    workflow_runs = get_workflow_runs_for_sha(pr["repo"], pr["head_sha"])
    failed_runs = failed_runs_from_workflow_runs(workflow_runs, pr["head_sha"])
-    failed_jobs = failed_jobs_from_workflow_runs(pr["repo"], workflow_runs, pr["head_sha"])

    retries_used = current_retry_count(state, pr["head_sha"])
    actions = recommend_actions(
        pr,
        checks_summary,
        failed_runs,
-        failed_jobs,
        new_review_items,
        retries_used,
        args.max_flaky_retries,
@@ -703,7 +641,6 @@ def collect_snapshot(args):
        "pr": pr,
        "checks": checks_summary,
        "failed_runs": failed_runs,
-        "failed_jobs": failed_jobs,
        "new_review_items": new_review_items,
        "actions": actions,
        "retry_state": {
--- a/.codex/skills/babysit-pr/scripts/test_gh_pr_watch.py
+++ b/.codex/skills/babysit-pr/scripts/test_gh_pr_watch.py
@@ -75,11 +75,6 @@ def test_collect_snapshot_fetches_review_items_before_ci(monkeypatch, tmp_path):
        "failed_runs_from_workflow_runs",
        lambda *args, **kwargs: call_order.append("failed_runs") or [],
    )
-    monkeypatch.setattr(
-        gh_pr_watch,
-        "failed_jobs_from_workflow_runs",
-        lambda *args, **kwargs: call_order.append("failed_jobs") or [],
-    )
    monkeypatch.setattr(
        gh_pr_watch,
        "recommend_actions",
@@ -105,7 +100,6 @@ def test_recommend_actions_prioritizes_review_comments():
        sample_pr(),
        sample_checks(failed_count=1),
        [{"run_id": 99}],
-        [],
        [{"kind": "review_comment", "id": "1"}],
        0,
        3,
@@ -125,7 +119,6 @@ def test_run_watch_keeps_polling_open_ready_to_merge_pr(monkeypatch):
        "pr": sample_pr(),
        "checks": sample_checks(),
        "failed_runs": [],
-        "failed_jobs": [],
        "new_review_items": [],
        "actions": ["ready_to_merge"],
        "retry_state": {
@@ -160,58 +153,3 @@ def test_run_watch_keeps_polling_open_ready_to_merge_pr(monkeypatch):

    assert sleeps == [30, 30]
    assert [event for event, _ in events] == ["snapshot", "snapshot"]
-
-
-def test_failed_jobs_include_direct_logs_endpoint(monkeypatch):
-    jobs_by_run = {
-        99: [
-            {
-                "id": 555,
-                "name": "unit tests",
-                "status": "completed",
-                "conclusion": "failure",
-                "html_url": "https://github.com/openai/codex/actions/runs/99/job/555",
-            },
-            {
-                "id": 556,
-                "name": "lint",
-                "status": "completed",
-                "conclusion": "success",
-            },
-        ]
-    }
-
-    monkeypatch.setattr(
-        gh_pr_watch,
-        "get_jobs_for_run",
-        lambda repo, run_id: jobs_by_run[run_id],
-    )
-
-    failed_jobs = gh_pr_watch.failed_jobs_from_workflow_runs(
-        "openai/codex",
-        [
-            {
-                "id": 99,
-                "name": "CI",
-                "status": "in_progress",
-                "conclusion": "",
-                "head_sha": "abc123",
-            }
-        ],
-        "abc123",
-    )
-
-    assert failed_jobs == [
-        {
-            "run_id": 99,
-            "workflow_name": "CI",
-            "run_status": "in_progress",
-            "run_conclusion": "",
-            "job_id": 555,
-            "job_name": "unit tests",
-            "status": "completed",
-            "conclusion": "failure",
-            "html_url": "https://github.com/openai/codex/actions/runs/99/job/555",
-            "logs_endpoint": "repos/openai/codex/actions/jobs/555/logs",
-        }
-    ]
--- a/.codex/skills/codex-issue-digest/SKILL.md
+++ b/.codex/skills/codex-issue-digest/SKILL.md
@@ -7,7 +7,7 @@ description: Run a GitHub issue digest for openai/codex by feature-area labels,

 ## Objective

-Produce a headline-first, insight-oriented digest of `openai/codex` issues for the requested feature-area labels over the previous 24 hours by default. Honor a different duration when the user asks for one, for example "past week" or "48 hours". Default to a summary-only response; include details only when requested.
+Produce a concise, insight-oriented digest of `openai/codex` issues for the requested feature-area labels over the previous 24 hours by default. Honor a different duration when the user asks for one, for example "past week" or "48 hours".

 Include only issues that currently have `bug` or `enhancement` plus at least one requested owner label. If the user asks for all areas or all labels, collect `bug`/`enhancement` issues across all labels.

@@ -29,46 +29,21 @@ python3 .codex/skills/codex-issue-digest/scripts/collect_issue_digest.py --label
 Use `--window "past week"` or `--window-hours 168` when the user asks for a non-default duration. Use `--all-labels` when the user says all areas or all labels.

 2. Use the JSON as the source of truth. It includes new issues, new issue comments, new reactions/upvotes, current labels, current reaction counts, model-ready `summary_inputs`, and detailed `digest_rows`.
-3. Choose the output mode from the user's request:
-   - Default mode: start the report with `## Summary` and do not emit `## Details`.
-   - Details-upfront mode: if the user asks for details, a table, a full digest, "include details", or similar, start with `## Summary`, then include `## Details`.
-   - Follow-up details mode: if the user asks for more detail after a summary-only digest, produce `## Details` from the existing collector JSON when it is still available; otherwise rerun the collector.
-4. In `## Summary`, write a headline-first executive summary:
-   - The first nonblank line under `## Summary` must be a single-line headline or judgment, not a bullet. It should be useful even if the reader stops there.
-   - On quiet days, prefer exactly: `No major issues reported by users.` Use this when there are no elevated rows, no newly repeated theme, and nothing that needs owner action.
-   - When users are surfacing notable issues, make the headline name the count or theme, for example `Two issues are being surfaced by users:`.
-   - Immediately under an active headline, list only the issues or themes driving attention, ordered by importance. Start each line with the row's `attention_marker` when present, then a concise owner-readable description and inline issue refs.
-   - Treat `🔥🔥` as headline-worthy and `🔥` as elevated. Do not add fire emoji yourself; only copy the row's `attention_marker`.
-   - Keep any extra summary detail after the headline to 1-3 terse lines, only when it adds a decision-relevant caveat, repeated theme, or owner action.
-   - Do not include routine counts, broad stats, or low-signal table summaries in `## Summary` unless they change the headline. Put metadata and optional counts in `## Details` or the footer.
-   - In default mode, end the report with a concise prompt such as `Want details? I can expand this into the issue table.` Keep this separate from the summary headline so the headline stays clean.
+3. Start the report with `## Summary`, then `## Details`.
+4. In `## Summary`, write skim-first headlines:
+   - Lead with the most important fact or judgment. Do not start with aggregate counts unless the aggregate itself is the story.
+   - Make the first 1-3 bullets answer "what should owners pay attention to right now?"
+   - Bold only the critical insight phrase in each high-priority bullet, for example `**GPT-5.5 context is the dominant pressure point**`.
+   - Keep summary bullets short enough to scan in about 20 seconds.
+   - Put broad stats near the end of the summary, after the owner-relevant takeaways.
+   - Say clearly when there is nothing significant to act on.
+   - Call out any areas or themes receiving lots of user attention.
   - Cluster and name themes yourself from `summary_inputs`; the collector intentionally does not hard-code issue categories.
   - Use a cluster only when the issues genuinely share the same product problem. If several issues merely share a broad platform or label, describe them individually.
   - Do not omit a repeated theme just because its individual issues fall below the details table cutoff. Several similar reports should be called out as a repeated customer concern.
   - For single-issue rows, summarize the concern directly instead of calling it a cluster.
   - Use inline numbered issue links from each relevant row's `ref_markdown`.
-   - Example quiet summary:
-
-```markdown
-## Summary
-No major issues reported by users.
-
-Source: collector v4, git `abc123def456`, window `2026-04-27T00:00:00Z` to `2026-04-28T00:00:00Z`.
-Want details? I can expand this into the issue table.
-```
-
-   - Example active summary:
-
-```markdown
-## Summary
-Two issues are being surfaced by users:
-🔥🔥 Terminal launch hangs on startup [1](https://github.com/openai/codex/issues/123)
-🔥 Resume switches model providers unexpectedly [2](https://github.com/openai/codex/issues/456)
-
-Source: collector v4, git `abc123def456`, window `2026-04-27T00:00:00Z` to `2026-04-28T00:00:00Z`.
-Want details? I can expand this into the issue table.
-```
-5. In `## Details`, when details are requested, include a compact table only when useful:
+5. In `## Details`, include a compact table only when useful:
   - Prefer rows from `digest_rows`; include a `Refs` column using each row's `ref_markdown`.
   - Keep the table short; omit low-signal rows when the summary already covers them.
   - Use compact columns such as marker, area, type, description, interactions, and refs.
@@ -77,7 +52,7 @@ Want details? I can expand this into the issue table.
 6. Use the JSON `attention_marker` exactly. It is empty for normal rows, `🔥` for elevated rows, and `🔥🔥` for very high-attention rows. The actual cutoffs are in `attention_thresholds`.
 7. Use inline numbered references where a row or bullet points to issues, for example `Compaction bugs [1](https://github.com/openai/codex/issues/123), [2](https://github.com/openai/codex/issues/456)`. Do not add a separate footnotes section.
 8. Label `interactions` as `Interactions`; it counts posts/comments/reactions during the requested window, not unique people.
-9. Mention the collector `script_version`, repo checkout `git_head`, and time window in one compact source line. In default mode, put this before the details prompt so the final line still asks whether the user wants details. In details-upfront mode, it can be the footer.
+9. Mention the collector `script_version`, repo checkout `git_head`, and time window in the digest footer or final line.

 ## Reaction Handling

@@ -89,7 +64,7 @@ GitHub issue search is still seeded by issue `updated_at`, so a purely reaction-

 ## Attention Markers

-The collector scales attention markers by the requested time window. The baseline is 5 human user interactions for `🔥` and 10 for `🔥🔥` over 24 hours; longer or shorter windows scale those cutoffs linearly and round up. For example, a one-week report uses 35 and 70 interactions. Human user interactions are human-authored new issue posts, human-authored new comments, and human reactions created during the window, including upvotes. Bot posts and bot reactions are excluded. In prose, explain this as high user interaction rather than naming the emoji.
+The collector scales attention markers by the requested time window. The baseline is 10 human user interactions for `🔥` and 20 for `🔥🔥` over 24 hours; longer or shorter windows scale those cutoffs linearly and round up. For example, a one-week report uses 70 and 140 interactions. Human user interactions are human-authored new issue posts, human-authored new comments, and human reactions created during the window, including upvotes. Bot posts and bot reactions are excluded. In prose, explain this as high user interaction rather than naming the emoji.

 ## Freshness

--- a/.codex/skills/codex-issue-digest/scripts/collect_issue_digest.py
+++ b/.codex/skills/codex-issue-digest/scripts/collect_issue_digest.py
@@ -11,12 +11,12 @@ from datetime import datetime, timedelta, timezone
 from pathlib import Path
 from urllib.parse import quote

-SCRIPT_VERSION = 4
+SCRIPT_VERSION = 2
 QUALIFYING_KIND_LABELS = ("bug", "enhancement")
 REACTION_KEYS = ("+1", "-1", "laugh", "hooray", "confused", "heart", "rocket", "eyes")
 BASE_ATTENTION_WINDOW_HOURS = 24.0
-ONE_ATTENTION_INTERACTION_THRESHOLD = 5
-TWO_ATTENTION_INTERACTION_THRESHOLD = 10
+ONE_ATTENTION_INTERACTION_THRESHOLD = 10
+TWO_ATTENTION_INTERACTION_THRESHOLD = 20
 ALL_LABEL_PHRASES = {"all", "all areas", "all labels", "all-areas", "all-labels", "*"}


@@ -305,7 +305,6 @@ def search_issue_numbers(queries, limit):
    numbers = {}
    for query in queries:
        page = 1
-        seen_for_query = 0
        while True:
            payload = gh_json(
                [
@@ -316,10 +315,6 @@ def search_issue_numbers(queries, limit):
                    "-f",
                    f"q={query}",
                    "-f",
-                    "sort=updated",
-                    "-f",
-                    "order=desc",
-                    "-f",
                    "per_page=100",
                    "-f",
                    f"page={page}",
@@ -336,8 +331,7 @@ def search_issue_numbers(queries, limit):
                number = item.get("number")
                if isinstance(number, int):
                    numbers[number] = str(item.get("updated_at") or "")
-                    seen_for_query += 1
-            if len(items) < 100 or seen_for_query >= limit:
+            if len(items) < 100 or len(numbers) >= limit:
                break
            page += 1
    ordered = sorted(
--- a/.codex/skills/codex-issue-digest/scripts/test_collect_issue_digest.py
+++ b/.codex/skills/codex-issue-digest/scripts/test_collect_issue_digest.py
@@ -51,77 +51,6 @@ def test_normalize_requested_labels_accepts_all_area_phrases():
    )


-def test_search_issue_numbers_requests_updated_sort(monkeypatch):
-    calls = []
-
-    def fake_gh_json(args):
-        calls.append(args)
-        return {
-            "items": [
-                {"number": 1, "updated_at": "2026-04-25T00:00:00Z"},
-            ]
-        }
-
-    monkeypatch.setattr(collect_issue_digest, "gh_json", fake_gh_json)
-
-    assert collect_issue_digest.search_issue_numbers(["query"], limit=10) == [1]
-    assert "-f" in calls[0]
-    assert "sort=updated" in calls[0]
-    assert "order=desc" in calls[0]
-
-
-def test_search_issue_numbers_applies_limit_per_query(monkeypatch):
-    calls = []
-
-    def fake_gh_json(args):
-        calls.append(args)
-        query = next(
-            value.removeprefix("q=") for value in args if value.startswith("q=")
-        )
-        page = int(
-            next(
-                value.removeprefix("page=")
-                for value in args
-                if value.startswith("page=")
-            )
-        )
-        base = 10_000 if query == "first" else 20_000
-        offset = (page - 1) * 100
-        return {
-            "items": [
-                {
-                    "number": base + offset + idx,
-                    "updated_at": f"2026-04-25T00:{idx:02d}:00Z",
-                }
-                for idx in range(100)
-            ]
-        }
-
-    monkeypatch.setattr(collect_issue_digest, "gh_json", fake_gh_json)
-
-    collect_issue_digest.search_issue_numbers(["first", "second"], limit=150)
-
-    queried_pages = [
-        (
-            next(
-                value.removeprefix("q=") for value in args if value.startswith("q=")
-            ),
-            next(
-                value.removeprefix("page=")
-                for value in args
-                if value.startswith("page=")
-            ),
-        )
-        for args in calls
-    ]
-    assert queried_pages == [
-        ("first", "1"),
-        ("first", "2"),
-        ("second", "1"),
-        ("second", "2"),
-    ]
-
-
 def test_summarize_issue_keeps_new_comments_and_reaction_signals():
    since = collect_issue_digest.parse_timestamp("2026-04-25T00:00:00Z", "--since")
    until = collect_issue_digest.parse_timestamp("2026-04-26T00:00:00Z", "--until")
@@ -298,19 +227,19 @@ def test_parse_duration_hours_accepts_common_phrases():

 def test_attention_thresholds_scale_by_window_length():
    one_day = collect_issue_digest.attention_thresholds_for_window(24)
-    assert one_day["elevated"] == 5
-    assert one_day["very_high"] == 10
+    assert one_day["elevated"] == 10
+    assert one_day["very_high"] == 20

    half_day = collect_issue_digest.attention_thresholds_for_window(12)
-    assert half_day["elevated"] == 3
-    assert half_day["very_high"] == 5
+    assert half_day["elevated"] == 5
+    assert half_day["very_high"] == 10

    week = collect_issue_digest.attention_thresholds_for_window(168)
-    assert week["elevated"] == 35
-    assert week["very_high"] == 70
-    assert collect_issue_digest.attention_marker_for(34, week) == ""
-    assert collect_issue_digest.attention_marker_for(35, week) == "🔥"
-    assert collect_issue_digest.attention_marker_for(70, week) == "🔥🔥"
+    assert week["elevated"] == 70
+    assert week["very_high"] == 140
+    assert collect_issue_digest.attention_marker_for(69, week) == ""
+    assert collect_issue_digest.attention_marker_for(107, week) == "🔥"
+    assert collect_issue_digest.attention_marker_for(140, week) == "🔥🔥"


 def test_fetch_comments_uses_since_filter_and_page_cap(monkeypatch):
@@ -371,7 +300,7 @@ def test_attention_markers_count_human_user_interactions():
            "user": {"login": f"user-{idx}"},
            "body": "same here",
        }
-        for idx in range(4)
+        for idx in range(9)
    ]
    comments.append(
        {
@@ -393,8 +322,8 @@ def test_attention_markers_count_human_user_interactions():
        comment_chars=100,
    )

-    assert summary["user_interactions"] == 5
-    assert summary["activity"]["new_human_comments"] == 4
+    assert summary["user_interactions"] == 10
+    assert summary["activity"]["new_human_comments"] == 9
    assert summary["attention"] is True
    assert summary["attention_level"] == 1
    assert summary["attention_marker"] == "🔥"
@@ -408,7 +337,7 @@ def test_attention_markers_count_human_user_interactions():
            "user": {"login": f"extra-user-{idx}"},
            "body": "also seeing this",
        }
-        for idx in range(100, 106)
+        for idx in range(11)
    )

    summary = collect_issue_digest.summarize_issue(
@@ -421,7 +350,7 @@ def test_attention_markers_count_human_user_interactions():
        comment_chars=100,
    )

-    assert summary["user_interactions"] == 10
+    assert summary["user_interactions"] == 20
    assert summary["attention_level"] == 2
    assert summary["attention_marker"] == "🔥🔥"

--- a/.github/actions/setup-bazel-ci/action.yml
+++ b/.github/actions/setup-bazel-ci/action.yml
@@ -33,7 +33,7 @@ runs:
      run: Copy-Item (Get-Command dotslash).Source -Destination "$env:LOCALAPPDATA\Microsoft\WindowsApps\dotslash.exe"

    - name: Set up Bazel
-      uses: bazel-contrib/setup-bazel@c5acdfb288317d0b5c0bbd7a396a3dc868bb0f86 # 0.19.0
+      uses: bazelbuild/setup-bazelisk@b39c379c82683a5f25d34f0d062761f62693e0b2 # v3

    - name: Configure Bazel repository cache
      id: configure_bazel_repository_cache
--- a/.github/dotslash-config.json
+++ b/.github/dotslash-config.json
@@ -11,11 +11,11 @@
          "path": "codex"
        },
        "linux-x86_64": {
-          "regex": "^codex-x86_64-unknown-linux-musl-bundle\\.tar\\.zst$",
+          "regex": "^codex-x86_64-unknown-linux-musl\\.zst$",
          "path": "codex"
        },
        "linux-aarch64": {
-          "regex": "^codex-aarch64-unknown-linux-musl-bundle\\.tar\\.zst$",
+          "regex": "^codex-aarch64-unknown-linux-musl\\.zst$",
          "path": "codex"
        },
        "windows-x86_64": {
@@ -84,18 +84,6 @@
        }
      }
    },
-    "bwrap": {
-      "platforms": {
-        "linux-x86_64": {
-          "regex": "^bwrap-x86_64-unknown-linux-musl\\.zst$",
-          "path": "bwrap"
-        },
-        "linux-aarch64": {
-          "regex": "^bwrap-aarch64-unknown-linux-musl\\.zst$",
-          "path": "bwrap"
-        }
-      }
-    },
    "codex-command-runner": {
      "platforms": {
        "windows-x86_64": {
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,6 +1,6 @@
 # External (non-OpenAI) Pull Request Requirements

-External code contributions are by invitation only. Please read the dedicated "Contributing" markdown file for details:
+Before opening this Pull Request, please read the dedicated "Contributing" markdown file or your PR may be closed:
 https://github.com/openai/codex/blob/main/docs/contributing.md

 If your PR conforms to our contribution guidelines, replace this text with a detailed and high quality description of your changes.
--- a/.github/scripts/compute-bazel-windows-path.ps1
+++ b/.github/scripts/compute-bazel-windows-path.ps1
@@ -5,9 +5,9 @@ tool entries, such as Maven, that can change independently of this repo and
 cause avoidable cache misses.

 This script derives a smaller, cache-stable PATH that keeps the Windows
-toolchain entries Bazel-backed CI tasks need: MSVC and Windows SDK paths,
-MinGW runtime DLL paths for gnullvm-built tests, Git, PowerShell, Node, Python,
-DotSlash, and the standard Windows system directories.
+toolchain entries Bazel-backed CI tasks need: MSVC and Windows SDK paths, Git,
+PowerShell, Node, Python, DotSlash, and the standard Windows system
+directories.
 `setup-bazel-ci` runs this after exporting the MSVC environment, and the script
 publishes the result via `GITHUB_ENV` as `CODEX_BAZEL_WINDOWS_PATH` so later
 steps can pass that explicit PATH to Bazel.
@@ -49,8 +49,6 @@ foreach ($pathEntry in ($env:PATH -split ';')) {
    $pathEntry -like '*Microsoft Visual Studio*' -or
    $pathEntry -like '*Windows Kits*' -or
    $pathEntry -like '*Microsoft SDKs*' -or
-    $pathEntry -eq 'C:\mingw64\bin' -or
-    $pathEntry -like 'C:\msys64\*\bin' -or
    $pathEntry -like 'C:\Program Files\Git\*' -or
    $pathEntry -like 'C:\Program Files\PowerShell\*' -or
    $pathEntry -like 'C:\hostedtoolcache\windows\node\*' -or
@@ -87,12 +85,6 @@ if ($pwshCommand) {
  Add-StablePathEntry (Split-Path $pwshCommand.Source -Parent)
 }

-foreach ($mingwPath in @('C:\mingw64\bin', 'C:\msys64\mingw64\bin', 'C:\msys64\ucrt64\bin')) {
-  if (Test-Path $mingwPath) {
-    Add-StablePathEntry $mingwPath
-  }
-}
-
 if ($windowsAppsPath) {
  Add-StablePathEntry $windowsAppsPath
 }
--- a/.github/scripts/run-bazel-ci.sh
+++ b/.github/scripts/run-bazel-ci.sh
@@ -6,7 +6,6 @@ print_failed_bazel_test_logs=0
 print_failed_bazel_action_summary=0
 remote_download_toplevel=0
 windows_msvc_host_platform=0
-windows_cross_compile=0

 while [[ $# -gt 0 ]]; do
  case "$1" in
@@ -26,10 +25,6 @@ while [[ $# -gt 0 ]]; do
      windows_msvc_host_platform=1
      shift
      ;;
-    --windows-cross-compile)
-      windows_cross_compile=1
-      shift
-      ;;
    --)
      shift
      break
@@ -42,7 +37,7 @@ while [[ $# -gt 0 ]]; do
 done

 if [[ $# -eq 0 ]]; then
-  echo "Usage: $0 [--print-failed-test-logs] [--print-failed-action-summary] [--remote-download-toplevel] [--windows-msvc-host-platform] [--windows-cross-compile] -- <bazel args> -- <targets>" >&2
+  echo "Usage: $0 [--print-failed-test-logs] [--print-failed-action-summary] [--remote-download-toplevel] [--windows-msvc-host-platform] -- <bazel args> -- <targets>" >&2
  exit 1
 fi

@@ -66,11 +61,7 @@ case "${RUNNER_OS:-}" in
    ci_config=ci-macos
    ;;
  Windows)
-    if [[ $windows_cross_compile -eq 1 ]]; then
-      ci_config=ci-windows-cross
-    else
-      ci_config=ci-windows
-    fi
+    ci_config=ci-windows
    ;;
 esac

@@ -114,8 +105,8 @@ print_bazel_test_log_tails() {
  while IFS= read -r target; do
    failed_targets+=("$target")
  done < <(
-    grep -E '^(FAIL: //|ERROR: .* Testing //)' "$console_log" \
-      | sed -E 's#^FAIL: (//[^ ]+).*#\1#; s#^ERROR: .* Testing (//[^ ]+) failed:.*#\1#' \
+    grep -E '^FAIL: //' "$console_log" \
+      | sed -E 's#^FAIL: (//[^ ]+).*#\1#' \
      | sort -u
  )

@@ -253,12 +244,6 @@ if [[ ${#bazel_args[@]} -eq 0 || ${#bazel_targets[@]} -eq 0 ]]; then
  exit 1
 fi

-if [[ "${RUNNER_OS:-}" == "Windows" && $windows_cross_compile -eq 1 && -z "${BUILDBUDDY_API_KEY:-}" ]]; then
-  # Fork PRs do not receive the BuildBuddy secret needed for the remote
-  # cross-compile config. Preserve the previous local Windows build shape.
-  windows_msvc_host_platform=1
-fi
-
 post_config_bazel_args=()
 if [[ "${RUNNER_OS:-}" == "Windows" && $windows_msvc_host_platform -eq 1 ]]; then
  has_host_platform_override=0
@@ -284,25 +269,6 @@ if [[ $remote_download_toplevel -eq 1 ]]; then
  post_config_bazel_args+=(--remote_download_toplevel)
 fi

-if [[ "${RUNNER_OS:-}" == "Windows" && $windows_cross_compile -eq 1 && -n "${BUILDBUDDY_API_KEY:-}" ]]; then
-  # `--enable_platform_specific_config` expands `common:windows` on Windows
-  # hosts after ordinary rc configs, which can override `ci-windows-cross`'s
-  # RBE host platform. Repeat the host platform on the command line so V8 and
-  # other genrules execute on Linux RBE workers instead of Git Bash locally.
-  #
-  # Bazel also derives the default genrule shell from the client host. Without
-  # an explicit shell executable, remote Linux actions can be asked to run
-  # `C:\Program Files\Git\usr\bin\bash.exe`.
-  post_config_bazel_args+=(--host_platform=//:rbe --shell_executable=/bin/bash)
-fi
-
-if [[ "${RUNNER_OS:-}" == "Windows" && $windows_cross_compile -eq 1 && -z "${BUILDBUDDY_API_KEY:-}" ]]; then
-  # The Windows cross-compile config depends on remote execution. Fork PRs do
-  # not receive the BuildBuddy secret, so fall back to the existing local build
-  # shape and keep its lower concurrency cap.
-  post_config_bazel_args+=(--jobs=8)
-fi
-
 if [[ -n "${BAZEL_REPO_CONTENTS_CACHE:-}" ]]; then
  # Windows self-hosted runners can run multiple Bazel jobs concurrently. Give
  # each job its own repo contents cache so they do not fight over the shared
@@ -321,57 +287,37 @@ if [[ -n "${CODEX_BAZEL_EXECUTION_LOG_COMPACT_DIR:-}" ]]; then
 fi

 if [[ "${RUNNER_OS:-}" == "Windows" ]]; then
-  pass_windows_build_env=1
-  if [[ $windows_cross_compile -eq 1 && -n "${BUILDBUDDY_API_KEY:-}" ]]; then
-    # Remote build actions execute on Linux RBE workers. Passing the Windows
-    # runner's build environment there makes Bazel genrules try to execute
-    # C:\Program Files\Git\usr\bin\bash.exe on Linux.
-    pass_windows_build_env=0
-  fi
+  windows_action_env_vars=(
+    INCLUDE
+    LIB
+    LIBPATH
+    UCRTVersion
+    UniversalCRTSdkDir
+    VCINSTALLDIR
+    VCToolsInstallDir
+    WindowsLibPath
+    WindowsSdkBinPath
+    WindowsSdkDir
+    WindowsSDKLibVersion
+    WindowsSDKVersion
+  )

-  if [[ $pass_windows_build_env -eq 1 ]]; then
-    windows_action_env_vars=(
-      INCLUDE
-      LIB
-      LIBPATH
-      UCRTVersion
-      UniversalCRTSdkDir
-      VCINSTALLDIR
-      VCToolsInstallDir
-      WindowsLibPath
-      WindowsSdkBinPath
-      WindowsSdkDir
-      WindowsSDKLibVersion
-      WindowsSDKVersion
-    )
-
-    for env_var in "${windows_action_env_vars[@]}"; do
-      if [[ -n "${!env_var:-}" ]]; then
-        post_config_bazel_args+=("--action_env=${env_var}" "--host_action_env=${env_var}")
-      fi
-    done
-  fi
+  for env_var in "${windows_action_env_vars[@]}"; do
+    if [[ -n "${!env_var:-}" ]]; then
+      post_config_bazel_args+=("--action_env=${env_var}" "--host_action_env=${env_var}")
+    fi
+  done

  if [[ -z "${CODEX_BAZEL_WINDOWS_PATH:-}" ]]; then
    echo "CODEX_BAZEL_WINDOWS_PATH must be set for Windows Bazel CI." >&2
    exit 1
  fi

-  if [[ $pass_windows_build_env -eq 1 ]]; then
-    post_config_bazel_args+=(
-      "--action_env=PATH=${CODEX_BAZEL_WINDOWS_PATH}"
-      "--host_action_env=PATH=${CODEX_BAZEL_WINDOWS_PATH}"
-    )
-  elif [[ $windows_cross_compile -eq 1 ]]; then
-    # Remote build actions run on Linux RBE workers. Give their shell snippets
-    # a Linux PATH while preserving CODEX_BAZEL_WINDOWS_PATH below for local
-    # Windows test execution.
-    post_config_bazel_args+=(
-      "--action_env=PATH=/usr/bin:/bin"
-      "--host_action_env=PATH=/usr/bin:/bin"
-    )
-  fi
-  post_config_bazel_args+=("--test_env=PATH=${CODEX_BAZEL_WINDOWS_PATH}")
+  post_config_bazel_args+=(
+    "--action_env=PATH=${CODEX_BAZEL_WINDOWS_PATH}"
+    "--host_action_env=PATH=${CODEX_BAZEL_WINDOWS_PATH}"
+    "--test_env=PATH=${CODEX_BAZEL_WINDOWS_PATH}"
+  )
 fi

 bazel_console_log="$(mktemp)"
--- a/.github/scripts/run-bazel-query-ci.sh
+++ b/.github/scripts/run-bazel-query-ci.sh
@@ -6,13 +6,8 @@ set -euo pipefail
 # invocation so target-discovery queries can reuse the same Bazel server.

 query_args=()
-windows_cross_compile=0
 while [[ $# -gt 0 ]]; do
  case "$1" in
-    --windows-cross-compile)
-      windows_cross_compile=1
-      shift
-      ;;
    --)
      shift
      break
@@ -25,7 +20,7 @@ while [[ $# -gt 0 ]]; do
 done

 if [[ $# -ne 1 ]]; then
-  echo "Usage: $0 [--windows-cross-compile] [<bazel query args>...] -- <query expression>" >&2
+  echo "Usage: $0 [<bazel query args>...] -- <query expression>" >&2
  exit 1
 fi

