Document Python SDK CI job

Co-authored-by: Codex <noreply@openai.com>

.github/ISSUE_TEMPLATE/3-cli.yml

@@ -2,7 +2,6 @@ name: 💻 CLI Bug
 description: Report an issue in the Codex CLI
 labels:
   - bug
-  - needs triage
 body:
   - type: markdown
     attributes:
@@ -41,9 +40,9 @@ body:
     id: terminal
     attributes:
       label: What terminal emulator and version are you using (if applicable)?
-      description: Also note any multiplexer in use (screen / tmux / zellij)
       description: |
-        E.g, VSCode, Terminal.app, iTerm2, Ghostty, Windows Terminal (WSL / PowerShell)
+        Also note any multiplexer in use (screen / tmux / zellij).
+        E.g., VS Code, Terminal.app, iTerm2, Ghostty, Windows Terminal (WSL / PowerShell)
   - type: textarea
     id: actual
     attributes:

.github/ISSUE_TEMPLATE/5-feature-request.yml

@@ -10,7 +10,7 @@ body:
 
         Before you submit a feature:
         1. Search existing issues for similar features. If you find one, 👍 it rather than opening a new one.
-        2. The Codex team will try to balance the varying needs of the community when prioritizing or rejecting new features. Not all features will be accepted. See [Contributing](https://github.com/openai/codex#contributing) for more details.
+        2. The Codex team will try to balance the varying needs of the community when prioritizing or rejecting new features. Not all features will be accepted. See [Contributing](https://github.com/openai/codex/blob/main/docs/contributing.md) for more details.
 
   - type: input
     id: variant

.github/ISSUE_TEMPLATE/6-docs-issue.yml

@@ -1,6 +1,6 @@
 name: 📗 Documentation Issue
 description: Tell us if there is missing or incorrect documentation
-labels: [docs]
+labels: [documentation]
 body:
   - type: markdown
     attributes:
@@ -24,4 +24,4 @@ body:
   - type: textarea
     attributes:
       label: Where did you find it?
-      description: If possible, please provide the URL(s) where you found this issue.
+      description: If possible, please provide the URL(s) where you found this issue.

.github/actions/prepare-bazel-ci/action.yml

@@ -50,7 +50,7 @@ runs:
     - name: Restore bazel repository cache
       id: cache_bazel_repository_restore
       continue-on-error: true
-      uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+      uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
       with:
         path: ${{ steps.setup_bazel.outputs.repository-cache-path }}
         key: ${{ steps.cache_bazel_repository_key.outputs.repository-cache-key }}

.github/actions/windows-code-sign/action.yml

@@ -30,7 +30,7 @@ runs:
   using: composite
   steps:
     - name: Azure login for Trusted Signing (OIDC)
-      uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2
+      uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
       with:
         client-id: ${{ inputs.client-id }}
         tenant-id: ${{ inputs.tenant-id }}
@@ -54,7 +54,7 @@ runs:
         } >> "$GITHUB_OUTPUT"
 
     - name: Sign Windows binaries with Azure Trusted Signing
-      uses: azure/trusted-signing-action@1d365fec12862c4aa68fcac418143d73f0cea293 # v0
+      uses: azure/trusted-signing-action@1d365fec12862c4aa68fcac418143d73f0cea293 # v0.5.11
       with:
         endpoint: ${{ inputs.endpoint }}
         trusted-signing-account-name: ${{ inputs.account-name }}

.github/dependabot.yaml

@@ -6,25 +6,37 @@ updates:
     directory: .github/actions/codex
     schedule:
       interval: weekly
+    cooldown:
+      default-days: 7
   - package-ecosystem: cargo
     directories:
       - codex-rs
       - codex-rs/*
     schedule:
       interval: weekly
+    cooldown:
+      default-days: 7
   - package-ecosystem: devcontainers
     directory: /
     schedule:
       interval: weekly
+    cooldown:
+      default-days: 7
   - package-ecosystem: docker
     directory: codex-cli
     schedule:
       interval: weekly
+    cooldown:
+      default-days: 7
   - package-ecosystem: github-actions
     directory: /
     schedule:
       interval: weekly
+    cooldown:
+      default-days: 7
   - package-ecosystem: rust-toolchain
     directory: codex-rs
     schedule:
       interval: weekly
+    cooldown:
+      default-days: 7

.github/dotslash-config.json

@@ -11,11 +11,11 @@
           "path": "codex"
         },
         "linux-x86_64": {
-          "regex": "^codex-x86_64-unknown-linux-musl\\.zst$",
+          "regex": "^codex-x86_64-unknown-linux-musl-bundle\\.tar\\.zst$",
           "path": "codex"
         },
         "linux-aarch64": {
-          "regex": "^codex-aarch64-unknown-linux-musl\\.zst$",
+          "regex": "^codex-aarch64-unknown-linux-musl-bundle\\.tar\\.zst$",
           "path": "codex"
         },
         "windows-x86_64": {

.github/workflows/bazel.yml

@@ -56,7 +56,10 @@ jobs:
     name: Bazel test on ${{ matrix.os }} for ${{ matrix.target }}
 
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
+          persist-credentials: false
 
       - name: Check rusty_v8 MODULE.bazel checksums
         if: matrix.os == 'ubuntu-24.04' && matrix.target == 'x86_64-unknown-linux-gnu'
@@ -122,7 +125,7 @@ jobs:
       - name: Upload Bazel execution logs
         if: always() && !cancelled()
         continue-on-error: true
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: bazel-execution-logs-test-${{ matrix.target }}
           path: ${{ runner.temp }}/bazel-execution-logs
@@ -133,7 +136,7 @@ jobs:
       - name: Save bazel repository cache
         if: always() && !cancelled() && steps.prepare_bazel.outputs.repository-cache-hit != 'true'
         continue-on-error: true
-        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
         with:
           path: ${{ steps.prepare_bazel.outputs.repository-cache-path }}
           key: ${{ steps.prepare_bazel.outputs.repository-cache-key }}
@@ -148,7 +151,10 @@ jobs:
     name: Bazel test on windows-latest for x86_64-pc-windows-gnullvm (native main)
 
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
+          persist-credentials: false
 
       - name: Prepare Bazel CI
         id: prepare_bazel
@@ -195,7 +201,7 @@ jobs:
       - name: Upload Bazel execution logs
         if: always() && !cancelled()
         continue-on-error: true
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: bazel-execution-logs-test-windows-native-x86_64-pc-windows-gnullvm
           path: ${{ runner.temp }}/bazel-execution-logs
@@ -206,7 +212,7 @@ jobs:
       - name: Save bazel repository cache
         if: always() && !cancelled() && steps.prepare_bazel.outputs.repository-cache-hit != 'true'
         continue-on-error: true
-        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
         with:
           path: ${{ steps.prepare_bazel.outputs.repository-cache-path }}
           key: ${{ steps.prepare_bazel.outputs.repository-cache-key }}
@@ -231,7 +237,10 @@ jobs:
     name: Bazel clippy on ${{ matrix.os }} for ${{ matrix.target }}
 
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
+          persist-credentials: false
 
       - name: Prepare Bazel CI
         id: prepare_bazel
@@ -286,7 +295,7 @@ jobs:
       - name: Upload Bazel execution logs
         if: always() && !cancelled()
         continue-on-error: true
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: bazel-execution-logs-clippy-${{ matrix.target }}
           path: ${{ runner.temp }}/bazel-execution-logs
@@ -297,7 +306,7 @@ jobs:
       - name: Save bazel repository cache
         if: always() && !cancelled() && steps.prepare_bazel.outputs.repository-cache-hit != 'true'
         continue-on-error: true
-        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
         with:
           path: ${{ steps.prepare_bazel.outputs.repository-cache-path }}
           key: ${{ steps.prepare_bazel.outputs.repository-cache-key }}
@@ -318,7 +327,10 @@ jobs:
     name: Verify release build on ${{ matrix.os }} for ${{ matrix.target }}
 
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
+          persist-credentials: false
 
       - name: Prepare Bazel CI
         id: prepare_bazel
@@ -390,7 +402,7 @@ jobs:
       - name: Upload Bazel execution logs
         if: always() && !cancelled()
         continue-on-error: true
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: bazel-execution-logs-verify-release-build-${{ matrix.target }}
           path: ${{ runner.temp }}/bazel-execution-logs
@@ -401,7 +413,7 @@ jobs:
       - name: Save bazel repository cache
         if: always() && !cancelled() && steps.prepare_bazel.outputs.repository-cache-hit != 'true'
         continue-on-error: true
-        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
         with:
           path: ${{ steps.prepare_bazel.outputs.repository-cache-path }}
           key: ${{ steps.prepare_bazel.outputs.repository-cache-key }}

.github/workflows/blob-size-policy.yml

@@ -8,17 +8,19 @@ jobs:
     name: Blob size policy
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
+          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
           fetch-depth: 0
+          persist-credentials: false
 
       - name: Determine PR comparison range
         id: range
         shell: bash
         run: |
           set -euo pipefail
-          echo "base=$(git rev-parse HEAD^1)" >> "$GITHUB_OUTPUT"
-          echo "head=$(git rev-parse HEAD^2)" >> "$GITHUB_OUTPUT"
+          echo "base=${{ github.event.pull_request.base.sha }}" >> "$GITHUB_OUTPUT"
+          echo "head=${{ github.event.pull_request.head.sha }}" >> "$GITHUB_OUTPUT"
 
       - name: Check changed blob sizes
         env:

.github/workflows/cargo-deny.yml

@@ -14,7 +14,10 @@ jobs:
         working-directory: ./codex-rs
     steps:
       - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
+          persist-credentials: false
 
       - name: Install Rust toolchain
         uses: dtolnay/rust-toolchain@a0b273b48ed29de4470960879e8381ff45632f26 # 1.93.0

.github/workflows/ci.yml

@@ -12,7 +12,10 @@ jobs:
       NODE_OPTIONS: --max-old-space-size=4096
     steps:
       - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
+          persist-credentials: false
 
       - name: Verify codex-rs Cargo manifests inherit workspace settings
         run: python3 .github/scripts/verify_cargo_workspace_manifests.py
@@ -29,7 +32,7 @@ jobs:
           run_install: false
 
       - name: Setup Node.js
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           node-version: 22
 
@@ -63,7 +66,7 @@ jobs:
           echo "pack_output=$PACK_OUTPUT" >> "$GITHUB_OUTPUT"
 
       - name: Upload staged npm package artifact
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: codex-npm-staging
           path: ${{ steps.stage_npm_package.outputs.pack_output }}

.github/workflows/close-stale-contributor-prs.yml

@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Close inactive PRs from contributors
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |

.github/workflows/codespell.yml

@@ -18,9 +18,12 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
+          persist-credentials: false
       - name: Annotate locations with typos
-        uses: codespell-project/codespell-problem-matcher@b80729f885d32f78a716c2f107b4db1025001c42 # v1
+        uses: codespell-project/codespell-problem-matcher@b80729f885d32f78a716c2f107b4db1025001c42 # v1.1.0
       - name: Codespell
         uses: codespell-project/actions-codespell@8f01853be192eb0f849a5c7d721450e7a467c579 # v2.2
         with:

.github/workflows/issue-deduplicator.yml

@@ -19,7 +19,9 @@ jobs:
       reason: ${{ steps.normalize-all.outputs.reason }}
       has_matches: ${{ steps.normalize-all.outputs.has_matches }}
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
       - name: Prepare Codex inputs
         env:
@@ -155,7 +157,9 @@ jobs:
       reason: ${{ steps.normalize-open.outputs.reason }}
       has_matches: ${{ steps.normalize-open.outputs.has_matches }}
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
       - name: Prepare Codex inputs
         env:
@@ -342,7 +346,7 @@ jobs:
       issues: write
     steps:
       - name: Comment on issue
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         env:
           CODEX_OUTPUT: ${{ needs.select-final.outputs.codex_output }}
         with:

.github/workflows/issue-labeler.yml

@@ -17,7 +17,9 @@ jobs:
     outputs:
       codex_output: ${{ steps.codex.outputs.final-message }}
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
       - id: codex
         uses: openai/codex-action@5c3f4ccdb2b8790f73d6b21751ac00e602aa0c02 # v1.7

.github/workflows/rust-ci-full.yml

@@ -7,6 +7,11 @@ on:
   workflow_dispatch:
 
 # CI builds in debug (dev) for faster signal.
+env:
+  # Cargo's libgit2 transport has been flaky on macOS when fetching git
+  # dependencies with nested submodules. Use the system git CLI, which has
+  # better network/proxy behavior and matches Cargo's own suggested fallback.
+  CARGO_NET_GIT_FETCH_WITH_CLI: "true"
 
 jobs:
   # --- CI that doesn't need specific targets ---------------------------------
@@ -17,7 +22,9 @@ jobs:
       run:
         working-directory: codex-rs
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
       - uses: dtolnay/rust-toolchain@a0b273b48ed29de4470960879e8381ff45632f26 # 1.93.0
         with:
           components: rustfmt
@@ -31,14 +38,15 @@ jobs:
       run:
         working-directory: codex-rs
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - uses: dtolnay/rust-toolchain@a0b273b48ed29de4470960879e8381ff45632f26 # 1.93.0
-      - uses: taiki-e/install-action@44c6d64aa62cd779e873306675c7a58e86d6d532 # v2
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
-          tool: cargo-shear
-          version: 1.5.1
+          persist-credentials: false
+      - uses: dtolnay/rust-toolchain@a0b273b48ed29de4470960879e8381ff45632f26 # 1.93.0
+      - uses: taiki-e/install-action@44c6d64aa62cd779e873306675c7a58e86d6d532 # v2.62.49
+        with:
+          tool: cargo-shear@1.11.2
       - name: cargo shear
-        run: cargo shear
+        run: cargo shear --deny-warnings
 
   argument_comment_lint_package:
     name: Argument comment lint package
@@ -47,14 +55,16 @@ jobs:
       CARGO_DYLINT_VERSION: 5.0.0
       DYLINT_LINK_VERSION: 5.0.0
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
       - uses: dtolnay/rust-toolchain@a0b273b48ed29de4470960879e8381ff45632f26 # 1.93.0
         with:
           toolchain: nightly-2025-09-18
           components: llvm-tools-preview, rustc-dev, rust-src
       - name: Cache cargo-dylint tooling
         id: cargo_dylint_cache
-        uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
         with:
           path: |
             ~/.cargo/bin/cargo-dylint
@@ -97,7 +107,9 @@ jobs:
               group: codex-runners
               labels: codex-windows-x64
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
       - uses: ./.github/actions/setup-bazel-ci
         with:
           target: ${{ runner.os }}
@@ -233,7 +245,9 @@ jobs:
               labels: codex-windows-arm64
 