@@ -37,11 +32,7 @@ case "${RUNNER_OS:-}" in
    ci_config=ci-macos
    ;;
  Windows)
-    if [[ $windows_cross_compile -eq 1 ]]; then
-      ci_config=ci-windows-cross
-    else
-      ci_config=ci-windows
-    fi
+    ci_config=ci-windows
    ;;
 esac

--- a/.github/scripts/rusty_v8_bazel.py
+++ b/.github/scripts/rusty_v8_bazel.py
@@ -63,10 +63,8 @@ def bazel_output_files(
    platform: str,
    labels: list[str],
    compilation_mode: str = "fastbuild",
-    bazel_configs: list[str] | None = None,
 ) -> list[Path]:
    expression = "set(" + " ".join(labels) + ")"
-    bazel_configs = bazel_configs or []
    result = subprocess.run(
        [
            "bazel",
@@ -74,7 +72,6 @@ def bazel_output_files(
            "-c",
            compilation_mode,
            f"--platforms=@llvm//platforms:{platform}",
-            *[f"--config={config}" for config in bazel_configs],
            "--output=files",
            expression,
        ],
@@ -90,9 +87,7 @@ def bazel_build(
    platform: str,
    labels: list[str],
    compilation_mode: str = "fastbuild",
-    bazel_configs: list[str] | None = None,
 ) -> None:
-    bazel_configs = bazel_configs or []
    subprocess.run(
        [
            "bazel",
@@ -100,7 +95,6 @@ def bazel_build(
            "-c",
            compilation_mode,
            f"--platforms=@llvm//platforms:{platform}",
-            *[f"--config={config}" for config in bazel_configs],
            *labels,
        ],
        cwd=ROOT,
@@ -112,14 +106,13 @@ def ensure_bazel_output_files(
    platform: str,
    labels: list[str],
    compilation_mode: str = "fastbuild",
-    bazel_configs: list[str] | None = None,
 ) -> list[Path]:
-    outputs = bazel_output_files(platform, labels, compilation_mode, bazel_configs)
+    outputs = bazel_output_files(platform, labels, compilation_mode)
    if all(path.exists() for path in outputs):
        return outputs

-    bazel_build(platform, labels, compilation_mode, bazel_configs)
-    outputs = bazel_output_files(platform, labels, compilation_mode, bazel_configs)
+    bazel_build(platform, labels, compilation_mode)
+    outputs = bazel_output_files(platform, labels, compilation_mode)
    missing = [str(path) for path in outputs if not path.exists()]
    if missing:
        raise SystemExit(f"missing built outputs for {labels}: {missing}")
@@ -194,9 +187,8 @@ def single_bazel_output_file(
    platform: str,
    label: str,
    compilation_mode: str = "fastbuild",
-    bazel_configs: list[str] | None = None,
 ) -> Path:
-    outputs = ensure_bazel_output_files(platform, [label], compilation_mode, bazel_configs)
+    outputs = ensure_bazel_output_files(platform, [label], compilation_mode)
    if len(outputs) != 1:
        raise SystemExit(f"expected exactly one output for {label}, found {outputs}")
    return outputs[0]
@@ -206,17 +198,11 @@ def merged_musl_archive(
    platform: str,
    lib_path: Path,
    compilation_mode: str = "fastbuild",
-    bazel_configs: list[str] | None = None,
 ) -> Path:
-    llvm_ar = single_bazel_output_file(platform, LLVM_AR_LABEL, compilation_mode, bazel_configs)
-    llvm_ranlib = single_bazel_output_file(
-        platform,
-        LLVM_RANLIB_LABEL,
-        compilation_mode,
-        bazel_configs,
-    )
+    llvm_ar = single_bazel_output_file(platform, LLVM_AR_LABEL, compilation_mode)
+    llvm_ranlib = single_bazel_output_file(platform, LLVM_RANLIB_LABEL, compilation_mode)
    runtime_archives = [
-        single_bazel_output_file(platform, label, compilation_mode, bazel_configs)
+        single_bazel_output_file(platform, label, compilation_mode)
        for label in MUSL_RUNTIME_ARCHIVE_LABELS
    ]

@@ -247,13 +233,11 @@ def stage_release_pair(
    target: str,
    output_dir: Path,
    compilation_mode: str = "fastbuild",
-    bazel_configs: list[str] | None = None,
 ) -> None:
    outputs = ensure_bazel_output_files(
        platform,
        [release_pair_label(target)],
        compilation_mode,
-        bazel_configs,
    )

    try:
@@ -270,7 +254,7 @@ def stage_release_pair(
    staged_library = output_dir / staged_archive_name(target, lib_path)
    staged_binding = output_dir / f"src_binding_release_{target}.rs"
    source_archive = (
-        merged_musl_archive(platform, lib_path, compilation_mode, bazel_configs)
+        merged_musl_archive(platform, lib_path, compilation_mode)
        if is_musl_archive_target(target, lib_path)
        else lib_path
    )
@@ -309,12 +293,6 @@ def parse_args() -> argparse.Namespace:
    stage_release_pair_parser.add_argument("--platform", required=True)
    stage_release_pair_parser.add_argument("--target", required=True)
    stage_release_pair_parser.add_argument("--output-dir", required=True)
-    stage_release_pair_parser.add_argument(
-        "--bazel-config",
-        action="append",
-        default=[],
-        dest="bazel_configs",
-    )
    stage_release_pair_parser.add_argument(
        "--compilation-mode",
        default="fastbuild",
@@ -352,7 +330,6 @@ def main() -> int:
            target=args.target,
            output_dir=Path(args.output_dir),
            compilation_mode=args.compilation_mode,
-            bazel_configs=args.bazel_configs,
        )
        return 0
    if args.command == "resolved-v8-crate-version":
--- a/.github/scripts/verify_cargo_workspace_manifests.py
+++ b/.github/scripts/verify_cargo_workspace_manifests.py
@@ -25,10 +25,7 @@ TOP_LEVEL_NAME_EXCEPTIONS = {
 UTILITY_NAME_EXCEPTIONS = {
    "path-utils": "codex-utils-path",
 }
-MANIFEST_FEATURE_EXCEPTIONS = {
-    "codex-rs/code-mode/Cargo.toml": {"sandbox": ("v8/v8_enable_sandbox",)},
-    "codex-rs/v8-poc/Cargo.toml": {"sandbox": ("v8/v8_enable_sandbox",)},
-}
+MANIFEST_FEATURE_EXCEPTIONS = {}
 OPTIONAL_DEPENDENCY_EXCEPTIONS = set()
 INTERNAL_DEPENDENCY_FEATURE_EXCEPTIONS = {}

--- a/.github/workflows/bazel.yml
+++ b/.github/workflows/bazel.yml
@@ -17,10 +17,13 @@ concurrency:
  cancel-in-progress: ${{ github.ref_name != 'main' }}
 jobs:
  test:
-    # PRs use a fast Windows cross-compiled test leg for pre-merge signal.
-    # Post-merge pushes to main also run the native Windows test job below for
-    # broader Windows signal without putting PR latency back on the critical
-    # path. Cargo CI owns V8/code-mode test coverage for now.
+    # Even though a no-cache-hit Windows build seems to exceed the 30-minute
+    # limit on occasion, the more common reason for exceeding the limit is a
+    # true test failure in a rust_test() marked "flaky" that gets run 3x.
+    # In that case, extra time generally does not give us more signal.
+    #
+    # Ultimately we need true distributed builds (e.g.,
+    # https://www.buildbuddy.io/docs/rbe-setup/) to speed things up.
    timeout-minutes: 30
    strategy:
      fail-fast: false
@@ -44,16 +47,13 @@ jobs:
          # - os: ubuntu-24.04-arm
          #   target: aarch64-unknown-linux-gnu

-          # Windows fast path: build the windows-gnullvm binaries with Linux
-          # RBE, then run the resulting Windows tests on the Windows runner.
-          # Cargo CI preserves V8/code-mode coverage while Bazel CI keeps broad
-          # non-code-mode signal.
+          # Windows
          - os: windows-latest
            target: x86_64-pc-windows-gnullvm
    runs-on: ${{ matrix.os }}

    # Configure a human readable name for each job
-    name: Bazel test on ${{ matrix.os }} for ${{ matrix.target }}
+    name: Local Bazel build on ${{ matrix.os }} for ${{ matrix.target }}

    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
@@ -88,15 +88,9 @@ jobs:
            # path. V8 consumers under `//codex-rs/...` still participate
            # transitively through `//...`.
            -//third_party/v8:all
-            # V8-backed code-mode tests are covered by Cargo CI. Bazel CI
-            # cross-compiles in several legs, and those tests are not stable in
-            # that setup yet.
-            -//codex-rs/code-mode:code-mode-unit-tests
-            -//codex-rs/v8-poc:v8-poc-unit-tests
          )

          bazel_wrapper_args=(
-            --print-failed-action-summary
            --print-failed-test-logs
          )
          bazel_test_args=(
@@ -106,10 +100,8 @@ jobs:
            --build_metadata=COMMIT_SHA=${GITHUB_SHA}
          )
          if [[ "${RUNNER_OS}" == "Windows" ]]; then
-            bazel_wrapper_args+=(
-              --windows-cross-compile
-              --remote-download-toplevel
-            )
+            bazel_wrapper_args+=(--windows-msvc-host-platform)
+            bazel_test_args+=(--jobs=8)
          fi

          ./.github/scripts/run-bazel-ci.sh \
@@ -138,79 +130,6 @@ jobs:
          path: ${{ steps.prepare_bazel.outputs.repository-cache-path }}
          key: ${{ steps.prepare_bazel.outputs.repository-cache-key }}

-  test-windows-native-main:
-    # Native Windows Bazel tests are slower and frequently approach the
-    # 30-minute PR budget. Run this only for post-merge commits to main and give
-    # it a larger timeout.
-    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
-    timeout-minutes: 40
-    runs-on: windows-latest
-    name: Bazel test on windows-latest for x86_64-pc-windows-gnullvm (native main)
-
-    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-
-      - name: Prepare Bazel CI
-        id: prepare_bazel
-        uses: ./.github/actions/prepare-bazel-ci
-        with:
-          target: x86_64-pc-windows-gnullvm
-          cache-scope: bazel-${{ github.job }}
-          install-test-prereqs: "true"
-
-      - name: bazel test //...
-        env:
-          BUILDBUDDY_API_KEY: ${{ secrets.BUILDBUDDY_API_KEY }}
-        shell: bash
-        run: |
-          bazel_targets=(
-            //...
-            # Keep standalone V8 library targets out of the ordinary Bazel CI
-            # path. V8 consumers under `//codex-rs/...` still participate
-            # transitively through `//...`.
-            -//third_party/v8:all
-            # Keep this aligned with the main Bazel job. The native Windows
-            # job preserves broad post-merge coverage, but code-mode/V8 tests
-            # are covered by Cargo CI rather than Bazel for now.
-            -//codex-rs/code-mode:code-mode-unit-tests
-            -//codex-rs/v8-poc:v8-poc-unit-tests
-          )
-
-          bazel_test_args=(
-            test
-            --test_tag_filters=-argument-comment-lint
-            --test_verbose_timeout_warnings
-            --build_metadata=COMMIT_SHA=${GITHUB_SHA}
-            --build_metadata=TAG_windows_native_main=true
-          )
-
-          ./.github/scripts/run-bazel-ci.sh \
-            --print-failed-action-summary \
-            --print-failed-test-logs \
-            -- \
-            "${bazel_test_args[@]}" \
-            -- \
-            "${bazel_targets[@]}"
-
-      - name: Upload Bazel execution logs
-        if: always() && !cancelled()
-        continue-on-error: true
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
-        with:
-          name: bazel-execution-logs-test-windows-native-x86_64-pc-windows-gnullvm
-          path: ${{ runner.temp }}/bazel-execution-logs
-          if-no-files-found: ignore
-
-      # Save the job-scoped Bazel repository cache after cache misses. Keep the
-      # upload non-fatal so cache service issues never fail the job itself.
-      - name: Save bazel repository cache
-        if: always() && !cancelled() && steps.prepare_bazel.outputs.repository-cache-hit != 'true'
-        continue-on-error: true
-        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
-        with:
-          path: ${{ steps.prepare_bazel.outputs.repository-cache-path }}
-          key: ${{ steps.prepare_bazel.outputs.repository-cache-key }}
-
  clippy:
    timeout-minutes: 30
    strategy:
@@ -251,24 +170,17 @@ jobs:
            --build_metadata=TAG_job=clippy
          )
          bazel_wrapper_args=()
-          bazel_target_list_args=()
          if [[ "${RUNNER_OS}" == "Windows" ]]; then
-            # Keep this aligned with the fast Windows Bazel test job: use
-            # Linux RBE for clippy build actions while targeting Windows
-            # gnullvm. Fork/community PRs without the BuildBuddy secret fall
-            # back inside `run-bazel-ci.sh` to the previous local Windows MSVC
-            # host-platform shape.
-            bazel_wrapper_args+=(--windows-cross-compile)
-            bazel_target_list_args+=(--windows-cross-compile)
-            if [[ -z "${BUILDBUDDY_API_KEY:-}" ]]; then
-              # The fork fallback can see incompatible explicit Windows-cross
-              # internal test binaries in the generated target list. Preserve
-              # the old local-fallback behavior there.
-              bazel_clippy_args+=(--skip_incompatible_explicit_targets)
-            fi
+            # Keep this aligned with the Windows Bazel test job. With the
+            # default `//:local_windows` host platform, Windows `rust_test`
+            # targets such as `//codex-rs/core:core-all-test` can be skipped
+            # by `--skip_incompatible_explicit_targets`, which hides clippy
+            # diagnostics from integration-test modules.
+            bazel_wrapper_args+=(--windows-msvc-host-platform)
+            bazel_clippy_args+=(--skip_incompatible_explicit_targets)
          fi

-          bazel_target_lines="$(./scripts/list-bazel-clippy-targets.sh "${bazel_target_list_args[@]}")"
+          bazel_target_lines="$(./scripts/list-bazel-clippy-targets.sh)"
          bazel_targets=()
          while IFS= read -r target; do
            bazel_targets+=("${target}")
@@ -340,12 +252,7 @@ jobs:
          # Rust debug assertions explicitly.
          bazel_wrapper_args=()
          if [[ "${RUNNER_OS}" == "Windows" ]]; then
-            # This is build-only signal, so use the same Linux-RBE
-            # cross-compile path as the fast Windows test and clippy jobs.
-            # Fork/community PRs without the BuildBuddy secret fall back
-            # inside `run-bazel-ci.sh` to the previous local Windows MSVC
-            # host-platform shape.
-            bazel_wrapper_args+=(--windows-cross-compile)
+            bazel_wrapper_args+=(--windows-msvc-host-platform)
          fi

          bazel_build_args=(
@@ -371,22 +278,6 @@ jobs:
            -- \
            "${bazel_targets[@]}"

-      - name: Verify Bazel builds bwrap
-        if: runner.os == 'Linux'
-        env:
-          BUILDBUDDY_API_KEY: ${{ secrets.BUILDBUDDY_API_KEY }}
-        shell: bash
-        run: |
-          ./.github/scripts/run-bazel-ci.sh \
-            --remote-download-toplevel \
-            --print-failed-action-summary \
-            -- \
-            build \
-            --build_metadata=COMMIT_SHA=${GITHUB_SHA} \
-            --build_metadata=TAG_job=verify-bwrap \
-            -- \
-            //codex-rs/bwrap:bwrap
-
      - name: Upload Bazel execution logs
        if: always() && !cancelled()
        continue-on-error: true
--- a/.github/workflows/cargo-deny.yml
+++ b/.github/workflows/cargo-deny.yml
@@ -17,10 +17,10 @@ jobs:
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

      - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@a0b273b48ed29de4470960879e8381ff45632f26 # 1.93.0
+        uses: dtolnay/rust-toolchain@631a55b12751854ce901bb631d5902ceb48146f7 # stable

      - name: Run cargo-deny
        uses: EmbarkStudios/cargo-deny-action@82eb9f621fbc699dd0918f3ea06864c14cc84246 # v2
        with:
-          rust-version: 1.93.0
+          rust-version: stable
          manifest-path: ./codex-rs/Cargo.toml
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -45,19 +45,12 @@ jobs:
          GH_TOKEN: ${{ github.token }}
        run: |
          set -euo pipefail
-          # Use a recent successful rust-release run that published the full
-          # cross-platform native payload required by the npm package layout.
-          # Passing the workflow URL directly avoids relying on old rust-v*
-          # branches remaining discoverable via `gh run list --branch ...`.
-          CODEX_VERSION=0.125.0
-          WORKFLOW_URL="https://github.com/openai/codex/actions/runs/24901475298"
+          # Use a rust-release version that includes all native binaries.
+          CODEX_VERSION=0.115.0
          OUTPUT_DIR="${RUNNER_TEMP}"
-          # This reused workflow predates the standalone bwrap artifact.
          python3 ./scripts/stage_npm_packages.py \
            --release-version "$CODEX_VERSION" \
-            --workflow-url "$WORKFLOW_URL" \
            --package codex \
-            --allow-missing-native-component bwrap \
            --output-dir "$OUTPUT_DIR"
          PACK_OUTPUT="${OUTPUT_DIR}/codex-npm-${CODEX_VERSION}.tgz"
          echo "pack_output=$PACK_OUTPUT" >> "$GITHUB_OUTPUT"
--- a/.github/workflows/issue-labeler.yml
+++ b/.github/workflows/issue-labeler.yml
@@ -44,7 +44,7 @@ jobs:
            6. iOS — Issues with the Codex iOS app.

            - Additionally add zero or more of the following labels that are relevant to the issue content. Prefer a small set of precise labels over many broad ones.
-            - For agent-area issues, prefer the most specific applicable label. Use "agent" only as a fallback for agent-related issues that do not fit a more specific agent-area label. Prefer "app-server" over "session" or "config" when the issue is about app-server protocol, API, RPC, schema, launch, or bridge behavior. Use "memory" for agentic memory storage/retrieval and "performance" for high process memory utilization or memory leaks.
+            - For agent-area issues, prefer the most specific applicable label. Use "agent" only as a fallback for agent-related issues that do not fit a more specific agent-area label. Prefer "app-server" over "session" or "config" when the issue is about app-server protocol, API, RPC, schema, launch, or bridge behavior.
            1. windows-os — Bugs or friction specific to Windows environments (always when PowerShell is mentioned, path handling, copy/paste, OS-specific auth or tooling failures).
            2. mcp — Topics involving Model Context Protocol servers/clients.
            3. mcp-server — Problems related to the codex mcp-server command, where codex runs as an MCP server.
@@ -68,15 +68,7 @@ jobs:
            21. session - Issues involving session or thread management, including resume, fork, archive, rename/title, thread history, rollout persistence, compaction, checkpoints, retention, and cross-session state.
            22. config - Issues involving config.toml, config keys, config key merging, config updates, profiles, hooks config, project config, agent role TOMLs, instruction/personality config, and config schema behavior.
            23. plan - Issues involving plan mode, planning workflows, or plan-specific tools/behavior.
-            24. computer-use - Issues involving agentic computer use or SkyComputerUseService.
-            25. browser - Issues involving agentic browser use, IAB, or the built-in browser within the Codex app.
-            26. memory - Issues involving agentic memory storage and retrieval.
-            27. imagen - Issues involving image generation.
-            28. remote - Issues involving remote access, remote control, or SSH.
-            29. performance - Issues involving slow, laggy performance, high memory utilization, or memory leaks.
-            30. automations - Issues involving scheduled automation tasks or heartbeats.
-            31. pets - Issues involving pets avatars and animations.
-            32. agent - Fallback only for core agent loop or agent-related issues that do not fit app-server, connectivity, subagent, session, config, plan, computer-use, browser, memory, imagen, remote, performance, automations, or pets.
+            24. agent - Fallback only for core agent loop or agent-related issues that do not fit app-server, connectivity, subagent, session, config, or plan.

            Issue number: ${{ github.event.issue.number }}

--- a/.github/workflows/rust-release-windows.yml
+++ b/.github/workflows/rust-release-windows.yml
@@ -24,9 +24,7 @@ jobs:
  build-windows-binaries:
    name: Build Windows binaries - ${{ matrix.runner }} - ${{ matrix.target }} - ${{ matrix.bundle }}
    runs-on: ${{ matrix.runs_on }}
-    # Windows release builds can exceed an hour on fat-LTO mainline releases,
-    # so keep the timeout aligned with the top-level release build headroom.
-    timeout-minutes: 90
+    timeout-minutes: 60
    permissions:
      contents: read
    defaults:
@@ -139,7 +137,7 @@ jobs:
      - build-windows-binaries
    name: Build - ${{ matrix.runner }} - ${{ matrix.target }}
    runs-on: ${{ matrix.runs_on }}
-    timeout-minutes: 90
+    timeout-minutes: 60
    permissions:
      contents: read
      id-token: write
--- a/.github/workflows/rust-release.yml
+++ b/.github/workflows/rust-release.yml
@@ -20,7 +20,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - uses: dtolnay/rust-toolchain@a0b273b48ed29de4470960879e8381ff45632f26 # 1.93.0
+      - uses: dtolnay/rust-toolchain@c2b55edffaf41a251c410bb32bed22afefa800f1 # 1.92
      - name: Validate tag matches Cargo.toml version
        shell: bash
        run: |
@@ -49,9 +49,7 @@ jobs:
    needs: tag-check
    name: Build - ${{ matrix.runner }} - ${{ matrix.target }} - ${{ matrix.bundle }}
    runs-on: ${{ matrix.runs_on || matrix.runner }}
-    # Release builds can take a long time, so leave some headroom to avoid
-    # having to restart the full workflow due to a timeout.
-    timeout-minutes: 90
+    timeout-minutes: 60
    permissions:
      contents: read
      id-token: write
@@ -96,7 +94,7 @@ jobs:
            target: x86_64-unknown-linux-musl
            bundle: primary
            artifact_name: x86_64-unknown-linux-musl
-            binaries: "codex codex-responses-api-proxy bwrap"
+            binaries: "codex codex-responses-api-proxy"
            build_dmg: "false"
          - runner: ubuntu-24.04
            target: x86_64-unknown-linux-musl
@@ -108,7 +106,7 @@ jobs:
            target: aarch64-unknown-linux-musl
            bundle: primary
            artifact_name: aarch64-unknown-linux-musl
-            binaries: "codex codex-responses-api-proxy bwrap"
+            binaries: "codex codex-responses-api-proxy"
            build_dmg: "false"
          - runner: ubuntu-24.04-arm
            target: aarch64-unknown-linux-musl
@@ -255,24 +253,6 @@ jobs:
        with:
          target: ${{ matrix.target }}

-      - if: ${{ contains(matrix.target, 'linux') && matrix.bundle == 'primary' }}
-        name: Build bwrap and export digest
-        shell: bash
-        run: |
-          set -euo pipefail
-          target="${{ matrix.target }}"
-          cargo build --target "$target" --release --timings --bin bwrap
-
-          bwrap_path="target/${target}/release/bwrap"
-          if [[ ! -f "$bwrap_path" ]]; then
-            echo "bwrap binary ${bwrap_path} not found"
-            exit 1
-          fi
-
-          digest="$(sha256sum "$bwrap_path" | awk '{print $1}')"
-          echo "CODEX_BWRAP_SHA256=${digest}" >> "$GITHUB_ENV"
-          echo "Built bwrap ${bwrap_path} with sha256:${digest}"
-
      - name: Cargo build
        shell: bash
        run: |
@@ -379,17 +359,6 @@ jobs:
            fi
          done

-          if [[ "${{ matrix.target }}" == *linux* && "${{ matrix.bundle }}" == "primary" ]]; then
-            bundle_root="${RUNNER_TEMP}/codex-${{ matrix.target }}-bundle"
-            rm -rf "$bundle_root"
-            mkdir -p "$bundle_root/codex-resources"
-            cp "$dest/codex-${{ matrix.target }}" "$bundle_root/codex"
-            cp "$dest/bwrap-${{ matrix.target }}" "$bundle_root/codex-resources/bwrap"
-            chmod 0755 "$bundle_root/codex" "$bundle_root/codex-resources/bwrap"
-            tar -C "$bundle_root" -cf - codex codex-resources/bwrap |
-              zstd -T0 -19 -o "$dest/codex-${{ matrix.target }}-bundle.tar.zst"
-          fi
-
          if [[ "${{ matrix.build_dmg }}" == "true" ]]; then
            cp target/${{ matrix.target }}/release/codex-${{ matrix.target }}.dmg "$dest/codex-${{ matrix.target }}.dmg"
          fi
@@ -413,7 +382,7 @@ jobs:
            base="$(basename "$f")"
            # Skip files that are already archives (shouldn't happen, but be
            # safe).
-            if [[ "$base" == *.tar.gz || "$base" == *.tar.zst || "$base" == *.zip || "$base" == *.dmg ]]; then
+            if [[ "$base" == *.tar.gz || "$base" == *.zip || "$base" == *.dmg ]]; then
              continue
            fi

@@ -433,8 +402,8 @@ jobs:
      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
        with:
          name: ${{ matrix.artifact_name }}
-          # Upload the per-binary .zst files, .tar.gz equivalents, and any
-          # prebuilt archives staged above.
+          # Upload the per-binary .zst files as well as the new .tar.gz
+          # equivalents we generated in the previous step.
          path: |
            codex-rs/dist/${{ matrix.target }}/*

--- a/.github/workflows/rusty-v8-release.yml
+++ b/.github/workflows/rusty-v8-release.yml
@@ -1,12 +1,20 @@
 name: rusty-v8-release

 on:
-  push:
-    tags:
-      - "rusty-v8-v*.*.*"
+  workflow_dispatch:
+    inputs:
+      release_tag:
+        description: Optional release tag. Defaults to rusty-v8-v<resolved_v8_version>.
+        required: false
+        type: string
+      publish:
+        description: Publish the staged musl artifacts to a GitHub release.
+        required: false
+        default: true
+        type: boolean

 concurrency:
-  group: ${{ github.workflow }}::${{ github.ref_name }}
+  group: ${{ github.workflow }}::${{ inputs.release_tag || github.run_id }}
  cancel-in-progress: false

 jobs:
@@ -35,17 +43,15 @@ jobs:
      - name: Resolve release tag
        id: release_tag
        env:
-          GITHUB_REF_NAME: ${{ github.ref_name }}
+          RELEASE_TAG_INPUT: ${{ inputs.release_tag }}
          V8_VERSION: ${{ steps.v8_version.outputs.version }}
        shell: bash
        run: |
          set -euo pipefail

-          expected_release_tag="rusty-v8-v${V8_VERSION}"
-          release_tag="${GITHUB_REF_NAME}"
-          if [[ "${release_tag}" != "${expected_release_tag}" ]]; then
-            echo "Tag ${release_tag} does not match resolved v8 crate version ${V8_VERSION}." >&2
-            exit 1
+          release_tag="${RELEASE_TAG_INPUT}"
+          if [[ -z "${release_tag}" ]]; then
+            release_tag="rusty-v8-v${V8_VERSION}"
          fi

          echo "release_tag=${release_tag}" >> "$GITHUB_OUTPUT"
@@ -72,9 +78,7 @@ jobs:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

      - name: Set up Bazel
-        uses: ./.github/actions/setup-bazel-ci
-        with:
-          target: ${{ matrix.target }}
+        uses: bazelbuild/setup-bazelisk@b39c379c82683a5f25d34f0d062761f62693e0b2 # v3

      - name: Set up Python
        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
@@ -105,7 +109,6 @@ jobs:
            -c
            opt
            "--platforms=@llvm//platforms:${PLATFORM}"
-            --config=v8-release-compat
            "${pair_target}"
            "${extra_targets[@]}"
            --build_metadata=COMMIT_SHA=$(git rev-parse HEAD)
@@ -129,7 +132,6 @@ jobs:
            --platform "${PLATFORM}" \
            --target "${TARGET}" \
            --compilation-mode opt \
-            --bazel-config v8-release-compat \
            --output-dir "dist/${TARGET}"

      - name: Upload staged musl artifacts
@@ -139,6 +141,7 @@ jobs:
          path: dist/${{ matrix.target }}/*

  publish-release:
+    if: ${{ inputs.publish }}
    needs:
      - metadata
      - build
@@ -148,6 +151,16 @@ jobs:
      actions: read

    steps:
+      - name: Ensure publishing from default branch
+        if: ${{ github.ref_name != github.event.repository.default_branch }}
+        env:
+          DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
+        shell: bash
+        run: |
+          set -euo pipefail
+          echo "Publishing is only allowed from ${DEFAULT_BRANCH}; current ref is ${GITHUB_REF_NAME}." >&2
+          exit 1
+
      - name: Ensure release tag is new
        env:
          GH_TOKEN: ${{ github.token }}
--- a/.github/workflows/v8-canary.yml
+++ b/.github/workflows/v8-canary.yml
@@ -3,7 +3,6 @@ name: v8-canary
 on:
  pull_request:
    paths:
-      - ".github/actions/setup-bazel-ci/**"
      - ".github/scripts/rusty_v8_bazel.py"
      - ".github/workflows/rusty-v8-release.yml"
      - ".github/workflows/v8-canary.yml"
@@ -17,7 +16,6 @@ on:
    branches:
      - main
    paths:
-      - ".github/actions/setup-bazel-ci/**"
      - ".github/scripts/rusty_v8_bazel.py"
      - ".github/workflows/rusty-v8-release.yml"
      - ".github/workflows/v8-canary.yml"
@@ -77,9 +75,7 @@ jobs:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

      - name: Set up Bazel
-        uses: ./.github/actions/setup-bazel-ci
-        with:
-          target: ${{ matrix.target }}
+        uses: bazelbuild/setup-bazelisk@b39c379c82683a5f25d34f0d062761f62693e0b2 # v3

      - name: Set up Python
        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
@@ -105,7 +101,6 @@ jobs:
          bazel_args=(
            build
            "--platforms=@llvm//platforms:${PLATFORM}"
-            --config=v8-release-compat
            "${pair_target}"
            "${extra_targets[@]}"
            --build_metadata=COMMIT_SHA=$(git rev-parse HEAD)
@@ -128,7 +123,6 @@ jobs:
          python3 .github/scripts/rusty_v8_bazel.py stage-release-pair \
            --platform "${PLATFORM}" \
            --target "${TARGET}" \
-            --bazel-config v8-release-compat \
            --output-dir "dist/${TARGET}"