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
       - name: Install Linux build dependencies
         if: ${{ runner.os == 'Linux' }}
         shell: bash
@@ -276,7 +290,7 @@ jobs:
       # avoid caching the large target dir on the gnu-dev job.
       - name: Restore cargo home cache
         id: cache_cargo_home_restore
-        uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
         with:
           path: |
             ~/.cargo/bin/
@@ -294,7 +308,7 @@ jobs:
       # Install and restore sccache cache
       - name: Install sccache
         if: ${{ env.USE_SCCACHE == 'true' }}
-        uses: taiki-e/install-action@44c6d64aa62cd779e873306675c7a58e86d6d532 # v2
+        uses: taiki-e/install-action@44c6d64aa62cd779e873306675c7a58e86d6d532 # v2.62.49
         with:
           tool: sccache
           version: 0.7.5
@@ -321,7 +335,7 @@ jobs:
       - name: Restore sccache cache (fallback)
         if: ${{ env.USE_SCCACHE == 'true' && env.SCCACHE_GHA_ENABLED != 'true' }}
         id: cache_sccache_restore
-        uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
         with:
           path: ${{ github.workspace }}/.sccache/
           key: sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ steps.lockhash.outputs.hash }}-${{ github.run_id }}
@@ -348,7 +362,7 @@ jobs:
       - if: ${{ matrix.target == 'x86_64-unknown-linux-musl' || matrix.target == 'aarch64-unknown-linux-musl'}}
         name: Restore APT cache (musl)
         id: cache_apt_restore
-        uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
         with:
           path: |
             /var/cache/apt
@@ -356,7 +370,7 @@ jobs:
 
       - if: ${{ matrix.target == 'x86_64-unknown-linux-musl' || matrix.target == 'aarch64-unknown-linux-musl'}}
         name: Install Zig
-        uses: mlugg/setup-zig@d1434d08867e3ee9daa34448df10607b98908d29 # v2
+        uses: mlugg/setup-zig@d1434d08867e3ee9daa34448df10607b98908d29 # v2.2.1
         with:
           version: 0.14.0
 
@@ -430,7 +444,7 @@ jobs:
 
       - name: Install cargo-chef
         if: ${{ matrix.profile == 'release' }}
-        uses: taiki-e/install-action@44c6d64aa62cd779e873306675c7a58e86d6d532 # v2
+        uses: taiki-e/install-action@44c6d64aa62cd779e873306675c7a58e86d6d532 # v2.62.49
         with:
           tool: cargo-chef
           version: 0.1.71
@@ -449,7 +463,7 @@ jobs:
 
       - name: Upload Cargo timings (clippy)
         if: always()
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: cargo-timings-rust-ci-clippy-${{ matrix.target }}-${{ matrix.profile }}
           path: codex-rs/target/**/cargo-timings/cargo-timing.html
@@ -460,7 +474,7 @@ jobs:
       - name: Save cargo home cache
         if: always() && !cancelled() && steps.cache_cargo_home_restore.outputs.cache-hit != 'true'
         continue-on-error: true
-        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
         with:
           path: |
             ~/.cargo/bin/
@@ -476,7 +490,7 @@ jobs:
       - name: Save sccache cache (fallback)
         if: always() && !cancelled() && env.USE_SCCACHE == 'true' && env.SCCACHE_GHA_ENABLED != 'true'
         continue-on-error: true
-        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
         with:
           path: ${{ github.workspace }}/.sccache/
           key: sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ steps.lockhash.outputs.hash }}-${{ github.run_id }}
@@ -501,7 +515,7 @@ jobs:
       - name: Save APT cache (musl)
         if: always() && !cancelled() && (matrix.target == 'x86_64-unknown-linux-musl' || matrix.target == 'aarch64-unknown-linux-musl') && steps.cache_apt_restore.outputs.cache-hit != 'true'
         continue-on-error: true
-        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
         with:
           path: |
             /var/cache/apt
@@ -559,7 +573,9 @@ jobs:
               labels: codex-windows-arm64
 
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
       - name: Install Linux build dependencies
         if: ${{ runner.os == 'Linux' }}
         shell: bash
@@ -567,7 +583,7 @@ jobs:
           set -euo pipefail
           if command -v apt-get >/dev/null 2>&1; then
             sudo apt-get update -y
-            sudo DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends pkg-config libcap-dev
+            sudo DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends pkg-config libcap-dev bubblewrap
           fi
 
       # Some integration tests rely on DotSlash being installed.
@@ -590,7 +606,7 @@ jobs:
 
       - name: Restore cargo home cache
         id: cache_cargo_home_restore
-        uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
         with:
           path: |
             ~/.cargo/bin/
@@ -603,7 +619,7 @@ jobs:
 
       - name: Install sccache
         if: ${{ env.USE_SCCACHE == 'true' }}
-        uses: taiki-e/install-action@44c6d64aa62cd779e873306675c7a58e86d6d532 # v2
+        uses: taiki-e/install-action@44c6d64aa62cd779e873306675c7a58e86d6d532 # v2.62.49
         with:
           tool: sccache
           version: 0.7.5
@@ -630,7 +646,7 @@ jobs:
       - name: Restore sccache cache (fallback)
         if: ${{ env.USE_SCCACHE == 'true' && env.SCCACHE_GHA_ENABLED != 'true' }}
         id: cache_sccache_restore
-        uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
         with:
           path: ${{ github.workspace }}/.sccache/
           key: sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ steps.lockhash.outputs.hash }}-${{ github.run_id }}
@@ -638,7 +654,7 @@ jobs:
             sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ steps.lockhash.outputs.hash }}-
             sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-
 
-      - uses: taiki-e/install-action@44c6d64aa62cd779e873306675c7a58e86d6d532 # v2
+      - uses: taiki-e/install-action@44c6d64aa62cd779e873306675c7a58e86d6d532 # v2.62.49
         with:
           tool: nextest
           version: 0.9.103
@@ -674,7 +690,7 @@ jobs:
 
       - name: Upload Cargo timings (nextest)
         if: always()
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: cargo-timings-rust-ci-nextest-${{ matrix.target }}-${{ matrix.profile }}
           path: codex-rs/target/**/cargo-timings/cargo-timing.html
@@ -683,7 +699,7 @@ jobs:
       - name: Save cargo home cache
         if: always() && !cancelled() && steps.cache_cargo_home_restore.outputs.cache-hit != 'true'
         continue-on-error: true
-        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
         with:
           path: |
             ~/.cargo/bin/
@@ -695,7 +711,7 @@ jobs:
       - name: Save sccache cache (fallback)
         if: always() && !cancelled() && env.USE_SCCACHE == 'true' && env.SCCACHE_GHA_ENABLED != 'true'
         continue-on-error: true
-        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
         with:
           path: ${{ github.workspace }}/.sccache/
           key: sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ steps.lockhash.outputs.hash }}-${{ github.run_id }}
@@ -722,10 +738,12 @@ jobs:
         shell: bash
         run: |
           set +e
-          if [[ "${{ steps.test.outcome }}" != "success" ]]; then
+          if [[ "${STEPS_TEST_OUTCOME}" != "success" ]]; then
             docker logs codex-remote-test-env || true
           fi
           docker rm -f codex-remote-test-env >/dev/null 2>&1 || true
+        env:
+          STEPS_TEST_OUTCOME: ${{ steps.test.outcome }}
 
       - name: verify tests passed
         if: steps.test.outcome == 'failure'

.github/workflows/rust-ci.yml

@@ -14,9 +14,11 @@ jobs:
       codex: ${{ steps.detect.outputs.codex }}
       workflows: ${{ steps.detect.outputs.workflows }}
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
+          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
           fetch-depth: 0
+          persist-credentials: false
       - name: Detect changed paths (no external action)
         id: detect
         shell: bash
@@ -61,7 +63,10 @@ jobs:
       run:
         working-directory: codex-rs
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
+          persist-credentials: false
       - uses: dtolnay/rust-toolchain@a0b273b48ed29de4470960879e8381ff45632f26 # 1.93.0
         with:
           components: rustfmt
@@ -77,14 +82,16 @@ jobs:
       run:
         working-directory: codex-rs
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - uses: dtolnay/rust-toolchain@a0b273b48ed29de4470960879e8381ff45632f26 # 1.93.0
-      - uses: taiki-e/install-action@44c6d64aa62cd779e873306675c7a58e86d6d532 # v2
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
-          tool: cargo-shear
-          version: 1.5.1
+          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
+          persist-credentials: false
+      - uses: dtolnay/rust-toolchain@a0b273b48ed29de4470960879e8381ff45632f26 # 1.93.0
+      - uses: taiki-e/install-action@44c6d64aa62cd779e873306675c7a58e86d6d532 # v2.62.49
+        with:
+          tool: cargo-shear@1.11.2
       - name: cargo shear
-        run: cargo shear
+        run: cargo shear --deny-warnings
 
   argument_comment_lint_package:
     name: Argument comment lint package
@@ -95,7 +102,10 @@ jobs:
       CARGO_DYLINT_VERSION: 5.0.0
       DYLINT_LINK_VERSION: 5.0.0
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
+          persist-credentials: false
       - uses: dtolnay/rust-toolchain@a0b273b48ed29de4470960879e8381ff45632f26 # 1.93.0
       - name: Install nightly argument-comment-lint toolchain
         shell: bash
@@ -109,7 +119,7 @@ jobs:
           rustup default nightly-2025-09-18
       - name: Cache cargo-dylint tooling
         id: cargo_dylint_cache
-        uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
         with:
           path: |
             ~/.cargo/bin/cargo-dylint
@@ -170,8 +180,11 @@ jobs:
 
           echo "No argument-comment-lint relevant changes."
           echo "run=false" >> "$GITHUB_OUTPUT"
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         if: ${{ steps.argument_comment_lint_gate.outputs.run == 'true' }}
+        with:
+          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
+          persist-credentials: false
       - name: Run argument comment lint on codex-rs via Bazel
         if: ${{ steps.argument_comment_lint_gate.outputs.run == 'true' }}
         uses: ./.github/actions/run-argument-comment-lint
@@ -203,20 +216,25 @@ jobs:
 
           # If nothing relevant changed (PR touching only root README, etc.),
           # declare success regardless of other jobs.
-          if [[ '${{ needs.changed.outputs.argument_comment_lint }}' != 'true' && '${{ needs.changed.outputs.codex }}' != 'true' && '${{ needs.changed.outputs.workflows }}' != 'true' ]]; then
+          if [[ "${NEEDS_CHANGED_OUTPUTS_ARGUMENT_COMMENT_LINT}" != 'true' && "${NEEDS_CHANGED_OUTPUTS_CODEX}" != 'true' && "${NEEDS_CHANGED_OUTPUTS_WORKFLOWS}" != 'true' ]]; then
             echo 'No relevant changes -> CI not required.'
             exit 0
           fi
 
-          if [[ '${{ needs.changed.outputs.argument_comment_lint_package }}' == 'true' ]]; then
+          if [[ "${NEEDS_CHANGED_OUTPUTS_ARGUMENT_COMMENT_LINT_PACKAGE}" == 'true' ]]; then
             [[ '${{ needs.argument_comment_lint_package.result }}' == 'success' ]] || { echo 'argument_comment_lint_package failed'; exit 1; }
           fi
 
-          if [[ '${{ needs.changed.outputs.argument_comment_lint }}' == 'true' || '${{ needs.changed.outputs.workflows }}' == 'true' ]]; then
+          if [[ "${NEEDS_CHANGED_OUTPUTS_ARGUMENT_COMMENT_LINT}" == 'true' || "${NEEDS_CHANGED_OUTPUTS_WORKFLOWS}" == 'true' ]]; then
             [[ '${{ needs.argument_comment_lint_prebuilt.result }}' == 'success' ]] || { echo 'argument_comment_lint_prebuilt failed'; exit 1; }
           fi
 
-          if [[ '${{ needs.changed.outputs.codex }}' == 'true' || '${{ needs.changed.outputs.workflows }}' == 'true' ]]; then
+          if [[ "${NEEDS_CHANGED_OUTPUTS_CODEX}" == 'true' || "${NEEDS_CHANGED_OUTPUTS_WORKFLOWS}" == 'true' ]]; then
             [[ '${{ needs.general.result }}' == 'success' ]] || { echo 'general failed'; exit 1; }
             [[ '${{ needs.cargo_shear.result }}' == 'success' ]] || { echo 'cargo_shear failed'; exit 1; }
           fi
+        env:
+          NEEDS_CHANGED_OUTPUTS_ARGUMENT_COMMENT_LINT: ${{ needs.changed.outputs.argument_comment_lint }}
+          NEEDS_CHANGED_OUTPUTS_CODEX: ${{ needs.changed.outputs.codex }}
+          NEEDS_CHANGED_OUTPUTS_WORKFLOWS: ${{ needs.changed.outputs.workflows }}
+          NEEDS_CHANGED_OUTPUTS_ARGUMENT_COMMENT_LINT_PACKAGE: ${{ needs.changed.outputs.argument_comment_lint_package }}

.github/workflows/rust-release-argument-comment-lint.yml

@@ -56,7 +56,9 @@ jobs:
               labels: codex-windows-x64
 
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
       - uses: dtolnay/rust-toolchain@a0b273b48ed29de4470960879e8381ff45632f26 # 1.93.0
         with:
@@ -100,7 +102,7 @@ jobs:
             (cd "${RUNNER_TEMP}" && tar -czf "$GITHUB_WORKSPACE/$archive_path" argument-comment-lint)
           fi
 
-      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: argument-comment-lint-${{ matrix.target }}
           path: dist/argument-comment-lint/${{ matrix.target }}/*

.github/workflows/rust-release-prepare.yml

@@ -18,10 +18,11 @@ jobs:
     if: github.repository == 'openai/codex'
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           ref: main
           fetch-depth: 0
+          persist-credentials: false
 
       - name: Update models.json
         env:
@@ -43,7 +44,7 @@ jobs:
           curl --http1.1 --fail --show-error --location "${headers[@]}" "${url}" | jq '.' > codex-rs/models-manager/models.json
 
       - name: Open pull request (if changed)
-        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8
+        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
         with:
           commit-message: "Update models.json"
           title: "Update models.json"

.github/workflows/rust-release-windows.yml

@@ -83,7 +83,9 @@ jobs:
               labels: codex-windows-arm64
 
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
       - name: Print runner specs (Windows)
         shell: powershell
         run: |
@@ -112,7 +114,7 @@ jobs:
           cargo build --target ${{ matrix.target }} --release --timings "${build_args[@]}"
 
       - name: Upload Cargo timings
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: cargo-timings-rust-release-windows-${{ matrix.target }}-${{ matrix.bundle }}
           path: codex-rs/target/**/cargo-timings/cargo-timing.html
@@ -128,7 +130,7 @@ jobs:
           done
 
       - name: Upload Windows binaries
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: windows-binaries-${{ matrix.target }}-${{ matrix.bundle }}
           path: |
@@ -165,22 +167,24 @@ jobs:
               labels: codex-windows-arm64
 
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
       - name: Download prebuilt Windows primary binaries
-        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           name: windows-binaries-${{ matrix.target }}-primary
           path: codex-rs/target/${{ matrix.target }}/release
 
       - name: Download prebuilt Windows helper binaries
-        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           name: windows-binaries-${{ matrix.target }}-helpers
           path: codex-rs/target/${{ matrix.target }}/release
 
       - name: Download prebuilt Windows app-server binary
-        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           name: windows-binaries-${{ matrix.target }}-app-server
           path: codex-rs/target/${{ matrix.target }}/release
@@ -216,6 +220,48 @@ jobs:
               "$dest/${binary}-${{ matrix.target }}.exe"
           done
 