      - name: Upload staged musl artifacts
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -19,12 +19,6 @@ In the codex-rs folder where the rust code lives:
  - You can run `just argument-comment-lint` to run the lint check locally. This is powered by Bazel, so running it the first time can be slow if Bazel is not warmed up, though incremental invocations should take <15s. Most of the time, it is best to update the PR and let CI take responsibility for checking this (or run it asynchronously in the background after submitting the PR). Note CI checks all three platforms, which the local run does not.
 - When possible, make `match` statements exhaustive and avoid wildcard arms.
 - Newly added traits should include doc comments that explain their role and how implementations are expected to use them.
- Discourage both `#[async_trait]` and `#[allow(async_fn_in_trait)]` in Rust traits.
-  - Prefer native RPITIT trait methods with explicit `Send` bounds on the returned future, as in `3c7f013f9735` / `#16630`.
-  - Preferred trait shape:
-    `fn foo(&self, ...) -> impl std::future::Future<Output = T> + Send;`
-  - Implementations may still use `async fn foo(&self, ...) -> T` when they satisfy that contract.
-  - Do not use `#[allow(async_fn_in_trait)]` as a shortcut around spelling the future contract explicitly.
 - When writing tests, prefer comparing the equality of entire objects over fields one by one.
 - When making a change that adds or changes an API, ensure that the documentation in the `docs/` folder is up to date if applicable.
 - Prefer private modules and explicitly exported public crate API.
--- a/BUILD.bazel
+++ b/BUILD.bazel
@@ -30,40 +30,6 @@ platform(
    parents = ["@platforms//host"],
 )

-platform(
-    name = "windows_x86_64_gnullvm",
-    constraint_values = [
-        "@platforms//cpu:x86_64",
-        "@platforms//os:windows",
-        "@rules_rs//rs/experimental/platforms/constraints:windows_gnullvm",
-    ],
-)
-
-platform(
-    name = "windows_x86_64_msvc",
-    constraint_values = [
-        "@platforms//cpu:x86_64",
-        "@platforms//os:windows",
-        "@rules_rs//rs/experimental/platforms/constraints:windows_msvc",
-    ],
-)
-
-toolchain(
-    name = "windows_gnullvm_tests_on_msvc_host_toolchain",
-    exec_compatible_with = [
-        "@platforms//cpu:x86_64",
-        "@platforms//os:windows",
-        "@rules_rs//rs/experimental/platforms/constraints:windows_msvc",
-    ],
-    target_compatible_with = [
-        "@platforms//cpu:x86_64",
-        "@platforms//os:windows",
-        "@rules_rs//rs/experimental/platforms/constraints:windows_gnullvm",
-    ],
-    toolchain = "@bazel_tools//tools/test:empty_toolchain",
-    toolchain_type = "@bazel_tools//tools/test:default_test_toolchain_type",
-)
-
 alias(
    name = "rbe",
    actual = "@rbe_platform",
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -327,18 +327,6 @@ crate.annotation(
        "RUSTY_V8_SRC_BINDING_PATH": "$(execpath @v8_targets//:rusty_v8_binding_for_target)",
    },
    crate = "v8",
-    # Keep the Rust feature aligned with the source-built Bazel artifacts.
-    # Windows MSVC still consumes upstream non-sandboxed prebuilts.
-    crate_features_select = {
-        "aarch64-apple-darwin": ["v8_enable_sandbox"],
-        "aarch64-pc-windows-gnullvm": ["v8_enable_sandbox"],
-        "aarch64-unknown-linux-gnu": ["v8_enable_sandbox"],
-        "aarch64-unknown-linux-musl": ["v8_enable_sandbox"],
-        "x86_64-apple-darwin": ["v8_enable_sandbox"],
-        "x86_64-pc-windows-gnullvm": ["v8_enable_sandbox"],
-        "x86_64-unknown-linux-gnu": ["v8_enable_sandbox"],
-        "x86_64-unknown-linux-musl": ["v8_enable_sandbox"],
-    },
    gen_build_script = "on",
    patch_args = ["-p1"],
    patches = [
--- a/MODULE.bazel.lock
+++ b/MODULE.bazel.lock
@@ -1560,7 +1560,6 @@
      "system-deps_7.0.7": "{\"dependencies\":[{\"kind\":\"dev\",\"name\":\"assert_matches\",\"req\":\"^1.5\"},{\"features\":[\"targets\"],\"name\":\"cfg-expr\",\"req\":\">=0.17, <0.21\"},{\"name\":\"heck\",\"req\":\"^0.5\"},{\"kind\":\"dev\",\"name\":\"itertools\",\"req\":\"^0.14\"},{\"kind\":\"dev\",\"name\":\"lazy_static\",\"req\":\"^1\"},{\"name\":\"pkg-config\",\"req\":\"^0.3.25\"},{\"default_features\":false,\"features\":[\"parse\",\"std\"],\"name\":\"toml\",\"req\":\"^0.9\"},{\"name\":\"version-compare\",\"req\":\"^0.2\"}],\"features\":{}}",
      "tagptr_0.2.0": "{\"dependencies\":[],\"features\":{}}",
      "tar_0.4.44": "{\"dependencies\":[{\"name\":\"filetime\",\"req\":\"^0.2.8\"},{\"name\":\"libc\",\"req\":\"^0.2\",\"target\":\"cfg(unix)\"},{\"kind\":\"dev\",\"name\":\"tempfile\",\"req\":\"^3\"},{\"name\":\"xattr\",\"optional\":true,\"req\":\"^1.1.3\",\"target\":\"cfg(unix)\"}],\"features\":{\"default\":[\"xattr\"]}}",
-      "tar_0.4.45": "{\"dependencies\":[{\"kind\":\"dev\",\"name\":\"astral-tokio-tar\",\"req\":\"^0.5\"},{\"name\":\"filetime\",\"req\":\"^0.2.8\"},{\"name\":\"libc\",\"req\":\"^0.2\",\"target\":\"cfg(unix)\"},{\"features\":[\"small_rng\"],\"kind\":\"dev\",\"name\":\"rand\",\"req\":\"^0.8\"},{\"kind\":\"dev\",\"name\":\"tempfile\",\"req\":\"^3\"},{\"features\":[\"macros\",\"rt\"],\"kind\":\"dev\",\"name\":\"tokio\",\"req\":\"^1\"},{\"kind\":\"dev\",\"name\":\"tokio-stream\",\"req\":\"^0.1\"},{\"name\":\"xattr\",\"optional\":true,\"req\":\"^1.1.3\",\"target\":\"cfg(unix)\"}],\"features\":{\"default\":[\"xattr\"]}}",
      "target-lexicon_0.13.3": "{\"dependencies\":[{\"name\":\"serde\",\"optional\":true,\"req\":\"^1.0\"},{\"kind\":\"dev\",\"name\":\"serde_json\",\"req\":\"^1.0\"}],\"features\":{\"arch_z80\":[],\"arch_zkasm\":[],\"default\":[],\"serde_support\":[\"serde\",\"std\"],\"std\":[]}}",
      "tempfile_3.27.0": "{\"dependencies\":[{\"kind\":\"dev\",\"name\":\"doc-comment\",\"req\":\"^0.3\"},{\"name\":\"fastrand\",\"req\":\"^2.1.1\"},{\"default_features\":false,\"name\":\"getrandom\",\"optional\":true,\"req\":\">=0.3.0, <0.5\",\"target\":\"cfg(any(unix, windows, target_os = \\\"wasi\\\"))\"},{\"default_features\":false,\"features\":[\"std\"],\"name\":\"once_cell\",\"req\":\"^1.19.0\"},{\"features\":[\"fs\"],\"name\":\"rustix\",\"req\":\"^1.1.4\",\"target\":\"cfg(any(unix, target_os = \\\"wasi\\\"))\"},{\"features\":[\"Win32_Storage_FileSystem\",\"Win32_Foundation\"],\"name\":\"windows-sys\",\"req\":\">=0.52, <0.62\",\"target\":\"cfg(windows)\"}],\"features\":{\"default\":[\"getrandom\"],\"nightly\":[]}}",
      "temporal_capi_0.1.2": "{\"dependencies\":[{\"default_features\":false,\"name\":\"diplomat\",\"req\":\"^0.14.0\"},{\"default_features\":false,\"name\":\"diplomat-runtime\",\"req\":\"^0.14.0\"},{\"default_features\":false,\"features\":[\"unstable\"],\"name\":\"icu_calendar\",\"req\":\"^2.1.0\"},{\"name\":\"icu_locale\",\"req\":\"^2.1.0\"},{\"default_features\":false,\"name\":\"num-traits\",\"req\":\"^0.2.19\"},{\"default_features\":false,\"name\":\"temporal_rs\",\"req\":\"^0.1.2\"},{\"name\":\"timezone_provider\",\"req\":\"^0.1.2\"},{\"name\":\"writeable\",\"req\":\"^0.6.0\"},{\"name\":\"zoneinfo64\",\"optional\":true,\"req\":\"^0.2.0\"}],\"features\":{\"compiled_data\":[\"temporal_rs/compiled_data\"],\"zoneinfo64\":[\"dep:zoneinfo64\",\"timezone_provider/zoneinfo64\"]}}",
--- a/codex-cli/scripts/build_npm_package.py
+++ b/codex-cli/scripts/build_npm_package.py
@@ -69,8 +69,8 @@ PACKAGE_EXPANSIONS: dict[str, list[str]] = {

 PACKAGE_NATIVE_COMPONENTS: dict[str, list[str]] = {
    "codex": [],
-    "codex-linux-x64": ["bwrap", "codex", "rg"],
-    "codex-linux-arm64": ["bwrap", "codex", "rg"],
+    "codex-linux-x64": ["codex", "rg"],
+    "codex-linux-arm64": ["codex", "rg"],
    "codex-darwin-x64": ["codex", "rg"],
    "codex-darwin-arm64": ["codex", "rg"],
    "codex-win32-x64": ["codex", "rg", "codex-windows-sandbox-setup", "codex-command-runner"],
@@ -87,7 +87,6 @@ PACKAGE_TARGET_FILTERS: dict[str, str] = {
 PACKAGE_CHOICES = tuple(PACKAGE_NATIVE_COMPONENTS)

 COMPONENT_DEST_DIR: dict[str, str] = {
-    "bwrap": "codex-resources",
    "codex": "codex",
    "codex-responses-api-proxy": "codex-responses-api-proxy",
    "codex-windows-sandbox-setup": "codex",
@@ -138,16 +137,6 @@ def parse_args() -> argparse.Namespace:
        type=Path,
        help="Directory containing pre-installed native binaries to bundle (vendor root).",
    )
-    parser.add_argument(
-        "--allow-missing-native-component",
-        dest="allow_missing_native_components",
-        action="append",
-        default=[],
-        help=(
-            "Native component that may be absent from --vendor-src. Intended for CI "
-            "compatibility with older artifact workflows; releases should not use this."
-        ),
-    )
    return parser.parse_args()


@@ -188,7 +177,6 @@ def main() -> int:
                staging_dir,
                native_components,
                target_filter={target_filter} if target_filter else None,
-                allow_missing_components=set(args.allow_missing_native_components),
            )

        if release_version:
@@ -377,14 +365,12 @@ def copy_native_binaries(
    staging_dir: Path,
    components: list[str],
    target_filter: set[str] | None = None,
-    allow_missing_components: set[str] | None = None,
 ) -> None:
    vendor_src = vendor_src.resolve()
    if not vendor_src.exists():
        raise RuntimeError(f"Vendor source directory not found: {vendor_src}")

    components_set = {component for component in components if component in COMPONENT_DEST_DIR}
-    allow_missing_components = allow_missing_components or set()
    if not components_set:
        return

@@ -413,8 +399,6 @@ def copy_native_binaries(

            src_component_dir = target_dir / dest_dir_name
            if not src_component_dir.exists():
-                if component in allow_missing_components:
-                    continue
                raise RuntimeError(
                    f"Missing native component '{component}' in vendor source: {src_component_dir}"
                )
--- a/codex-cli/scripts/install_native_deps.py
+++ b/codex-cli/scripts/install_native_deps.py
@@ -1,5 +1,5 @@
 #!/usr/bin/env python3
-"""Install Codex native binaries (Rust CLI, bwrap, and ripgrep helpers)."""
+"""Install Codex native binaries (Rust CLI plus ripgrep helpers)."""

 import argparse
 from contextlib import contextmanager
@@ -42,15 +42,8 @@ class BinaryComponent:


 WINDOWS_TARGETS = tuple(target for target in BINARY_TARGETS if "windows" in target)
-LINUX_TARGETS = tuple(target for target in BINARY_TARGETS if "linux" in target)

 BINARY_COMPONENTS = {
-    "bwrap": BinaryComponent(
-        artifact_prefix="bwrap",
-        dest_dir="codex-resources",
-        binary_basename="bwrap",
-        targets=LINUX_TARGETS,
-    ),
    "codex": BinaryComponent(
        artifact_prefix="codex",
        dest_dir="codex",
@@ -142,7 +135,7 @@ def parse_args() -> argparse.Namespace:
        choices=tuple(list(BINARY_COMPONENTS) + ["rg"]),
        help=(
            "Limit installation to the specified components."
-            " May be repeated. Defaults to bwrap, codex, codex-windows-sandbox-setup,"
+            " May be repeated. Defaults to codex, codex-windows-sandbox-setup,"
            " codex-command-runner, and rg."
        ),
    )
@@ -166,7 +159,6 @@ def main() -> int:
    vendor_dir.mkdir(parents=True, exist_ok=True)

    components = args.components or [
-        "bwrap",
        "codex",
        "codex-windows-sandbox-setup",
        "codex-command-runner",
--- a/codex-cli/scripts/run_in_container.sh
+++ b/codex-cli/scripts/run_in_container.sh
@@ -92,4 +92,4 @@ quoted_args=""
 for arg in "$@"; do
  quoted_args+=" $(printf '%q' "$arg")"
 done
-docker exec -it "$CONTAINER_NAME" bash -c "cd \"/app$WORK_DIR\" && codex --sandbox workspace-write --ask-for-approval on-request ${quoted_args}"
+docker exec -it "$CONTAINER_NAME" bash -c "cd \"/app$WORK_DIR\" && codex --full-auto ${quoted_args}"
--- a/codex-rs/.cargo/audit.toml
+++ b/codex-rs/.cargo/audit.toml
@@ -6,6 +6,4 @@ ignore = [
    "RUSTSEC-2024-0436", # paste 1.0.15 via starlark/ratatui; upstream crate is unmaintained
    "RUSTSEC-2024-0320", # yaml-rust via syntect; remove when syntect drops or updates it
    "RUSTSEC-2025-0141", # bincode via syntect; remove when syntect drops or updates it
-    "RUSTSEC-2026-0118", # hickory-proto via rama-dns/rama-tcp; remove when rama updates to hickory 0.26.1 or hickory-net
-    "RUSTSEC-2026-0119", # hickory-proto via rama-dns/rama-tcp; remove when rama updates to hickory 0.26.1 or hickory-net
 ]
--- a/codex-rs/.github/workflows/cargo-audit.yml
+++ b/codex-rs/.github/workflows/cargo-audit.yml
@@ -17,7 +17,7 @@ jobs:
        working-directory: codex-rs
    steps:
      - uses: actions/checkout@v4
-      - uses: dtolnay/rust-toolchain@a0b273b48ed29de4470960879e8381ff45632f26 # 1.93.0
+      - uses: dtolnay/rust-toolchain@stable
      - name: Install cargo-audit
        uses: taiki-e/install-action@v2
        with:
--- a/codex-rs/Cargo.lock
+++ b/codex-rs/Cargo.lock
@@ -1748,21 +1748,6 @@ dependencies = [
 "unicode-width 0.2.1",
 ]

-[[package]]
-name = "codex-agent-graph-store"
-version = "0.0.0"
-dependencies = [
- "async-trait",
- "codex-protocol",
- "codex-state",
- "pretty_assertions",
- "serde",
- "serde_json",
- "tempfile",
- "thiserror 2.0.18",
- "tokio",
-]
-
 [[package]]
 name = "codex-agent-identity"
 version = "0.0.0"
@@ -1857,8 +1842,8 @@ dependencies = [
 "chrono",
 "clap",
 "codex-analytics",
+ "codex-api",
 "codex-app-server-protocol",
- "codex-app-server-transport",
 "codex-arg0",
 "codex-backend-client",
 "codex-chatgpt",
@@ -1868,40 +1853,39 @@ dependencies = [
 "codex-core-plugins",
 "codex-device-key",
 "codex-exec-server",
- "codex-external-agent-migration",
- "codex-external-agent-sessions",
 "codex-features",
 "codex-feedback",
 "codex-file-search",
 "codex-git-utils",
- "codex-hooks",
 "codex-login",
 "codex-mcp",
- "codex-memories-write",
 "codex-model-provider",
 "codex-model-provider-info",
 "codex-models-manager",
 "codex-otel",
- "codex-plugin",
 "codex-protocol",
- "codex-rmcp-client",
 "codex-rollout",
 "codex-sandboxing",
 "codex-shell-command",
 "codex-state",
 "codex-thread-store",
 "codex-tools",
+ "codex-uds",
 "codex-utils-absolute-path",
 "codex-utils-cargo-bin",
 "codex-utils-cli",
 "codex-utils-json-to-toml",
 "codex-utils-pty",
+ "codex-utils-rustls-provider",
+ "constant_time_eq 0.3.1",
 "core_test_support",
- "flate2",
 "futures",
+ "gethostname",
 "hmac",
+ "jsonwebtoken",
 "opentelemetry",
 "opentelemetry_sdk",
+ "owo-colors",
 "pretty_assertions",
 "reqwest",
 "rmcp",
@@ -1910,7 +1894,6 @@ dependencies = [
 "serial_test",
 "sha2",
 "shlex",
- "tar",
 "tempfile",
 "thiserror 2.0.18",
 "time",
@@ -1944,7 +1927,6 @@ dependencies = [
 "pretty_assertions",
 "serde",
 "serde_json",
- "tempfile",
 "tokio",
 "tokio-tungstenite",
 "toml 0.9.11+spec-1.1.0",
@@ -2000,45 +1982,6 @@ dependencies = [
 "uuid",
 ]

-[[package]]
-name = "codex-app-server-transport"
-version = "0.0.0"
-dependencies = [
- "anyhow",
- "axum",
- "base64 0.22.1",
- "chrono",
- "clap",
- "codex-api",
- "codex-app-server-protocol",
- "codex-config",
- "codex-core",
- "codex-login",
- "codex-model-provider",
- "codex-state",
- "codex-uds",
- "codex-utils-absolute-path",
- "codex-utils-rustls-provider",
- "constant_time_eq 0.3.1",
- "futures",
- "gethostname",
- "hmac",
- "jsonwebtoken",
- "owo-colors",
- "pretty_assertions",
- "serde",
- "serde_json",
- "sha2",
- "tempfile",
- "time",
- "tokio",
- "tokio-tungstenite",
- "tokio-util",
- "tracing",
- "url",
- "uuid",
-]
-
 [[package]]
 name = "codex-apply-patch"
 version = "0.0.0"
@@ -2126,26 +2069,6 @@ dependencies = [
 "serde_with",
 ]

-[[package]]
-name = "codex-builtin-mcps"
-version = "0.0.0"
-dependencies = [
- "anyhow",
- "codex-config",
- "codex-memories-mcp",
- "codex-utils-absolute-path",
- "pretty_assertions",
-]
-
-[[package]]
-name = "codex-bwrap"
-version = "0.0.0"
-dependencies = [
- "cc",
- "libc",
- "pkg-config",
-]
-
 [[package]]
 name = "codex-chatgpt"
 version = "0.0.0"
@@ -2155,11 +2078,9 @@ dependencies = [
 "codex-app-server-protocol",
 "codex-connectors",
 "codex-core",
- "codex-core-plugins",
 "codex-git-utils",
 "codex-login",
 "codex-model-provider",
- "codex-plugin",
 "codex-utils-cargo-bin",
 "codex-utils-cli",
 "pretty_assertions",
@@ -2182,7 +2103,6 @@ dependencies = [
 "codex-app-server-protocol",
 "codex-app-server-test-client",
 "codex-arg0",
- "codex-builtin-mcps",
 "codex-chatgpt",
 "codex-cloud-tasks",
 "codex-config",
@@ -2195,7 +2115,6 @@ dependencies = [
 "codex-login",
 "codex-mcp",
 "codex-mcp-server",
- "codex-memories-write",
 "codex-models-manager",
 "codex-protocol",
 "codex-responses-api-proxy",
@@ -2242,7 +2161,6 @@ dependencies = [
 "opentelemetry_sdk",
 "pretty_assertions",
 "rand 0.9.3",
- "rcgen",
 "reqwest",
 "rustls",
 "rustls-native-certs",
@@ -2369,9 +2287,9 @@ dependencies = [
 "async-trait",
 "base64 0.22.1",
 "codex-app-server-protocol",
+ "codex-exec-server",
 "codex-execpolicy",
 "codex-features",
- "codex-file-system",
 "codex-git-utils",
 "codex-model-provider-info",
 "codex-network-proxy",
@@ -2451,7 +2369,6 @@ dependencies = [
 "codex-hooks",
 "codex-login",
 "codex-mcp",
- "codex-memories-read",
 "codex-model-provider",
 "codex-model-provider-info",
 "codex-models-manager",
@@ -2464,6 +2381,7 @@ dependencies = [
 "codex-rollout",
 "codex-rollout-trace",
 "codex-sandboxing",
+ "codex-secrets",
 "codex-shell-command",
 "codex-shell-escalation",
 "codex-state",
@@ -2539,31 +2457,12 @@ dependencies = [
 "zstd 0.13.3",
 ]

-[[package]]
-name = "codex-core-api"
-version = "0.0.0"
-dependencies = [
- "codex-analytics",
- "codex-app-server-protocol",
- "codex-arg0",
- "codex-config",
- "codex-core",
- "codex-exec-server",
- "codex-features",
- "codex-login",
- "codex-model-provider-info",
- "codex-models-manager",
- "codex-protocol",
- "codex-utils-absolute-path",
-]
-
 [[package]]
 name = "codex-core-plugins"
 version = "0.0.0"
 dependencies = [
 "anyhow",
 "chrono",
- "codex-analytics",
 "codex-app-server-protocol",
 "codex-config",
 "codex-core-skills",
@@ -2577,13 +2476,11 @@ dependencies = [
 "codex-utils-absolute-path",
 "codex-utils-plugins",
 "dirs",
- "flate2",
 "libc",
 "pretty_assertions",
 "reqwest",
 "serde",
 "serde_json",
- "tar",
 "tempfile",
 "thiserror 2.0.18",
 "tokio",
@@ -2709,7 +2606,6 @@ dependencies = [
 "bytes",
 "codex-app-server-protocol",
 "codex-client",
- "codex-file-system",
 "codex-protocol",
 "codex-sandboxing",
 "codex-test-binary-support",
@@ -2722,7 +2618,6 @@ dependencies = [
 "serde",
 "serde_json",
 "serial_test",
- "sha2",
 "tempfile",
 "test-case",
 "thiserror 2.0.18",
@@ -2731,7 +2626,6 @@ dependencies = [
 "tokio-util",
 "tracing",
 "uuid",
- "wiremock",
 ]

 [[package]]
@@ -2780,32 +2674,6 @@ dependencies = [
 "syn 2.0.114",
 ]

-[[package]]
-name = "codex-external-agent-migration"
-version = "0.0.0"
-dependencies = [
- "codex-hooks",
- "pretty_assertions",
- "serde_json",
- "serde_yaml",
- "tempfile",
- "toml 0.9.11+spec-1.1.0",
-]
-
-[[package]]
-name = "codex-external-agent-sessions"
-version = "0.0.0"
-dependencies = [
- "chrono",
- "codex-app-server-protocol",
- "codex-protocol",
- "codex-utils-output-truncation",
- "serde",
- "serde_json",
- "sha2",
- "tempfile",
-]
-
 [[package]]
 name = "codex-features"
 version = "0.0.0"
@@ -2848,23 +2716,14 @@ dependencies = [
 "tokio",
 ]

-[[package]]
-name = "codex-file-system"
-version = "0.0.0"
-dependencies = [
- "async-trait",
- "codex-protocol",
- "codex-utils-absolute-path",
- "serde",
-]
-
 [[package]]
 name = "codex-git-utils"
 version = "0.0.0"
 dependencies = [
 "anyhow",
+ "assert_matches",
 "chrono",
- "codex-file-system",
+ "codex-exec-server",
 "codex-protocol",
 "codex-utils-absolute-path",
 "futures",
@@ -2889,10 +2748,8 @@ dependencies = [
 "anyhow",
 "chrono",
 "codex-config",
- "codex-plugin",
 "codex-protocol",
 "codex-utils-absolute-path",
- "codex-utils-output-truncation",
 "futures",
 "pretty_assertions",
 "regex",
@@ -2901,8 +2758,6 @@ dependencies = [
 "serde_json",
 "tempfile",
 "tokio",
- "tracing",
- "uuid",
 ]

 [[package]]
@@ -2926,20 +2781,20 @@ dependencies = [
 name = "codex-linux-sandbox"
 version = "0.0.0"
 dependencies = [
+ "cc",
 "clap",
 "codex-core",
- "codex-process-hardening",
 "codex-protocol",
 "codex-sandboxing",
 "codex-utils-absolute-path",
 "globset",
 "landlock",
 "libc",
+ "pkg-config",
 "pretty_assertions",
 "seccompiler",
 "serde",
 "serde_json",
- "sha2",
 "tempfile",
 "tokio",
 "url",
@@ -2978,7 +2833,6 @@ dependencies = [
 "codex-terminal-detection",
 "codex-utils-template",
 "core_test_support",
- "jsonwebtoken",
 "keyring",
 "once_cell",
 "os_info",
@@ -3009,7 +2863,6 @@ dependencies = [
 "async-channel",
 "codex-api",
 "codex-async-utils",
- "codex-builtin-mcps",
 "codex-config",
 "codex-exec-server",
 "codex-login",
@@ -3043,7 +2896,9 @@ dependencies = [
 "codex-config",
 "codex-core",
 "codex-exec-server",
+ "codex-features",
 "codex-login",
+ "codex-models-manager",
 "codex-protocol",
 "codex-shell-command",
 "codex-utils-absolute-path",
@@ -3065,85 +2920,6 @@ dependencies = [
 "wiremock",
 ]

-[[package]]
-name = "codex-memories-mcp"
-version = "0.0.0"
-dependencies = [
- "anyhow",
- "codex-utils-absolute-path",
- "codex-utils-output-truncation",
- "pretty_assertions",
- "rmcp",
- "schemars 0.8.22",
- "serde",
- "serde_json",
- "tempfile",
- "thiserror 2.0.18",
- "tokio",
-]
-
-[[package]]
-name = "codex-memories-read"
-version = "0.0.0"
-dependencies = [
- "codex-protocol",
- "codex-shell-command",
- "codex-utils-absolute-path",
- "codex-utils-output-truncation",
- "codex-utils-template",
- "pretty_assertions",
- "tempfile",
- "tokio",
-]
-
-[[package]]
-name = "codex-memories-write"
-version = "0.0.0"
-dependencies = [
- "anyhow",
- "chrono",
- "codex-backend-client",
- "codex-config",
- "codex-core",
- "codex-features",
- "codex-git-utils",
- "codex-login",
- "codex-models-manager",
- "codex-otel",
- "codex-protocol",
- "codex-rollout",
- "codex-rollout-trace",
- "codex-secrets",
- "codex-state",
- "codex-terminal-detection",
- "codex-utils-absolute-path",
- "codex-utils-output-truncation",
- "codex-utils-template",
- "core_test_support",
- "futures",
- "pretty_assertions",
- "serde",
- "serde_json",
- "tempfile",
- "tokio",
- "tracing",
- "uuid",
- "wiremock",
-]
-
-[[package]]
-name = "codex-message-history"
-version = "0.0.0"
-dependencies = [
- "codex-config",
- "pretty_assertions",
- "serde",
- "serde_json",
- "tempfile",
- "tokio",
- "tracing",
-]
-
 [[package]]
 name = "codex-model-provider"
 version = "0.0.0"
@@ -3292,7 +3068,6 @@ dependencies = [
 name = "codex-plugin"
 version = "0.0.0"
 dependencies = [
- "codex-config",
 "codex-utils-absolute-path",
 "codex-utils-plugins",
 "thiserror 2.0.18",
@@ -3392,7 +3167,6 @@ dependencies = [
 "axum",
 "bytes",
 "codex-api",
- "codex-client",
 "codex-config",
 "codex-exec-server",
 "codex-keyring-store",
@@ -3604,17 +3378,6 @@ dependencies = [
 "tempfile",
 ]

-[[package]]
-name = "codex-thread-manager-sample"
-version = "0.0.0"
-dependencies = [
- "anyhow",
- "clap",
- "codex-core-api",
- "serde_json",
- "tracing",
-]
-
 [[package]]
 name = "codex-thread-store"
 version = "0.0.0"
@@ -3686,8 +3449,6 @@ dependencies = [
 "codex-install-context",
 "codex-login",
 "codex-mcp",
- "codex-message-history",
- "codex-model-provider",
 "codex-model-provider-info",
 "codex-models-manager",
 "codex-otel",
@@ -3975,8 +3736,6 @@ version = "0.0.0"
 dependencies = [
 "pretty_assertions",
 "regex-lite",
- "serde",
- "serde_json",
 ]

 [[package]]
@@ -4001,7 +3760,6 @@ dependencies = [
 "anyhow",
 "base64 0.22.1",
 "chrono",
- "codex-otel",
 "codex-protocol",
 "codex-utils-absolute-path",
 "codex-utils-pty",
@@ -4253,11 +4011,9 @@ dependencies = [
 "assert_cmd",
 "base64 0.22.1",
 "codex-arg0",
- "codex-config",
 "codex-core",
 "codex-exec-server",
 "codex-features",
- "codex-hooks",
 "codex-login",
 "codex-model-provider-info",
 "codex-models-manager",
@@ -4274,7 +4030,6 @@ dependencies = [
 "reqwest",
 "serde_json",
 "shlex",
- "similar",
 "tempfile",
 "tokio",
 "tokio-tungstenite",
@@ -12475,16 +12230,6 @@ version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7b2093cf4c8eb1e67749a6762251bc9cd836b6fc171623bd0a9d324d37af2417"

-[[package]]
-name = "tar"
-version = "0.4.45"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "22692a6476a21fa75fdfc11d452fda482af402c008cdbaf3476414e122040973"
-dependencies = [
- "filetime",
- "libc",
-]
-
 [[package]]
 name = "target-lexicon"
 version = "0.13.3"
--- a/codex-rs/Cargo.toml
+++ b/codex-rs/Cargo.toml
@@ -2,15 +2,11 @@
 members = [
    "aws-auth",
    "analytics",
-    "agent-graph-store",
    "agent-identity",
    "backend-client",
-    "builtin-mcps",
-    "bwrap",
    "ansi-escape",
    "async-utils",
    "app-server",
-    "app-server-transport",
    "app-server-client",
    "app-server-protocol",
    "app-server-test-client",
@@ -35,18 +31,14 @@ members = [
    "shell-escalation",
    "skills",
    "core",
-    "core-api",
    "core-plugins",
    "core-skills",
    "hooks",
    "secrets",
    "exec",
-    "file-system",
    "exec-server",
    "execpolicy",
    "execpolicy-legacy",
-    "external-agent-migration",
-    "external-agent-sessions",
    "keyring-store",
    "file-search",
    "linux-sandbox",
@@ -54,9 +46,6 @@ members = [
    "login",
    "codex-mcp",
    "mcp-server",
-    "memories/mcp",
-    "memories/read",
-    "memories/write",
    "model-provider-info",
    "models-manager",
    "network-proxy",
@@ -103,7 +92,6 @@ members = [
    "state",
    "terminal-detection",
    "test-binary-support",
-    "thread-manager-sample",
    "thread-store",
    "uds",
    "codex-experimental-api-macros",
@@ -113,7 +101,7 @@ members = [
 resolver = "2"