+      - name: Build Python runtime wheel
+        shell: bash
+        run: |
+          set -euo pipefail
+
+          case "${{ matrix.target }}" in
+            aarch64-pc-windows-msvc)
+              platform_tag="win_arm64"
+              ;;
+            x86_64-pc-windows-msvc)
+              platform_tag="win_amd64"
+              ;;
+            *)
+              echo "No Python runtime wheel platform tag for ${{ matrix.target }}"
+              exit 1
+              ;;
+          esac
+
+          python -m venv "${RUNNER_TEMP}/python-runtime-build-venv"
+          "${RUNNER_TEMP}/python-runtime-build-venv/Scripts/python.exe" -m pip install build
+
+          stage_dir="${RUNNER_TEMP}/openai-codex-cli-bin-${{ matrix.target }}"
+          wheel_dir="${GITHUB_WORKSPACE}/python-runtime-dist/${{ matrix.target }}"
+          # Keep the helpers next to codex.exe in the runtime wheel so Windows
+          # sandbox/elevation lookup matches the standalone release zip.
+          python "${GITHUB_WORKSPACE}/sdk/python/scripts/update_sdk_artifacts.py" \
+            stage-runtime \
+            "$stage_dir" \
+            "${GITHUB_WORKSPACE}/codex-rs/target/${{ matrix.target }}/release/codex.exe" \
+            --codex-version "${GITHUB_REF_NAME}" \
+            --platform-tag "$platform_tag" \
+            --resource-binary "${GITHUB_WORKSPACE}/codex-rs/target/${{ matrix.target }}/release/codex-command-runner.exe" \
+            --resource-binary "${GITHUB_WORKSPACE}/codex-rs/target/${{ matrix.target }}/release/codex-windows-sandbox-setup.exe"
+          "${RUNNER_TEMP}/python-runtime-build-venv/Scripts/python.exe" -m build --wheel --outdir "$wheel_dir" "$stage_dir"
+
+      - name: Upload Python runtime wheel
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+        with:
+          name: python-runtime-wheel-${{ matrix.target }}
+          path: python-runtime-dist/${{ matrix.target }}/*.whl
+          if-no-files-found: error
+
       - name: Install DotSlash
         uses: facebook/install-dotslash@1e4e7b3e07eaca387acb98f1d4720e0bee8dbb6a # v2
 
@@ -281,7 +327,7 @@ jobs:
             "${GITHUB_WORKSPACE}/.github/workflows/zstd" -T0 -19 "$dest/$base"
           done
 
-      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: ${{ matrix.target }}
           path: |

.github/workflows/rust-release-zsh.yml

@@ -45,7 +45,9 @@ jobs:
             git \
             libncursesw5-dev
 
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
       - name: Build, smoke-test, and stage zsh artifact
         shell: bash
@@ -53,7 +55,7 @@ jobs:
           "${GITHUB_WORKSPACE}/.github/scripts/build-zsh-release-artifact.sh" \
             "dist/zsh/${{ matrix.target }}/${{ matrix.archive_name }}"
 
-      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: codex-zsh-${{ matrix.target }}
           path: dist/zsh/${{ matrix.target }}/*
@@ -81,7 +83,9 @@ jobs:
             brew install autoconf
           fi
 
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
       - name: Build, smoke-test, and stage zsh artifact
         shell: bash
@@ -89,7 +93,7 @@ jobs:
           "${GITHUB_WORKSPACE}/.github/scripts/build-zsh-release-artifact.sh" \
             "dist/zsh/${{ matrix.target }}/${{ matrix.archive_name }}"
 
-      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: codex-zsh-${{ matrix.target }}
           path: dist/zsh/${{ matrix.target }}/*

.github/workflows/rust-release.yml

@@ -19,7 +19,9 @@ jobs:
   tag-check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
       - uses: dtolnay/rust-toolchain@a0b273b48ed29de4470960879e8381ff45632f26 # 1.93.0
       - name: Validate tag matches Cargo.toml version
         shell: bash
@@ -118,7 +120,9 @@ jobs:
             build_dmg: "false"
 
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
       - name: Print runner specs (Linux)
         if: ${{ runner.os == 'Linux' }}
         shell: bash
@@ -181,9 +185,10 @@ jobs:
 
       - if: ${{ matrix.target == 'x86_64-unknown-linux-musl' || matrix.target == 'aarch64-unknown-linux-musl'}}
         name: Install Zig
-        uses: mlugg/setup-zig@d1434d08867e3ee9daa34448df10607b98908d29 # v2
+        uses: mlugg/setup-zig@d1434d08867e3ee9daa34448df10607b98908d29 # v2.2.1
         with:
           version: 0.14.0
+          use-cache: false
 
       - if: ${{ matrix.target == 'x86_64-unknown-linux-musl' || matrix.target == 'aarch64-unknown-linux-musl'}}
         name: Install musl build tools
@@ -284,7 +289,7 @@ jobs:
           cargo build --target ${{ matrix.target }} --release --timings "${build_args[@]}"
 
       - name: Upload Cargo timings
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: cargo-timings-rust-release-${{ matrix.target }}-${{ matrix.bundle }}
           path: codex-rs/target/**/cargo-timings/cargo-timing.html
@@ -379,10 +384,80 @@ jobs:
             fi
           done
 
+          if [[ "${{ matrix.target }}" == *linux* && "${{ matrix.bundle }}" == "primary" ]]; then
+            bundle_root="${RUNNER_TEMP}/codex-${{ matrix.target }}-bundle"
+            rm -rf "$bundle_root"
+            mkdir -p "$bundle_root/codex-resources"
+            cp "$dest/codex-${{ matrix.target }}" "$bundle_root/codex"
+            cp "$dest/bwrap-${{ matrix.target }}" "$bundle_root/codex-resources/bwrap"
+            chmod 0755 "$bundle_root/codex" "$bundle_root/codex-resources/bwrap"
+            tar -C "$bundle_root" -cf - codex codex-resources/bwrap |
+              zstd -T0 -19 -o "$dest/codex-${{ matrix.target }}-bundle.tar.zst"
+          fi
+
           if [[ "${{ matrix.build_dmg }}" == "true" ]]; then
             cp target/${{ matrix.target }}/release/codex-${{ matrix.target }}.dmg "$dest/codex-${{ matrix.target }}.dmg"
           fi
 
+      - name: Build Python runtime wheel
+        if: ${{ matrix.bundle == 'primary' }}
+        shell: bash
+        run: |
+          set -euo pipefail
+
+          case "${{ matrix.target }}" in
+            aarch64-apple-darwin)
+              platform_tag="macosx_11_0_arm64"
+              ;;
+            x86_64-apple-darwin)
+              platform_tag="macosx_10_9_x86_64"
+              ;;
+            aarch64-unknown-linux-musl)
+              platform_tag="musllinux_1_1_aarch64"
+              ;;
+            x86_64-unknown-linux-musl)
+              platform_tag="musllinux_1_1_x86_64"
+              ;;
+            *)
+              echo "No Python runtime wheel platform tag for ${{ matrix.target }}"
+              exit 1
+              ;;
+          esac
+
+          python3 -m venv "${RUNNER_TEMP}/python-runtime-build-venv"
+          # Do not install into the runner's system Python; macOS runners mark
+          # the Homebrew Python as externally managed under PEP 668.
+          "${RUNNER_TEMP}/python-runtime-build-venv/bin/python" -m pip install build
+
+          stage_dir="${RUNNER_TEMP}/openai-codex-cli-bin-${{ matrix.target }}"
+          wheel_dir="${GITHUB_WORKSPACE}/python-runtime-dist/${{ matrix.target }}"
+          stage_runtime_args=(
+            "${GITHUB_WORKSPACE}/sdk/python/scripts/update_sdk_artifacts.py"
+            stage-runtime
+            "$stage_dir"
+            "${GITHUB_WORKSPACE}/codex-rs/target/${{ matrix.target }}/release/codex"
+            --codex-version "${GITHUB_REF_NAME}"
+            --platform-tag "$platform_tag"
+          )
+          if [[ "${{ matrix.target }}" == *linux* ]]; then
+            # Keep bwrap in the runtime wheel so Linux sandbox fallback behavior
+            # matches the standalone release bundle on hosts without system bwrap.
+            stage_runtime_args+=(
+              --resource-binary
+              "${GITHUB_WORKSPACE}/codex-rs/target/${{ matrix.target }}/release/bwrap"
+            )
+          fi
+          python3 "${stage_runtime_args[@]}"
+          "${RUNNER_TEMP}/python-runtime-build-venv/bin/python" -m build --wheel --outdir "$wheel_dir" "$stage_dir"
+
+      - name: Upload Python runtime wheel
+        if: ${{ matrix.bundle == 'primary' }}
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+        with:
+          name: python-runtime-wheel-${{ matrix.target }}
+          path: python-runtime-dist/${{ matrix.target }}/*.whl
+          if-no-files-found: error
+
       - name: Compress artifacts
         shell: bash
         run: |
@@ -402,7 +477,7 @@ jobs:
             base="$(basename "$f")"
             # Skip files that are already archives (shouldn't happen, but be
             # safe).
-            if [[ "$base" == *.tar.gz || "$base" == *.zip || "$base" == *.dmg ]]; then
+            if [[ "$base" == *.tar.gz || "$base" == *.tar.zst || "$base" == *.zip || "$base" == *.dmg ]]; then
               continue
             fi
 
@@ -419,11 +494,11 @@ jobs:
             zstd -T0 -19 --rm "$dest/$base"
           done
 
-      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: ${{ matrix.artifact_name }}
-          # Upload the per-binary .zst files as well as the new .tar.gz
-          # equivalents we generated in the previous step.
+          # Upload the per-binary .zst files, .tar.gz equivalents, and any
+          # prebuilt archives staged above.
           path: |
             codex-rs/dist/${{ matrix.target }}/*
 
@@ -462,10 +537,13 @@ jobs:
       tag: ${{ github.ref_name }}
       should_publish_npm: ${{ steps.npm_publish_settings.outputs.should_publish }}
       npm_tag: ${{ steps.npm_publish_settings.outputs.npm_tag }}
+      should_publish_python_runtime: ${{ steps.python_runtime_publish_settings.outputs.should_publish }}
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
       - name: Generate release notes from tag commit message
         id: release_notes
@@ -487,7 +565,7 @@ jobs:
 
           echo "path=${notes_path}" >> "${GITHUB_OUTPUT}"
 
-      - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
+      - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           path: dist
 
@@ -536,13 +614,29 @@ jobs:
             echo "npm_tag=" >> "$GITHUB_OUTPUT"
           fi
 
+      - name: Determine Python runtime publish settings
+        id: python_runtime_publish_settings
+        env:
+          VERSION: ${{ steps.release_name.outputs.name }}
+        run: |
+          set -euo pipefail
+          version="${VERSION}"
+
+          if [[ "${version}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+            echo "should_publish=true" >> "$GITHUB_OUTPUT"
+          elif [[ "${version}" =~ ^[0-9]+\.[0-9]+\.[0-9]+-alpha\.[0-9]+$ ]]; then
+            echo "should_publish=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "should_publish=false" >> "$GITHUB_OUTPUT"
+          fi
+
       - name: Setup pnpm
         uses: pnpm/action-setup@a8198c4bff370c8506180b035930dea56dbd5288 # v5
         with:
           run_install: false
 
       - name: Setup Node.js for npm packaging
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           node-version: 22
 
@@ -568,7 +662,7 @@ jobs:
           cp scripts/install/install.ps1 dist/install.ps1
 
       - name: Create GitHub Release
-        uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2
+        uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2.6.1
         with:
           name: ${{ steps.release_name.outputs.name }}
           tag_name: ${{ github.ref_name }}
@@ -627,7 +721,7 @@ jobs:
 
     steps:
       - name: Setup Node.js
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           # Node 24 bundles npm >= 11.5.1, which trusted publishing requires.
           node-version: 24
@@ -769,6 +863,48 @@ jobs:
             exit "${publish_status}"
           done
 
+  # Publish the platform-specific Python runtime wheels using PyPI trusted publishing.
+  # PyPI project configuration must trust this workflow and job. Keep this
+  # non-blocking while the Python runtime publishing path is new; failures still
+  # need release follow-up, but should not invalidate the Rust release itself.
+  publish-python-runtime:
+    # Publish to PyPI for stable releases and alpha pre-releases with numeric suffixes.
+    if: ${{ needs.release.outputs.should_publish_python_runtime == 'true' }}
+    name: publish-python-runtime
+    needs: release
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    environment: pypi
+    permissions:
+      id-token: write # Required for PyPI trusted publishing.
+      contents: read
+
+    steps:
+      - name: Download Python runtime wheels from release
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          RELEASE_TAG: ${{ needs.release.outputs.tag }}
+          RELEASE_VERSION: ${{ needs.release.outputs.version }}
+        run: |
+          set -euo pipefail
+          python_version="$RELEASE_VERSION"
+          python_version="${python_version/-alpha./a}"
+          python_version="${python_version/-beta./b}"
+          python_version="${python_version/-rc./rc}"
+
+          mkdir -p dist/python-runtime
+          gh release download "$RELEASE_TAG" \
+            --repo "${GITHUB_REPOSITORY}" \
+            --pattern "openai_codex_cli_bin-${python_version}-*.whl" \
+            --dir dist/python-runtime
+          ls -lh dist/python-runtime
+
+      - name: Publish Python runtime wheels to PyPI
+        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
+        with:
+          packages-dir: dist/python-runtime
+          skip-existing: true
+
   winget:
     name: winget
     needs: release

.github/workflows/rusty-v8-release.yml

@@ -17,10 +17,12 @@ jobs:
       v8_version: ${{ steps.v8_version.outputs.version }}
 
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
       - name: Set up Python
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
           python-version: "3.12"
 
@@ -69,7 +71,9 @@ jobs:
             target: aarch64-unknown-linux-musl
 
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
 
       - name: Set up Bazel
         uses: ./.github/actions/setup-bazel-ci
@@ -77,7 +81,7 @@ jobs:
           target: ${{ matrix.target }}
 
       - name: Set up Python
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
           python-version: "3.12"
 
@@ -133,7 +137,7 @@ jobs:
             --output-dir "dist/${TARGET}"
 
       - name: Upload staged musl artifacts
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: rusty-v8-${{ needs.metadata.outputs.v8_version }}-${{ matrix.target }}
           path: dist/${{ matrix.target }}/*
@@ -161,12 +165,12 @@ jobs:
             exit 1
           fi
 
-      - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
+      - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           path: dist
 
       - name: Create GitHub Release
-        uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2
+        uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2.6.1
         with:
           tag_name: ${{ needs.metadata.outputs.release_tag }}
           name: ${{ needs.metadata.outputs.release_tag }}

.github/workflows/sdk.yml

@@ -6,6 +6,39 @@ on:
   pull_request: {}
 
 jobs:
+  python-sdk:
+    runs-on:
+      group: codex-runners
+      labels: codex-linux-x64
+    timeout-minutes: 10
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
+          persist-credentials: false
+
+      - name: Test Python SDK
+        shell: bash
+        run: |
+          set -euo pipefail
+
+          # Run inside Alpine so dependency resolution exercises the pinned
+          # runtime wheel on the same Linux wheel family that CI installs.
+          docker run --rm \
+            --user "$(id -u):$(id -g)" \
+            -e HOME=/tmp/codex-python-sdk-home \
+            -e UV_LINK_MODE=copy \
+            -v "${GITHUB_WORKSPACE}:${GITHUB_WORKSPACE}" \
+            -w "${GITHUB_WORKSPACE}/sdk/python" \
+            python:3.12-alpine \
+            sh -euxc '
+              python -m venv /tmp/uv
+              /tmp/uv/bin/python -m pip install uv==0.11.3
+              /tmp/uv/bin/uv sync --extra dev --frozen
+              /tmp/uv/bin/uv run --extra dev pytest
+            '
+
   sdks:
     runs-on:
       group: codex-runners
@@ -13,7 +46,10 @@ jobs:
     timeout-minutes: 10
     steps:
       - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
+          persist-credentials: false
 