 [workspace.package]
-version = "0.129.0"
+version = "0.0.0"
 # Track the edition for all workspace crates in one place. Individual
 # crates can still override this value, but keeping it here means new
 # crates created with `cargo new -w ...` automatically inherit the 2024
@@ -125,13 +113,11 @@ license = "Apache-2.0"
 # Internal
 app_test_support = { path = "app-server/tests/common" }
 codex-analytics = { path = "analytics" }
-codex-agent-graph-store = { path = "agent-graph-store" }
 codex-agent-identity = { path = "agent-identity" }
 codex-ansi-escape = { path = "ansi-escape" }
 codex-api = { path = "codex-api" }
 codex-aws-auth = { path = "aws-auth" }
 codex-app-server = { path = "app-server" }
-codex-app-server-transport = { path = "app-server-transport" }
 codex-app-server-client = { path = "app-server-client" }
 codex-app-server-protocol = { path = "app-server-protocol" }
 codex-app-server-test-client = { path = "app-server-test-client" }
@@ -139,7 +125,6 @@ codex-apply-patch = { path = "apply-patch" }
 codex-arg0 = { path = "arg0" }
 codex-async-utils = { path = "async-utils" }
 codex-backend-client = { path = "backend-client" }
-codex-builtin-mcps = { path = "builtin-mcps" }
 codex-chatgpt = { path = "chatgpt" }
 codex-cli = { path = "cli" }
 codex-client = { path = "codex-client" }
@@ -151,16 +136,12 @@ codex-code-mode = { path = "code-mode" }
 codex-config = { path = "config" }
 codex-connectors = { path = "connectors" }
 codex-core = { path = "core" }
-codex-core-api = { path = "core-api" }
 codex-core-plugins = { path = "core-plugins" }
 codex-core-skills = { path = "core-skills" }
 codex-device-key = { path = "device-key" }
 codex-exec = { path = "exec" }
-codex-file-system = { path = "file-system" }
 codex-exec-server = { path = "exec-server" }
 codex-execpolicy = { path = "execpolicy" }
-codex-external-agent-migration = { path = "external-agent-migration" }
-codex-external-agent-sessions = { path = "external-agent-sessions" }
 codex-experimental-api-macros = { path = "codex-experimental-api-macros" }
 codex-features = { path = "features" }
 codex-feedback = { path = "feedback" }
@@ -172,10 +153,6 @@ codex-keyring-store = { path = "keyring-store" }
 codex-linux-sandbox = { path = "linux-sandbox" }
 codex-lmstudio = { path = "lmstudio" }
 codex-login = { path = "login" }
-codex-message-history = { path = "message-history" }
-codex-memories-mcp = { path = "memories/mcp" }
-codex-memories-read = { path = "memories/read" }
-codex-memories-write = { path = "memories/write" }
 codex-mcp = { path = "codex-mcp" }
 codex-mcp-server = { path = "mcp-server" }
 codex-model-provider-info = { path = "model-provider-info" }
@@ -277,7 +254,6 @@ encoding_rs = "0.8.35"
 env-flags = "0.1.1"
 env_logger = "0.11.9"
 eventsource-stream = "0.2.3"
-flate2 = "1.1.8"
 futures = { version = "0.3", default-features = false }
 gethostname = "1.1.0"
 gix = { version = "0.81.0", default-features = false, features = ["sha1"] }
@@ -328,10 +304,6 @@ quick-xml = "0.38.4"
 rand = "0.9"
 ratatui = "0.29.0"
 ratatui-macros = "0.6.0"
-rcgen = { version = "0.14.7", default-features = false, features = [
-    "aws_lc_rs",
-    "pem",
-] }
 regex = "1.12.3"
 regex-lite = "0.1.8"
 reqwest = { version = "0.12", features = ["cookies"] }
@@ -374,7 +346,6 @@ strum_macros = "0.28.0"
 supports-color = "3.0.2"
 syntect = "5"
 sys-locale = "0.3.2"
-tar = { version = "=0.4.45", default-features = false }
 tempfile = "3.23.0"
 test-log = "0.2.19"
 textwrap = "0.16.2"
@@ -466,8 +437,6 @@ unwrap_used = "deny"
 # silence the false positive here instead of deleting a real dependency.
 [workspace.metadata.cargo-shear]
 ignored = [
-    "codex-agent-graph-store",
-    "codex-memories-mcp",
    "icu_provider",
    "openssl-sys",
    "codex-utils-readiness",
--- a/codex-rs/README.md
+++ b/codex-rs/README.md
@@ -59,22 +59,19 @@ To test to see what happens when a command is run under the sandbox provided by

 ```
 # macOS
-codex sandbox macos [--log-denials] [COMMAND]...
+codex sandbox macos [--full-auto] [--log-denials] [COMMAND]...

 # Linux
-codex sandbox linux [COMMAND]...
+codex sandbox linux [--full-auto] [COMMAND]...

 # Windows
-codex sandbox windows [COMMAND]...
+codex sandbox windows [--full-auto] [COMMAND]...

 # Legacy aliases
-codex debug seatbelt [--log-denials] [COMMAND]...
-codex debug landlock [COMMAND]...
+codex debug seatbelt [--full-auto] [--log-denials] [COMMAND]...
+codex debug landlock [--full-auto] [COMMAND]...
 ```

-To try a writable legacy sandbox mode with these commands, pass an explicit config override such
-as `-c 'sandbox_mode="workspace-write"'`.
-
 ### Selecting a sandbox policy via `--sandbox`

 The Rust CLI exposes a dedicated `--sandbox` (`-s`) flag that lets you pick the sandbox policy **without** having to reach for the generic `-c/--config` option:
--- a/codex-rs/agent-graph-store/BUILD.bazel
+++ b/codex-rs/agent-graph-store/BUILD.bazel
@@ -1,6 +0,0 @@
-load("//:defs.bzl", "codex_rust_crate")
-
-codex_rust_crate(
-    name = "agent-graph-store",
-    crate_name = "codex_agent_graph_store",
-)
--- a/codex-rs/agent-graph-store/Cargo.toml
+++ b/codex-rs/agent-graph-store/Cargo.toml
@@ -1,25 +0,0 @@
-[package]
-edition.workspace = true
-license.workspace = true
-name = "codex-agent-graph-store"
-version.workspace = true
-
-[lib]
-name = "codex_agent_graph_store"
-path = "src/lib.rs"
-
-[lints]
-workspace = true
-
-[dependencies]
-async-trait = { workspace = true }
-codex-protocol = { workspace = true }
-codex-state = { workspace = true }
-serde = { workspace = true, features = ["derive"] }
-thiserror = { workspace = true }
-
-[dev-dependencies]
-pretty_assertions = { workspace = true }
-serde_json = { workspace = true }
-tempfile = { workspace = true }
-tokio = { workspace = true, features = ["macros", "rt-multi-thread"] }
--- a/codex-rs/agent-graph-store/src/error.rs
+++ b/codex-rs/agent-graph-store/src/error.rs
@@ -1,20 +0,0 @@
-/// Result type returned by agent graph store operations.
-pub type AgentGraphStoreResult<T> = Result<T, AgentGraphStoreError>;
-
-/// Error type shared by agent graph store implementations.
-#[derive(Debug, thiserror::Error)]
-pub enum AgentGraphStoreError {
-    /// The caller supplied invalid request data.
-    #[error("invalid agent graph store request: {message}")]
-    InvalidRequest {
-        /// User-facing explanation of the invalid request.
-        message: String,
-    },
-
-    /// Catch-all for implementation failures that do not fit a more specific category.
-    #[error("agent graph store internal error: {message}")]
-    Internal {
-        /// User-facing explanation of the implementation failure.
-        message: String,
-    },
-}
--- a/codex-rs/agent-graph-store/src/lib.rs
+++ b/codex-rs/agent-graph-store/src/lib.rs
@@ -1,12 +0,0 @@
-//! Storage-neutral parent/child topology for thread-spawned agents.
-
-mod error;
-mod local;
-mod store;
-mod types;
-
-pub use error::AgentGraphStoreError;
-pub use error::AgentGraphStoreResult;
-pub use local::LocalAgentGraphStore;
-pub use store::AgentGraphStore;
-pub use types::ThreadSpawnEdgeStatus;
--- a/codex-rs/agent-graph-store/src/local.rs
+++ b/codex-rs/agent-graph-store/src/local.rs
@@ -1,325 +0,0 @@
-use async_trait::async_trait;
-use codex_protocol::ThreadId;
-use codex_state::StateRuntime;
-use std::sync::Arc;
-
-use crate::AgentGraphStore;
-use crate::AgentGraphStoreError;
-use crate::AgentGraphStoreResult;
-use crate::ThreadSpawnEdgeStatus;
-
-/// SQLite-backed implementation of [`AgentGraphStore`] using an existing state runtime.
-#[derive(Clone)]
-pub struct LocalAgentGraphStore {
-    state_db: Arc<StateRuntime>,
-}
-
-impl std::fmt::Debug for LocalAgentGraphStore {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        f.debug_struct("LocalAgentGraphStore")
-            .field("codex_home", &self.state_db.codex_home())
-            .finish_non_exhaustive()
-    }
-}
-
-impl LocalAgentGraphStore {
-    /// Create a local graph store from an already-initialized state runtime.
-    pub fn new(state_db: Arc<StateRuntime>) -> Self {
-        Self { state_db }
-    }
-}
-
-#[async_trait]
-impl AgentGraphStore for LocalAgentGraphStore {
-    async fn upsert_thread_spawn_edge(
-        &self,
-        parent_thread_id: ThreadId,
-        child_thread_id: ThreadId,
-        status: ThreadSpawnEdgeStatus,
-    ) -> AgentGraphStoreResult<()> {
-        self.state_db
-            .upsert_thread_spawn_edge(parent_thread_id, child_thread_id, to_state_status(status))
-            .await
-            .map_err(internal_error)
-    }
-
-    async fn set_thread_spawn_edge_status(
-        &self,
-        child_thread_id: ThreadId,
-        status: ThreadSpawnEdgeStatus,
-    ) -> AgentGraphStoreResult<()> {
-        self.state_db
-            .set_thread_spawn_edge_status(child_thread_id, to_state_status(status))
-            .await
-            .map_err(internal_error)
-    }
-
-    async fn list_thread_spawn_children(
-        &self,
-        parent_thread_id: ThreadId,
-        status_filter: Option<ThreadSpawnEdgeStatus>,
-    ) -> AgentGraphStoreResult<Vec<ThreadId>> {
-        if let Some(status) = status_filter {
-            return self
-                .state_db
-                .list_thread_spawn_children_with_status(parent_thread_id, to_state_status(status))
-                .await
-                .map_err(internal_error);
-        }
-
-        self.state_db
-            .list_thread_spawn_children(parent_thread_id)
-            .await
-            .map_err(internal_error)
-    }
-
-    async fn list_thread_spawn_descendants(
-        &self,
-        root_thread_id: ThreadId,
-        status_filter: Option<ThreadSpawnEdgeStatus>,
-    ) -> AgentGraphStoreResult<Vec<ThreadId>> {
-        match status_filter {
-            Some(status) => self
-                .state_db
-                .list_thread_spawn_descendants_with_status(root_thread_id, to_state_status(status))
-                .await
-                .map_err(internal_error),
-            None => self
-                .state_db
-                .list_thread_spawn_descendants(root_thread_id)
-                .await
-                .map_err(internal_error),
-        }
-    }
-}
-
-fn to_state_status(status: ThreadSpawnEdgeStatus) -> codex_state::DirectionalThreadSpawnEdgeStatus {
-    match status {
-        ThreadSpawnEdgeStatus::Open => codex_state::DirectionalThreadSpawnEdgeStatus::Open,
-        ThreadSpawnEdgeStatus::Closed => codex_state::DirectionalThreadSpawnEdgeStatus::Closed,
-    }
-}
-
-fn internal_error(err: impl std::fmt::Display) -> AgentGraphStoreError {
-    AgentGraphStoreError::Internal {
-        message: err.to_string(),
-    }
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use codex_state::DirectionalThreadSpawnEdgeStatus;
-    use pretty_assertions::assert_eq;
-    use tempfile::TempDir;
-
-    struct TestRuntime {
-        state_db: Arc<StateRuntime>,
-        _codex_home: TempDir,
-    }
-
-    fn thread_id(suffix: u128) -> ThreadId {
-        ThreadId::from_string(&format!("00000000-0000-0000-0000-{suffix:012}"))
-            .expect("valid thread id")
-    }
-
-    async fn state_runtime() -> TestRuntime {
-        let codex_home = TempDir::new().expect("tempdir should be created");
-        let state_db =
-            StateRuntime::init(codex_home.path().to_path_buf(), "test-provider".to_string())
-                .await
-                .expect("state db should initialize");
-        TestRuntime {
-            state_db,
-            _codex_home: codex_home,
-        }
-    }
-
-    #[tokio::test]
-    async fn local_store_upserts_and_lists_direct_children_with_status_filters() {
-        let fixture = state_runtime().await;
-        let state_db = fixture.state_db;
-        let store = LocalAgentGraphStore::new(state_db.clone());
-        let parent_thread_id = thread_id(/*suffix*/ 1);
-        let first_child_thread_id = thread_id(/*suffix*/ 2);
-        let second_child_thread_id = thread_id(/*suffix*/ 3);
-
-        store
-            .upsert_thread_spawn_edge(
-                parent_thread_id,
-                second_child_thread_id,
-                ThreadSpawnEdgeStatus::Closed,
-            )
-            .await
-            .expect("closed child edge should insert");
-        store
-            .upsert_thread_spawn_edge(
-                parent_thread_id,
-                first_child_thread_id,
-                ThreadSpawnEdgeStatus::Open,
-            )
-            .await
-            .expect("open child edge should insert");
-
-        let all_children = store
-            .list_thread_spawn_children(parent_thread_id, /*status_filter*/ None)
-            .await
-            .expect("all children should load");
-        assert_eq!(
-            all_children,
-            vec![first_child_thread_id, second_child_thread_id]
-        );
-
-        let open_children = store
-            .list_thread_spawn_children(parent_thread_id, Some(ThreadSpawnEdgeStatus::Open))
-            .await
-            .expect("open children should load");
-        let state_open_children = state_db
-            .list_thread_spawn_children_with_status(
-                parent_thread_id,
-                DirectionalThreadSpawnEdgeStatus::Open,
-            )
-            .await
-            .expect("state open children should load");
-        assert_eq!(open_children, state_open_children);
-        assert_eq!(open_children, vec![first_child_thread_id]);
-
-        let closed_children = store
-            .list_thread_spawn_children(parent_thread_id, Some(ThreadSpawnEdgeStatus::Closed))
-            .await
-            .expect("closed children should load");
-        assert_eq!(closed_children, vec![second_child_thread_id]);
-    }
-
-    #[tokio::test]
-    async fn local_store_updates_edge_status() {
-        let fixture = state_runtime().await;
-        let state_db = fixture.state_db;
-        let store = LocalAgentGraphStore::new(state_db);
-        let parent_thread_id = thread_id(/*suffix*/ 10);
-        let child_thread_id = thread_id(/*suffix*/ 11);
-
-        store
-            .upsert_thread_spawn_edge(
-                parent_thread_id,
-                child_thread_id,
-                ThreadSpawnEdgeStatus::Open,
-            )
-            .await
-            .expect("child edge should insert");
-        store
-            .set_thread_spawn_edge_status(child_thread_id, ThreadSpawnEdgeStatus::Closed)
-            .await
-            .expect("child edge should close");
-
-        let open_children = store
-            .list_thread_spawn_children(parent_thread_id, Some(ThreadSpawnEdgeStatus::Open))
-            .await
-            .expect("open children should load");
-        assert_eq!(open_children, Vec::<ThreadId>::new());
-
-        let closed_children = store
-            .list_thread_spawn_children(parent_thread_id, Some(ThreadSpawnEdgeStatus::Closed))
-            .await
-            .expect("closed children should load");
-        assert_eq!(closed_children, vec![child_thread_id]);
-    }
-
-    #[tokio::test]
-    async fn local_store_lists_descendants_breadth_first_with_status_filters() {
-        let fixture = state_runtime().await;
-        let state_db = fixture.state_db;
-        let store = LocalAgentGraphStore::new(state_db.clone());
-        let root_thread_id = thread_id(/*suffix*/ 20);
-        let later_child_thread_id = thread_id(/*suffix*/ 22);
-        let earlier_child_thread_id = thread_id(/*suffix*/ 21);
-        let closed_grandchild_thread_id = thread_id(/*suffix*/ 23);
-        let open_grandchild_thread_id = thread_id(/*suffix*/ 24);
-        let closed_child_thread_id = thread_id(/*suffix*/ 25);
-        let closed_great_grandchild_thread_id = thread_id(/*suffix*/ 26);
-
-        for (parent_thread_id, child_thread_id, status) in [
-            (
-                root_thread_id,
-                later_child_thread_id,
-                ThreadSpawnEdgeStatus::Open,
-            ),
-            (
-                root_thread_id,
-                earlier_child_thread_id,
-                ThreadSpawnEdgeStatus::Open,
-            ),
-            (
-                earlier_child_thread_id,
-                open_grandchild_thread_id,
-                ThreadSpawnEdgeStatus::Open,
-            ),
-            (
-                later_child_thread_id,
-                closed_grandchild_thread_id,
-                ThreadSpawnEdgeStatus::Closed,
-            ),
-            (
-                root_thread_id,
-                closed_child_thread_id,
-                ThreadSpawnEdgeStatus::Closed,
-            ),
-            (
-                closed_child_thread_id,
-                closed_great_grandchild_thread_id,
-                ThreadSpawnEdgeStatus::Closed,
-            ),
-        ] {
-            store
-                .upsert_thread_spawn_edge(parent_thread_id, child_thread_id, status)
-                .await
-                .expect("edge should insert");
-        }
-
-        let all_descendants = store
-            .list_thread_spawn_descendants(root_thread_id, /*status_filter*/ None)
-            .await
-            .expect("all descendants should load");
-        assert_eq!(
-            all_descendants,
-            vec![
-                earlier_child_thread_id,
-                later_child_thread_id,
-                closed_child_thread_id,
-                closed_grandchild_thread_id,
-                open_grandchild_thread_id,
-                closed_great_grandchild_thread_id,
-            ]
-        );
-
-        let open_descendants = store
-            .list_thread_spawn_descendants(root_thread_id, Some(ThreadSpawnEdgeStatus::Open))
-            .await
-            .expect("open descendants should load");
-        let state_open_descendants = state_db
-            .list_thread_spawn_descendants_with_status(
-                root_thread_id,
-                DirectionalThreadSpawnEdgeStatus::Open,
-            )
-            .await
-            .expect("state open descendants should load");
-        assert_eq!(open_descendants, state_open_descendants);
-        assert_eq!(
-            open_descendants,
-            vec![
-                earlier_child_thread_id,
-                later_child_thread_id,
-                open_grandchild_thread_id,
-            ]
-        );
-
-        let closed_descendants = store
-            .list_thread_spawn_descendants(root_thread_id, Some(ThreadSpawnEdgeStatus::Closed))
-            .await
-            .expect("closed descendants should load");
-        assert_eq!(
-            closed_descendants,
-            vec![closed_child_thread_id, closed_great_grandchild_thread_id]
-        );
-    }
-}
--- a/codex-rs/agent-graph-store/src/store.rs
+++ b/codex-rs/agent-graph-store/src/store.rs
@@ -1,55 +0,0 @@
-use async_trait::async_trait;
-use codex_protocol::ThreadId;
-
-use crate::AgentGraphStoreResult;
-use crate::ThreadSpawnEdgeStatus;
-
-/// Storage-neutral boundary for persisted thread-spawn parent/child topology.
-///
-/// Implementations are expected to return stable ordering for list methods so callers can merge
-/// persisted graph state with live in-memory state without introducing nondeterministic output.
-#[async_trait]
-pub trait AgentGraphStore: Send + Sync {
-    /// Insert or replace the directional parent/child edge for a spawned thread.
-    ///
-    /// `child_thread_id` has at most one persisted parent. Re-inserting the same child should
-    /// update both the parent and status to match the supplied values.
-    async fn upsert_thread_spawn_edge(
-        &self,
-        parent_thread_id: ThreadId,
-        child_thread_id: ThreadId,
-        status: ThreadSpawnEdgeStatus,
-    ) -> AgentGraphStoreResult<()>;
-
-    /// Update the persisted lifecycle status of a spawned thread's incoming edge.
-    ///
-    /// Implementations should treat missing children as a successful no-op.
-    async fn set_thread_spawn_edge_status(
-        &self,
-        child_thread_id: ThreadId,
-        status: ThreadSpawnEdgeStatus,
-    ) -> AgentGraphStoreResult<()>;
-
-    /// List direct spawned children of a parent thread.
-    ///
-    /// When `status_filter` is `Some`, only child edges with that exact status are returned. When
-    /// it is `None`, all direct child edges are returned regardless of status, including statuses
-    /// that may be added by a future store implementation.
-    async fn list_thread_spawn_children(
-        &self,
-        parent_thread_id: ThreadId,
-        status_filter: Option<ThreadSpawnEdgeStatus>,
-    ) -> AgentGraphStoreResult<Vec<ThreadId>>;
-
-    /// List spawned descendants breadth-first by depth, then by thread id.
-    ///
-    /// `status_filter` is applied to every traversed edge, not just to the returned descendants.
-    /// For example, `Some(Open)` walks only open edges, so descendants under a closed edge are not
-    /// included even if their own incoming edge is open. `None` walks and returns every persisted
-    /// edge regardless of status.
-    async fn list_thread_spawn_descendants(
-        &self,
-        root_thread_id: ThreadId,
-        status_filter: Option<ThreadSpawnEdgeStatus>,
-    ) -> AgentGraphStoreResult<Vec<ThreadId>>;
-}
--- a/codex-rs/agent-graph-store/src/types.rs
+++ b/codex-rs/agent-graph-store/src/types.rs
@@ -1,42 +0,0 @@
-use serde::Deserialize;
-use serde::Serialize;
-
-/// Lifecycle status attached to a directional thread-spawn edge.
-#[derive(Clone, Copy, Debug, PartialEq, Eq, Serialize, Deserialize)]
-#[serde(rename_all = "snake_case")]
-pub enum ThreadSpawnEdgeStatus {
-    /// The child thread is still live or resumable as an open spawned agent.
-    Open,
-    /// The child thread has been closed from the parent/child graph's perspective.
-    Closed,
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use pretty_assertions::assert_eq;
-
-    #[test]
-    fn thread_spawn_edge_status_serializes_as_snake_case() {
-        assert_eq!(
-            serde_json::to_string(&ThreadSpawnEdgeStatus::Open)
-                .expect("open status should serialize"),
-            "\"open\""
-        );
-        assert_eq!(
-            serde_json::to_string(&ThreadSpawnEdgeStatus::Closed)
-                .expect("closed status should serialize"),
-            "\"closed\""
-        );
-        assert_eq!(
-            serde_json::from_str::<ThreadSpawnEdgeStatus>("\"open\"")
-                .expect("open status should deserialize"),
-            ThreadSpawnEdgeStatus::Open
-        );
-        assert_eq!(
-            serde_json::from_str::<ThreadSpawnEdgeStatus>("\"closed\"")
-                .expect("closed status should deserialize"),
-            ThreadSpawnEdgeStatus::Closed
-        );
-    }
-}
--- a/codex-rs/agent-identity/src/lib.rs
+++ b/codex-rs/agent-identity/src/lib.rs
@@ -8,7 +8,7 @@ use base64::engine::general_purpose::STANDARD as BASE64_STANDARD;
 use base64::engine::general_purpose::URL_SAFE_NO_PAD;
 use chrono::SecondsFormat;
 use chrono::Utc;
-use codex_protocol::auth::PlanType as AuthPlanType;
+use codex_protocol::account::PlanType as AccountPlanType;
 use codex_protocol::protocol::SessionSource;
 use crypto_box::SecretKey as Curve25519SecretKey;
 use ed25519_dalek::Signer as _;
@@ -19,9 +19,6 @@ use ed25519_dalek::pkcs8::EncodePrivateKey;
 use jsonwebtoken::Algorithm;
 use jsonwebtoken::DecodingKey;
 use jsonwebtoken::Validation;
-use jsonwebtoken::decode;
-use jsonwebtoken::decode_header;
-use jsonwebtoken::jwk::JwkSet;
 use rand::TryRngCore;
 use rand::rngs::OsRng;
 use serde::Deserialize;
@@ -31,9 +28,6 @@ use sha2::Digest as _;
 use sha2::Sha512;

 const AGENT_TASK_REGISTRATION_TIMEOUT: Duration = Duration::from_secs(30);
-const AGENT_IDENTITY_JWKS_TIMEOUT: Duration = Duration::from_secs(10);
-const AGENT_IDENTITY_JWT_AUDIENCE: &str = "codex-app-server";
-const AGENT_IDENTITY_JWT_ISSUER: &str = "https://chatgpt.com/codex-backend/agent-identity";

 /// Stored key material for a registered agent identity.
 #[derive(Clone, Copy, Debug, PartialEq, Eq)]
@@ -64,16 +58,12 @@ pub struct GeneratedAgentKeyMaterial {
 /// Claims carried by an Agent Identity JWT.
 #[derive(Clone, Debug, Deserialize, PartialEq, Eq)]
 pub struct AgentIdentityJwtClaims {
-    pub iss: String,
-    pub aud: String,
-    pub iat: usize,
-    pub exp: usize,
    pub agent_runtime_id: String,
    pub agent_private_key: String,
    pub account_id: String,
    pub chatgpt_user_id: String,
    pub email: String,
-    pub plan_type: AuthPlanType,
+    pub plan_type: AccountPlanType,
    pub chatgpt_account_is_fedramp: bool,
 }

@@ -125,49 +115,27 @@ pub fn authorization_header_for_agent_task(
    Ok(format!("AgentAssertion {serialized_assertion}"))
 }

-pub async fn fetch_agent_identity_jwks(
-    client: &reqwest::Client,
-    chatgpt_base_url: &str,
-) -> Result<JwkSet> {
-    let response = client
-        .get(agent_identity_jwks_url(chatgpt_base_url))
-        .timeout(AGENT_IDENTITY_JWKS_TIMEOUT)
-        .send()
-        .await
-        .context("failed to request agent identity JWKS")?
-        .error_for_status()
-        .context("agent identity JWKS endpoint returned an error")?;
-
-    response
-        .json()
-        .await
-        .context("failed to decode agent identity JWKS")
-}
-
 pub fn decode_agent_identity_jwt(
    jwt: &str,
-    jwks: Option<&JwkSet>,
+    public_key_base64: Option<&str>,
 ) -> Result<AgentIdentityJwtClaims> {
-    let Some(jwks) = jwks else {
+    let Some(public_key_base64) = public_key_base64 else {
        return decode_agent_identity_jwt_payload(jwt);
    };

-    let header = decode_header(jwt).context("failed to decode agent identity JWT header")?;
-    let kid = header
-        .kid
-        .context("agent identity JWT header does not include a kid")?;
-    let jwk = jwks
-        .find(&kid)
-        .with_context(|| format!("agent identity JWT kid {kid} is not trusted"))?;
-    let decoding_key = DecodingKey::from_jwk(jwk).context("failed to build JWT decoding key")?;
-    let mut validation = Validation::new(Algorithm::RS256);
-    validation.set_audience(&[AGENT_IDENTITY_JWT_AUDIENCE]);
-    validation.set_issuer(&[AGENT_IDENTITY_JWT_ISSUER]);
-    validation.required_spec_claims.insert("iss".to_string());
-    validation.required_spec_claims.insert("aud".to_string());
-    decode::<AgentIdentityJwtClaims>(jwt, &decoding_key, &validation)
+    let mut validation = Validation::new(Algorithm::EdDSA);
+    validation.required_spec_claims.clear();
+    validation.validate_exp = false;
+    validation.validate_aud = false;
+
+    let public_key = BASE64_STANDARD
+        .decode(public_key_base64)
+        .context("agent identity JWT public key is not valid base64")?;
+    let decoding_key = DecodingKey::from_ed_der(&public_key);
+
+    jsonwebtoken::decode::<AgentIdentityJwtClaims>(jwt, &decoding_key, &validation)
        .map(|data| data.claims)
-        .context("failed to verify agent identity JWT")
+        .context("failed to decode agent identity JWT")
 }

 fn decode_agent_identity_jwt_payload<T: DeserializeOwned>(jwt: &str) -> Result<T> {
@@ -311,15 +279,6 @@ pub fn agent_identity_biscuit_url(chatgpt_base_url: &str) -> String {
    format!("{trimmed}/authenticate_app_v2")
 }

-pub fn agent_identity_jwks_url(chatgpt_base_url: &str) -> String {
-    let trimmed = chatgpt_base_url.trim_end_matches('/');
-    if trimmed.contains("/backend-api") {
-        format!("{trimmed}/wham/agent-identities/jwks")
-    } else {
-        format!("{trimmed}/agent-identities/jwks")
-    }
-}
-
 pub fn agent_identity_request_id() -> Result<String> {
    let mut request_id_bytes = [0u8; 16];
    OsRng
@@ -331,6 +290,29 @@ pub fn agent_identity_request_id() -> Result<String> {
    ))
 }

+pub fn normalize_chatgpt_base_url(chatgpt_base_url: &str) -> String {
+    let mut base_url = chatgpt_base_url.trim_end_matches('/').to_string();
+    for suffix in [
+        "/wham/remote/control/server/enroll",
+        "/wham/remote/control/server",
+    ] {
+        if let Some(stripped) = base_url.strip_suffix(suffix) {
+            base_url = stripped.to_string();
+            break;
+        }
+    }
+    if let Some(stripped) = base_url.strip_suffix("/codex") {
+        base_url = stripped.to_string();
+    }
+    if (base_url.starts_with("https://chatgpt.com")
+        || base_url.starts_with("https://chat.openai.com"))
+        && !base_url.contains("/backend-api")
+    {
+        base_url = format!("{base_url}/backend-api");
+    }
+    base_url
+}
+
 pub fn build_abom(session_source: SessionSource) -> AgentBillOfMaterials {
    AgentBillOfMaterials {
        agent_version: env!("CARGO_PKG_VERSION").to_string(),
@@ -340,7 +322,6 @@ pub fn build_abom(session_source: SessionSource) -> AgentBillOfMaterials {
            | SessionSource::Exec
            | SessionSource::Mcp
            | SessionSource::Custom(_)
-            | SessionSource::Internal(_)
            | SessionSource::SubAgent(_)
            | SessionSource::Unknown => "codex-cli".to_string(),
        },
@@ -408,8 +389,6 @@ mod tests {
    use jsonwebtoken::Header;
    use pretty_assertions::assert_eq;

-    use codex_protocol::auth::KnownPlan;
-
    use super::*;

    #[test]
@@ -492,10 +471,6 @@ mod tests {
    #[test]
    fn decode_agent_identity_jwt_reads_claims() {
        let jwt = jwt_with_payload(serde_json::json!({
-            "iss": AGENT_IDENTITY_JWT_ISSUER,
-            "aud": AGENT_IDENTITY_JWT_AUDIENCE,
-            "iat": 1_700_000_000usize,
-            "exp": 4_000_000_000usize,
            "agent_runtime_id": "agent-runtime-id",
            "agent_private_key": "private-key",
            "account_id": "account-id",
@@ -505,70 +480,44 @@ mod tests {
            "chatgpt_account_is_fedramp": false,
        }));

-        let claims = decode_agent_identity_jwt(&jwt, /*jwks*/ None).expect("JWT should decode");
+        let claims =
+            decode_agent_identity_jwt(&jwt, /*public_key_base64*/ None).expect("JWT should decode");

        assert_eq!(
            claims,
            AgentIdentityJwtClaims {
-                iss: AGENT_IDENTITY_JWT_ISSUER.to_string(),
-                aud: AGENT_IDENTITY_JWT_AUDIENCE.to_string(),
-                iat: 1_700_000_000,
-                exp: 4_000_000_000,
                agent_runtime_id: "agent-runtime-id".to_string(),
                agent_private_key: "private-key".to_string(),
                account_id: "account-id".to_string(),
                chatgpt_user_id: "user-id".to_string(),
                email: "user@example.com".to_string(),
-                plan_type: AuthPlanType::Known(KnownPlan::Pro),
+                plan_type: AccountPlanType::Pro,
                chatgpt_account_is_fedramp: false,
            }
        );
    }

    #[test]
-    fn decode_agent_identity_jwt_maps_raw_plan_aliases() {
-        let jwt = jwt_with_payload(serde_json::json!({
-            "iss": AGENT_IDENTITY_JWT_ISSUER,
-            "aud": AGENT_IDENTITY_JWT_AUDIENCE,
-            "iat": 1_700_000_000usize,
-            "exp": 4_000_000_000usize,
-            "agent_runtime_id": "agent-runtime-id",
-            "agent_private_key": "private-key",
-            "account_id": "account-id",
-            "chatgpt_user_id": "user-id",
-            "email": "user@example.com",
-            "plan_type": "hc",
-            "chatgpt_account_is_fedramp": false,
-        }));
-
-        let claims = decode_agent_identity_jwt(&jwt, /*jwks*/ None).expect("JWT should decode");
-
-        assert_eq!(claims.plan_type, AuthPlanType::Known(KnownPlan::Enterprise));
-    }
-
-    #[test]
-    fn decode_agent_identity_jwt_verifies_when_jwks_is_present() {
-        let jwks = test_jwks("test-key");
+    fn decode_agent_identity_jwt_verifies_when_public_key_is_present() {
+        let mut secret_key_bytes = [0u8; 32];
+        secret_key_bytes[0] = 1;
+        let signing_key = SigningKey::from_bytes(&secret_key_bytes);
+        let private_key_pkcs8 = signing_key
+            .to_pkcs8_der()
+            .expect("private key should encode");
+        let public_key_base64 = BASE64_STANDARD.encode(signing_key.verifying_key().as_bytes());
        let claims = AgentIdentityJwtClaims {
-            iss: AGENT_IDENTITY_JWT_ISSUER.to_string(),
-            aud: AGENT_IDENTITY_JWT_AUDIENCE.to_string(),
-            iat: 1_700_000_000,
-            exp: 4_000_000_000,
            agent_runtime_id: "agent-runtime-id".to_string(),
            agent_private_key: "private-key".to_string(),
            account_id: "account-id".to_string(),
            chatgpt_user_id: "user-id".to_string(),
            email: "user@example.com".to_string(),
-            plan_type: AuthPlanType::Known(KnownPlan::Pro),
+            plan_type: AccountPlanType::Pro,
            chatgpt_account_is_fedramp: false,
        };
        let jwt = jsonwebtoken::encode(
-            &test_jwt_header("test-key"),
+            &Header::new(Algorithm::EdDSA),
            &serde_json::json!({
-                "iss": claims.iss,
-                "aud": claims.aud,
-                "iat": claims.iat,
-                "exp": claims.exp,
                "agent_runtime_id": claims.agent_runtime_id,
                "agent_private_key": claims.agent_private_key,
                "account_id": claims.account_id,
@@ -577,40 +526,45 @@ mod tests {
                "plan_type": "pro",
                "chatgpt_account_is_fedramp": claims.chatgpt_account_is_fedramp,
            }),
-            &test_rsa_encoding_key(),
+            &EncodingKey::from_ed_der(private_key_pkcs8.as_bytes()),
        )
        .expect("JWT should encode");

        let expected_claims = AgentIdentityJwtClaims {
-            iss: AGENT_IDENTITY_JWT_ISSUER.to_string(),
-            aud: AGENT_IDENTITY_JWT_AUDIENCE.to_string(),
-            iat: 1_700_000_000,
-            exp: 4_000_000_000,
            agent_runtime_id: "agent-runtime-id".to_string(),
            agent_private_key: "private-key".to_string(),
            account_id: "account-id".to_string(),
            chatgpt_user_id: "user-id".to_string(),
            email: "user@example.com".to_string(),
-            plan_type: AuthPlanType::Known(KnownPlan::Pro),
+            plan_type: AccountPlanType::Pro,
            chatgpt_account_is_fedramp: false,
        };
        assert_eq!(
-            decode_agent_identity_jwt(&jwt, Some(&jwks)).expect("JWT should verify"),
+            decode_agent_identity_jwt(&jwt, Some(&public_key_base64)).expect("JWT should verify"),
            expected_claims
        );
    }

    #[test]
-    fn decode_agent_identity_jwt_rejects_untrusted_kid() {
-        let jwks = test_jwks("other-key");
+    fn decode_agent_identity_jwt_rejects_wrong_public_key() {
+        let mut signing_secret_key_bytes = [0u8; 32];
+        signing_secret_key_bytes[0] = 1;
+        let signing_key = SigningKey::from_bytes(&signing_secret_key_bytes);
+        let private_key_pkcs8 = signing_key
+            .to_pkcs8_der()
+            .expect("private key should encode");
+
+        let mut other_secret_key_bytes = [0u8; 32];
+        other_secret_key_bytes[0] = 2;
+        let other_public_key_base64 = BASE64_STANDARD.encode(
+            SigningKey::from_bytes(&other_secret_key_bytes)
+                .verifying_key()
+                .as_bytes(),
+        );

        let jwt = jsonwebtoken::encode(
-            &test_jwt_header("test-key"),
+            &Header::new(Algorithm::EdDSA),
            &serde_json::json!({
-                "iss": AGENT_IDENTITY_JWT_ISSUER,
-                "aud": AGENT_IDENTITY_JWT_AUDIENCE,
-                "iat": 1_700_000_000,
-                "exp": 4_000_000_000usize,
                "agent_runtime_id": "agent-runtime-id",
                "agent_private_key": "private-key",
                "account_id": "account-id",
@@ -619,111 +573,19 @@ mod tests {
                "plan_type": "pro",
                "chatgpt_account_is_fedramp": false,
            }),
-            &test_rsa_encoding_key(),
+            &EncodingKey::from_ed_der(private_key_pkcs8.as_bytes()),
        )
        .expect("JWT should encode");

-        decode_agent_identity_jwt(&jwt, Some(&jwks)).expect_err("JWT should not verify");
+        decode_agent_identity_jwt(&jwt, Some(&other_public_key_base64))
+            .expect_err("JWT should not verify");
    }

    #[test]
-    fn decode_agent_identity_jwt_requires_issuer_and_audience() {
-        let jwks = test_jwks("test-key");
-        let jwt = jsonwebtoken::encode(
-            &test_jwt_header("test-key"),
-            &serde_json::json!({
-                "iat": 1_700_000_000,
-                "exp": 4_000_000_000usize,
-                "agent_runtime_id": "agent-runtime-id",
-                "agent_private_key": "private-key",
-                "account_id": "account-id",
-                "chatgpt_user_id": "user-id",
-                "email": "user@example.com",
-                "plan_type": "pro",
-                "chatgpt_account_is_fedramp": false,
-            }),
-            &test_rsa_encoding_key(),
-        )
-        .expect("JWT should encode");
-
-        decode_agent_identity_jwt(&jwt, Some(&jwks)).expect_err("JWT should not verify");
-    }
-
-    fn test_jwt_header(kid: &str) -> Header {
-        let mut header = Header::new(Algorithm::RS256);
-        header.kid = Some(kid.to_string());
-        header
-    }
-
-    fn test_rsa_encoding_key() -> EncodingKey {
-        EncodingKey::from_rsa_pem(
-            br#"-----BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDWpAXYypOsYAwO
-bvBduMk/mxaoYDze0AZSzaSzLuIlcsl2EKDgC3AabhIWXh/qTGEJLOU3VB1e5mO9
-FPbBlmIZSL3FQTbyt/hYutPFKfCou5PLmScw/TzILS3/RhT8UY9kxxZvXiEbTki9
-mvxRuZFpVqDFJHwfitIjKZGhXDCYVKurPTrxetYZJg0h8sQBLKjkZ0BqqaTUkAsg
-0eBgZAlXEzG3By8PGhUqYLt6W1Q3KYw0FmGy/gTyzH1g0ukGgSJvOd8SkNT8MbOs
-zl5kKxDNqpuEE6UZ3jbuJ+5382d31w+rOAJRzbf7QVdI9+luCSwJcDACYPQ4WNBa
-uCpV0ovpAgMBAAECggEAVu84LwZdqYN9XpswX8VoPYrjMm9IODapWQBRpQFoNyK2
-1ksF3bjEPvA2Azk8U/l7k+vLKw22l6lY3EyRZPcz5GnB8xLm3ogE3mtNOp4yCyVu
-RxhQ91aaN7mU17/a4BdorLi2LYVCg3zBmYociD1Q2AluNGsCmwPu+K7tfR2J0Sg8
-NjqiTbDG1XDpR/icwgC9t6vh8lZpCHDhF4tbQfLLVLeA/OdcuzXDyMCXbmdVIdBQ
-rm4aIFmr2e1/2ctTbCg85S6AGFTH+pSLjrwTzyvf+F6NW5uNjLQAQLFj+EznBDxj
-Xdx90cySrjsKK6PVWQF4RiTvkSW8eWL7R6B2FZbGwQKBgQDuVQRj72hWloR7mbEL
-aUEEv3pIXTMXWEsoMBNczos/1L1RnAN1AI44TurznasPZAWvQj+kVbLDR+TAeZrL
-iA8HIWswQUI18hFmgKzSkwIXGtubcKVrgsKeS4lMDKCM/Ef6WAYdeq6ronoY5lCN
-YrJFmGp81W5zcV7lyiycgbSiGwKBgQDmjWYf6pZjrK7Z+OJ3X1AZfi2vss15SCvL
-3fPgzIDbViztpGyQhc3DQZIsBNIu0xZp/veGce9TEeTds2ro9NfdJFeou8+fC7Pq
-sOsM3amGFFi+ZW/9BWyjZEM88bgWWAjqLHbpfHDxjAf5CSxddqxgHlbP0Ytyb1Vg
-gmPDn9YKSwKBgQDbTi3hC35WFuDHn0/zcSHcDZmnFuOZeqyFyV83yfMGhGrEuqvP
-sPgtRikajJ3IZsB4WZyYSidZXEFY/0z6NjOl2xF38MTNQPbT/FmK1q1Yt2UWrlv5
-BvSwlk87RG9D7C0LZo4R+D7cPoDdgqjiwMvMEIkEX5zn641oI1ZTmWKuuwKBgQCD
-KF+3unnRvHRAVoFnTZbA2fJdqMeRvogD04GhGlYX8V9f1hFY6nXTJaNlXVzA/J8c
-r8ra9kgjJuPfZ+ljG58OFFW2DRohLcQtuHYPfK6rMzoFHqnl9EcIcMp7ijuionR3
-29HOJFgQYgxLFXfit9d6WugiE+BTupiEbckZif13HwKBgE/lAlkVHP6YahOO2Ljc
-J1bwkqKZTB5dHolX9A58e/xXnfZ5P8f3Z83+Izap3FwqQulk7b1WO1MQcHuVg2NN
-5da0D4h2rYOXnbYIg0BVu4spQbaM6ewsp66b8+MzLOBvj8SzWdt1Oyw0q/MRyQAR
-8U4M2TSWCKUY/A6sT4W8+mT9
-----END PRIVATE KEY-----"#,
-        )
-        .expect("test RSA key should parse")
-    }
-
-    fn test_jwks(kid: &str) -> jsonwebtoken::jwk::JwkSet {
-        serde_json::from_value(serde_json::json!({
-            "keys": [{
-                "kty": "RSA",
-                "kid": kid,
-                "use": "sig",
-                "alg": "RS256",
-                "n": "1qQF2MqTrGAMDm7wXbjJP5sWqGA83tAGUs2ksy7iJXLJdhCg4AtwGm4SFl4f6kxhCSzlN1QdXuZjvRT2wZZiGUi9xUE28rf4WLrTxSnwqLuTy5knMP08yC0t_0YU_FGPZMcWb14hG05IvZr8UbmRaVagxSR8H4rSIymRoVwwmFSrqz068XrWGSYNIfLEASyo5GdAaqmk1JALINHgYGQJVxMxtwcvDxoVKmC7eltUNymMNBZhsv4E8sx9YNLpBoEibznfEpDU_DGzrM5eZCsQzaqbhBOlGd427ifud_Nnd9cPqzgCUc23-0FXSPfpbgksCXAwAmD0OFjQWrgqVdKL6Q",
-                "e": "AQAB",
-            }]
-        }))
-        .expect("test JWKS should parse")
-    }
-
-    #[test]
-    fn agent_identity_jwks_url_uses_backend_api_base_url() {
+    fn normalize_chatgpt_base_url_strips_codex_before_backend_api() {
        assert_eq!(
-            agent_identity_jwks_url("https://chatgpt.com/backend-api"),
-            "https://chatgpt.com/backend-api/wham/agent-identities/jwks"
-        );
-        assert_eq!(
-            agent_identity_jwks_url("https://chatgpt.com/backend-api/"),
-            "https://chatgpt.com/backend-api/wham/agent-identities/jwks"
-        );
-    }
-
-    #[test]
-    fn agent_identity_jwks_url_uses_codex_api_base_url() {
-        assert_eq!(
-            agent_identity_jwks_url("http://localhost:8080/api/codex"),
-            "http://localhost:8080/api/codex/agent-identities/jwks"
-        );
-        assert_eq!(
-            agent_identity_jwks_url("http://localhost:8080/api/codex/"),
-            "http://localhost:8080/api/codex/agent-identities/jwks"
+            normalize_chatgpt_base_url("https://chatgpt.com/codex"),
+            "https://chatgpt.com/backend-api"
        );
    }

--- a/codex-rs/analytics/src/analytics_client_tests.rs
+++ b/codex-rs/analytics/src/analytics_client_tests.rs
--- a/codex-rs/analytics/src/client.rs
+++ b/codex-rs/analytics/src/client.rs
@@ -22,13 +22,11 @@ use crate::facts::TurnResolvedConfigFact;
 use crate::facts::TurnTokenUsageFact;
 use crate::reducer::AnalyticsReducer;
 use codex_app_server_protocol::ClientRequest;
-use codex_app_server_protocol::ClientResponsePayload;
+use codex_app_server_protocol::ClientResponse;
 use codex_app_server_protocol::InitializeParams;
 use codex_app_server_protocol::JSONRPCErrorError;
 use codex_app_server_protocol::RequestId;
 use codex_app_server_protocol::ServerNotification;
-use codex_app_server_protocol::ServerRequest;
-use codex_app_server_protocol::ServerResponse;
 use codex_login::AuthManager;
 use codex_login::default_client::create_client;
 use codex_plugin::PluginTelemetryMetadata;
@@ -51,7 +49,8 @@ pub(crate) struct AnalyticsEventsQueue {

 #[derive(Clone)]
 pub struct AnalyticsEventsClient {
-    queue: Option<AnalyticsEventsQueue>,
+    queue: AnalyticsEventsQueue,
+    analytics_enabled: Option<bool>,
 }

 impl AnalyticsEventsQueue {
@@ -120,15 +119,11 @@ impl AnalyticsEventsClient {
        analytics_enabled: Option<bool>,
    ) -> Self {
        Self {
-            queue: (analytics_enabled != Some(false))
-                .then(|| AnalyticsEventsQueue::new(Arc::clone(&auth_manager), base_url)),
+            queue: AnalyticsEventsQueue::new(Arc::clone(&auth_manager), base_url),
+            analytics_enabled,
        }
    }

-    pub fn disabled() -> Self {
-        Self { queue: None }
-    }
-
    pub fn track_skill_invocations(
        &self,
        tracking: TrackEventsContext,
@@ -186,30 +181,16 @@ impl AnalyticsEventsClient {
        )));
    }

-    pub fn track_request(
-        &self,
-        connection_id: u64,
-        request_id: RequestId,
-        request: &ClientRequest,
-    ) {
-        if !matches!(
-            request,
-            ClientRequest::TurnStart { .. } | ClientRequest::TurnSteer { .. }
-        ) {
-            return;
-        }
-        self.record_fact(AnalyticsFact::ClientRequest {
+    pub fn track_request(&self, connection_id: u64, request_id: RequestId, request: ClientRequest) {
+        self.record_fact(AnalyticsFact::Request {
            connection_id,
            request_id,
-            request: Box::new(request.clone()),
+            request: Box::new(request),
        });
    }

    pub fn track_app_used(&self, tracking: TrackEventsContext, app: AppInvocation) {
-        let Some(queue) = self.queue.as_ref() else {
-            return;
-        };
-        if !queue.should_enqueue_app_used(&tracking, &app) {
+        if !self.queue.should_enqueue_app_used(&tracking, &app) {
            return;
        }
        self.record_fact(AnalyticsFact::Custom(CustomAnalyticsFact::AppUsed(
@@ -224,10 +205,7 @@ impl AnalyticsEventsClient {
    }

    pub fn track_plugin_used(&self, tracking: TrackEventsContext, plugin: PluginTelemetryMetadata) {
-        let Some(queue) = self.queue.as_ref() else {
-            return;
-        };
-        if !queue.should_enqueue_plugin_used(&tracking, &plugin) {
+        if !self.queue.should_enqueue_plugin_used(&tracking, &plugin) {
            return;
        }
        self.record_fact(AnalyticsFact::Custom(CustomAnalyticsFact::PluginUsed(
@@ -290,30 +268,15 @@ impl AnalyticsEventsClient {
    }

    pub(crate) fn record_fact(&self, input: AnalyticsFact) {
-        if let Some(queue) = self.queue.as_ref() {
-            queue.try_send(input);
-        }
-    }
-
-    pub fn track_response(
-        &self,
-        connection_id: u64,
-        request_id: RequestId,
-        response: ClientResponsePayload,
-    ) {
-        if !matches!(
-            response,
-            ClientResponsePayload::ThreadStart(_)
-                | ClientResponsePayload::ThreadResume(_)
-                | ClientResponsePayload::ThreadFork(_)
-                | ClientResponsePayload::TurnStart(_)
-                | ClientResponsePayload::TurnSteer(_)
-        ) {
+        if self.analytics_enabled == Some(false) {
            return;
        }
-        self.record_fact(AnalyticsFact::ClientResponse {
+        self.queue.try_send(input);
+    }
+
+    pub fn track_response(&self, connection_id: u64, response: ClientResponse) {
+        self.record_fact(AnalyticsFact::Response {
            connection_id,
-            request_id,
            response: Box::new(response),
        });
    }
@@ -333,31 +296,7 @@ impl AnalyticsEventsClient {
        });
    }

-    pub fn track_server_request(&self, connection_id: u64, request: ServerRequest) {
-        self.record_fact(AnalyticsFact::ServerRequest {
-            connection_id,
-            request: Box::new(request),
-        });
-    }
-
-    pub fn track_server_response(&self, response: ServerResponse) {
-        self.record_fact(AnalyticsFact::ServerResponse {
-            response: Box::new(response),
-        });
-    }
-
    pub fn track_notification(&self, notification: ServerNotification) {
-        if !matches!(
-            notification,
-            ServerNotification::TurnStarted(_)
-                | ServerNotification::TurnCompleted(_)
-                | ServerNotification::ItemStarted(_)
-                | ServerNotification::ItemCompleted(_)
-                | ServerNotification::ItemGuardianApprovalReviewStarted(_)
-                | ServerNotification::ItemGuardianApprovalReviewCompleted(_)
-        ) {
-            return;
-        }
        self.record_fact(AnalyticsFact::Notification(Box::new(notification)));
    }
 }
@@ -402,7 +341,3 @@ async fn send_track_events(
        }
    }
 }
-
-#[cfg(test)]
-#[path = "client_tests.rs"]
-mod tests;
--- a/codex-rs/analytics/src/client_tests.rs
+++ b/codex-rs/analytics/src/client_tests.rs
@@ -1,224 +0,0 @@
-use super::AnalyticsEventsClient;
-use super::AnalyticsEventsQueue;
-use crate::facts::AnalyticsFact;
-use codex_app_server_protocol::ApprovalsReviewer as AppServerApprovalsReviewer;
-use codex_app_server_protocol::AskForApproval as AppServerAskForApproval;
-use codex_app_server_protocol::ClientRequest;
-use codex_app_server_protocol::ClientResponsePayload;
-use codex_app_server_protocol::PermissionProfile as AppServerPermissionProfile;
-use codex_app_server_protocol::RequestId;
-use codex_app_server_protocol::SandboxPolicy as AppServerSandboxPolicy;
-use codex_app_server_protocol::SessionSource as AppServerSessionSource;
-use codex_app_server_protocol::Thread;
-use codex_app_server_protocol::ThreadArchiveParams;
-use codex_app_server_protocol::ThreadArchiveResponse;
-use codex_app_server_protocol::ThreadForkResponse;
-use codex_app_server_protocol::ThreadResumeResponse;
-use codex_app_server_protocol::ThreadStartResponse;
-use codex_app_server_protocol::ThreadStatus as AppServerThreadStatus;
-use codex_app_server_protocol::Turn;
-use codex_app_server_protocol::TurnStartParams;
-use codex_app_server_protocol::TurnStartResponse;
-use codex_app_server_protocol::TurnStatus as AppServerTurnStatus;
-use codex_app_server_protocol::TurnSteerParams;
-use codex_app_server_protocol::TurnSteerResponse;
-use codex_protocol::models::PermissionProfile as CorePermissionProfile;
-use codex_utils_absolute_path::test_support::PathBufExt;
-use codex_utils_absolute_path::test_support::test_path_buf;
-use std::collections::HashSet;
-use std::sync::Arc;
-use std::sync::Mutex;
-use tokio::sync::mpsc;
-use tokio::sync::mpsc::error::TryRecvError;
-
-fn client_with_receiver() -> (AnalyticsEventsClient, mpsc::Receiver<AnalyticsFact>) {
-    let (sender, receiver) = mpsc::channel(8);
-    let queue = AnalyticsEventsQueue {
-        sender,
-        app_used_emitted_keys: Arc::new(Mutex::new(HashSet::new())),
-        plugin_used_emitted_keys: Arc::new(Mutex::new(HashSet::new())),
-    };
-    (AnalyticsEventsClient { queue: Some(queue) }, receiver)
-}
-
-fn sample_turn_start_request() -> ClientRequest {
-    ClientRequest::TurnStart {
-        request_id: RequestId::Integer(1),
-        params: TurnStartParams {
-            thread_id: "thread-1".to_string(),
-            input: Vec::new(),
-            ..Default::default()
-        },
-    }
-}
-
-fn sample_turn_steer_request() -> ClientRequest {
-    ClientRequest::TurnSteer {
-        request_id: RequestId::Integer(2),
-        params: TurnSteerParams {
-            thread_id: "thread-1".to_string(),
-            expected_turn_id: "turn-1".to_string(),
-            input: Vec::new(),
-            responsesapi_client_metadata: None,
-        },
-    }
-}
-
-fn sample_thread_archive_request() -> ClientRequest {
-    ClientRequest::ThreadArchive {
-        request_id: RequestId::Integer(3),
-        params: ThreadArchiveParams {
-            thread_id: "thread-1".to_string(),
-        },
-    }
-}
-
-fn sample_thread(thread_id: &str) -> Thread {
-    Thread {
-        id: thread_id.to_string(),
-        session_id: format!("session-{thread_id}"),
-        forked_from_id: None,
-        preview: "first prompt".to_string(),
-        ephemeral: false,
-        model_provider: "openai".to_string(),
-        created_at: 1,
-        updated_at: 2,
-        status: AppServerThreadStatus::Idle,
-        path: None,
-        cwd: test_path_buf("/tmp").abs(),
-        cli_version: "0.0.0".to_string(),
-        source: AppServerSessionSource::Exec,
-        thread_source: None,
-        agent_nickname: None,
-        agent_role: None,
-        git_info: None,
-        name: None,
-        turns: Vec::new(),
-    }
-}
-
-fn sample_permission_profile() -> AppServerPermissionProfile {
-    CorePermissionProfile::Disabled.into()
-}
-
-fn sample_thread_start_response() -> ClientResponsePayload {
-    ClientResponsePayload::ThreadStart(ThreadStartResponse {
-        thread: sample_thread("thread-1"),
-        model: "gpt-5".to_string(),
-        model_provider: "openai".to_string(),
-        service_tier: None,
-        cwd: test_path_buf("/tmp").abs(),
-        instruction_sources: Vec::new(),
-        approval_policy: AppServerAskForApproval::OnFailure,
-        approvals_reviewer: AppServerApprovalsReviewer::User,
-        sandbox: AppServerSandboxPolicy::DangerFullAccess,
-        permission_profile: Some(sample_permission_profile()),
-        active_permission_profile: None,
-        reasoning_effort: None,
-    })
-}
-
-fn sample_thread_resume_response() -> ClientResponsePayload {
-    ClientResponsePayload::ThreadResume(ThreadResumeResponse {
-        thread: sample_thread("thread-2"),
-        model: "gpt-5".to_string(),
-        model_provider: "openai".to_string(),
-        service_tier: None,
-        cwd: test_path_buf("/tmp").abs(),
-        instruction_sources: Vec::new(),
-        approval_policy: AppServerAskForApproval::OnFailure,
-        approvals_reviewer: AppServerApprovalsReviewer::User,
-        sandbox: AppServerSandboxPolicy::DangerFullAccess,
-        permission_profile: Some(sample_permission_profile()),
-        active_permission_profile: None,
-        reasoning_effort: None,
-    })
-}
-
-fn sample_thread_fork_response() -> ClientResponsePayload {
-    ClientResponsePayload::ThreadFork(ThreadForkResponse {
-        thread: sample_thread("thread-3"),
-        model: "gpt-5".to_string(),
-        model_provider: "openai".to_string(),
-        service_tier: None,
-        cwd: test_path_buf("/tmp").abs(),
-        instruction_sources: Vec::new(),
-        approval_policy: AppServerAskForApproval::OnFailure,
-        approvals_reviewer: AppServerApprovalsReviewer::User,
-        sandbox: AppServerSandboxPolicy::DangerFullAccess,
-        permission_profile: Some(sample_permission_profile()),
-        active_permission_profile: None,
-        reasoning_effort: None,
-    })
-}
-
-fn sample_turn_start_response() -> ClientResponsePayload {
-    ClientResponsePayload::TurnStart(TurnStartResponse {
-        turn: Turn {
-            id: "turn-1".to_string(),
-            items_view: codex_app_server_protocol::TurnItemsView::Full,
-            items: Vec::new(),
-            status: AppServerTurnStatus::InProgress,
-            error: None,
-            started_at: None,
-            completed_at: None,
-            duration_ms: None,
-        },
-    })
-}
-
-fn sample_turn_steer_response() -> ClientResponsePayload {
-    ClientResponsePayload::TurnSteer(TurnSteerResponse {
-        turn_id: "turn-2".to_string(),
-    })
-}
-
-#[test]
-fn track_request_only_enqueues_analytics_relevant_requests() {
-    let (client, mut receiver) = client_with_receiver();
-
-    for (request_id, request) in [
-        (RequestId::Integer(1), sample_turn_start_request()),
-        (RequestId::Integer(2), sample_turn_steer_request()),
-    ] {
-        client.track_request(/*connection_id*/ 7, request_id, &request);
-        assert!(matches!(
-            receiver.try_recv(),
-            Ok(AnalyticsFact::ClientRequest { .. })
-        ));
-    }
-
-    let ignored_request = sample_thread_archive_request();
-    client.track_request(
-        /*connection_id*/ 7,
-        RequestId::Integer(3),
-        &ignored_request,
-    );
-    assert!(matches!(receiver.try_recv(), Err(TryRecvError::Empty)));
-}
-
-#[test]
-fn track_response_only_enqueues_analytics_relevant_responses() {
-    let (client, mut receiver) = client_with_receiver();
-
-    for (request_id, response) in [
-        (RequestId::Integer(1), sample_thread_start_response()),
-        (RequestId::Integer(2), sample_thread_resume_response()),
-        (RequestId::Integer(3), sample_thread_fork_response()),
-        (RequestId::Integer(4), sample_turn_start_response()),
-        (RequestId::Integer(5), sample_turn_steer_response()),
-    ] {
-        client.track_response(/*connection_id*/ 7, request_id, response);
-        assert!(matches!(
-            receiver.try_recv(),
-            Ok(AnalyticsFact::ClientResponse { .. })
-        ));
-    }
-
-    client.track_response(
-        /*connection_id*/ 7,
-        RequestId::Integer(6),
-        ClientResponsePayload::ThreadArchive(ThreadArchiveResponse {}),
-    );
-    assert!(matches!(receiver.try_recv(), Err(TryRecvError::Empty)));
-}
--- a/codex-rs/analytics/src/events.rs
+++ b/codex-rs/analytics/src/events.rs
@@ -20,7 +20,6 @@ use crate::facts::TurnSteerResult;
 use crate::facts::TurnSubmissionType;
 use crate::now_unix_seconds;
 use codex_app_server_protocol::CodexErrorInfo;
-use codex_app_server_protocol::CommandExecutionSource;
 use codex_login::default_client::originator;
 use codex_plugin::PluginTelemetryMetadata;
 use codex_protocol::approvals::NetworkApprovalProtocol;
@@ -34,7 +33,6 @@ use codex_protocol::protocol::HookEventName;
 use codex_protocol::protocol::HookRunStatus;
 use codex_protocol::protocol::HookSource;
 use codex_protocol::protocol::SubAgentSource;
-use codex_protocol::protocol::ThreadSource;
 use codex_protocol::protocol::TokenUsage;
 use serde::Serialize;