       - name: Install Linux bwrap build dependencies
         shell: bash
@@ -28,7 +64,7 @@ jobs:
           run_install: false
 
       - name: Setup Node.js
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
         with:
           node-version: 22
           cache: pnpm
@@ -115,7 +151,7 @@ jobs:
       - name: Save bazel repository cache
         if: always() && !cancelled() && steps.setup_bazel.outputs.cache-hit != 'true'
         continue-on-error: true
-        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
         with:
           path: |
             ~/.cache/bazel-repo-cache

.github/workflows/v8-canary.yml

@@ -40,10 +40,13 @@ jobs:
       v8_version: ${{ steps.v8_version.outputs.version }}
 
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
+          persist-credentials: false
 
       - name: Set up Python
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
           python-version: "3.12"
 
@@ -74,7 +77,10 @@ jobs:
             target: aarch64-unknown-linux-musl
 
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
+          persist-credentials: false
 
       - name: Set up Bazel
         uses: ./.github/actions/setup-bazel-ci
@@ -82,7 +88,7 @@ jobs:
           target: ${{ matrix.target }}
 
       - name: Set up Python
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
           python-version: "3.12"
 
@@ -132,7 +138,7 @@ jobs:
             --output-dir "dist/${TARGET}"
 
       - name: Upload staged musl artifacts
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: v8-canary-${{ needs.metadata.outputs.v8_version }}-${{ matrix.target }}
           path: dist/${{ matrix.target }}/*

AGENTS.md

@@ -26,7 +26,7 @@ In the codex-rs folder where the rust code lives:
   - Implementations may still use `async fn foo(&self, ...) -> T` when they satisfy that contract.
   - Do not use `#[allow(async_fn_in_trait)]` as a shortcut around spelling the future contract explicitly.
 - When writing tests, prefer comparing the equality of entire objects over fields one by one.
-- When making a change that adds or changes an API, ensure that the documentation in the `docs/` folder is up to date if applicable.
+- Do not add general product or user-facing documentation to the `docs/` folder. The official Codex documentation lives elsewhere. The exception is app-server API documentation, which is covered by the app-server guidance below.
 - Prefer private modules and explicitly exported public crate API.
 - If you change `ConfigToml` or nested config types, run `just write-config-schema` to update `codex-rs/core/config.schema.json`.
 - When working with MCP tool calls, prefer using `codex-rs/codex-mcp/src/mcp_connection_manager.rs` to handle mutation of tools and tool calls. Aim to minimize the footprint of changes and leverage existing abstractions rather than plumbing code through multiple levels of function calls.
@@ -130,7 +130,7 @@ When UI or text output changes intentionally, update the snapshots as follows:
 
 If you don’t have the tool:
 
-- `cargo install cargo-insta`
+- `cargo install --locked cargo-insta`
 
 ### Test assertions
 
@@ -210,7 +210,7 @@ These guidelines apply to app-server protocol work in `codex-rs`, especially:
 
 ### Development Workflow
 
-- Update docs/examples when API behavior changes (at minimum `app-server/README.md`).
+- Update app-server docs/examples when API behavior changes (at minimum `app-server/README.md`).
 - Regenerate schema fixtures when API shapes change:
   `just write-app-server-schema`
   (and `just write-app-server-schema --experimental` when experimental API fixtures are affected).

MODULE.bazel.lock

@@ -665,6 +665,7 @@
       "aws-lc-rs_1.16.2": "{\"dependencies\":[{\"name\":\"aws-lc-fips-sys\",\"optional\":true,\"req\":\"^0.13.1\"},{\"default_features\":false,\"name\":\"aws-lc-sys\",\"optional\":true,\"req\":\"^0.39.0\"},{\"features\":[\"derive\"],\"kind\":\"dev\",\"name\":\"clap\",\"req\":\"^4.4\"},{\"kind\":\"dev\",\"name\":\"hex\",\"req\":\"^0.4.3\"},{\"kind\":\"dev\",\"name\":\"lazy_static\",\"req\":\"^1.5.0\"},{\"kind\":\"dev\",\"name\":\"paste\",\"req\":\"^1.0.15\"},{\"kind\":\"dev\",\"name\":\"regex\",\"req\":\"^1.11.1\"},{\"name\":\"untrusted\",\"optional\":true,\"req\":\"^0.7.1\"},{\"name\":\"zeroize\",\"req\":\"^1.8.1\"}],\"features\":{\"alloc\":[],\"asan\":[\"aws-lc-sys?/asan\",\"aws-lc-fips-sys?/asan\"],\"bindgen\":[\"aws-lc-sys?/bindgen\",\"aws-lc-fips-sys?/bindgen\"],\"default\":[\"aws-lc-sys\",\"alloc\",\"ring-io\",\"ring-sig-verify\"],\"dev-tests-only\":[],\"fips\":[\"dep:aws-lc-fips-sys\"],\"non-fips\":[\"aws-lc-sys\"],\"prebuilt-nasm\":[\"aws-lc-sys?/prebuilt-nasm\"],\"ring-io\":[\"dep:untrusted\"],\"ring-sig-verify\":[\"dep:untrusted\"],\"test_logging\":[],\"unstable\":[]}}",
       "aws-lc-sys_0.39.0": "{\"dependencies\":[{\"kind\":\"build\",\"name\":\"bindgen\",\"optional\":true,\"req\":\"^0.72.0\"},{\"features\":[\"parallel\"],\"kind\":\"build\",\"name\":\"cc\",\"req\":\"^1.2.26\"},{\"kind\":\"build\",\"name\":\"cmake\",\"req\":\"^0.1.54\"},{\"kind\":\"build\",\"name\":\"dunce\",\"req\":\"^1.0.5\"},{\"kind\":\"build\",\"name\":\"fs_extra\",\"req\":\"^1.3.0\"}],\"features\":{\"all-bindings\":[],\"asan\":[],\"bindgen\":[\"dep:bindgen\"],\"default\":[\"all-bindings\"],\"disable-prebuilt-nasm\":[],\"fips\":[\"dep:bindgen\"],\"prebuilt-nasm\":[],\"ssl\":[\"bindgen\",\"all-bindings\"]}}",
       "aws-runtime_1.5.17": "{\"dependencies\":[{\"kind\":\"dev\",\"name\":\"arbitrary\",\"req\":\"^1.3\"},{\"name\":\"aws-credential-types\",\"req\":\"^1.2.11\"},{\"features\":[\"test-util\"],\"kind\":\"dev\",\"name\":\"aws-credential-types\",\"req\":\"^1.2.11\"},{\"features\":[\"http0-compat\"],\"name\":\"aws-sigv4\",\"req\":\"^1.3.7\"},{\"name\":\"aws-smithy-async\",\"req\":\"^1.2.7\"},{\"features\":[\"test-util\"],\"kind\":\"dev\",\"name\":\"aws-smithy-async\",\"req\":\"^1.2.7\"},{\"name\":\"aws-smithy-eventstream\",\"optional\":true,\"req\":\"^0.60.14\"},{\"name\":\"aws-smithy-http\",\"req\":\"^0.62.6\"},{\"kind\":\"dev\",\"name\":\"aws-smithy-protocol-test\",\"req\":\"^0.63.7\"},{\"features\":[\"client\"],\"name\":\"aws-smithy-runtime\",\"req\":\"^1.9.5\"},{\"features\":[\"client\"],\"name\":\"aws-smithy-runtime-api\",\"req\":\"^1.9.3\"},{\"features\":[\"test-util\"],\"kind\":\"dev\",\"name\":\"aws-smithy-runtime-api\",\"req\":\"^1.9.3\"},{\"name\":\"aws-smithy-types\",\"req\":\"^1.3.5\"},{\"features\":[\"test-util\"],\"kind\":\"dev\",\"name\":\"aws-smithy-types\",\"req\":\"^1.3.5\"},{\"name\":\"aws-types\",\"req\":\"^1.3.11\"},{\"name\":\"bytes\",\"req\":\"^1.10.0\"},{\"kind\":\"dev\",\"name\":\"bytes-utils\",\"req\":\"^0.1.2\"},{\"kind\":\"dev\",\"name\":\"convert_case\",\"req\":\"^0.6.0\"},{\"name\":\"fastrand\",\"req\":\"^2.3.0\"},{\"default_features\":false,\"kind\":\"dev\",\"name\":\"futures-util\",\"req\":\"^0.3.29\"},{\"name\":\"http-02x\",\"package\":\"http\",\"req\":\"^0.2.9\"},{\"name\":\"http-1x\",\"optional\":true,\"package\":\"http\",\"req\":\"^1.1.0\"},{\"name\":\"http-body-04x\",\"package\":\"http-body\",\"req\":\"^0.4.5\"},{\"name\":\"http-body-1x\",\"optional\":true,\"package\":\"http-body\",\"req\":\"^1.0.0\"},{\"name\":\"percent-encoding\",\"req\":\"^2.3.1\"},{\"name\":\"pin-project-lite\",\"req\":\"^0.2.14\"},{\"kind\":\"dev\",\"name\":\"proptest\",\"req\":\"^1.2\"},{\"name\":\"regex-lite\",\"optional\":true,\"req\":\"^0.1.5\"},{\"features\":[\"derive\"],\"kind\":\"dev\",\"name\":\"serde\",\"req\":\"^1\"},{\"kind\":\"dev\",\"name\":\"serde_json\",\"req\":\"^1\"},{\"features\":[\"macros\",\"rt\",\"time\"],\"kind\":\"dev\",\"name\":\"tokio\",\"req\":\"^1.23.1\"},{\"name\":\"tracing\",\"req\":\"^0.1.40\"},{\"features\":[\"env-filter\"],\"kind\":\"dev\",\"name\":\"tracing-subscriber\",\"req\":\"^0.3.17\"},{\"kind\":\"dev\",\"name\":\"tracing-test\",\"req\":\"^0.2.4\"},{\"name\":\"uuid\",\"req\":\"^1\"}],\"features\":{\"event-stream\":[\"dep:aws-smithy-eventstream\",\"aws-sigv4/sign-eventstream\"],\"http-02x\":[],\"http-1x\":[\"dep:http-1x\",\"dep:http-body-1x\"],\"sigv4a\":[\"aws-sigv4/sigv4a\"],\"test-util\":[\"dep:regex-lite\"]}}",
+      "aws-sdk-signin_1.2.0": "{\"dependencies\":[{\"name\":\"aws-credential-types\",\"req\":\"^1.2.11\"},{\"features\":[\"test-util\"],\"kind\":\"dev\",\"name\":\"aws-credential-types\",\"req\":\"^1.2.11\"},{\"name\":\"aws-runtime\",\"req\":\"^1.5.17\"},{\"name\":\"aws-smithy-async\",\"req\":\"^1.2.7\"},{\"name\":\"aws-smithy-http\",\"req\":\"^0.62.6\"},{\"name\":\"aws-smithy-json\",\"req\":\"^0.61.8\"},{\"features\":[\"client\"],\"name\":\"aws-smithy-runtime\",\"req\":\"^1.9.5\"},{\"features\":[\"client\",\"http-02x\"],\"name\":\"aws-smithy-runtime-api\",\"req\":\"^1.9.3\"},{\"name\":\"aws-smithy-types\",\"req\":\"^1.3.5\"},{\"name\":\"aws-types\",\"req\":\"^1.3.11\"},{\"name\":\"bytes\",\"req\":\"^1.4.0\"},{\"name\":\"fastrand\",\"req\":\"^2.0.0\"},{\"name\":\"http\",\"req\":\"^0.2.9\"},{\"kind\":\"dev\",\"name\":\"proptest\",\"req\":\"^1\"},{\"name\":\"regex-lite\",\"req\":\"^0.1.5\"},{\"features\":[\"macros\",\"test-util\",\"rt-multi-thread\"],\"kind\":\"dev\",\"name\":\"tokio\",\"req\":\"^1.23.1\"},{\"name\":\"tracing\",\"req\":\"^0.1\"}],\"features\":{\"behavior-version-latest\":[],\"default\":[\"rustls\",\"default-https-client\",\"rt-tokio\"],\"default-https-client\":[\"aws-smithy-runtime/default-https-client\"],\"gated-tests\":[],\"rt-tokio\":[\"aws-smithy-async/rt-tokio\",\"aws-smithy-types/rt-tokio\"],\"rustls\":[\"aws-smithy-runtime/tls-rustls\"],\"test-util\":[\"aws-credential-types/test-util\",\"aws-smithy-runtime/test-util\"]}}",
       "aws-sdk-sso_1.91.0": "{\"dependencies\":[{\"name\":\"aws-credential-types\",\"req\":\"^1.2.11\"},{\"features\":[\"test-util\"],\"kind\":\"dev\",\"name\":\"aws-credential-types\",\"req\":\"^1.2.11\"},{\"name\":\"aws-runtime\",\"req\":\"^1.5.17\"},{\"name\":\"aws-smithy-async\",\"req\":\"^1.2.7\"},{\"name\":\"aws-smithy-http\",\"req\":\"^0.62.6\"},{\"name\":\"aws-smithy-json\",\"req\":\"^0.61.8\"},{\"features\":[\"client\"],\"name\":\"aws-smithy-runtime\",\"req\":\"^1.9.5\"},{\"features\":[\"client\",\"http-02x\"],\"name\":\"aws-smithy-runtime-api\",\"req\":\"^1.9.3\"},{\"name\":\"aws-smithy-types\",\"req\":\"^1.3.5\"},{\"name\":\"aws-types\",\"req\":\"^1.3.11\"},{\"name\":\"bytes\",\"req\":\"^1.4.0\"},{\"name\":\"fastrand\",\"req\":\"^2.0.0\"},{\"name\":\"http\",\"req\":\"^0.2.9\"},{\"kind\":\"dev\",\"name\":\"proptest\",\"req\":\"^1\"},{\"name\":\"regex-lite\",\"req\":\"^0.1.5\"},{\"features\":[\"macros\",\"test-util\",\"rt-multi-thread\"],\"kind\":\"dev\",\"name\":\"tokio\",\"req\":\"^1.23.1\"},{\"name\":\"tracing\",\"req\":\"^0.1\"}],\"features\":{\"behavior-version-latest\":[],\"default\":[\"rustls\",\"default-https-client\",\"rt-tokio\"],\"default-https-client\":[\"aws-smithy-runtime/default-https-client\"],\"gated-tests\":[],\"rt-tokio\":[\"aws-smithy-async/rt-tokio\",\"aws-smithy-types/rt-tokio\"],\"rustls\":[\"aws-smithy-runtime/tls-rustls\"],\"test-util\":[\"aws-credential-types/test-util\",\"aws-smithy-runtime/test-util\"]}}",
       "aws-sdk-ssooidc_1.93.0": "{\"dependencies\":[{\"name\":\"aws-credential-types\",\"req\":\"^1.2.11\"},{\"features\":[\"test-util\"],\"kind\":\"dev\",\"name\":\"aws-credential-types\",\"req\":\"^1.2.11\"},{\"name\":\"aws-runtime\",\"req\":\"^1.5.17\"},{\"name\":\"aws-smithy-async\",\"req\":\"^1.2.7\"},{\"name\":\"aws-smithy-http\",\"req\":\"^0.62.6\"},{\"name\":\"aws-smithy-json\",\"req\":\"^0.61.8\"},{\"features\":[\"client\"],\"name\":\"aws-smithy-runtime\",\"req\":\"^1.9.5\"},{\"features\":[\"client\",\"http-02x\"],\"name\":\"aws-smithy-runtime-api\",\"req\":\"^1.9.3\"},{\"name\":\"aws-smithy-types\",\"req\":\"^1.3.5\"},{\"name\":\"aws-types\",\"req\":\"^1.3.11\"},{\"name\":\"bytes\",\"req\":\"^1.4.0\"},{\"name\":\"fastrand\",\"req\":\"^2.0.0\"},{\"name\":\"http\",\"req\":\"^0.2.9\"},{\"kind\":\"dev\",\"name\":\"proptest\",\"req\":\"^1\"},{\"name\":\"regex-lite\",\"req\":\"^0.1.5\"},{\"features\":[\"macros\",\"test-util\",\"rt-multi-thread\"],\"kind\":\"dev\",\"name\":\"tokio\",\"req\":\"^1.23.1\"},{\"name\":\"tracing\",\"req\":\"^0.1\"}],\"features\":{\"behavior-version-latest\":[],\"default\":[\"rustls\",\"default-https-client\",\"rt-tokio\"],\"default-https-client\":[\"aws-smithy-runtime/default-https-client\"],\"gated-tests\":[],\"rt-tokio\":[\"aws-smithy-async/rt-tokio\",\"aws-smithy-types/rt-tokio\"],\"rustls\":[\"aws-smithy-runtime/tls-rustls\"],\"test-util\":[\"aws-credential-types/test-util\",\"aws-smithy-runtime/test-util\"]}}",
       "aws-sdk-sts_1.95.0": "{\"dependencies\":[{\"name\":\"aws-credential-types\",\"req\":\"^1.2.11\"},{\"features\":[\"test-util\"],\"kind\":\"dev\",\"name\":\"aws-credential-types\",\"req\":\"^1.2.11\"},{\"name\":\"aws-runtime\",\"req\":\"^1.5.17\"},{\"features\":[\"test-util\"],\"kind\":\"dev\",\"name\":\"aws-runtime\",\"req\":\"^1.5.17\"},{\"name\":\"aws-smithy-async\",\"req\":\"^1.2.7\"},{\"features\":[\"test-util\"],\"kind\":\"dev\",\"name\":\"aws-smithy-async\",\"req\":\"^1.2.7\"},{\"name\":\"aws-smithy-http\",\"req\":\"^0.62.6\"},{\"features\":[\"test-util\",\"wire-mock\"],\"kind\":\"dev\",\"name\":\"aws-smithy-http-client\",\"req\":\"^1.1.5\"},{\"name\":\"aws-smithy-json\",\"req\":\"^0.61.8\"},{\"kind\":\"dev\",\"name\":\"aws-smithy-protocol-test\",\"req\":\"^0.63.7\"},{\"name\":\"aws-smithy-query\",\"req\":\"^0.60.9\"},{\"features\":[\"client\"],\"name\":\"aws-smithy-runtime\",\"req\":\"^1.9.5\"},{\"features\":[\"test-util\"],\"kind\":\"dev\",\"name\":\"aws-smithy-runtime\",\"req\":\"^1.9.5\"},{\"features\":[\"client\",\"http-02x\"],\"name\":\"aws-smithy-runtime-api\",\"req\":\"^1.9.3\"},{\"features\":[\"test-util\"],\"kind\":\"dev\",\"name\":\"aws-smithy-runtime-api\",\"req\":\"^1.9.3\"},{\"name\":\"aws-smithy-types\",\"req\":\"^1.3.5\"},{\"features\":[\"test-util\"],\"kind\":\"dev\",\"name\":\"aws-smithy-types\",\"req\":\"^1.3.5\"},{\"name\":\"aws-smithy-xml\",\"req\":\"^0.60.13\"},{\"name\":\"aws-types\",\"req\":\"^1.3.11\"},{\"name\":\"fastrand\",\"req\":\"^2.0.0\"},{\"default_features\":false,\"features\":[\"alloc\"],\"kind\":\"dev\",\"name\":\"futures-util\",\"req\":\"^0.3.25\"},{\"name\":\"http\",\"req\":\"^0.2.9\"},{\"kind\":\"dev\",\"name\":\"http-1x\",\"package\":\"http\",\"req\":\"^1\"},{\"kind\":\"dev\",\"name\":\"proptest\",\"req\":\"^1\"},{\"name\":\"regex-lite\",\"req\":\"^0.1.5\"},{\"kind\":\"dev\",\"name\":\"serde_json\",\"req\":\"^1.0.0\"},{\"features\":[\"macros\",\"test-util\",\"rt-multi-thread\"],\"kind\":\"dev\",\"name\":\"tokio\",\"req\":\"^1.23.1\"},{\"name\":\"tracing\",\"req\":\"^0.1\"},{\"features\":[\"env-filter\",\"json\"],\"kind\":\"dev\",\"name\":\"tracing-subscriber\",\"req\":\"^0.3.16\"}],\"features\":{\"behavior-version-latest\":[],\"default\":[\"rustls\",\"default-https-client\",\"rt-tokio\"],\"default-https-client\":[\"aws-smithy-runtime/default-https-client\"],\"gated-tests\":[],\"rt-tokio\":[\"aws-smithy-async/rt-tokio\",\"aws-smithy-types/rt-tokio\"],\"rustls\":[\"aws-smithy-runtime/tls-rustls\"],\"test-util\":[\"aws-credential-types/test-util\",\"aws-smithy-runtime/test-util\"]}}",