@@ -63,13 +61,6 @@ pub(crate) enum TrackEventRequest {
    Compaction(Box<CodexCompactionEventRequest>),
    TurnEvent(Box<CodexTurnEventRequest>),
    TurnSteer(CodexTurnSteerEventRequest),
-    CommandExecution(CodexCommandExecutionEventRequest),
-    FileChange(CodexFileChangeEventRequest),
-    McpToolCall(CodexMcpToolCallEventRequest),
-    DynamicToolCall(CodexDynamicToolCallEventRequest),
-    CollabAgentToolCall(CodexCollabAgentToolCallEventRequest),
-    WebSearch(CodexWebSearchEventRequest),
-    ImageGeneration(CodexImageGenerationEventRequest),
    PluginUsed(CodexPluginUsedEventRequest),
    PluginInstalled(CodexPluginEventRequest),
    PluginUninstalled(CodexPluginEventRequest),
@@ -89,10 +80,8 @@ pub(crate) struct SkillInvocationEventRequest {
 pub(crate) struct SkillInvocationEventParams {
    pub(crate) product_client_id: Option<String>,
    pub(crate) skill_scope: Option<String>,
-    pub(crate) plugin_id: Option<String>,
    pub(crate) repo_url: Option<String>,
    pub(crate) thread_id: Option<String>,
-    pub(crate) turn_id: Option<String>,
    pub(crate) invoke_type: Option<InvocationType>,
    pub(crate) model_slug: Option<String>,
 }
@@ -121,7 +110,7 @@ pub(crate) struct ThreadInitializedEventParams {
    pub(crate) runtime: CodexRuntimeMetadata,
    pub(crate) model: String,
    pub(crate) ephemeral: bool,
-    pub(crate) thread_source: Option<ThreadSource>,
+    pub(crate) thread_source: Option<&'static str>,
    pub(crate) initialization_mode: ThreadInitializationMode,
    pub(crate) subagent_source: Option<String>,
    pub(crate) parent_thread_id: Option<String>,
@@ -395,199 +384,6 @@ pub(crate) struct GuardianReviewEventPayload {
    pub(crate) guardian_review: GuardianReviewEventParams,
 }

-#[allow(dead_code)]
-#[derive(Clone, Copy, Debug, Serialize)]
-#[serde(rename_all = "snake_case")]
-pub(crate) enum ToolItemFinalApprovalOutcome {
-    Unknown,
-    NotNeeded,
-    ConfigAllowed,
-    PolicyForbidden,
-    GuardianApproved,
-    GuardianDenied,
-    GuardianAborted,
-    UserApproved,
-    UserApprovedForSession,
-    UserDenied,
-    UserAborted,
-}
-
-#[allow(dead_code)]
-#[derive(Clone, Copy, Debug, Serialize)]
-#[serde(rename_all = "snake_case")]
-pub(crate) enum ToolItemTerminalStatus {
-    Completed,
-    Failed,
-    Rejected,
-    Interrupted,
-}
-
-#[allow(dead_code)]
-#[derive(Clone, Copy, Debug, Serialize)]
-#[serde(rename_all = "snake_case")]
-pub(crate) enum ToolItemFailureKind {
-    ToolError,
-    ApprovalDenied,
-    ApprovalAborted,
-    SandboxDenied,
-    PolicyForbidden,
-}
-
-#[derive(Serialize)]
-pub(crate) struct CodexToolItemEventBase {
-    pub(crate) thread_id: String,
-    pub(crate) turn_id: String,
-    /// App-server ThreadItem.id. For tool-originated items this generally
-    /// corresponds to the originating core call_id.
-    pub(crate) item_id: String,
-    pub(crate) app_server_client: CodexAppServerClientMetadata,
-    pub(crate) runtime: CodexRuntimeMetadata,
-    pub(crate) thread_source: Option<&'static str>,
-    pub(crate) subagent_source: Option<String>,
-    pub(crate) parent_thread_id: Option<String>,
-    pub(crate) tool_name: String,
-    pub(crate) started_at_ms: u64,
-    pub(crate) completed_at_ms: u64,
-    // Observed item lifecycle duration. This may undercount end-to-end execution
-    // for tools where app-server only sees part of the upstream flow.
-    pub(crate) duration_ms: Option<u64>,
-    pub(crate) execution_duration_ms: Option<u64>,
-    pub(crate) review_count: u64,
-    pub(crate) guardian_review_count: u64,
-    pub(crate) user_review_count: u64,
-    pub(crate) final_approval_outcome: ToolItemFinalApprovalOutcome,
-    pub(crate) terminal_status: ToolItemTerminalStatus,
-    pub(crate) failure_kind: Option<ToolItemFailureKind>,
-    pub(crate) requested_additional_permissions: bool,
-    pub(crate) requested_network_access: bool,
-}
-
-#[derive(Clone, Copy, Debug, Serialize)]
-#[serde(rename_all = "snake_case")]
-pub(crate) enum WebSearchActionKind {
-    Search,
-    OpenPage,
-    FindInPage,
-    Other,
-}
-
-#[derive(Serialize)]
-pub(crate) struct CodexCommandExecutionEventParams {
-    #[serde(flatten)]
-    pub(crate) base: CodexToolItemEventBase,
-    pub(crate) command_execution_source: CommandExecutionSource,
-    pub(crate) exit_code: Option<i32>,
-    pub(crate) command_total_action_count: u64,
-    pub(crate) command_read_action_count: u64,
-    pub(crate) command_list_files_action_count: u64,
-    pub(crate) command_search_action_count: u64,
-    pub(crate) command_unknown_action_count: u64,
-}
-
-#[derive(Serialize)]
-pub(crate) struct CodexCommandExecutionEventRequest {
-    pub(crate) event_type: &'static str,
-    pub(crate) event_params: CodexCommandExecutionEventParams,
-}
-
-#[derive(Serialize)]
-pub(crate) struct CodexFileChangeEventParams {
-    #[serde(flatten)]
-    pub(crate) base: CodexToolItemEventBase,
-    pub(crate) file_change_count: u64,
-    pub(crate) file_add_count: u64,
-    pub(crate) file_update_count: u64,
-    pub(crate) file_delete_count: u64,
-    pub(crate) file_move_count: u64,
-}
-
-#[derive(Serialize)]
-pub(crate) struct CodexFileChangeEventRequest {
-    pub(crate) event_type: &'static str,
-    pub(crate) event_params: CodexFileChangeEventParams,
-}
-
-#[derive(Serialize)]
-pub(crate) struct CodexMcpToolCallEventParams {
-    #[serde(flatten)]
-    pub(crate) base: CodexToolItemEventBase,
-    pub(crate) mcp_server_name: String,
-    pub(crate) mcp_tool_name: String,
-    pub(crate) mcp_error_present: bool,
-}
-
-#[derive(Serialize)]
-pub(crate) struct CodexMcpToolCallEventRequest {
-    pub(crate) event_type: &'static str,
-    pub(crate) event_params: CodexMcpToolCallEventParams,
-}
-
-#[derive(Serialize)]
-pub(crate) struct CodexDynamicToolCallEventParams {
-    #[serde(flatten)]
-    pub(crate) base: CodexToolItemEventBase,
-    pub(crate) dynamic_tool_name: String,
-    pub(crate) success: Option<bool>,
-    pub(crate) output_content_item_count: Option<u64>,
-    pub(crate) output_text_item_count: Option<u64>,
-    pub(crate) output_image_item_count: Option<u64>,
-}
-
-#[derive(Serialize)]
-pub(crate) struct CodexDynamicToolCallEventRequest {
-    pub(crate) event_type: &'static str,
-    pub(crate) event_params: CodexDynamicToolCallEventParams,
-}
-
-#[derive(Serialize)]
-pub(crate) struct CodexCollabAgentToolCallEventParams {
-    #[serde(flatten)]
-    pub(crate) base: CodexToolItemEventBase,
-    pub(crate) sender_thread_id: String,
-    pub(crate) receiver_thread_count: u64,
-    pub(crate) receiver_thread_ids: Option<Vec<String>>,
-    pub(crate) requested_model: Option<String>,
-    pub(crate) requested_reasoning_effort: Option<String>,
-    pub(crate) agent_state_count: Option<u64>,
-    pub(crate) completed_agent_count: Option<u64>,
-    pub(crate) failed_agent_count: Option<u64>,
-}
-
-#[derive(Serialize)]
-pub(crate) struct CodexCollabAgentToolCallEventRequest {
-    pub(crate) event_type: &'static str,
-    pub(crate) event_params: CodexCollabAgentToolCallEventParams,
-}
-
-#[derive(Serialize)]
-pub(crate) struct CodexWebSearchEventParams {
-    #[serde(flatten)]
-    pub(crate) base: CodexToolItemEventBase,
-    pub(crate) web_search_action: Option<WebSearchActionKind>,
-    pub(crate) query_present: bool,
-    pub(crate) query_count: Option<u64>,
-}
-
-#[derive(Serialize)]
-pub(crate) struct CodexWebSearchEventRequest {
-    pub(crate) event_type: &'static str,
-    pub(crate) event_params: CodexWebSearchEventParams,
-}
-
-#[derive(Serialize)]
-pub(crate) struct CodexImageGenerationEventParams {
-    #[serde(flatten)]
-    pub(crate) base: CodexToolItemEventBase,
-    pub(crate) revised_prompt_present: bool,
-    pub(crate) saved_path_present: bool,
-}
-
-#[derive(Serialize)]
-pub(crate) struct CodexImageGenerationEventRequest {
-    pub(crate) event_type: &'static str,
-    pub(crate) event_params: CodexImageGenerationEventParams,
-}
-
 #[derive(Serialize)]
 pub(crate) struct CodexAppMetadata {
    pub(crate) connector_id: Option<String>,
@@ -633,7 +429,7 @@ pub(crate) struct CodexCompactionEventParams {
    pub(crate) turn_id: String,
    pub(crate) app_server_client: CodexAppServerClientMetadata,
    pub(crate) runtime: CodexRuntimeMetadata,
-    pub(crate) thread_source: Option<ThreadSource>,
+    pub(crate) thread_source: Option<&'static str>,
    pub(crate) subagent_source: Option<String>,
    pub(crate) parent_thread_id: Option<String>,
    pub(crate) trigger: CompactionTrigger,
@@ -666,7 +462,7 @@ pub(crate) struct CodexTurnEventParams {
    pub(crate) app_server_client: CodexAppServerClientMetadata,
    pub(crate) runtime: CodexRuntimeMetadata,
    pub(crate) ephemeral: bool,
-    pub(crate) thread_source: Option<ThreadSource>,
+    pub(crate) thread_source: Option<String>,
    pub(crate) initialization_mode: ThreadInitializationMode,
    pub(crate) subagent_source: Option<String>,
    pub(crate) parent_thread_id: Option<String>,
@@ -719,7 +515,7 @@ pub(crate) struct CodexTurnSteerEventParams {
    pub(crate) accepted_turn_id: Option<String>,
    pub(crate) app_server_client: CodexAppServerClientMetadata,
    pub(crate) runtime: CodexRuntimeMetadata,
-    pub(crate) thread_source: Option<ThreadSource>,
+    pub(crate) thread_source: Option<String>,
    pub(crate) subagent_source: Option<String>,
    pub(crate) parent_thread_id: Option<String>,
    pub(crate) num_input_images: usize,
@@ -791,16 +587,11 @@ pub(crate) fn codex_app_metadata(
 }

 pub(crate) fn codex_plugin_metadata(plugin: PluginTelemetryMetadata) -> CodexPluginMetadata {
-    let PluginTelemetryMetadata {
-        plugin_id,
-        remote_plugin_id,
-        capability_summary,
-    } = plugin;
-    let event_plugin_id = remote_plugin_id.unwrap_or_else(|| plugin_id.as_key());
+    let capability_summary = plugin.capability_summary;
    CodexPluginMetadata {
-        plugin_id: Some(event_plugin_id),
-        plugin_name: Some(plugin_id.plugin_name),
-        marketplace_name: Some(plugin_id.marketplace_name),
+        plugin_id: Some(plugin.plugin_id.as_key()),
+        plugin_name: Some(plugin.plugin_id.plugin_name),
+        marketplace_name: Some(plugin.plugin_id.marketplace_name),
        has_skills: capability_summary
            .as_ref()
            .map(|summary| summary.has_skills),
@@ -822,7 +613,7 @@ pub(crate) fn codex_compaction_event_params(
    input: CodexCompactionEvent,
    app_server_client: CodexAppServerClientMetadata,
    runtime: CodexRuntimeMetadata,
-    thread_source: Option<ThreadSource>,
+    thread_source: Option<&'static str>,
    subagent_source: Option<String>,
    parent_thread_id: Option<String>,
 ) -> CodexCompactionEventParams {
@@ -880,8 +671,6 @@ fn analytics_hook_event_name(event_name: HookEventName) -> &'static str {
        HookEventName::PreToolUse => "PreToolUse",
        HookEventName::PermissionRequest => "PermissionRequest",
        HookEventName::PostToolUse => "PostToolUse",
-        HookEventName::PreCompact => "PreCompact",
-        HookEventName::PostCompact => "PostCompact",
        HookEventName::SessionStart => "SessionStart",
        HookEventName::UserPromptSubmit => "UserPromptSubmit",
        HookEventName::Stop => "Stop",
@@ -895,8 +684,6 @@ fn analytics_hook_source(source: HookSource) -> &'static str {
        HookSource::Project => "project",
        HookSource::Mdm => "mdm",
        HookSource::SessionFlags => "session_flags",
-        HookSource::Plugin => "plugin",
-        HookSource::CloudRequirements => "cloud_requirements",
        HookSource::LegacyManagedConfigFile => "legacy_managed_config_file",
        HookSource::LegacyManagedConfigMdm => "legacy_managed_config_mdm",
        HookSource::Unknown => "unknown",
@@ -928,7 +715,7 @@ pub(crate) fn subagent_thread_started_event_request(
        runtime: current_runtime_metadata(),
        model: input.model,
        ephemeral: input.ephemeral,
-        thread_source: Some(ThreadSource::Subagent),
+        thread_source: Some("subagent"),
        initialization_mode: ThreadInitializationMode::New,
        subagent_source: Some(subagent_source_name(&input.subagent_source)),
        parent_thread_id: input
--- a/codex-rs/analytics/src/facts.rs
+++ b/codex-rs/analytics/src/facts.rs
@@ -2,13 +2,11 @@ use crate::events::AppServerRpcTransport;
 use crate::events::CodexRuntimeMetadata;
 use crate::events::GuardianReviewEventParams;
 use codex_app_server_protocol::ClientRequest;
-use codex_app_server_protocol::ClientResponsePayload;
+use codex_app_server_protocol::ClientResponse;
 use codex_app_server_protocol::InitializeParams;
 use codex_app_server_protocol::JSONRPCErrorError;
 use codex_app_server_protocol::RequestId;
 use codex_app_server_protocol::ServerNotification;
-use codex_app_server_protocol::ServerRequest;
-use codex_app_server_protocol::ServerResponse;
 use codex_plugin::PluginTelemetryMetadata;
 use codex_protocol::config_types::ApprovalsReviewer;
 use codex_protocol::config_types::ModeKind;
@@ -173,7 +171,6 @@ pub struct SkillInvocation {
    pub skill_name: String,
    pub skill_scope: SkillScope,
    pub skill_path: PathBuf,
-    pub plugin_id: Option<String>,
    pub invocation_type: InvocationType,
 }

@@ -275,15 +272,14 @@ pub(crate) enum AnalyticsFact {
        runtime: CodexRuntimeMetadata,
        rpc_transport: AppServerRpcTransport,
    },
-    ClientRequest {
+    Request {
        connection_id: u64,
        request_id: RequestId,
        request: Box<ClientRequest>,
    },
-    ClientResponse {
+    Response {
        connection_id: u64,
-        request_id: RequestId,
-        response: Box<ClientResponsePayload>,
+        response: Box<ClientResponse>,
    },
    ErrorResponse {
        connection_id: u64,
@@ -291,13 +287,6 @@ pub(crate) enum AnalyticsFact {
        error: JSONRPCErrorError,
        error_type: Option<AnalyticsJsonRpcError>,
    },
-    ServerRequest {
-        connection_id: u64,
-        request: Box<ServerRequest>,
-    },
-    ServerResponse {
-        response: Box<ServerResponse>,
-    },
    Notification(Box<ServerNotification>),
    // Facts that do not naturally exist on the app-server protocol surface, or
    // would require non-trivial protocol reshaping on this branch.
--- a/codex-rs/analytics/src/lib.rs
+++ b/codex-rs/analytics/src/lib.rs
@@ -51,27 +51,3 @@ pub fn now_unix_seconds() -> u64 {
        .unwrap_or_default()
        .as_secs()
 }
-
-pub fn now_unix_millis() -> u64 {
-    u64::try_from(
-        SystemTime::now()
-            .duration_since(UNIX_EPOCH)
-            .unwrap_or_default()
-            .as_millis(),
-    )
-    .unwrap_or(u64::MAX)
-}
-
-pub(crate) fn serialize_enum_as_string<T: serde::Serialize>(value: &T) -> Option<String> {
-    serde_json::to_value(value)
-        .ok()
-        .and_then(|value| value.as_str().map(str::to_string))
-}
-
-pub(crate) fn usize_to_u64(value: usize) -> u64 {
-    u64::try_from(value).unwrap_or(u64::MAX)
-}
-
-pub(crate) fn option_i64_to_u64(value: Option<i64>) -> Option<u64> {
-    value.and_then(|value| u64::try_from(value).ok())
-}
--- a/codex-rs/analytics/src/reducer.rs
+++ b/codex-rs/analytics/src/reducer.rs
--- a/codex-rs/app-server-client/Cargo.toml
+++ b/codex-rs/app-server-client/Cargo.toml
@@ -33,5 +33,4 @@ url = { workspace = true }
 [dev-dependencies]
 pretty_assertions = { workspace = true }
 serde_json = { workspace = true }
-tempfile = { workspace = true }
 tokio = { workspace = true, features = ["macros", "rt-multi-thread"] }
--- a/codex-rs/app-server-client/src/lib.rs
+++ b/codex-rs/app-server-client/src/lib.rs
@@ -29,7 +29,6 @@ pub use codex_app_server::in_process::DEFAULT_IN_PROCESS_CHANNEL_CAPACITY;
 pub use codex_app_server::in_process::InProcessServerEvent;
 use codex_app_server::in_process::InProcessStartArgs;
 use codex_app_server::in_process::LogDbLayer;
-pub use codex_app_server::in_process::StateDbHandle;
 use codex_app_server_protocol::ClientInfo;
 use codex_app_server_protocol::ClientNotification;
 use codex_app_server_protocol::ClientRequest;
@@ -72,9 +71,12 @@ pub mod legacy_core {
    pub use codex_core::DEFAULT_AGENTS_MD_FILENAME;
    pub use codex_core::LOCAL_AGENTS_MD_FILENAME;
    pub use codex_core::McpManager;
+    pub use codex_core::append_message_history_entry;
    pub use codex_core::check_execpolicy_for_warnings;
    pub use codex_core::format_exec_policy_error_with_source;
    pub use codex_core::grant_read_root_non_elevated;
+    pub use codex_core::lookup_message_history_entry;
+    pub use codex_core::message_history_metadata;
    pub use codex_core::web_search_detail;

    pub mod config {
@@ -97,6 +99,10 @@ pub mod legacy_core {
        pub use codex_core::personality_migration::*;
    }

+    pub mod plugins {
+        pub use codex_core::plugins::PluginsManager;
+    }
+
    pub mod review_format {
        pub use codex_core::review_format::*;
    }
@@ -298,15 +304,7 @@ impl fmt::Display for TypedRequestError {
                write!(f, "{method} transport error: {source}")
            }
            Self::Server { method, source } => {
-                write!(
-                    f,
-                    "{method} failed: {} (code {})",
-                    source.message, source.code
-                )?;
-                if let Some(data) = source.data.as_ref() {
-                    write!(f, ", data: {data}")?;
-                }
-                Ok(())
+                write!(f, "{method} failed: {}", source.message)
            }
            Self::Deserialize { method, source } => {
                write!(f, "{method} response decode error: {source}")
@@ -341,8 +339,6 @@ pub struct InProcessClientStartArgs {
    pub feedback: CodexFeedback,
    /// SQLite tracing layer used to flush recently emitted logs before feedback upload.
    pub log_db: Option<LogDbLayer>,
-    /// Process-wide SQLite state handle shared with the embedded app-server.
-    pub state_db: Option<StateDbHandle>,
    /// Environment manager used by core execution and filesystem operations.
    pub environment_manager: Arc<EnvironmentManager>,
    /// Startup warnings emitted after initialize succeeds.
@@ -404,7 +400,6 @@ impl InProcessClientStartArgs {
            thread_config_loader,
            feedback: self.feedback,
            log_db: self.log_db,
-            state_db: self.state_db,
            environment_manager: self.environment_manager,
            config_warnings: self.config_warnings,
            session_source: self.session_source,
@@ -951,13 +946,9 @@ mod tests {
    use codex_app_server_protocol::ToolRequestUserInputParams;
    use codex_app_server_protocol::ToolRequestUserInputQuestion;
    use codex_core::config::ConfigBuilder;
-    use codex_core::init_state_db;
    use futures::SinkExt;
    use futures::StreamExt;
    use pretty_assertions::assert_eq;
-    use std::ops::Deref;
-    use std::path::Path;
-    use tempfile::TempDir;
    use tokio::net::TcpListener;
    use tokio::time::Duration;
    use tokio::time::timeout;
@@ -976,59 +967,18 @@ mod tests {
        }
    }

-    async fn build_test_config_for_codex_home(codex_home: &Path) -> Config {
-        match ConfigBuilder::default()
-            .codex_home(codex_home.to_path_buf())
-            .build()
-            .await
-        {
-            Ok(config) => config,
-            Err(_) => Config::load_default_with_cli_overrides_for_codex_home(
-                codex_home.to_path_buf(),
-                Vec::new(),
-            )
-            .await
-            .expect("default config should load"),
-        }
-    }
-
-    struct TestClient {
-        _codex_home: TempDir,
-        client: InProcessAppServerClient,
-    }
-
-    impl Deref for TestClient {
-        type Target = InProcessAppServerClient;
-
-        fn deref(&self) -> &Self::Target {
-            &self.client
-        }
-    }
-
-    impl TestClient {
-        async fn shutdown(self) -> IoResult<()> {
-            self.client.shutdown().await
-        }
-    }
-
    async fn start_test_client_with_capacity(
        session_source: SessionSource,
        channel_capacity: usize,
-    ) -> TestClient {
-        let codex_home = TempDir::new().expect("temp dir");
-        let config = Arc::new(build_test_config_for_codex_home(codex_home.path()).await);
-        let state_db = init_state_db(config.as_ref())
-            .await
-            .expect("state db should initialize for in-process test");
-        let client = InProcessAppServerClient::start(InProcessClientStartArgs {
+    ) -> InProcessAppServerClient {
+        InProcessAppServerClient::start(InProcessClientStartArgs {
            arg0_paths: Arg0DispatchPaths::default(),
-            config,
+            config: Arc::new(build_test_config().await),
            cli_overrides: Vec::new(),
            loader_overrides: LoaderOverrides::default(),
            cloud_requirements: CloudRequirementsLoader::default(),
            feedback: CodexFeedback::new(),
            log_db: None,
-            state_db: Some(state_db),
            environment_manager: Arc::new(EnvironmentManager::default_for_tests()),
            config_warnings: Vec::new(),
            session_source,
@@ -1040,15 +990,10 @@ mod tests {
            channel_capacity,
        })
        .await
-        .expect("in-process app-server client should start");
-
-        TestClient {
-            _codex_home: codex_home,
-            client,
-        }
+        .expect("in-process app-server client should start")
    }

-    async fn start_test_client(session_source: SessionSource) -> TestClient {
+    async fn start_test_client(session_source: SessionSource) -> InProcessAppServerClient {
        start_test_client_with_capacity(session_source, DEFAULT_IN_PROCESS_CHANNEL_CAPACITY).await
    }

@@ -1185,7 +1130,6 @@ mod tests {
        ServerNotification::ItemCompleted(codex_app_server_protocol::ItemCompletedNotification {
            thread_id: "thread".to_string(),
            turn_id: "turn".to_string(),
-            completed_at_ms: 0,
            item: codex_app_server_protocol::ThreadItem::AgentMessage {
                id: "item".to_string(),
                text: text.to_string(),
@@ -1200,7 +1144,6 @@ mod tests {
            thread_id: "thread".to_string(),
            turn: codex_app_server_protocol::Turn {
                id: "turn".to_string(),
-                items_view: codex_app_server_protocol::TurnItemsView::Full,
                items: Vec::new(),
                status: codex_app_server_protocol::TurnStatus::Completed,
                error: None,
@@ -1453,55 +1396,6 @@ mod tests {
        client.shutdown().await.expect("shutdown should complete");
    }

-    #[tokio::test]
-    async fn remote_typed_request_accepts_large_single_frame_response() {
-        let padding = "x".repeat((17 << 20) + 1024);
-        let websocket_url = start_test_remote_server(move |mut websocket| async move {
-            expect_remote_initialize(&mut websocket).await;
-            let JSONRPCMessage::Request(request) = read_websocket_message(&mut websocket).await
-            else {
-                panic!("expected account/read request");
-            };
-            assert_eq!(request.method, "account/read");
-            write_websocket_message(
-                &mut websocket,
-                JSONRPCMessage::Response(JSONRPCResponse {
-                    id: request.id,
-                    result: serde_json::json!({
-                        "account": null,
-                        "requiresOpenaiAuth": false,
-                        "padding": padding,
-                    }),
-                }),
-            )
-            .await;
-            websocket.close(None).await.expect("close should succeed");
-        })
-        .await;
-        let client = RemoteAppServerClient::connect(test_remote_connect_args(websocket_url))
-            .await
-            .expect("remote client should connect");
-
-        let response: GetAccountResponse = client
-            .request_typed(ClientRequest::GetAccount {
-                request_id: RequestId::Integer(1),
-                params: codex_app_server_protocol::GetAccountParams {
-                    refresh_token: false,
-                },
-            })
-            .await
-            .expect("large typed request should succeed");
-        assert_eq!(
-            response,
-            GetAccountResponse {
-                account: None,
-                requires_openai_auth: false,
-            }
-        );
-
-        client.shutdown().await.expect("shutdown should complete");
-    }
-
    #[tokio::test]
    async fn remote_connect_includes_auth_header_when_configured() {
        let auth_token = "remote-bearer-token".to_string();
@@ -1976,15 +1870,11 @@ mod tests {
            method: "thread/read".to_string(),
            source: JSONRPCErrorError {
                code: -32603,
-                data: Some(serde_json::json!({"detail": "config lock mismatch"})),
+                data: None,
                message: "internal".to_string(),
            },
        };
        assert_eq!(std::error::Error::source(&server).is_some(), false);
-        assert_eq!(
-            server.to_string(),
-            "thread/read failed: internal (code -32603), data: {\"detail\":\"config lock mismatch\"}"
-        );

        let deserialize = TypedRequestError::Deserialize {
            method: "thread/start".to_string(),
@@ -2031,7 +1921,6 @@ mod tests {
                        thread_id: "thread".to_string(),
                        turn: codex_app_server_protocol::Turn {
                            id: "turn".to_string(),
-                            items_view: codex_app_server_protocol::TurnItemsView::Full,
                            items: Vec::new(),
                            status: codex_app_server_protocol::TurnStatus::Completed,
                            error: None,
@@ -2061,7 +1950,6 @@ mod tests {
                    codex_app_server_protocol::ItemCompletedNotification {
                        thread_id: "thread".to_string(),
                        turn_id: "turn".to_string(),
-                        completed_at_ms: 0,
                        item: codex_app_server_protocol::ThreadItem::AgentMessage {
                            id: "item".to_string(),
                            text: "hello".to_string(),
@@ -2092,17 +1980,14 @@ mod tests {
    #[tokio::test]
    async fn runtime_start_args_forward_environment_manager() {
        let config = Arc::new(build_test_config().await);
-        let environment_manager = Arc::new(
-            EnvironmentManager::create_for_tests(
-                Some("ws://127.0.0.1:8765".to_string()),
-                ExecServerRuntimePaths::new(
-                    std::env::current_exe().expect("current exe"),
-                    /*codex_linux_sandbox_exe*/ None,
-                )
-                .expect("runtime paths"),
+        let environment_manager = Arc::new(EnvironmentManager::new(EnvironmentManagerArgs {
+            exec_server_url: Some("ws://127.0.0.1:8765".to_string()),
+            local_runtime_paths: ExecServerRuntimePaths::new(
+                std::env::current_exe().expect("current exe"),
+                /*codex_linux_sandbox_exe*/ None,
            )
-            .await,
-        );
+            .expect("runtime paths"),
+        }));

        let runtime_args = InProcessClientStartArgs {
            arg0_paths: Arg0DispatchPaths::default(),
@@ -2112,7 +1997,6 @@ mod tests {
            cloud_requirements: CloudRequirementsLoader::default(),
            feedback: CodexFeedback::new(),
            log_db: None,
-            state_db: None,
            environment_manager: environment_manager.clone(),
            config_warnings: Vec::new(),
            session_source: SessionSource::Exec,
@@ -2152,7 +2036,6 @@ mod tests {
            cloud_requirements: CloudRequirementsLoader::default(),
            feedback: CodexFeedback::new(),
            log_db: None,
-            state_db: None,
            environment_manager: Arc::new(EnvironmentManager::default_for_tests()),
            config_warnings: Vec::new(),
            session_source: SessionSource::Exec,
--- a/codex-rs/app-server-client/src/remote.rs
+++ b/codex-rs/app-server-client/src/remote.rs
@@ -45,18 +45,16 @@ use tokio::sync::oneshot;
 use tokio::time::timeout;
 use tokio_tungstenite::MaybeTlsStream;
 use tokio_tungstenite::WebSocketStream;
-use tokio_tungstenite::connect_async_with_config;
+use tokio_tungstenite::connect_async;
 use tokio_tungstenite::tungstenite::Message;
 use tokio_tungstenite::tungstenite::client::IntoClientRequest;
 use tokio_tungstenite::tungstenite::http::HeaderValue;
 use tokio_tungstenite::tungstenite::http::header::AUTHORIZATION;
-use tokio_tungstenite::tungstenite::protocol::WebSocketConfig;
 use tracing::warn;
 use url::Url;

 const CONNECT_TIMEOUT: Duration = Duration::from_secs(10);
 const INITIALIZE_TIMEOUT: Duration = Duration::from_secs(10);
-const REMOTE_APP_SERVER_MAX_WEBSOCKET_MESSAGE_SIZE: usize = 128 << 20;