codex-rs/Cargo.lock

@@ -757,6 +757,7 @@ checksum = "96571e6996817bf3d58f6b569e4b9fd2e9d2fcf9f7424eed07b2ce9bb87535e5"
 dependencies = [
  "aws-credential-types",
  "aws-runtime",
+ "aws-sdk-signin",
  "aws-sdk-sso",
  "aws-sdk-ssooidc",
  "aws-sdk-sts",
@@ -767,15 +768,20 @@ dependencies = [
  "aws-smithy-runtime-api",
  "aws-smithy-types",
  "aws-types",
+ "base64-simd",
  "bytes",
  "fastrand",
  "hex",
  "http 1.4.0",
+ "p256",
+ "rand 0.8.5",
  "ring",
+ "sha2",
  "time",
  "tokio",
  "tracing",
  "url",
+ "uuid",
  "zeroize",
 ]
 
@@ -838,6 +844,28 @@ dependencies = [
  "uuid",
 ]
 
+[[package]]
+name = "aws-sdk-signin"
+version = "1.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c084bd63941916e1348cb8d9e05ac2e49bdd40a380e9167702683184c6c6be53"
+dependencies = [
+ "aws-credential-types",
+ "aws-runtime",
+ "aws-smithy-async",
+ "aws-smithy-http",
+ "aws-smithy-json",
+ "aws-smithy-runtime",
+ "aws-smithy-runtime-api",
+ "aws-smithy-types",
+ "aws-types",
+ "bytes",
+ "fastrand",
+ "http 0.2.12",
+ "regex-lite",
+ "tracing",
+]
+
 [[package]]
 name = "aws-sdk-sso"
 version = "1.91.0"
@@ -1866,13 +1894,13 @@ dependencies = [
  "codex-config",
  "codex-core",
  "codex-core-plugins",
- "codex-device-key",
  "codex-exec-server",
  "codex-external-agent-migration",
  "codex-external-agent-sessions",
  "codex-features",
  "codex-feedback",
  "codex-file-search",
+ "codex-file-watcher",
  "codex-git-utils",
  "codex-hooks",
  "codex-login",
@@ -1944,6 +1972,7 @@ dependencies = [
  "pretty_assertions",
  "serde",
  "serde_json",
+ "tempfile",
  "tokio",
  "tokio-tungstenite",
  "toml 0.9.11+spec-1.1.0",
@@ -1951,6 +1980,26 @@ dependencies = [
  "url",
 ]
 
+[[package]]
+name = "codex-app-server-daemon"
+version = "0.0.0"
+dependencies = [
+ "anyhow",
+ "codex-app-server-protocol",
+ "codex-app-server-transport",
+ "codex-core",
+ "codex-uds",
+ "futures",
+ "libc",
+ "pretty_assertions",
+ "reqwest",
+ "serde",
+ "serde_json",
+ "tempfile",
+ "tokio",
+ "tokio-tungstenite",
+]
+
 [[package]]
 name = "codex-app-server-protocol"
 version = "0.0.0"
@@ -2125,6 +2174,17 @@ dependencies = [
  "serde_with",
 ]
 
+[[package]]
+name = "codex-builtin-mcps"
+version = "0.0.0"
+dependencies = [
+ "anyhow",
+ "codex-memories-mcp",
+ "codex-utils-absolute-path",
+ "pretty_assertions",
+ "tokio",
+]
+
 [[package]]
 name = "codex-bwrap"
 version = "0.0.0"
@@ -2167,6 +2227,7 @@ dependencies = [
  "clap",
  "clap_complete",
  "codex-app-server",
+ "codex-app-server-daemon",
  "codex-app-server-protocol",
  "codex-app-server-test-client",
  "codex-arg0",
@@ -2402,7 +2463,11 @@ dependencies = [
  "codex-app-server-protocol",
  "pretty_assertions",
  "serde",
+ "serde_json",
+ "sha1",
+ "tempfile",
  "tokio",
+ "tracing",
  "urlencoding",
 ]
 
@@ -2420,7 +2485,6 @@ dependencies = [
  "bm25",
  "chrono",
  "clap",
- "codex-agent-graph-store",
  "codex-analytics",
  "codex-api",
  "codex-app-server-protocol",
@@ -2488,7 +2552,6 @@ dependencies = [
  "insta",
  "libc",
  "maplit",
- "notify",
  "once_cell",
  "openssl-sys",
  "opentelemetry",
@@ -2557,6 +2620,7 @@ dependencies = [
  "codex-core-skills",
  "codex-exec-server",
  "codex-git-utils",
+ "codex-hooks",
  "codex-login",
  "codex-model-provider",
  "codex-otel",
@@ -2625,22 +2689,6 @@ dependencies = [
  "serde_json",
 ]
 
-[[package]]
-name = "codex-device-key"
-version = "0.0.0"
-dependencies = [
- "async-trait",
- "base64 0.22.1",
- "p256",
- "pretty_assertions",
- "rand 0.9.3",
- "serde",
- "serde_json",
- "thiserror 2.0.18",
- "tokio",
- "url",
-]
-
 [[package]]
 name = "codex-exec"
 version = "0.0.0"
@@ -2710,13 +2758,13 @@ dependencies = [
  "serde",
  "serde_json",
  "serial_test",
- "sha2",
  "tempfile",
  "test-case",
  "thiserror 2.0.18",
  "tokio",
  "tokio-tungstenite",
  "tokio-util",
+ "toml 0.9.11+spec-1.1.0",
  "tracing",
  "uuid",
  "wiremock",
@@ -2846,6 +2894,17 @@ dependencies = [
  "serde",
 ]
 
+[[package]]
+name = "codex-file-watcher"
+version = "0.0.0"
+dependencies = [
+ "notify",
+ "pretty_assertions",
+ "tempfile",
+ "tokio",
+ "tracing",
+]
+
 [[package]]
 name = "codex-git-utils"
 version = "0.0.0"
@@ -2997,6 +3056,7 @@ dependencies = [
  "async-channel",
  "codex-api",
  "codex-async-utils",
+ "codex-builtin-mcps",
  "codex-config",
  "codex-exec-server",
  "codex-login",
@@ -3118,6 +3178,19 @@ dependencies = [
  "wiremock",
 ]
 
+[[package]]
+name = "codex-message-history"
+version = "0.0.0"
+dependencies = [
+ "codex-config",
+ "pretty_assertions",
+ "serde",
+ "serde_json",
+ "tempfile",
+ "tokio",
+ "tracing",
+]
+
 [[package]]
 name = "codex-model-provider"
 version = "0.0.0"
@@ -3293,7 +3366,6 @@ dependencies = [
  "codex-utils-absolute-path",
  "codex-utils-image",
  "codex-utils-string",
- "codex-utils-template",
  "encoding_rs",
  "globset",
  "http 1.4.0",
@@ -3600,16 +3672,11 @@ dependencies = [
  "codex-rollout",
  "codex-state",
  "pretty_assertions",
- "prost 0.14.3",
  "serde",
  "serde_json",
  "tempfile",
  "thiserror 2.0.18",
  "tokio",
- "tokio-stream",
- "tonic",
- "tonic-prost",
- "tonic-prost-build",
  "tracing",
  "uuid",
 ]
@@ -3660,6 +3727,7 @@ dependencies = [
  "codex-install-context",
  "codex-login",
  "codex-mcp",
+ "codex-message-history",
  "codex-model-provider",
  "codex-model-provider-info",
  "codex-models-manager",
@@ -4247,6 +4315,7 @@ dependencies = [
  "reqwest",
  "serde_json",
  "shlex",
+ "similar",
  "tempfile",
  "tokio",
  "tokio-tungstenite",

codex-rs/Cargo.toml

@@ -5,11 +5,13 @@ members = [
     "agent-graph-store",
     "agent-identity",
     "backend-client",
+    "builtin-mcps",
     "bwrap",
     "ansi-escape",
     "async-utils",
     "app-server",
     "app-server-transport",
+    "app-server-daemon",
     "app-server-client",
     "app-server-protocol",
     "app-server-test-client",
@@ -29,7 +31,6 @@ members = [
     "collaboration-mode-templates",
     "connectors",
     "config",
-    "device-key",
     "shell-command",
     "shell-escalation",
     "skills",
@@ -48,6 +49,7 @@ members = [
     "external-agent-sessions",
     "keyring-store",
     "file-search",
+    "file-watcher",
     "linux-sandbox",
     "lmstudio",
     "login",
@@ -131,6 +133,7 @@ codex-api = { path = "codex-api" }
 codex-aws-auth = { path = "aws-auth" }
 codex-app-server = { path = "app-server" }
 codex-app-server-transport = { path = "app-server-transport" }
+codex-app-server-daemon = { path = "app-server-daemon" }
 codex-app-server-client = { path = "app-server-client" }
 codex-app-server-protocol = { path = "app-server-protocol" }
 codex-app-server-test-client = { path = "app-server-test-client" }
@@ -138,6 +141,7 @@ codex-apply-patch = { path = "apply-patch" }
 codex-arg0 = { path = "arg0" }
 codex-async-utils = { path = "async-utils" }
 codex-backend-client = { path = "backend-client" }
+codex-builtin-mcps = { path = "builtin-mcps" }
 codex-chatgpt = { path = "chatgpt" }
 codex-cli = { path = "cli" }
 codex-client = { path = "codex-client" }
@@ -152,7 +156,6 @@ codex-core = { path = "core" }
 codex-core-api = { path = "core-api" }
 codex-core-plugins = { path = "core-plugins" }
 codex-core-skills = { path = "core-skills" }
-codex-device-key = { path = "device-key" }
 codex-exec = { path = "exec" }
 codex-file-system = { path = "file-system" }
 codex-exec-server = { path = "exec-server" }
@@ -164,12 +167,14 @@ codex-features = { path = "features" }
 codex-feedback = { path = "feedback" }
 codex-install-context = { path = "install-context" }
 codex-file-search = { path = "file-search" }
+codex-file-watcher = { path = "file-watcher" }
 codex-git-utils = { path = "git-utils" }
 codex-hooks = { path = "hooks" }
 codex-keyring-store = { path = "keyring-store" }
 codex-linux-sandbox = { path = "linux-sandbox" }
 codex-lmstudio = { path = "lmstudio" }
 codex-login = { path = "login" }
+codex-message-history = { path = "message-history" }
 codex-memories-mcp = { path = "memories/mcp" }
 codex-memories-read = { path = "memories/read" }
 codex-memories-write = { path = "memories/write" }
@@ -316,7 +321,6 @@ os_info = "3.12.0"
 owo-colors = "4.3.0"
 path-absolutize = "3.1.1"
 pathdiff = "0.2"
-p256 = "0.13.2"
 portable-pty = "0.9.0"
 predicates = "3"
 pretty_assertions = "1.4.1"
@@ -464,24 +468,21 @@ unwrap_used = "deny"
 [workspace.metadata.cargo-shear]
 ignored = [
     "codex-agent-graph-store",
-    "codex-memories-mcp",
     "icu_provider",
     "openssl-sys",
-    "codex-utils-readiness",
-    "codex-utils-template",
     "codex-v8-poc",
 ]
 