 #[derive(Debug, Clone)]
 pub struct RemoteAppServerConnectArgs {
@@ -172,32 +170,20 @@ impl RemoteAppServerClient {
            request.headers_mut().insert(AUTHORIZATION, header_value);
        }
        ensure_rustls_crypto_provider();
-        // Remote resume responses can legitimately carry large thread histories.
-        // Keep a bounded cap, but raise it above tungstenite's 16 MiB frame default.
-        let websocket_config = WebSocketConfig::default()
-            .max_frame_size(Some(REMOTE_APP_SERVER_MAX_WEBSOCKET_MESSAGE_SIZE))
-            .max_message_size(Some(REMOTE_APP_SERVER_MAX_WEBSOCKET_MESSAGE_SIZE));
-        let stream = timeout(
-            CONNECT_TIMEOUT,
-            connect_async_with_config(
-                request,
-                Some(websocket_config),
-                /*disable_nagle*/ false,
-            ),
-        )
-        .await
-        .map_err(|_| {
-            IoError::new(
-                ErrorKind::TimedOut,
-                format!("timed out connecting to remote app server at `{websocket_url}`"),
-            )
-        })?
-        .map(|(stream, _response)| stream)
-        .map_err(|err| {
-            IoError::other(format!(
-                "failed to connect to remote app server at `{websocket_url}`: {err}"
-            ))
-        })?;
+        let stream = timeout(CONNECT_TIMEOUT, connect_async(request))
+            .await
+            .map_err(|_| {
+                IoError::new(
+                    ErrorKind::TimedOut,
+                    format!("timed out connecting to remote app server at `{websocket_url}`"),
+                )
+            })?
+            .map(|(stream, _response)| stream)
+            .map_err(|err| {
+                IoError::other(format!(
+                    "failed to connect to remote app server at `{websocket_url}`: {err}"
+                ))
+            })?;
        let mut stream = stream;
        let pending_events = initialize_remote_connection(
            &mut stream,
@@ -212,7 +198,6 @@ impl RemoteAppServerClient {
        let worker_handle = tokio::spawn(async move {
            let mut pending_requests =
                HashMap::<RequestId, oneshot::Sender<IoResult<RequestResult>>>::new();
-            let mut worker_exit_error: Option<(ErrorKind, String)> = None;
            loop {
                tokio::select! {
                    command = command_rx.recv() => {
@@ -239,19 +224,17 @@ impl RemoteAppServerClient {
                                .await
                                {
                                    let err_message = err.to_string();
-                                    let message = format!(
-                                        "remote app server at `{websocket_url}` write failed: {err_message}"
-                                    );
                                    if let Some(response_tx) = pending_requests.remove(&request_id) {
                                        let _ = response_tx.send(Err(err));
                                    }
                                    let _ = deliver_event(
                                        &event_tx,
                                        AppServerEvent::Disconnected {
-                                            message: message.clone(),
+                                            message: format!(
+                                                "remote app server at `{websocket_url}` write failed: {err_message}"
+                                            ),
                                        },
                                    );
-                                    worker_exit_error = Some((ErrorKind::BrokenPipe, message));
                                    break;
                                }
                            }
@@ -368,34 +351,28 @@ impl RemoteAppServerClient {
                                                .await
                                                {
                                                    let err_message = reject_err.to_string();
-                                                    let message = format!(
-                                                        "remote app server at `{websocket_url}` write failed: {err_message}"
-                                                    );
                                                    let _ = deliver_event(
                                                        &event_tx,
                                                        AppServerEvent::Disconnected {
-                                                            message: message.clone(),
+                                                            message: format!(
+                                                                "remote app server at `{websocket_url}` write failed: {err_message}"
+                                                            ),
                                                        },
                                                    );
-                                                    worker_exit_error =
-                                                        Some((ErrorKind::BrokenPipe, message));
                                                    break;
                                                }
                                            }
                                        }
                                    }
                                    Err(err) => {
-                                        let message = format!(
-                                            "remote app server at `{websocket_url}` sent invalid JSON-RPC: {err}"
-                                        );
                                        let _ = deliver_event(
                                            &event_tx,
                                            AppServerEvent::Disconnected {
-                                                message: message.clone(),
+                                                message: format!(
+                                                    "remote app server at `{websocket_url}` sent invalid JSON-RPC: {err}"
+                                                ),
                                            },
                                        );
-                                        worker_exit_error =
-                                            Some((ErrorKind::InvalidData, message));
                                        break;
                                    }
                                }
@@ -406,19 +383,14 @@ impl RemoteAppServerClient {
                                    .map(|frame| frame.reason.to_string())
                                    .filter(|reason| !reason.is_empty())
                                    .unwrap_or_else(|| "connection closed".to_string());
-                                let message = format!(
-                                    "remote app server at `{websocket_url}` disconnected: {reason}"
-                                );
                                let _ = deliver_event(
                                    &event_tx,
                                    AppServerEvent::Disconnected {
-                                        message: message.clone(),
+                                        message: format!(
+                                            "remote app server at `{websocket_url}` disconnected: {reason}"
+                                        ),
                                    },
                                );
-                                worker_exit_error = Some((
-                                    ErrorKind::ConnectionAborted,
-                                    message,
-                                ));
                                break;
                            }
                            Some(Ok(Message::Binary(_)))
@@ -426,29 +398,25 @@ impl RemoteAppServerClient {
                            | Some(Ok(Message::Pong(_)))
                            | Some(Ok(Message::Frame(_))) => {}
                            Some(Err(err)) => {
-                                let message = format!(
-                                    "remote app server at `{websocket_url}` transport failed: {err}"
-                                );
                                let _ = deliver_event(
                                    &event_tx,
                                    AppServerEvent::Disconnected {
-                                        message: message.clone(),
+                                        message: format!(
+                                            "remote app server at `{websocket_url}` transport failed: {err}"
+                                        ),
                                    },
                                );
-                                worker_exit_error = Some((ErrorKind::InvalidData, message));
                                break;
                            }
                            None => {
-                                let message = format!(
-                                    "remote app server at `{websocket_url}` closed the connection"
-                                );
                                let _ = deliver_event(
                                    &event_tx,
                                    AppServerEvent::Disconnected {
-                                        message: message.clone(),
+                                        message: format!(
+                                            "remote app server at `{websocket_url}` closed the connection"
+                                        ),
                                    },
                                );
-                                worker_exit_error = Some((ErrorKind::UnexpectedEof, message));
                                break;
                            }
                        }
@@ -456,14 +424,12 @@ impl RemoteAppServerClient {
                }
            }

-            let (err_kind, err_message) = worker_exit_error.unwrap_or_else(|| {
-                (
-                    ErrorKind::BrokenPipe,
-                    "remote app-server worker channel is closed".to_string(),
-                )
-            });
+            let err = IoError::new(
+                ErrorKind::BrokenPipe,
+                "remote app-server worker channel is closed",
+            );
            for (_, response_tx) in pending_requests {
-                let _ = response_tx.send(Err(IoError::new(err_kind, err_message.clone())));
+                let _ = response_tx.send(Err(IoError::new(err.kind(), err.to_string())));
            }
        });