 [profile.dev]
 # Keep line tables/backtraces while avoiding expensive full variable debug info
 # across local dev builds.
-debug = 1
+debug = "limited"
 
 [profile.dev-small]
 inherits = "dev"
 opt-level = 0
-debug = 0
-strip = true
+debug = "none"
+strip = "symbols"
 
 [profile.release]
 lto = "fat"
@@ -493,8 +494,15 @@ strip = "symbols"
 # See https://github.com/openai/codex/issues/1411 for details.
 codegen-units = 1
 
+[profile.profiling]
+inherits = "release"
+debug = "full"
+lto = false
+strip = false
+
 [profile.ci-test]
-debug = 1         # Reduce debug symbol size
+# Reduce binary size to reduce disk pressure.
+debug = "limited"
 inherits = "test"
 opt-level = 0
 

codex-rs/agent-graph-store/Cargo.toml

@@ -7,6 +7,7 @@ version.workspace = true
 [lib]
 name = "codex_agent_graph_store"
 path = "src/lib.rs"
+doctest = false
 
 [lints]
 workspace = true

codex-rs/analytics/src/accepted_lines.rs

@@ -0,0 +1,298 @@
+use crate::events::CodexAcceptedLineFingerprintsEventParams;
+use crate::events::CodexAcceptedLineFingerprintsEventRequest;
+use crate::events::TrackEventRequest;
+use crate::facts::AcceptedLineFingerprint;
+use codex_git_utils::canonicalize_git_remote_url;
+use codex_git_utils::get_git_remote_urls_assume_git_repo;
+use sha1::Digest;
+use std::path::Path;
+
+const ACCEPTED_LINE_FINGERPRINT_EVENT_TARGET_BYTES: usize = 2 * 1024 * 1024;
+const ACCEPTED_LINE_FINGERPRINT_EVENT_FIXED_BYTES: usize = 1024;
+
+#[derive(Clone, Debug, PartialEq, Eq)]
+pub struct AcceptedLineFingerprintSummary {
+    pub accepted_added_lines: u64,
+    pub accepted_deleted_lines: u64,
+    pub line_fingerprints: Vec<AcceptedLineFingerprint>,
+}
+
+pub(crate) struct AcceptedLineFingerprintEventInput {
+    pub(crate) event_type: &'static str,
+    pub(crate) turn_id: String,
+    pub(crate) thread_id: String,
+    pub(crate) product_surface: Option<String>,
+    pub(crate) model_slug: Option<String>,
+    pub(crate) completed_at: u64,
+    pub(crate) repo_hash: Option<String>,
+    pub(crate) accepted_added_lines: u64,
+    pub(crate) accepted_deleted_lines: u64,
+    pub(crate) line_fingerprints: Vec<AcceptedLineFingerprint>,
+}
+
+pub fn accepted_line_fingerprints_from_unified_diff(
+    unified_diff: &str,
+) -> AcceptedLineFingerprintSummary {
+    let mut current_path: Option<String> = None;
+    let mut in_hunk = false;
+    let mut accepted_added_lines = 0;
+    let mut accepted_deleted_lines = 0;
+    let mut line_fingerprints = Vec::new();
+
+    for line in unified_diff.lines() {
+        if line.starts_with("diff --git ") {
+            current_path = None;
+            in_hunk = false;
+            continue;
+        }
+
+        if line.starts_with("@@ ") {
+            in_hunk = true;
+            continue;
+        }
+
+        if !in_hunk && let Some(path) = line.strip_prefix("+++ ") {
+            current_path = normalize_diff_path(path);
+            continue;
+        }
+
+        if !in_hunk && line.starts_with("--- ") {
+            continue;
+        }
+
+        if let Some(added_line) = line.strip_prefix('+') {
+            accepted_added_lines += 1;
+            if let Some(path) = current_path.as_deref()
+                && let Some(normalized_line) = normalize_effective_line(added_line)
+            {
+                line_fingerprints.push(AcceptedLineFingerprint {
+                    path_hash: fingerprint_hash("path", path),
+                    line_hash: fingerprint_hash("line", &normalized_line),
+                });
+            }
+            continue;
+        }
+
+        if line.starts_with('-') {
+            accepted_deleted_lines += 1;
+        }
+    }
+
+    AcceptedLineFingerprintSummary {
+        accepted_added_lines,
+        accepted_deleted_lines,
+        line_fingerprints,
+    }
+}
+
+pub fn fingerprint_hash(domain: &str, value: &str) -> String {
+    let mut hasher = sha1::Sha1::new();
+    hasher.update(b"file-line-v1\0");
+    hasher.update(domain.as_bytes());
+    hasher.update(b"\0");
+    hasher.update(value.as_bytes());
+    format!("{:x}", hasher.finalize())
+}
+
+pub(crate) fn accepted_line_fingerprint_event_requests(
+    input: AcceptedLineFingerprintEventInput,
+) -> Vec<TrackEventRequest> {
+    let chunks = accepted_line_fingerprint_chunks(input.line_fingerprints);
+    chunks
+        .into_iter()
+        .enumerate()
+        .map(|(index, line_fingerprints)| {
+            let is_first_chunk = index == 0;
+            TrackEventRequest::AcceptedLineFingerprints(Box::new(
+                CodexAcceptedLineFingerprintsEventRequest {
+                    event_type: "codex_accepted_line_fingerprints",
+                    event_params: CodexAcceptedLineFingerprintsEventParams {
+                        event_type: input.event_type,
+                        turn_id: input.turn_id.clone(),
+                        thread_id: input.thread_id.clone(),
+                        product_surface: input.product_surface.clone(),
+                        model_slug: input.model_slug.clone(),
+                        completed_at: input.completed_at,
+                        repo_hash: input.repo_hash.clone(),
+                        accepted_added_lines: if is_first_chunk {
+                            input.accepted_added_lines
+                        } else {
+                            0
+                        },
+                        accepted_deleted_lines: if is_first_chunk {
+                            input.accepted_deleted_lines
+                        } else {
+                            0
+                        },
+                        line_fingerprints,
+                    },
+                },
+            ))
+        })
+        .collect()
+}
+
+pub async fn accepted_line_repo_hash_for_cwd(cwd: &Path) -> Option<String> {
+    let remotes = get_git_remote_urls_assume_git_repo(cwd).await?;
+    remotes
+        .get("origin")
+        .or_else(|| remotes.values().next())
+        .map(|remote_url| {
+            let canonical_remote_url =
+                canonicalize_git_remote_url(remote_url).unwrap_or_else(|| remote_url.to_string());
+            fingerprint_hash("repo", &canonical_remote_url)
+        })
+}
+
+fn normalize_diff_path(path: &str) -> Option<String> {
+    let path = path.trim();
+    if path == "/dev/null" {
+        return None;
+    }
+
+    Some(
+        path.strip_prefix("b/")
+            .or_else(|| path.strip_prefix("a/"))
+            .unwrap_or(path)
+            .to_string(),
+    )
+}
+
+fn normalize_effective_line(line: &str) -> Option<String> {
+    let normalized = line.split_whitespace().collect::<Vec<_>>().join(" ");
+    if normalized.len() <= 3 {
+        return None;
+    }
+    if !normalized
+        .chars()
+        .any(|ch| ch.is_alphanumeric() || ch == '_')
+    {
+        return None;
+    }
+    Some(normalized)
+}
+
+fn accepted_line_fingerprint_chunks(
+    line_fingerprints: Vec<AcceptedLineFingerprint>,
+) -> Vec<Vec<AcceptedLineFingerprint>> {
+    if line_fingerprints.is_empty() {
+        return vec![Vec::new()];
+    }
+
+    let mut chunks = Vec::new();
+    let mut current = Vec::new();
+    let mut current_bytes = ACCEPTED_LINE_FINGERPRINT_EVENT_FIXED_BYTES;
+
+    for fingerprint in line_fingerprints {
+        let item_bytes = accepted_line_fingerprint_json_bytes(&fingerprint);
+        let separator_bytes = usize::from(!current.is_empty());
+        if !current.is_empty()
+            && current_bytes + separator_bytes + item_bytes
+                > ACCEPTED_LINE_FINGERPRINT_EVENT_TARGET_BYTES
+        {
+            chunks.push(current);
+            current = Vec::new();
+            current_bytes = ACCEPTED_LINE_FINGERPRINT_EVENT_FIXED_BYTES;
+        }
+        current_bytes += usize::from(!current.is_empty()) + item_bytes;
+        current.push(fingerprint);
+    }
+
+    if !current.is_empty() {
+        chunks.push(current);
+    }
+    chunks
+}
+
+fn accepted_line_fingerprint_json_bytes(fingerprint: &AcceptedLineFingerprint) -> usize {
+    // {"path_hash":"...","line_hash":"..."} plus one byte of array comma
+    // accounted for by the caller when needed.
+    32 + fingerprint.path_hash.len() + fingerprint.line_hash.len()
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn parses_counts_and_effective_added_fingerprints() {
+        let diff = "\
+diff --git a/src/lib.rs b/src/lib.rs
+index 1111111..2222222
+--- a/src/lib.rs
++++ b/src/lib.rs
+@@ -1,3 +1,5 @@
+-old line
++fn useful() {
++}
++    return user.id;
+ context
+";
+
+        let summary = accepted_line_fingerprints_from_unified_diff(diff);
+
+        assert_eq!(
+            summary,
+            AcceptedLineFingerprintSummary {
+                accepted_added_lines: 3,
+                accepted_deleted_lines: 1,
+                line_fingerprints: vec![
+                    AcceptedLineFingerprint {
+                        path_hash: fingerprint_hash("path", "src/lib.rs"),
+                        line_hash: fingerprint_hash("line", "fn useful() {"),
+                    },
+                    AcceptedLineFingerprint {
+                        path_hash: fingerprint_hash("path", "src/lib.rs"),
+                        line_hash: fingerprint_hash("line", "return user.id;"),
+                    },
+                ],
+            }
+        );
+    }
+
+    #[test]
+    fn skips_added_file_metadata_headers() {
+        let diff = "\
+diff --git a/new.py b/new.py
+new file mode 100644
+index 0000000..1111111
+--- /dev/null
++++ b/new.py
+@@ -0,0 +1 @@
++print('hello')
+";
+
+        let summary = accepted_line_fingerprints_from_unified_diff(diff);
+
+        assert_eq!(summary.accepted_added_lines, 1);
+        assert_eq!(summary.accepted_deleted_lines, 0);
+        assert_eq!(summary.line_fingerprints.len(), 1);
+    }
+
+    #[test]
+    fn parses_hunk_lines_that_look_like_file_headers() {
+        let diff = "\
+diff --git a/src/lib.rs b/src/lib.rs
+index 1111111..2222222
+--- a/src/lib.rs
++++ b/src/lib.rs
+@@ -1,2 +1,2 @@
+--- old value
++++ new value
+";
+
+        let summary = accepted_line_fingerprints_from_unified_diff(diff);
+
+        assert_eq!(
+            summary,
+            AcceptedLineFingerprintSummary {
+                accepted_added_lines: 1,
+                accepted_deleted_lines: 1,
+                line_fingerprints: vec![AcceptedLineFingerprint {
+                    path_hash: fingerprint_hash("path", "src/lib.rs"),
+                    line_hash: fingerprint_hash("line", "++ new value"),
+                }],
+            }
+        );
+    }
+}

codex-rs/analytics/src/analytics_client_tests.rs

@@ -1,5 +1,7 @@
 use crate::client::AnalyticsEventsQueue;
 use crate::events::AppServerRpcTransport;
+use crate::events::CodexAcceptedLineFingerprintsEventParams;
+use crate::events::CodexAcceptedLineFingerprintsEventRequest;
 use crate::events::CodexAppMentionedEventRequest;
 use crate::events::CodexAppServerClientMetadata;
 use crate::events::CodexAppUsedEventRequest;
@@ -12,7 +14,6 @@ use crate::events::CodexPluginUsedEventRequest;
 use crate::events::CodexRuntimeMetadata;
 use crate::events::CodexToolItemEventBase;
 use crate::events::CodexTurnEventRequest;
-use crate::events::CommandExecutionSource;
 use crate::events::GuardianApprovalRequestSource;
 use crate::events::GuardianReviewDecision;
 use crate::events::GuardianReviewEventParams;
@@ -29,6 +30,7 @@ use crate::events::codex_hook_run_metadata;
 use crate::events::codex_plugin_metadata;
 use crate::events::codex_plugin_used_metadata;
 use crate::events::subagent_thread_started_event_request;
+use crate::facts::AcceptedLineFingerprint;
 use crate::facts::AnalyticsFact;
 use crate::facts::AnalyticsJsonRpcError;
 use crate::facts::AppInvocation;
@@ -67,8 +69,13 @@ use codex_app_server_protocol::ClientInfo;
 use codex_app_server_protocol::ClientRequest;
 use codex_app_server_protocol::ClientResponsePayload;
 use codex_app_server_protocol::CodexErrorInfo;
+use codex_app_server_protocol::CommandAction;
+use codex_app_server_protocol::CommandExecutionSource;
+use codex_app_server_protocol::CommandExecutionStatus;
 use codex_app_server_protocol::InitializeCapabilities;
 use codex_app_server_protocol::InitializeParams;
+use codex_app_server_protocol::ItemCompletedNotification;
+use codex_app_server_protocol::ItemStartedNotification;
 use codex_app_server_protocol::JSONRPCErrorError;
 use codex_app_server_protocol::NonSteerableTurnKind;
 use codex_app_server_protocol::RequestId;
@@ -78,12 +85,14 @@ use codex_app_server_protocol::SessionSource as AppServerSessionSource;
 use codex_app_server_protocol::Thread;
 use codex_app_server_protocol::ThreadArchiveParams;
 use codex_app_server_protocol::ThreadArchiveResponse;
+use codex_app_server_protocol::ThreadItem;
 use codex_app_server_protocol::ThreadResumeResponse;
 use codex_app_server_protocol::ThreadSource as AppServerThreadSource;
 use codex_app_server_protocol::ThreadStartResponse;
 use codex_app_server_protocol::ThreadStatus as AppServerThreadStatus;
 use codex_app_server_protocol::Turn;
 use codex_app_server_protocol::TurnCompletedNotification;
+use codex_app_server_protocol::TurnDiffUpdatedNotification;
 use codex_app_server_protocol::TurnError as AppServerTurnError;
 use codex_app_server_protocol::TurnStartParams;
 use codex_app_server_protocol::TurnStartedNotification;
@@ -128,6 +137,7 @@ fn sample_thread_with_metadata(
 ) -> Thread {
     Thread {
         id: thread_id.to_string(),
+        session_id: format!("session-{thread_id}"),
         forked_from_id: None,
         preview: "first prompt".to_string(),
         ephemeral,
@@ -597,6 +607,91 @@ async fn ingest_turn_prerequisites(
     }
 }
 
+async fn ingest_tool_review_prerequisites(
+    reducer: &mut AnalyticsReducer,
+    events: &mut Vec<TrackEventRequest>,
+) {
+    reducer
+        .ingest(sample_initialize_fact(/*connection_id*/ 7), events)
+        .await;
+    reducer
+        .ingest(
+            AnalyticsFact::ClientResponse {
+                connection_id: 7,
+                request_id: RequestId::Integer(1),
+                response: Box::new(sample_thread_start_response(
+                    "thread-1", /*ephemeral*/ false, "gpt-5",
+                )),
+            },
+            events,
+        )
+        .await;
+    events.clear();
+}
+
+fn sample_initialize_fact(connection_id: u64) -> AnalyticsFact {
+    AnalyticsFact::Initialize {
+        connection_id,
+        params: InitializeParams {
+            client_info: ClientInfo {
+                name: "codex-tui".to_string(),
+                title: None,
+                version: "1.0.0".to_string(),
+            },
+            capabilities: Some(InitializeCapabilities {
+                experimental_api: false,
+                request_attestation: false,
+                opt_out_notification_methods: None,
+            }),
+        },
+        product_client_id: DEFAULT_ORIGINATOR.to_string(),
+        runtime: CodexRuntimeMetadata {
+            codex_rs_version: "0.99.0".to_string(),
+            runtime_os: "linux".to_string(),
+            runtime_os_version: "24.04".to_string(),
+            runtime_arch: "x86_64".to_string(),
+        },
+        rpc_transport: AppServerRpcTransport::Websocket,
+    }
+}
+
+fn sample_command_execution_item(
+    status: CommandExecutionStatus,
+    exit_code: Option<i32>,
+    duration_ms: Option<i64>,
+) -> ThreadItem {
+    ThreadItem::CommandExecution {
+        id: "item-1".to_string(),
+        command: "echo hi".to_string(),
+        cwd: test_path_buf("/tmp").abs(),
+        process_id: Some("pid-1".to_string()),
+        source: CommandExecutionSource::Agent,
+        status,
+        command_actions: Vec::new(),
+        aggregated_output: None,
+        exit_code,
+        duration_ms,
+    }
+}
+
+fn sample_command_execution_item_with_actions(
+    status: CommandExecutionStatus,
+    exit_code: Option<i32>,
+    duration_ms: Option<i64>,
+    command_actions: Vec<CommandAction>,
+) -> ThreadItem {
+    let mut item = sample_command_execution_item(status, exit_code, duration_ms);
+    let ThreadItem::CommandExecution {
+        command_actions: item_command_actions,
+        ..
+    } = &mut item
+    else {
+        unreachable!("sample command execution item should be CommandExecution");
+    };
+    *item_command_actions = command_actions;
+    item
+}
+
 fn expected_absolute_path(path: &PathBuf) -> String {
     std::fs::canonicalize(path)
         .unwrap_or_else(|_| path.to_path_buf())
@@ -737,6 +832,206 @@ fn app_used_event_serializes_expected_shape() {
     );
 }
 
+#[test]
+fn accepted_line_fingerprints_event_serializes_expected_shape() {
+    let event = TrackEventRequest::AcceptedLineFingerprints(Box::new(
+        CodexAcceptedLineFingerprintsEventRequest {
+            event_type: "codex_accepted_line_fingerprints",
+            event_params: CodexAcceptedLineFingerprintsEventParams {
+                event_type: "codex.accepted_line_fingerprints",
+                turn_id: "turn-1".to_string(),
+                thread_id: "thread-1".to_string(),
+                product_surface: Some("codex".to_string()),
+                model_slug: Some("gpt-5.1-codex".to_string()),
+                completed_at: 1710000000,
+                repo_hash: Some("repo-hash-1".to_string()),
+                accepted_added_lines: 42,
+                accepted_deleted_lines: 40,
+                line_fingerprints: vec![AcceptedLineFingerprint {
+                    path_hash: "path-hash-1".to_string(),
+                    line_hash: "line-hash-1".to_string(),
+                }],
+            },
+        },
+    ));
+
+    let payload = serde_json::to_value(&event).expect("serialize accepted line fingerprints event");
+
+    assert_eq!(
+        payload,
+        json!({
+            "event_type": "codex_accepted_line_fingerprints",
+            "event_params": {
+                "event_type": "codex.accepted_line_fingerprints",
+                "turn_id": "turn-1",
+                "thread_id": "thread-1",
+                "product_surface": "codex",
+                "model_slug": "gpt-5.1-codex",
+                "completed_at": 1710000000,
+                "repo_hash": "repo-hash-1",
+                "accepted_added_lines": 42,
+                "accepted_deleted_lines": 40,
+                "line_fingerprints": [
+                    {
+                        "path_hash": "path-hash-1",
+                        "line_hash": "line-hash-1"
+                    }
+                ]
+            }
+        })
+    );
+}
+
+#[tokio::test]
+async fn reducer_chunks_large_accepted_line_fingerprint_events_without_repeating_counts() {
+    let mut reducer = AnalyticsReducer::default();
+    let mut events = Vec::new();
+
+    ingest_turn_prerequisites(
+        &mut reducer,
+        &mut events,
+        /*include_initialize*/ true,
+        /*include_resolved_config*/ true,
+        /*include_started*/ true,
+        /*include_token_usage*/ true,
+    )
+    .await;
+    events.clear();
+
+    let mut diff = "\
+diff --git a/src/lib.rs b/src/lib.rs
+index 1111111..2222222
+--- a/src/lib.rs
++++ b/src/lib.rs
+@@ -0,0 +1,20000 @@
+"
+    .to_string();
+    for index in 0..20_000 {
+        diff.push_str(&format!("+let value_{index} = {index};\n"));
+    }
+
+    reducer
+        .ingest(
+            AnalyticsFact::Notification(Box::new(ServerNotification::TurnDiffUpdated(
+                TurnDiffUpdatedNotification {
+                    thread_id: "thread-2".to_string(),
+                    turn_id: "turn-2".to_string(),
+                    diff,
+                },
+            ))),
+            &mut events,
+        )
+        .await;
+    assert!(events.is_empty());
+
+    reducer
+        .ingest(
+            AnalyticsFact::Notification(Box::new(sample_turn_completed_notification(
+                "thread-2",
+                "turn-2",
+                AppServerTurnStatus::Completed,
+                /*codex_error_info*/ None,
+            ))),
+            &mut events,
+        )
+        .await;
+
+    let accepted_line_events = events
+        .iter()
+        .filter_map(|event| match event {
+            TrackEventRequest::AcceptedLineFingerprints(event) => Some(event),
+            _ => None,
+        })
+        .collect::<Vec<_>>();
+    assert!(accepted_line_events.len() > 1);
+    let mut total_fingerprints = 0;
+    for (index, event) in accepted_line_events.iter().enumerate() {
+        assert_eq!(event.event_params.turn_id, "turn-2");
+        assert_eq!(event.event_params.thread_id, "thread-2");
+        total_fingerprints += event.event_params.line_fingerprints.len();
+        if index == 0 {
+            assert_eq!(event.event_params.accepted_added_lines, 20_000);
+            assert_eq!(event.event_params.accepted_deleted_lines, 0);
+        } else {
+            assert_eq!(event.event_params.accepted_added_lines, 0);
+            assert_eq!(event.event_params.accepted_deleted_lines, 0);
+        }
+        assert!(serde_json::to_vec(event).expect("serialize chunk").len() < 2_100_000);
+    }
+    assert_eq!(total_fingerprints, 20_000);
+}
+
+#[tokio::test]
+async fn reducer_emits_accepted_line_fingerprints_once_from_latest_turn_diff_on_completion() {
+    let mut reducer = AnalyticsReducer::default();
+    let mut events = Vec::new();
+
+    ingest_turn_prerequisites(
+        &mut reducer,
+        &mut events,
+        /*include_initialize*/ true,
+        /*include_resolved_config*/ true,
+        /*include_started*/ true,
+        /*include_token_usage*/ true,
+    )
+    .await;
+    events.clear();
+
+    for line in ["let old_value = 1;", "let latest_value = 2;"] {
+        let diff = format!(
+            "\
+diff --git a/src/lib.rs b/src/lib.rs
+index 1111111..2222222
+--- a/src/lib.rs
++++ b/src/lib.rs
+@@ -0,0 +1 @@
++{line}
+"
+        );
+        reducer
+            .ingest(
+                AnalyticsFact::Notification(Box::new(ServerNotification::TurnDiffUpdated(
+                    TurnDiffUpdatedNotification {
+                        thread_id: "thread-2".to_string(),
+                        turn_id: "turn-2".to_string(),
+                        diff,
+                    },
+                ))),
+                &mut events,
+            )
+            .await;
+    }
+    assert!(events.is_empty());
+
+    reducer
+        .ingest(
+            AnalyticsFact::Notification(Box::new(sample_turn_completed_notification(
+                "thread-2",
+                "turn-2",
+                AppServerTurnStatus::Completed,
+                /*codex_error_info*/ None,
+            ))),
+            &mut events,
+        )
+        .await;
+
+    let accepted_line_events = events
+        .iter()
+        .filter_map(|event| match event {
+            TrackEventRequest::AcceptedLineFingerprints(event) => Some(event),
+            _ => None,
+        })
+        .collect::<Vec<_>>();
+    assert_eq!(accepted_line_events.len(), 1);
+    let event = accepted_line_events[0];
+    assert_eq!(event.event_params.accepted_added_lines, 1);
+    assert_eq!(event.event_params.line_fingerprints.len(), 1);
+    assert_eq!(
+        event.event_params.line_fingerprints[0].line_hash,
+        crate::fingerprint_hash("line", "let latest_value = 2;")
+    );
+}
+
 #[test]
 fn compaction_event_serializes_expected_shape() {
     let event = TrackEventRequest::Compaction(Box::new(CodexCompactionEventRequest {
@@ -922,13 +1217,14 @@ fn command_execution_event_serializes_expected_shape() {
                     runtime_os_version: "15.3.1".to_string(),
                     runtime_arch: "aarch64".to_string(),
                 },
-                thread_source: Some("user"),
+                thread_source: Some(ThreadSource::User),
                 subagent_source: None,
                 parent_thread_id: None,
                 tool_name: "shell".to_string(),
                 started_at_ms: 123_000,
                 completed_at_ms: 125_000,
                 duration_ms: Some(2000),
+                execution_duration_ms: Some(1900),
                 review_count: 0,
                 guardian_review_count: 0,
                 user_review_count: 0,
@@ -977,6 +1273,7 @@ fn command_execution_event_serializes_expected_shape() {
                 "started_at_ms": 123000,
                 "completed_at_ms": 125000,
                 "duration_ms": 2000,
+                "execution_duration_ms": 1900,
                 "review_count": 0,
                 "guardian_review_count": 0,
                 "user_review_count": 0,
@@ -1030,6 +1327,7 @@ async fn initialize_caches_client_and_thread_lifecycle_publishes_once_initialize
                     },
                     capabilities: Some(InitializeCapabilities {
                         experimental_api: false,
+                        request_attestation: false,
                         opt_out_notification_methods: None,
                     }),
                 },
@@ -1177,6 +1475,7 @@ async fn compaction_event_ingests_custom_fact() {
                     },
                     capabilities: Some(InitializeCapabilities {
                         experimental_api: false,
+                        request_attestation: false,
                         opt_out_notification_methods: None,
                     }),
                 },
@@ -1290,6 +1589,7 @@ async fn guardian_review_event_ingests_custom_fact_with_optional_target_item() {
                     },
                     capabilities: Some(InitializeCapabilities {
                         experimental_api: false,
+                        request_attestation: false,
                         opt_out_notification_methods: None,
                     }),
                 },
@@ -1403,6 +1703,114 @@ async fn guardian_review_event_ingests_custom_fact_with_optional_target_item() {
     assert_eq!(payload[0]["event_params"]["review_timeout_ms"], 90_000);
 }
 
+#[tokio::test]
+async fn item_lifecycle_notifications_publish_command_execution_event() {
+    let mut reducer = AnalyticsReducer::default();
+    let mut events = Vec::new();
+
+    ingest_tool_review_prerequisites(&mut reducer, &mut events).await;
+    reducer
+        .ingest(
+            AnalyticsFact::Notification(Box::new(ServerNotification::ItemStarted(
+                ItemStartedNotification {
+                    thread_id: "thread-1".to_string(),
+                    turn_id: "turn-1".to_string(),
+                    started_at_ms: 1_000,
+                    item: sample_command_execution_item(
+                        CommandExecutionStatus::InProgress,
+                        /*exit_code*/ None,
+                        /*duration_ms*/ None,
+                    ),
+                },
+            ))),
+            &mut events,
+        )
+        .await;
+    assert!(
+        events.is_empty(),
+        "tool item event should emit on completion"
+    );
+
+    reducer
+        .ingest(
+            AnalyticsFact::Notification(Box::new(ServerNotification::ItemCompleted(
+                ItemCompletedNotification {
+                    thread_id: "thread-1".to_string(),
+                    turn_id: "turn-1".to_string(),
+                    completed_at_ms: 1_045,
+                    item: sample_command_execution_item_with_actions(
+                        CommandExecutionStatus::Completed,
+                        Some(0),
+                        Some(42),
+                        vec![
+                            CommandAction::Read {
+                                command: "cat README.md".to_string(),
+                                name: "README.md".to_string(),
+                                path: test_path_buf("/tmp/README.md").abs(),
+                            },
+                            CommandAction::ListFiles {
+                                command: "ls".to_string(),
+                                path: None,
+                            },
+                            CommandAction::Search {
+                                command: "rg TODO".to_string(),
+                                query: Some("TODO".to_string()),
+                                path: None,
+                            },
+                            CommandAction::Unknown {
+                                command: "cargo test".to_string(),
+                            },
+                        ],
+                    ),
+                },
+            ))),
+            &mut events,
+        )
+        .await;
+
+    let payload = serde_json::to_value(&events).expect("serialize events");
+    assert_eq!(payload.as_array().expect("events array").len(), 1);
+    assert_eq!(payload[0]["event_type"], "codex_command_execution_event");
+    assert_eq!(payload[0]["event_params"]["thread_id"], "thread-1");
+    assert_eq!(payload[0]["event_params"]["turn_id"], "turn-1");
+    assert_eq!(payload[0]["event_params"]["item_id"], "item-1");
+    assert_eq!(payload[0]["event_params"]["tool_name"], "shell");
+    assert_eq!(
+        payload[0]["event_params"]["command_execution_source"],
+        "agent"
+    );
+    assert_eq!(payload[0]["event_params"]["terminal_status"], "completed");
+    assert_eq!(
+        payload[0]["event_params"]["final_approval_outcome"],
+        "unknown"
+    );
+    assert_eq!(
+        payload[0]["event_params"]["failure_kind"],
+        serde_json::Value::Null
+    );
+    assert_eq!(payload[0]["event_params"]["exit_code"], 0);
+    assert_eq!(payload[0]["event_params"]["command_total_action_count"], 4);
+    assert_eq!(payload[0]["event_params"]["command_read_action_count"], 1);
+    assert_eq!(
+        payload[0]["event_params"]["command_list_files_action_count"],
+        1
+    );
+    assert_eq!(payload[0]["event_params"]["command_search_action_count"], 1);
+    assert_eq!(
+        payload[0]["event_params"]["command_unknown_action_count"],
+        1
+    );
+    assert_eq!(payload[0]["event_params"]["started_at_ms"], 1_000);
+    assert_eq!(payload[0]["event_params"]["completed_at_ms"], 1_045);
+    assert_eq!(payload[0]["event_params"]["duration_ms"], 45);
+    assert_eq!(payload[0]["event_params"]["execution_duration_ms"], 42);
+    assert_eq!(
+        payload[0]["event_params"]["app_server_client"]["client_name"],
+        "codex-tui"
+    );
+    assert_eq!(payload[0]["event_params"]["thread_source"], "user");
+}
+
 #[test]
 fn subagent_thread_started_review_serializes_expected_shape() {
     let event = TrackEventRequest::ThreadInitialized(subagent_thread_started_event_request(
@@ -1686,6 +2094,79 @@ async fn subagent_thread_started_inherits_parent_connection_for_new_thread() {
     );
 }
 