--- a/codex-rs/app-server-protocol/schema/json/ClientRequest.json
+++ b/codex-rs/app-server-protocol/schema/json/ClientRequest.json
--- a/codex-rs/app-server-protocol/schema/json/CommandExecutionRequestApprovalParams.json
+++ b/codex-rs/app-server-protocol/schema/json/CommandExecutionRequestApprovalParams.json
@@ -392,6 +392,21 @@
          "title": "MinimalFileSystemSpecialPath",
          "type": "object"
        },
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "current_working_directory"
+              ],
+              "type": "string"
+            }
+          },
+          "required": [
+            "kind"
+          ],
+          "title": "CurrentWorkingDirectoryFileSystemSpecialPath",
+          "type": "object"
+        },
        {
          "properties": {
            "kind": {
--- a/codex-rs/app-server-protocol/schema/json/PermissionsRequestApprovalParams.json
+++ b/codex-rs/app-server-protocol/schema/json/PermissionsRequestApprovalParams.json
@@ -177,6 +177,21 @@
          "title": "MinimalFileSystemSpecialPath",
          "type": "object"
        },
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "current_working_directory"
+              ],
+              "type": "string"
+            }
+          },
+          "required": [
+            "kind"
+          ],
+          "title": "CurrentWorkingDirectoryFileSystemSpecialPath",
+          "type": "object"
+        },
        {
          "properties": {
            "kind": {
--- a/codex-rs/app-server-protocol/schema/json/PermissionsRequestApprovalResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/PermissionsRequestApprovalResponse.json
@@ -177,6 +177,21 @@
          "title": "MinimalFileSystemSpecialPath",
          "type": "object"
        },
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "current_working_directory"
+              ],
+              "type": "string"
+            }
+          },
+          "required": [
+            "kind"
+          ],
+          "title": "CurrentWorkingDirectoryFileSystemSpecialPath",
+          "type": "object"
+        },
        {
          "properties": {
            "kind": {
--- a/codex-rs/app-server-protocol/schema/json/ServerNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/ServerNotification.json
@@ -1032,7 +1032,6 @@
      "type": "object"
    },
    "FileChangeOutputDeltaNotification": {
-      "description": "Deprecated legacy notification for `apply_patch` textual output.\n\nThe server no longer emits this notification.",
      "properties": {
        "delta": {
          "type": "string"
@@ -1200,6 +1199,21 @@
          "title": "MinimalFileSystemSpecialPath",
          "type": "object"
        },
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "current_working_directory"
+              ],
+              "type": "string"
+            }
+          },
+          "required": [
+            "kind"
+          ],
+          "title": "CurrentWorkingDirectoryFileSystemSpecialPath",
+          "type": "object"
+        },
        {
          "properties": {
            "kind": {
@@ -1736,8 +1750,6 @@
        "preToolUse",
        "permissionRequest",
        "postToolUse",
-        "preCompact",
-        "postCompact",
        "sessionStart",
        "userPromptSubmit",
        "stop"
@@ -1903,8 +1915,6 @@
        "project",
        "mdm",
        "sessionFlags",
-        "plugin",
-        "cloudRequirements",
        "legacyManagedConfigFile",
        "legacyManagedConfigMdm",
        "unknown"
@@ -1934,11 +1944,6 @@
    },
    "ItemCompletedNotification": {
      "properties": {
-        "completedAtMs": {
-          "description": "Unix timestamp (in milliseconds) when this item lifecycle completed.",
-          "format": "int64",
-          "type": "integer"
-        },
        "item": {
          "$ref": "#/definitions/ThreadItem"
        },
@@ -1950,7 +1955,6 @@
        }
      },
      "required": [
-        "completedAtMs",
        "item",
        "threadId",
        "turnId"
@@ -2038,11 +2042,6 @@
        "item": {
          "$ref": "#/definitions/ThreadItem"
        },
-        "startedAtMs": {
-          "description": "Unix timestamp (in milliseconds) when this item lifecycle started.",
-          "format": "int64",
-          "type": "integer"
-        },
        "threadId": {
          "type": "string"
        },
@@ -2052,7 +2051,6 @@
      },
      "required": [
        "item",
-        "startedAtMs",
        "threadId",
        "turnId"
      ],
@@ -2417,96 +2415,6 @@
      ],
      "type": "string"
    },
-    "ProcessExitedNotification": {
-      "description": "Final process exit notification for `process/spawn`.",
-      "properties": {
-        "exitCode": {
-          "description": "Process exit code.",
-          "format": "int32",
-          "type": "integer"
-        },
-        "processHandle": {
-          "description": "Client-supplied, connection-scoped `processHandle` from `process/spawn`.",
-          "type": "string"
-        },
-        "stderr": {
-          "description": "Buffered stderr capture.\n\nEmpty when stderr was streamed via `process/outputDelta`.",
-          "type": "string"
-        },
-        "stderrCapReached": {
-          "description": "Whether stderr reached `outputBytesCap`.\n\nIn streaming mode, stderr is empty and cap state is also reported on the final stderr `process/outputDelta` notification.",
-          "type": "boolean"
-        },
-        "stdout": {
-          "description": "Buffered stdout capture.\n\nEmpty when stdout was streamed via `process/outputDelta`.",
-          "type": "string"
-        },
-        "stdoutCapReached": {
-          "description": "Whether stdout reached `outputBytesCap`.\n\nIn streaming mode, stdout is empty and cap state is also reported on the final stdout `process/outputDelta` notification.",
-          "type": "boolean"
-        }
-      },
-      "required": [
-        "exitCode",
-        "processHandle",
-        "stderr",
-        "stderrCapReached",
-        "stdout",
-        "stdoutCapReached"
-      ],
-      "type": "object"
-    },
-    "ProcessOutputDeltaNotification": {
-      "description": "Base64-encoded output chunk emitted for a streaming `process/spawn` request.",
-      "properties": {
-        "capReached": {
-          "description": "True on the final streamed chunk for this stream when output was truncated by `outputBytesCap`.",
-          "type": "boolean"
-        },
-        "deltaBase64": {
-          "description": "Base64-encoded output bytes.",
-          "type": "string"
-        },
-        "processHandle": {
-          "description": "Client-supplied, connection-scoped `processHandle` from `process/spawn`.",
-          "type": "string"
-        },
-        "stream": {
-          "allOf": [
-            {
-              "$ref": "#/definitions/ProcessOutputStream"
-            }
-          ],
-          "description": "Output stream this chunk belongs to."
-        }
-      },
-      "required": [
-        "capReached",
-        "deltaBase64",
-        "processHandle",
-        "stream"
-      ],
-      "type": "object"
-    },
-    "ProcessOutputStream": {
-      "description": "Stream label for `process/outputDelta` notifications.",
-      "oneOf": [
-        {
-          "description": "stdout stream. PTY mode multiplexes terminal output here.",
-          "enum": [
-            "stdout"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "stderr stream.",
-          "enum": [
-            "stderr"
-          ],
-          "type": "string"
-        }
-      ]
-    },
    "RateLimitReachedType": {
      "enum": [
        "rate_limit_reached",
@@ -2709,33 +2617,6 @@
      ],
      "type": "object"
    },
-    "RemoteControlConnectionStatus": {
-      "enum": [
-        "disabled",
-        "connecting",
-        "connected",
-        "errored"
-      ],
-      "type": "string"
-    },
-    "RemoteControlStatusChangedNotification": {
-      "description": "Current remote-control connection status and environment id exposed to clients.",
-      "properties": {
-        "environmentId": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "status": {
-          "$ref": "#/definitions/RemoteControlConnectionStatus"
-        }
-      },
-      "required": [
-        "status"
-      ],
-      "type": "object"
-    },
    "RequestId": {
      "anyOf": [
        {
@@ -3074,10 +2955,6 @@
          "description": "Usually the first user message in the thread, if available.",
          "type": "string"
        },
-        "sessionId": {
-          "description": "Session id shared by threads that belong to the same session tree.",
-          "type": "string"
-        },
        "source": {
          "allOf": [
            {
@@ -3094,17 +2971,6 @@
          ],
          "description": "Current runtime status for the thread."
        },
-        "threadSource": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/ThreadSource"
-            },
-            {
-              "type": "null"
-            }
-          ],
-          "description": "Optional analytics source classification for this thread."
-        },
        "turns": {
          "description": "Only populated on `thread/resume`, `thread/rollback`, `thread/fork`, and `thread/read` (when `includeTurns` is true) responses. For all other responses and notifications returning a Thread, the turns field will be an empty list.",
          "items": {
@@ -3126,7 +2992,6 @@
        "id",
        "modelProvider",
        "preview",
-        "sessionId",
        "source",
        "status",
        "turns",
@@ -4051,7 +3916,7 @@
    "ThreadRealtimeStartedNotification": {
      "description": "EXPERIMENTAL - emitted when thread realtime startup is accepted.",
      "properties": {
-        "realtimeSessionId": {
+        "sessionId": {
          "type": [
            "string",
            "null"
@@ -4112,14 +3977,6 @@
      ],
      "type": "object"
    },
-    "ThreadSource": {
-      "enum": [
-        "user",
-        "subagent",
-        "memory_consolidation"
-      ],
-      "type": "string"
-    },
    "ThreadStartedNotification": {
      "properties": {
        "thread": {
@@ -4338,21 +4195,12 @@
          "type": "string"
        },
        "items": {
-          "description": "Thread items currently included in this turn payload.",
+          "description": "Only populated on a `thread/resume` or `thread/fork` response. For all other responses and notifications returning a Turn, the items field will be an empty list.",
          "items": {
            "$ref": "#/definitions/ThreadItem"
          },
          "type": "array"
        },
-        "itemsView": {
-          "allOf": [
-            {
-              "$ref": "#/definitions/TurnItemsView"
-            }
-          ],
-          "default": "full",
-          "description": "Describes how much of `items` has been loaded for this turn."
-        },
        "startedAt": {
          "description": "Unix timestamp (in seconds) when the turn started.",
          "format": "int64",
@@ -4435,31 +4283,6 @@
      ],
      "type": "object"
    },
-    "TurnItemsView": {
-      "oneOf": [
-        {
-          "description": "`items` was not loaded for this turn. The field is intentionally empty.",
-          "enum": [
-            "notLoaded"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "`items` contains only a display summary for this turn.",
-          "enum": [
-            "summary"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "`items` contains every ThreadItem available from persisted app-server history for this turn.",
-          "enum": [
-            "full"
-          ],
-          "type": "string"
-        }
-      ]
-    },
    "TurnPlanStep": {
      "properties": {
        "status": {
@@ -5313,48 +5136,6 @@
      "title": "Command/exec/outputDeltaNotification",
      "type": "object"
    },
-    {
-      "description": "Stream base64-encoded stdout/stderr chunks for a running `process/spawn` session.",
-      "properties": {
-        "method": {
-          "enum": [
-            "process/outputDelta"
-          ],
-          "title": "Process/outputDeltaNotificationMethod",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "#/definitions/ProcessOutputDeltaNotification"
-        }
-      },
-      "required": [
-        "method",
-        "params"
-      ],
-      "title": "Process/outputDeltaNotification",
-      "type": "object"
-    },
-    {
-      "description": "Final exit notification for a `process/spawn` session.",
-      "properties": {
-        "method": {
-          "enum": [
-            "process/exited"
-          ],
-          "title": "Process/exitedNotificationMethod",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "#/definitions/ProcessExitedNotification"
-        }
-      },
-      "required": [
-        "method",
-        "params"
-      ],
-      "title": "Process/exitedNotification",
-      "type": "object"
-    },
    {
      "properties": {
        "method": {
@@ -5396,7 +5177,6 @@
      "type": "object"
    },
    {
-      "description": "Deprecated legacy apply_patch output stream notification.",
      "properties": {
        "method": {
          "enum": [
@@ -5576,26 +5356,6 @@
      "title": "App/list/updatedNotification",
      "type": "object"
    },
-    {
-      "properties": {
-        "method": {
-          "enum": [
-            "remoteControl/status/changed"
-          ],
-          "title": "RemoteControl/status/changedNotificationMethod",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "#/definitions/RemoteControlStatusChangedNotification"
-        }
-      },
-      "required": [
-        "method",
-        "params"
-      ],
-      "title": "RemoteControl/status/changedNotification",
-      "type": "object"
-    },
    {
      "properties": {
        "method": {
--- a/codex-rs/app-server-protocol/schema/json/ServerRequest.json
+++ b/codex-rs/app-server-protocol/schema/json/ServerRequest.json
@@ -731,6 +731,21 @@
          "title": "MinimalFileSystemSpecialPath",
          "type": "object"
        },
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "current_working_directory"
+              ],
+              "type": "string"
+            }
+          },
+          "required": [
+            "kind"
+          ],
+          "title": "CurrentWorkingDirectoryFileSystemSpecialPath",
+          "type": "object"
+        },
        {
          "properties": {
            "kind": {
--- a/codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.schemas.json
+++ b/codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.schemas.json
--- a/codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.v2.schemas.json
+++ b/codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.v2.schemas.json
--- a/codex-rs/app-server-protocol/schema/json/v2/CommandExecParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/CommandExecParams.json
@@ -146,6 +146,21 @@
          "title": "MinimalFileSystemSpecialPath",
          "type": "object"
        },
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "current_working_directory"
+              ],
+              "type": "string"
+            }
+          },
+          "required": [
+            "kind"
+          ],
+          "title": "CurrentWorkingDirectoryFileSystemSpecialPath",
+          "type": "object"
+        },
        {
          "properties": {
            "kind": {
@@ -505,6 +520,17 @@
        "null"
      ]
    },
+    "permissionProfile": {
+      "anyOf": [
+        {
+          "$ref": "#/definitions/PermissionProfile"
+        },
+        {
+          "type": "null"
+        }
+      ],
+      "description": "Optional full permissions profile for this command.\n\nDefaults to the user's configured permissions when omitted. Cannot be combined with `sandboxPolicy`."
+    },
    "processId": {
      "description": "Optional client-supplied, connection-scoped process id.\n\nRequired for `tty`, `streamStdin`, `streamStdoutStderr`, and follow-up `command/exec/write`, `command/exec/resize`, and `command/exec/terminate` calls. When omitted, buffered execution gets an internal id that is not exposed to the client.",
      "type": [
--- a/codex-rs/app-server-protocol/schema/json/v2/ConfigReadResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ConfigReadResponse.json
@@ -352,9 +352,13 @@
          ]
        },
        "service_tier": {
-          "type": [
-            "string",
-            "null"
+          "anyOf": [
+            {
+              "$ref": "#/definitions/ServiceTier"
+            },
+            {
+              "type": "null"
+            }
          ]
        },
        "tools": {
@@ -654,9 +658,13 @@
          ]
        },
        "service_tier": {
-          "type": [
-            "string",
-            "null"
+          "anyOf": [
+            {
+              "$ref": "#/definitions/ServiceTier"
+            },
+            {
+              "type": "null"
+            }
          ]
        },
        "tools": {
@@ -746,6 +754,13 @@
      },
      "type": "object"
    },
+    "ServiceTier": {
+      "enum": [
+        "fast",
+        "flex"
+      ],
+      "type": "string"
+    },
    "ToolsV2": {
      "properties": {
        "view_image": {
--- a/codex-rs/app-server-protocol/schema/json/v2/ConfigRequirementsReadResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ConfigRequirementsReadResponse.json
@@ -213,24 +213,12 @@
          },
          "type": "array"
        },
-        "PostCompact": {
-          "items": {
-            "$ref": "#/definitions/ConfiguredHookMatcherGroup"
-          },
-          "type": "array"
-        },
        "PostToolUse": {
          "items": {
            "$ref": "#/definitions/ConfiguredHookMatcherGroup"
          },
          "type": "array"
        },
-        "PreCompact": {
-          "items": {
-            "$ref": "#/definitions/ConfiguredHookMatcherGroup"
-          },
-          "type": "array"
-        },
        "PreToolUse": {
          "items": {
            "$ref": "#/definitions/ConfiguredHookMatcherGroup"
@@ -270,9 +258,7 @@
      },
      "required": [
        "PermissionRequest",
-        "PostCompact",
        "PostToolUse",
-        "PreCompact",
        "PreToolUse",
        "SessionStart",
        "Stop",
--- a/codex-rs/app-server-protocol/schema/json/v2/ExternalAgentConfigDetectResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ExternalAgentConfigDetectResponse.json
@@ -1,17 +1,6 @@
 {
  "$schema": "http://json-schema.org/draft-07/schema#",
  "definitions": {
-    "CommandMigration": {
-      "properties": {
-        "name": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "name"
-      ],
-      "type": "object"
-    },
    "ExternalAgentConfigMigrationItem": {
      "properties": {
        "cwd": {
@@ -50,81 +39,22 @@
        "CONFIG",
        "SKILLS",
        "PLUGINS",
-        "MCP_SERVER_CONFIG",
-        "SUBAGENTS",
-        "HOOKS",
-        "COMMANDS",
-        "SESSIONS"
+        "MCP_SERVER_CONFIG"
      ],
      "type": "string"
    },
-    "HookMigration": {
-      "properties": {
-        "name": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "name"
-      ],
-      "type": "object"
-    },
-    "McpServerMigration": {
-      "properties": {
-        "name": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "name"
-      ],
-      "type": "object"
-    },
    "MigrationDetails": {
      "properties": {
-        "commands": {
-          "default": [],
-          "items": {
-            "$ref": "#/definitions/CommandMigration"
-          },
-          "type": "array"
-        },
-        "hooks": {
-          "default": [],
-          "items": {
-            "$ref": "#/definitions/HookMigration"
-          },
-          "type": "array"
-        },
-        "mcpServers": {
-          "default": [],
-          "items": {
-            "$ref": "#/definitions/McpServerMigration"
-          },
-          "type": "array"
-        },
        "plugins": {
-          "default": [],
          "items": {
            "$ref": "#/definitions/PluginsMigration"
          },
          "type": "array"
-        },
-        "sessions": {
-          "default": [],
-          "items": {
-            "$ref": "#/definitions/SessionMigration"
-          },
-          "type": "array"
-        },
-        "subagents": {
-          "default": [],
-          "items": {
-            "$ref": "#/definitions/SubagentMigration"
-          },
-          "type": "array"
        }
      },
+      "required": [
+        "plugins"
+      ],
      "type": "object"
    },
    "PluginsMigration": {
@@ -144,38 +74,6 @@
        "pluginNames"
      ],
      "type": "object"
-    },
-    "SessionMigration": {
-      "properties": {
-        "cwd": {
-          "type": "string"
-        },
-        "path": {
-          "type": "string"
-        },
-        "title": {
-          "type": [
-            "string",
-            "null"
-          ]
-        }
-      },
-      "required": [
-        "cwd",
-        "path"
-      ],
-      "type": "object"
-    },
-    "SubagentMigration": {
-      "properties": {
-        "name": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "name"
-      ],
-      "type": "object"
    }
  },
  "properties": {
--- a/codex-rs/app-server-protocol/schema/json/v2/ExternalAgentConfigImportParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ExternalAgentConfigImportParams.json
@@ -1,17 +1,6 @@
 {
  "$schema": "http://json-schema.org/draft-07/schema#",
  "definitions": {
-    "CommandMigration": {
-      "properties": {
-        "name": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "name"
-      ],
-      "type": "object"
-    },
    "ExternalAgentConfigMigrationItem": {
      "properties": {
        "cwd": {
@@ -50,81 +39,22 @@
        "CONFIG",
        "SKILLS",
        "PLUGINS",
-        "MCP_SERVER_CONFIG",
-        "SUBAGENTS",
-        "HOOKS",
-        "COMMANDS",
-        "SESSIONS"
+        "MCP_SERVER_CONFIG"
      ],
      "type": "string"
    },
-    "HookMigration": {
-      "properties": {
-        "name": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "name"
-      ],
-      "type": "object"
-    },
-    "McpServerMigration": {
-      "properties": {
-        "name": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "name"
-      ],
-      "type": "object"
-    },
    "MigrationDetails": {
      "properties": {
-        "commands": {
-          "default": [],
-          "items": {
-            "$ref": "#/definitions/CommandMigration"
-          },
-          "type": "array"
-        },
-        "hooks": {
-          "default": [],
-          "items": {
-            "$ref": "#/definitions/HookMigration"
-          },
-          "type": "array"
-        },
-        "mcpServers": {
-          "default": [],
-          "items": {
-            "$ref": "#/definitions/McpServerMigration"
-          },
-          "type": "array"
-        },
        "plugins": {
-          "default": [],
          "items": {
            "$ref": "#/definitions/PluginsMigration"
          },
          "type": "array"
-        },
-        "sessions": {
-          "default": [],
-          "items": {
-            "$ref": "#/definitions/SessionMigration"
-          },
-          "type": "array"
-        },
-        "subagents": {
-          "default": [],
-          "items": {
-            "$ref": "#/definitions/SubagentMigration"
-          },
-          "type": "array"
        }
      },
+      "required": [
+        "plugins"
+      ],
      "type": "object"
    },
    "PluginsMigration": {
@@ -144,38 +74,6 @@
        "pluginNames"
      ],
      "type": "object"
-    },
-    "SessionMigration": {
-      "properties": {
-        "cwd": {
-          "type": "string"
-        },
-        "path": {
-          "type": "string"
-        },
-        "title": {
-          "type": [
-            "string",
-            "null"
-          ]
-        }
-      },
-      "required": [
-        "cwd",
-        "path"
-      ],
-      "type": "object"
-    },
-    "SubagentMigration": {
-      "properties": {
-        "name": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "name"
-      ],
-      "type": "object"
    }
  },
  "properties": {
--- a/codex-rs/app-server-protocol/schema/json/v2/FileChangeOutputDeltaNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/FileChangeOutputDeltaNotification.json
@@ -1,6 +1,5 @@
 {
  "$schema": "http://json-schema.org/draft-07/schema#",
-  "description": "Deprecated legacy notification for `apply_patch` textual output.\n\nThe server no longer emits this notification.",
  "properties": {
    "delta": {
      "type": "string"
--- a/codex-rs/app-server-protocol/schema/json/v2/HookCompletedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/HookCompletedNotification.json
@@ -10,8 +10,6 @@
        "preToolUse",
        "permissionRequest",
        "postToolUse",
-        "preCompact",
-        "postCompact",
        "sessionStart",
        "userPromptSubmit",
        "stop"
@@ -162,8 +160,6 @@
        "project",
        "mdm",
        "sessionFlags",
-        "plugin",
-        "cloudRequirements",
        "legacyManagedConfigFile",
        "legacyManagedConfigMdm",
        "unknown"
--- a/codex-rs/app-server-protocol/schema/json/v2/HookStartedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/HookStartedNotification.json
@@ -10,8 +10,6 @@
        "preToolUse",
        "permissionRequest",
        "postToolUse",
-        "preCompact",
-        "postCompact",
        "sessionStart",
        "userPromptSubmit",
        "stop"
@@ -162,8 +160,6 @@
        "project",
        "mdm",
        "sessionFlags",
-        "plugin",
-        "cloudRequirements",
        "legacyManagedConfigFile",
        "legacyManagedConfigMdm",
        "unknown"
--- a/codex-rs/app-server-protocol/schema/json/v2/HooksListParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/HooksListParams.json
@@ -1,14 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "cwds": {
-      "description": "When empty, defaults to the current session working directory.",
-      "items": {
-        "type": "string"
-      },
-      "type": "array"
-    }
-  },
-  "title": "HooksListParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/HooksListResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/HooksListResponse.json
@@ -1,192 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "AbsolutePathBuf": {
-      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
-      "type": "string"
-    },
-    "HookErrorInfo": {
-      "properties": {
-        "message": {
-          "type": "string"
-        },
-        "path": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "message",
-        "path"
-      ],
-      "type": "object"
-    },
-    "HookEventName": {
-      "enum": [
-        "preToolUse",
-        "permissionRequest",
-        "postToolUse",
-        "preCompact",
-        "postCompact",
-        "sessionStart",
-        "userPromptSubmit",
-        "stop"
-      ],
-      "type": "string"
-    },
-    "HookHandlerType": {
-      "enum": [
-        "command",
-        "prompt",
-        "agent"
-      ],
-      "type": "string"
-    },
-    "HookMetadata": {
-      "properties": {
-        "command": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "currentHash": {
-          "type": "string"
-        },
-        "displayOrder": {
-          "format": "int64",
-          "type": "integer"
-        },
-        "enabled": {
-          "type": "boolean"
-        },
-        "eventName": {
-          "$ref": "#/definitions/HookEventName"
-        },
-        "handlerType": {
-          "$ref": "#/definitions/HookHandlerType"
-        },
-        "isManaged": {
-          "type": "boolean"
-        },
-        "key": {
-          "type": "string"
-        },
-        "matcher": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "pluginId": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "source": {
-          "$ref": "#/definitions/HookSource"
-        },
-        "sourcePath": {
-          "$ref": "#/definitions/AbsolutePathBuf"
-        },
-        "statusMessage": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "timeoutSec": {
-          "format": "uint64",
-          "minimum": 0.0,
-          "type": "integer"
-        },
-        "trustStatus": {
-          "$ref": "#/definitions/HookTrustStatus"
-        }
-      },
-      "required": [
-        "currentHash",
-        "displayOrder",
-        "enabled",
-        "eventName",
-        "handlerType",
-        "isManaged",
-        "key",
-        "source",
-        "sourcePath",
-        "timeoutSec",
-        "trustStatus"
-      ],
-      "type": "object"
-    },
-    "HookSource": {
-      "enum": [
-        "system",
-        "user",
-        "project",
-        "mdm",
-        "sessionFlags",
-        "plugin",
-        "cloudRequirements",
-        "legacyManagedConfigFile",
-        "legacyManagedConfigMdm",
-        "unknown"
-      ],
-      "type": "string"
-    },
-    "HookTrustStatus": {
-      "enum": [
-        "managed",
-        "untrusted",
-        "trusted",
-        "modified"
-      ],
-      "type": "string"
-    },
-    "HooksListEntry": {
-      "properties": {
-        "cwd": {
-          "type": "string"
-        },
-        "errors": {
-          "items": {
-            "$ref": "#/definitions/HookErrorInfo"
-          },
-          "type": "array"
-        },
-        "hooks": {
-          "items": {
-            "$ref": "#/definitions/HookMetadata"
-          },
-          "type": "array"
-        },
-        "warnings": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "required": [
-        "cwd",
-        "errors",
-        "hooks",
-        "warnings"
-      ],
-      "type": "object"
-    }
-  },
-  "properties": {
-    "data": {
-      "items": {
-        "$ref": "#/definitions/HooksListEntry"
-      },
-      "type": "array"
-    }
-  },
-  "required": [
-    "data"
-  ],
-  "title": "HooksListResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/ItemCompletedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ItemCompletedNotification.json
@@ -1370,11 +1370,6 @@
    }
  },
  "properties": {
-    "completedAtMs": {
-      "description": "Unix timestamp (in milliseconds) when this item lifecycle completed.",
-      "format": "int64",
-      "type": "integer"
-    },
    "item": {
      "$ref": "#/definitions/ThreadItem"
    },
@@ -1386,7 +1381,6 @@
    }
  },
  "required": [
-    "completedAtMs",
    "item",
    "threadId",
    "turnId"
--- a/codex-rs/app-server-protocol/schema/json/v2/ItemGuardianApprovalReviewCompletedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ItemGuardianApprovalReviewCompletedNotification.json
@@ -184,6 +184,21 @@
          "title": "MinimalFileSystemSpecialPath",
          "type": "object"
        },
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "current_working_directory"
+              ],
+              "type": "string"
+            }
+          },
+          "required": [
+            "kind"
+          ],
+          "title": "CurrentWorkingDirectoryFileSystemSpecialPath",
+          "type": "object"
+        },
        {
          "properties": {
            "kind": {
--- a/codex-rs/app-server-protocol/schema/json/v2/ItemGuardianApprovalReviewStartedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ItemGuardianApprovalReviewStartedNotification.json
@@ -177,6 +177,21 @@
          "title": "MinimalFileSystemSpecialPath",
          "type": "object"
        },
+        {
+          "properties": {
+            "kind": {
+              "enum": [
+                "current_working_directory"
+              ],
+              "type": "string"
+            }
+          },
+          "required": [
+            "kind"
+          ],
+          "title": "CurrentWorkingDirectoryFileSystemSpecialPath",
+          "type": "object"
+        },
        {
          "properties": {
            "kind": {
--- a/codex-rs/app-server-protocol/schema/json/v2/ItemStartedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ItemStartedNotification.json
@@ -1373,11 +1373,6 @@
    "item": {
      "$ref": "#/definitions/ThreadItem"
    },
-    "startedAtMs": {
-      "description": "Unix timestamp (in milliseconds) when this item lifecycle started.",
-      "format": "int64",
-      "type": "integer"
-    },
    "threadId": {
      "type": "string"
    },
@@ -1387,7 +1382,6 @@
  },
  "required": [
    "item",
-    "startedAtMs",
    "threadId",
    "turnId"
  ],
--- a/codex-rs/app-server-protocol/schema/json/v2/LoginAccountParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/LoginAccountParams.json
@@ -23,9 +23,6 @@
    },
    {
      "properties": {
-        "codexStreamlinedLogin": {
-          "type": "boolean"
-        },
        "type": {
          "enum": [
            "chatgpt"
--- a/codex-rs/app-server-protocol/schema/json/v2/ModelListResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ModelListResponse.json
@@ -24,7 +24,6 @@
      "properties": {
        "additionalSpeedTiers": {
          "default": [],
-          "description": "Deprecated: use `serviceTiers` instead.",
          "items": {
            "type": "string"
          },
@@ -71,13 +70,6 @@
        "model": {
          "type": "string"
        },
-        "serviceTiers": {
-          "default": [],
-          "items": {
-            "$ref": "#/definitions/ModelServiceTier"
-          },
-          "type": "array"
-        },
        "supportedReasoningEfforts": {
          "items": {
            "$ref": "#/definitions/ReasoningEffortOption"
@@ -128,25 +120,6 @@
      ],
      "type": "object"
    },
-    "ModelServiceTier": {
-      "properties": {
-        "description": {
-          "type": "string"
-        },
-        "id": {
-          "type": "string"
-        },
-        "name": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "description",
-        "id",
-        "name"
-      ],
-      "type": "object"
-    },
    "ModelUpgradeInfo": {
      "properties": {
        "migrationMarkdown": {
--- a/codex-rs/app-server-protocol/schema/json/v2/ModelProviderCapabilitiesReadParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ModelProviderCapabilitiesReadParams.json
@@ -1,5 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "title": "ModelProviderCapabilitiesReadParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/ModelProviderCapabilitiesReadResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ModelProviderCapabilitiesReadResponse.json
@@ -1,21 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "imageGeneration": {
-      "type": "boolean"
-    },
-    "namespaceTools": {
-      "type": "boolean"
-    },
-    "webSearch": {
-      "type": "boolean"
-    }
-  },
-  "required": [
-    "imageGeneration",
-    "namespaceTools",
-    "webSearch"
-  ],
-  "title": "ModelProviderCapabilitiesReadResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/PluginListParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/PluginListParams.json
@@ -4,14 +4,6 @@
    "AbsolutePathBuf": {
      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
      "type": "string"
-    },
-    "PluginListMarketplaceKind": {
-      "enum": [
-        "local",
-        "workspace-directory",
-        "shared-with-me"
-      ],
-      "type": "string"
    }
  },
  "properties": {
@@ -24,16 +16,6 @@
        "array",
        "null"
      ]
-    },
-    "marketplaceKinds": {
-      "description": "Optional marketplace kind filter. When omitted, only local marketplaces are queried, plus the default remote catalog when enabled by feature flag.",
-      "items": {
-        "$ref": "#/definitions/PluginListMarketplaceKind"
-      },
-      "type": [
-        "array",
-        "null"
-      ]
    }
  },
  "title": "PluginListParams",
--- a/codex-rs/app-server-protocol/schema/json/v2/PluginListResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/PluginListResponse.json
@@ -38,23 +38,6 @@
      ],
      "type": "string"
    },
-    "PluginAvailability": {
-      "oneOf": [
-        {
-          "enum": [
-            "DISABLED_BY_ADMIN"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "Plugin-service currently sends `\"ENABLED\"` for available remote plugins. Codex app-server exposes `\"AVAILABLE\"` in its API; the alias keeps decoding compatible with that upstream response.",
-          "enum": [
-            "AVAILABLE"
-          ],
-          "type": "string"
-        }
-      ]
-    },
    "PluginInstallPolicy": {
      "enum": [
        "NOT_AVAILABLE",
@@ -232,29 +215,6 @@
      ],
      "type": "object"
    },
-    "PluginShareContext": {
-      "properties": {
-        "creatorAccountUserId": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "creatorName": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "remotePluginId": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "remotePluginId"
-      ],
-      "type": "object"
-    },
    "PluginSource": {
      "oneOf": [
        {
@@ -339,15 +299,6 @@
        "authPolicy": {
          "$ref": "#/definitions/PluginAuthPolicy"
        },
-        "availability": {
-          "allOf": [
-            {
-              "$ref": "#/definitions/PluginAvailability"
-            }
-          ],
-          "default": "AVAILABLE",
-          "description": "Availability state for installing and using the plugin."
-        },
        "enabled": {
          "type": "boolean"
        },
@@ -370,27 +321,9 @@
            }
          ]
        },
-        "keywords": {
-          "default": [],
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
        "name": {
          "type": "string"
        },
-        "shareContext": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PluginShareContext"
-            },
-            {
-              "type": "null"
-            }
-          ],
-          "description": "Remote sharing context associated with this plugin when available."
-        },
        "source": {
          "$ref": "#/definitions/PluginSource"
        }
--- a/codex-rs/app-server-protocol/schema/json/v2/PluginReadResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/PluginReadResponse.json
@@ -44,23 +44,6 @@
      ],
      "type": "string"
    },
-    "PluginAvailability": {
-      "oneOf": [
-        {
-          "enum": [
-            "DISABLED_BY_ADMIN"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "Plugin-service currently sends `\"ENABLED\"` for available remote plugins. Codex app-server exposes `\"AVAILABLE\"` in its API; the alias keeps decoding compatible with that upstream response.",
-          "enum": [
-            "AVAILABLE"
-          ],
-          "type": "string"
-        }
-      ]
-    },
    "PluginDetail": {
      "properties": {
        "apps": {
@@ -251,29 +234,6 @@
      ],
      "type": "object"
    },
-    "PluginShareContext": {
-      "properties": {
-        "creatorAccountUserId": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "creatorName": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "remotePluginId": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "remotePluginId"
-      ],
-      "type": "object"
-    },
    "PluginSource": {
      "oneOf": [
        {
@@ -358,15 +318,6 @@
        "authPolicy": {
          "$ref": "#/definitions/PluginAuthPolicy"
        },
-        "availability": {
-          "allOf": [
-            {
-              "$ref": "#/definitions/PluginAvailability"
-            }
-          ],
-          "default": "AVAILABLE",
-          "description": "Availability state for installing and using the plugin."
-        },
        "enabled": {
          "type": "boolean"
        },
@@ -389,27 +340,9 @@
            }
          ]
        },
-        "keywords": {
-          "default": [],
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
        "name": {
          "type": "string"
        },
-        "shareContext": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PluginShareContext"
-            },
-            {
-              "type": "null"
-            }
-          ],
-          "description": "Remote sharing context associated with this plugin when available."
-        },
        "source": {
          "$ref": "#/definitions/PluginSource"
        }
--- a/codex-rs/app-server-protocol/schema/json/v2/PluginShareDeleteParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/PluginShareDeleteParams.json
@@ -1,13 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "remotePluginId": {
-      "type": "string"
-    }
-  },
-  "required": [
-    "remotePluginId"
-  ],
-  "title": "PluginShareDeleteParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/PluginShareDeleteResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/PluginShareDeleteResponse.json
@@ -1,5 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "title": "PluginShareDeleteResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/PluginShareListParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/PluginShareListParams.json
@@ -1,5 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "title": "PluginShareListParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/PluginShareListResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/PluginShareListResponse.json
@@ -1,383 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "AbsolutePathBuf": {
-      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
-      "type": "string"
-    },
-    "PluginAuthPolicy": {
-      "enum": [
-        "ON_INSTALL",
-        "ON_USE"
-      ],
-      "type": "string"
-    },
-    "PluginAvailability": {
-      "oneOf": [
-        {
-          "enum": [
-            "DISABLED_BY_ADMIN"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "Plugin-service currently sends `\"ENABLED\"` for available remote plugins. Codex app-server exposes `\"AVAILABLE\"` in its API; the alias keeps decoding compatible with that upstream response.",
-          "enum": [
-            "AVAILABLE"
-          ],
-          "type": "string"
-        }
-      ]
-    },
-    "PluginInstallPolicy": {
-      "enum": [
-        "NOT_AVAILABLE",
-        "AVAILABLE",
-        "INSTALLED_BY_DEFAULT"
-      ],
-      "type": "string"
-    },
-    "PluginInterface": {
-      "properties": {
-        "brandColor": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "capabilities": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "category": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "composerIcon": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/AbsolutePathBuf"
-            },
-            {
-              "type": "null"
-            }
-          ],
-          "description": "Local composer icon path, resolved from the installed plugin package."
-        },
-        "composerIconUrl": {
-          "description": "Remote composer icon URL from the plugin catalog.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "defaultPrompt": {
-          "description": "Starter prompts for the plugin. Capped at 3 entries with a maximum of 128 characters per entry.",
-          "items": {
-            "type": "string"
-          },
-          "type": [
-            "array",
-            "null"
-          ]
-        },
-        "developerName": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "displayName": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "logo": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/AbsolutePathBuf"
-            },
-            {
-              "type": "null"
-            }
-          ],
-          "description": "Local logo path, resolved from the installed plugin package."
-        },
-        "logoUrl": {
-          "description": "Remote logo URL from the plugin catalog.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "longDescription": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "privacyPolicyUrl": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "screenshotUrls": {
-          "description": "Remote screenshot URLs from the plugin catalog.",
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "screenshots": {
-          "description": "Local screenshot paths, resolved from the installed plugin package.",
-          "items": {
-            "$ref": "#/definitions/AbsolutePathBuf"
-          },
-          "type": "array"
-        },
-        "shortDescription": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "termsOfServiceUrl": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "websiteUrl": {
-          "type": [
-            "string",
-            "null"
-          ]
-        }
-      },
-      "required": [
-        "capabilities",
-        "screenshotUrls",
-        "screenshots"
-      ],
-      "type": "object"
-    },
-    "PluginShareContext": {
-      "properties": {
-        "creatorAccountUserId": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "creatorName": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "remotePluginId": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "remotePluginId"
-      ],
-      "type": "object"
-    },
-    "PluginShareListItem": {
-      "properties": {
-        "localPluginPath": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/AbsolutePathBuf"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
-        "plugin": {
-          "$ref": "#/definitions/PluginSummary"
-        },
-        "shareUrl": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "plugin",
-        "shareUrl"
-      ],
-      "type": "object"
-    },
-    "PluginSource": {
-      "oneOf": [
-        {
-          "properties": {
-            "path": {
-              "$ref": "#/definitions/AbsolutePathBuf"
-            },
-            "type": {
-              "enum": [
-                "local"
-              ],
-              "title": "LocalPluginSourceType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "path",
-            "type"
-          ],
-          "title": "LocalPluginSource",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "path": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "refName": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "sha": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "git"
-              ],
-              "title": "GitPluginSourceType",
-              "type": "string"
-            },
-            "url": {
-              "type": "string"
-            }
-          },
-          "required": [
-            "type",
-            "url"
-          ],
-          "title": "GitPluginSource",
-          "type": "object"
-        },
-        {
-          "description": "The plugin is available in the remote catalog. Download metadata is kept server-side and is not exposed through the app-server API.",
-          "properties": {
-            "type": {
-              "enum": [
-                "remote"
-              ],
-              "title": "RemotePluginSourceType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "RemotePluginSource",
-          "type": "object"
-        }
-      ]
-    },
-    "PluginSummary": {
-      "properties": {
-        "authPolicy": {
-          "$ref": "#/definitions/PluginAuthPolicy"
-        },
-        "availability": {
-          "allOf": [
-            {
-              "$ref": "#/definitions/PluginAvailability"
-            }
-          ],
-          "default": "AVAILABLE",
-          "description": "Availability state for installing and using the plugin."
-        },
-        "enabled": {
-          "type": "boolean"
-        },
-        "id": {
-          "type": "string"
-        },
-        "installPolicy": {
-          "$ref": "#/definitions/PluginInstallPolicy"
-        },
-        "installed": {
-          "type": "boolean"
-        },
-        "interface": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PluginInterface"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
-        "keywords": {
-          "default": [],
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "name": {
-          "type": "string"
-        },
-        "shareContext": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/PluginShareContext"
-            },
-            {
-              "type": "null"
-            }
-          ],
-          "description": "Remote sharing context associated with this plugin when available."
-        },
-        "source": {
-          "$ref": "#/definitions/PluginSource"
-        }
-      },
-      "required": [
-        "authPolicy",
-        "enabled",
-        "id",
-        "installPolicy",
-        "installed",
-        "name",
-        "source"
-      ],
-      "type": "object"
-    }
-  },
-  "properties": {
-    "data": {
-      "items": {
-        "$ref": "#/definitions/PluginShareListItem"
-      },
-      "type": "array"
-    }
-  },
-  "required": [
-    "data"
-  ],
-  "title": "PluginShareListResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/PluginShareSaveParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/PluginShareSaveParams.json
@@ -1,75 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "AbsolutePathBuf": {
-      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
-      "type": "string"
-    },
-    "PluginShareDiscoverability": {
-      "enum": [
-        "LISTED",
-        "UNLISTED",
-        "PRIVATE"
-      ],
-      "type": "string"
-    },
-    "PluginSharePrincipalType": {
-      "enum": [
-        "user",
-        "group",
-        "workspace"
-      ],
-      "type": "string"
-    },
-    "PluginShareTarget": {
-      "properties": {
-        "principalId": {
-          "type": "string"
-        },
-        "principalType": {
-          "$ref": "#/definitions/PluginSharePrincipalType"
-        }
-      },
-      "required": [
-        "principalId",
-        "principalType"
-      ],
-      "type": "object"
-    }
-  },
-  "properties": {
-    "discoverability": {
-      "anyOf": [
-        {
-          "$ref": "#/definitions/PluginShareDiscoverability"
-        },
-        {
-          "type": "null"
-        }
-      ]
-    },
-    "pluginPath": {
-      "$ref": "#/definitions/AbsolutePathBuf"
-    },
-    "remotePluginId": {
-      "type": [
-        "string",
-        "null"
-      ]
-    },
-    "shareTargets": {
-      "items": {
-        "$ref": "#/definitions/PluginShareTarget"
-      },
-      "type": [
-        "array",
-        "null"
-      ]
-    }
-  },
-  "required": [
-    "pluginPath"
-  ],
-  "title": "PluginShareSaveParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/PluginShareSaveResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/PluginShareSaveResponse.json
@@ -1,17 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "remotePluginId": {
-      "type": "string"
-    },
-    "shareUrl": {
-      "type": "string"
-    }
-  },
-  "required": [
-    "remotePluginId",
-    "shareUrl"
-  ],
-  "title": "PluginShareSaveResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/PluginShareUpdateTargetsParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/PluginShareUpdateTargetsParams.json
@@ -1,45 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "PluginSharePrincipalType": {
-      "enum": [
-        "user",
-        "group",
-        "workspace"
-      ],
-      "type": "string"
-    },
-    "PluginShareTarget": {
-      "properties": {
-        "principalId": {
-          "type": "string"
-        },
-        "principalType": {
-          "$ref": "#/definitions/PluginSharePrincipalType"
-        }
-      },
-      "required": [
-        "principalId",
-        "principalType"
-      ],
-      "type": "object"
-    }
-  },
-  "properties": {
-    "remotePluginId": {
-      "type": "string"
-    },
-    "shareTargets": {
-      "items": {
-        "$ref": "#/definitions/PluginShareTarget"
-      },
-      "type": "array"
-    }
-  },
-  "required": [
-    "remotePluginId",
-    "shareTargets"
-  ],
-  "title": "PluginShareUpdateTargetsParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/PluginShareUpdateTargetsResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/PluginShareUpdateTargetsResponse.json
@@ -1,45 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "PluginSharePrincipal": {
-      "properties": {
-        "name": {
-          "type": "string"
-        },
-        "principalId": {
-          "type": "string"
-        },
-        "principalType": {
-          "$ref": "#/definitions/PluginSharePrincipalType"
-        }
-      },
-      "required": [
-        "name",
-        "principalId",
-        "principalType"
-      ],
-      "type": "object"
-    },
-    "PluginSharePrincipalType": {
-      "enum": [
-        "user",
-        "group",
-        "workspace"
-      ],
-      "type": "string"
-    }
-  },
-  "properties": {
-    "principals": {
-      "items": {
-        "$ref": "#/definitions/PluginSharePrincipal"
-      },
-      "type": "array"
-    }
-  },
-  "required": [
-    "principals"
-  ],
-  "title": "PluginShareUpdateTargetsResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/PluginSkillReadParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/PluginSkillReadParams.json
@@ -1,21 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "remoteMarketplaceName": {
-      "type": "string"
-    },
-    "remotePluginId": {
-      "type": "string"
-    },
-    "skillName": {
-      "type": "string"
-    }
-  },
-  "required": [
-    "remoteMarketplaceName",
-    "remotePluginId",
-    "skillName"
-  ],
-  "title": "PluginSkillReadParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/PluginSkillReadResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/PluginSkillReadResponse.json
@@ -1,13 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "contents": {
-      "type": [
-        "string",
-        "null"
-      ]
-    }
-  },
-  "title": "PluginSkillReadResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/ProcessExitedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ProcessExitedNotification.json
@@ -1,41 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "description": "Final process exit notification for `process/spawn`.",
-  "properties": {
-    "exitCode": {
-      "description": "Process exit code.",
-      "format": "int32",
-      "type": "integer"
-    },
-    "processHandle": {
-      "description": "Client-supplied, connection-scoped `processHandle` from `process/spawn`.",
-      "type": "string"
-    },
-    "stderr": {
-      "description": "Buffered stderr capture.\n\nEmpty when stderr was streamed via `process/outputDelta`.",
-      "type": "string"
-    },
-    "stderrCapReached": {
-      "description": "Whether stderr reached `outputBytesCap`.\n\nIn streaming mode, stderr is empty and cap state is also reported on the final stderr `process/outputDelta` notification.",
-      "type": "boolean"
-    },
-    "stdout": {
-      "description": "Buffered stdout capture.\n\nEmpty when stdout was streamed via `process/outputDelta`.",
-      "type": "string"
-    },
-    "stdoutCapReached": {
-      "description": "Whether stdout reached `outputBytesCap`.\n\nIn streaming mode, stdout is empty and cap state is also reported on the final stdout `process/outputDelta` notification.",
-      "type": "boolean"
-    }
-  },
-  "required": [
-    "exitCode",
-    "processHandle",
-    "stderr",
-    "stderrCapReached",
-    "stdout",
-    "stdoutCapReached"
-  ],
-  "title": "ProcessExitedNotification",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/ProcessOutputDeltaNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ProcessOutputDeltaNotification.json
@@ -1,55 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "ProcessOutputStream": {
-      "description": "Stream label for `process/outputDelta` notifications.",
-      "oneOf": [
-        {
-          "description": "stdout stream. PTY mode multiplexes terminal output here.",
-          "enum": [
-            "stdout"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "stderr stream.",
-          "enum": [
-            "stderr"
-          ],
-          "type": "string"
-        }
-      ]
-    }
-  },
-  "description": "Base64-encoded output chunk emitted for a streaming `process/spawn` request.",
-  "properties": {
-    "capReached": {
-      "description": "True on the final streamed chunk for this stream when output was truncated by `outputBytesCap`.",
-      "type": "boolean"
-    },
-    "deltaBase64": {
-      "description": "Base64-encoded output bytes.",
-      "type": "string"
-    },
-    "processHandle": {
-      "description": "Client-supplied, connection-scoped `processHandle` from `process/spawn`.",
-      "type": "string"
-    },
-    "stream": {
-      "allOf": [
-        {
-          "$ref": "#/definitions/ProcessOutputStream"
-        }
-      ],
-      "description": "Output stream this chunk belongs to."
-    }
-  },
-  "required": [
-    "capReached",
-    "deltaBase64",
-    "processHandle",
-    "stream"
-  ],
-  "title": "ProcessOutputDeltaNotification",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/RawResponseItemCompletedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/RawResponseItemCompletedNotification.json
@@ -143,6 +143,38 @@
        }
      ]
    },
+    "GhostCommit": {
+      "description": "Details of a ghost commit created from a repository state.",
+      "properties": {
+        "id": {
+          "type": "string"
+        },
+        "parent": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "preexisting_untracked_dirs": {
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "preexisting_untracked_files": {
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        }
+      },
+      "required": [
+        "id",
+        "preexisting_untracked_dirs",
+        "preexisting_untracked_files"
+      ],
+      "type": "object"
+    },
    "ImageDetail": {
      "enum": [
        "auto",
@@ -712,6 +744,26 @@
          "title": "ImageGenerationCallResponseItem",
          "type": "object"
        },
+        {
+          "properties": {
+            "ghost_commit": {
+              "$ref": "#/definitions/GhostCommit"
+            },
+            "type": {
+              "enum": [
+                "ghost_snapshot"
+              ],
+              "title": "GhostSnapshotResponseItemType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "ghost_commit",
+            "type"
+          ],
+          "title": "GhostSnapshotResponseItem",
+          "type": "object"
+        },
        {
          "properties": {
            "encrypted_content": {
@@ -732,28 +784,6 @@
          "title": "CompactionResponseItem",
          "type": "object"
        },
-        {
-          "properties": {
-            "encrypted_content": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "context_compaction"
-              ],
-              "title": "ContextCompactionResponseItemType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "ContextCompactionResponseItem",
-          "type": "object"
-        },
        {
          "properties": {
            "type": {
@@ -892,4 +922,4 @@
  ],
  "title": "RawResponseItemCompletedNotification",
  "type": "object"
-}
+}
--- a/codex-rs/app-server-protocol/schema/json/v2/RemoteControlStatusChangedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/RemoteControlStatusChangedNotification.json
@@ -1,31 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "RemoteControlConnectionStatus": {
-      "enum": [
-        "disabled",
-        "connecting",
-        "connected",
-        "errored"
-      ],
-      "type": "string"
-    }
-  },
-  "description": "Current remote-control connection status and environment id exposed to clients.",
-  "properties": {
-    "environmentId": {
-      "type": [
-        "string",
-        "null"
-      ]
-    },
-    "status": {
-      "$ref": "#/definitions/RemoteControlConnectionStatus"
-    }
-  },
-  "required": [
-    "status"
-  ],
-  "title": "RemoteControlStatusChangedNotification",
-  "type": "object"
-}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Ahmed Ibrahim	f8e2beeafa	Address OAuth persistence review feedback Keep local OAuth login flows on the no-proxy client while remote flows continue to use the runtime-selected HTTP client. Harden OAuth persistence so expires_in drift does not look like an external token update and transient keyring read failures do not clear in-memory credentials. Co-authored-by: Codex <noreply@openai.com>	2026-04-27 11:58:06 +00:00
Ahmed Ibrahim	35080d5cd0	Address MCP OAuth review feedback Restore stored-token bearer fallback by probing OAuth metadata through the injected runtime HTTP client before creating the OAuth transport. Also broaden discovery to OpenID Connect and protected-resource metadata paths, and avoid writing stale refresh results over newer in-memory credentials. Co-authored-by: Codex <noreply@openai.com>	2026-04-27 11:34:20 +00:00
Ahmed Ibrahim	9df8e3d935	Use no-proxy client for local OAuth preflight Co-authored-by: Codex <noreply@openai.com>	2026-04-27 11:13:44 +00:00
Ahmed Ibrahim	da1000bbb4	Use no-proxy client for local MCP auth status Co-authored-by: Codex <noreply@openai.com>	2026-04-27 11:01:49 +00:00
Ahmed Ibrahim	ec6227c6cd	Stabilize OAuth persistence test Co-authored-by: Codex <noreply@openai.com>	2026-04-27 10:45:14 +00:00
Ahmed Ibrahim	520ee70b73	Address remote OAuth review feedback Co-authored-by: Codex <noreply@openai.com>	2026-04-27 10:38:51 +00:00
Ahmed Ibrahim	276a97340c	Fix OAuth argument comments Co-authored-by: Codex <noreply@openai.com>	2026-04-27 10:25:29 +00:00
Ahmed Ibrahim	2b68005d97	Remove stale app-server OAuth dependency Drop the direct codex-rmcp-client dependency from app-server now that OAuth orchestration is routed through codex-mcp. Co-authored-by: Codex <noreply@openai.com>	2026-04-27 10:14:35 +00:00
Ahmed Ibrahim	c2a2ffa512	Address MCP OAuth review feedback Use the runtime environment manager for MCP list auth status, keep cached tokens available when refresh fails before expiry, avoid restoring deleted OAuth credentials, and serialize refresh attempts. Co-authored-by: Codex <noreply@openai.com>	2026-04-27 10:11:16 +00:00
Ahmed Ibrahim	a3abb8ba6e	Move MCP OAuth orchestration downstream Keep app-server OAuth callsites thin by moving server/runtime-aware OAuth discovery, scope resolution, and runtime HTTP client selection into codex-mcp helpers. Co-authored-by: Codex <noreply@openai.com>	2026-04-27 10:03:34 +00:00
Ahmed Ibrahim	a4de53c661	Remove unused rmcp client dependency Drop the stale codex-client dependency from codex-rmcp-client after the OAuth transport changes stopped using that crate. Co-authored-by: Codex <noreply@openai.com>	2026-04-27 09:38:20 +00:00
Ahmed Ibrahim	177e39f4b7	Add remote runtime OAuth for MCP Route Streamable HTTP OAuth discovery, registration, token exchange, and refresh through the selected MCP runtime HTTP client so remote MCP servers do not silently fall back to local network access. Keep browser launch and callback handling local while storing tokens in the existing local MCP OAuth store. Add regression coverage for injected OAuth HTTP requests and stored-token refresh through the exec-server transport. Co-authored-by: Codex <noreply@openai.com>	2026-04-27 09:33:42 +00:00