+#[tokio::test]
+async fn subagent_tool_items_inherit_parent_connection_metadata() {
+    let mut reducer = AnalyticsReducer::default();
+    let mut events = Vec::new();
+
+    ingest_tool_review_prerequisites(&mut reducer, &mut events).await;
+    reducer
+        .ingest(
+            AnalyticsFact::Custom(CustomAnalyticsFact::SubAgentThreadStarted(
+                SubAgentThreadStartedInput {
+                    thread_id: "thread-subagent".to_string(),
+                    parent_thread_id: Some("thread-1".to_string()),
+                    product_client_id: "codex-tui".to_string(),
+                    client_name: "codex-tui".to_string(),
+                    client_version: "1.0.0".to_string(),
+                    model: "gpt-5".to_string(),
+                    ephemeral: false,
+                    subagent_source: SubAgentSource::Review,
+                    created_at: 128,
+                },
+            )),
+            &mut events,
+        )
+        .await;
+    events.clear();
+
+    reducer
+        .ingest(
+            AnalyticsFact::Notification(Box::new(ServerNotification::ItemStarted(
+                ItemStartedNotification {
+                    thread_id: "thread-subagent".to_string(),
+                    turn_id: "turn-subagent".to_string(),
+                    started_at_ms: 1_000,
+                    item: sample_command_execution_item(
+                        CommandExecutionStatus::InProgress,
+                        /*exit_code*/ None,
+                        /*duration_ms*/ None,
+                    ),
+                },
+            ))),
+            &mut events,
+        )
+        .await;
+    reducer
+        .ingest(
+            AnalyticsFact::Notification(Box::new(ServerNotification::ItemCompleted(
+                ItemCompletedNotification {
+                    thread_id: "thread-subagent".to_string(),
+                    turn_id: "turn-subagent".to_string(),
+                    completed_at_ms: 1_042,
+                    item: sample_command_execution_item(
+                        CommandExecutionStatus::Completed,
+                        Some(0),
+                        Some(42),
+                    ),
+                },
+            ))),
+            &mut events,
+        )
+        .await;
+
+    let payload = serde_json::to_value(&events).expect("serialize events");
+    assert_eq!(payload.as_array().expect("events array").len(), 1);
+    assert_eq!(payload[0]["event_type"], "codex_command_execution_event");
+    assert_eq!(payload[0]["event_params"]["thread_source"], "subagent");
+    assert_eq!(payload[0]["event_params"]["subagent_source"], "review");
+    assert_eq!(payload[0]["event_params"]["parent_thread_id"], "thread-1");
+    assert_eq!(
+        payload[0]["event_params"]["app_server_client"]["client_name"],
+        "codex-tui"
+    );
+}
+
 #[test]
 fn plugin_used_event_serializes_expected_shape() {
     let tracking = TrackEventsContext {

codex-rs/analytics/src/client.rs

@@ -30,6 +30,7 @@ use codex_app_server_protocol::ServerNotification;
 use codex_app_server_protocol::ServerRequest;
 use codex_app_server_protocol::ServerResponse;
 use codex_login::AuthManager;
+use codex_login::CodexAuth;
 use codex_login::default_client::create_client;
 use codex_plugin::PluginTelemetryMetadata;
 use std::collections::HashSet;
@@ -333,10 +334,6 @@ impl AnalyticsEventsClient {
         });
     }
 
-    pub fn track_notification(&self, notification: ServerNotification) {
-        self.record_fact(AnalyticsFact::Notification(Box::new(notification)));
-    }
-
     pub fn track_server_request(&self, connection_id: u64, request: ServerRequest) {
         self.record_fact(AnalyticsFact::ServerRequest {
             connection_id,
@@ -344,11 +341,28 @@ impl AnalyticsEventsClient {
         });
     }
 
-    pub fn track_server_response(&self, response: ServerResponse) {
+    pub fn track_server_response(&self, completed_at_ms: u64, response: ServerResponse) {
         self.record_fact(AnalyticsFact::ServerResponse {
+            completed_at_ms,
             response: Box::new(response),
         });
     }
+
+    pub fn track_notification(&self, notification: ServerNotification) {
+        if !matches!(
+            notification,
+            ServerNotification::TurnStarted(_)
+                | ServerNotification::TurnCompleted(_)
+                | ServerNotification::TurnDiffUpdated(_)
+                | ServerNotification::ItemStarted(_)
+                | ServerNotification::ItemCompleted(_)
+                | ServerNotification::ItemGuardianApprovalReviewStarted(_)
+                | ServerNotification::ItemGuardianApprovalReviewCompleted(_)
+        ) {
+            return;
+        }
+        self.record_fact(AnalyticsFact::Notification(Box::new(notification)));
+    }
 }
 
 async fn send_track_events(
@@ -359,6 +373,7 @@ async fn send_track_events(
     if events.is_empty() {
         return;
     }
+
     let Some(auth) = auth_manager.auth().await else {
         return;
     };
@@ -368,12 +383,45 @@ async fn send_track_events(
 
     let base_url = base_url.trim_end_matches('/');
     let url = format!("{base_url}/codex/analytics-events/events");
+    for events in track_event_request_batches(events) {
+        send_track_events_request(&auth, &url, events).await;
+    }
+}
+
+fn track_event_request_batches(events: Vec<TrackEventRequest>) -> Vec<Vec<TrackEventRequest>> {
+    let mut batches = Vec::new();
+    let mut current_batch = Vec::new();
+
+    for event in events {
+        if event.should_send_in_isolated_request() {
+            if !current_batch.is_empty() {
+                batches.push(current_batch);
+                current_batch = Vec::new();
+            }
+            batches.push(vec![event]);
+        } else {
+            current_batch.push(event);
+        }
+    }
+
+    if !current_batch.is_empty() {
+        batches.push(current_batch);
+    }
+
+    batches
+}
+
+async fn send_track_events_request(auth: &CodexAuth, url: &str, events: Vec<TrackEventRequest>) {
+    if events.is_empty() {
+        return;
+    }
+
     let payload = TrackEventsRequest { events };
 
     let response = create_client()
-        .post(&url)
+        .post(url)
         .timeout(ANALYTICS_EVENTS_TIMEOUT)
-        .headers(codex_model_provider::auth_provider_from_auth(&auth).to_auth_headers())
+        .headers(codex_model_provider::auth_provider_from_auth(auth).to_auth_headers())
         .header("Content-Type", "application/json")
         .json(&payload)
         .send()

codex-rs/analytics/src/client_tests.rs

@@ -1,6 +1,14 @@
 use super::AnalyticsEventsClient;
 use super::AnalyticsEventsQueue;
+use super::track_event_request_batches;
+use crate::events::CodexAcceptedLineFingerprintsEventParams;
+use crate::events::CodexAcceptedLineFingerprintsEventRequest;
+use crate::events::SkillInvocationEventParams;
+use crate::events::SkillInvocationEventRequest;
+use crate::events::TrackEventRequest;
+use crate::facts::AcceptedLineFingerprint;
 use crate::facts::AnalyticsFact;
+use crate::facts::InvocationType;
 use codex_app_server_protocol::ApprovalsReviewer as AppServerApprovalsReviewer;
 use codex_app_server_protocol::AskForApproval as AppServerAskForApproval;
 use codex_app_server_protocol::ClientRequest;
@@ -31,6 +39,47 @@ use std::sync::Mutex;
 use tokio::sync::mpsc;
 use tokio::sync::mpsc::error::TryRecvError;
 
+fn sample_accepted_line_fingerprint_event(thread_id: &str) -> TrackEventRequest {
+    TrackEventRequest::AcceptedLineFingerprints(Box::new(
+        CodexAcceptedLineFingerprintsEventRequest {
+            event_type: "codex_accepted_line_fingerprints",
+            event_params: CodexAcceptedLineFingerprintsEventParams {
+                event_type: "codex.accepted_line_fingerprints",
+                turn_id: "turn-1".to_string(),
+                thread_id: thread_id.to_string(),
+                product_surface: Some("codex".to_string()),
+                model_slug: Some("gpt-5.1-codex".to_string()),
+                completed_at: 1,
+                repo_hash: None,
+                accepted_added_lines: 1,
+                accepted_deleted_lines: 0,
+                line_fingerprints: vec![AcceptedLineFingerprint {
+                    path_hash: "path-hash".to_string(),
+                    line_hash: "line-hash".to_string(),
+                }],
+            },
+        },
+    ))
+}
+
+fn sample_regular_track_event(thread_id: &str) -> TrackEventRequest {
+    TrackEventRequest::SkillInvocation(SkillInvocationEventRequest {
+        event_type: "skill_invocation",
+        skill_id: format!("skill-{thread_id}"),
+        skill_name: "doc".to_string(),
+        event_params: SkillInvocationEventParams {
+            product_client_id: None,
+            skill_scope: None,
+            plugin_id: None,
+            repo_url: None,
+            thread_id: Some(thread_id.to_string()),
+            turn_id: Some("turn-1".to_string()),
+            invoke_type: Some(InvocationType::Explicit),
+            model_slug: Some("gpt-5.1-codex".to_string()),
+        },
+    })
+}
+
 fn client_with_receiver() -> (AnalyticsEventsClient, mpsc::Receiver<AnalyticsFact>) {
     let (sender, receiver) = mpsc::channel(8);
     let queue = AnalyticsEventsQueue {
@@ -76,6 +125,7 @@ fn sample_thread_archive_request() -> ClientRequest {
 fn sample_thread(thread_id: &str) -> Thread {
     Thread {
         id: thread_id.to_string(),
+        session_id: format!("session-{thread_id}"),
         forked_from_id: None,
         preview: "first prompt".to_string(),
         ephemeral: false,
@@ -221,3 +271,23 @@ fn track_response_only_enqueues_analytics_relevant_responses() {
     );
     assert!(matches!(receiver.try_recv(), Err(TryRecvError::Empty)));
 }
+
+#[test]
+fn track_event_request_batches_only_isolates_accepted_line_fingerprint_events() {
+    let batches = track_event_request_batches(vec![
+        sample_regular_track_event("thread-1"),
+        sample_regular_track_event("thread-2"),
+        sample_accepted_line_fingerprint_event("thread-3"),
+        sample_accepted_line_fingerprint_event("thread-4"),
+        sample_regular_track_event("thread-5"),
+        sample_regular_track_event("thread-6"),
+    ]);
+
+    assert_eq!(batches.len(), 4);
+    assert_eq!(batches[0].len(), 2);
+    assert_eq!(batches[1].len(), 1);
+    assert_eq!(batches[2].len(), 1);
+    assert_eq!(batches[3].len(), 2);
+    assert!(batches[1][0].should_send_in_isolated_request());
+    assert!(batches[2][0].should_send_in_isolated_request());
+}

codex-rs/analytics/src/events.rs

@@ -1,5 +1,6 @@
 use std::time::Instant;
 
+use crate::facts::AcceptedLineFingerprint;
 use crate::facts::AppInvocation;
 use crate::facts::CodexCompactionEvent;
 use crate::facts::CompactionImplementation;
@@ -18,8 +19,10 @@ use crate::facts::TurnStatus;
 use crate::facts::TurnSteerRejectionReason;
 use crate::facts::TurnSteerResult;
 use crate::facts::TurnSubmissionType;
+use crate::now_unix_millis;
 use crate::now_unix_seconds;
 use codex_app_server_protocol::CodexErrorInfo;
+use codex_app_server_protocol::CommandExecutionSource;
 use codex_login::default_client::originator;
 use codex_plugin::PluginTelemetryMetadata;
 use codex_protocol::approvals::NetworkApprovalProtocol;
@@ -62,20 +65,16 @@ pub(crate) enum TrackEventRequest {
     Compaction(Box<CodexCompactionEventRequest>),
     TurnEvent(Box<CodexTurnEventRequest>),
     TurnSteer(CodexTurnSteerEventRequest),
-    #[allow(dead_code)]
     CommandExecution(CodexCommandExecutionEventRequest),
-    #[allow(dead_code)]
     FileChange(CodexFileChangeEventRequest),
-    #[allow(dead_code)]
     McpToolCall(CodexMcpToolCallEventRequest),
-    #[allow(dead_code)]
     DynamicToolCall(CodexDynamicToolCallEventRequest),
-    #[allow(dead_code)]
     CollabAgentToolCall(CodexCollabAgentToolCallEventRequest),
-    #[allow(dead_code)]
     WebSearch(CodexWebSearchEventRequest),
-    #[allow(dead_code)]
     ImageGeneration(CodexImageGenerationEventRequest),
+    AcceptedLineFingerprints(Box<CodexAcceptedLineFingerprintsEventRequest>),
+    #[allow(dead_code)]
+    ReviewEvent(CodexReviewEventRequest),
     PluginUsed(CodexPluginUsedEventRequest),
     PluginInstalled(CodexPluginEventRequest),
     PluginUninstalled(CodexPluginEventRequest),
@@ -83,6 +82,32 @@ pub(crate) enum TrackEventRequest {
     PluginDisabled(CodexPluginEventRequest),
 }
 
+impl TrackEventRequest {
+    pub(crate) fn should_send_in_isolated_request(&self) -> bool {
+        matches!(self, Self::AcceptedLineFingerprints(_))
+    }
+}
+
+#[derive(Serialize)]
+pub(crate) struct CodexAcceptedLineFingerprintsEventParams {
+    pub(crate) event_type: &'static str,
+    pub(crate) turn_id: String,
+    pub(crate) thread_id: String,
+    pub(crate) product_surface: Option<String>,
+    pub(crate) model_slug: Option<String>,
+    pub(crate) completed_at: u64,
+    pub(crate) repo_hash: Option<String>,
+    pub(crate) accepted_added_lines: u64,
+    pub(crate) accepted_deleted_lines: u64,
+    pub(crate) line_fingerprints: Vec<AcceptedLineFingerprint>,
+}
+
+#[derive(Serialize)]
+pub(crate) struct CodexAcceptedLineFingerprintsEventRequest {
+    pub(crate) event_type: &'static str,
+    pub(crate) event_params: CodexAcceptedLineFingerprintsEventParams,
+}
+
 #[derive(Serialize)]
 pub(crate) struct SkillInvocationEventRequest {
     pub(crate) event_type: &'static str,
@@ -265,7 +290,7 @@ pub struct GuardianReviewTrackContext {
     approval_request_source: GuardianApprovalRequestSource,
     reviewed_action: GuardianReviewedAction,
     review_timeout_ms: u64,
-    started_at: u64,
+    pub started_at_ms: u64,
     started_instant: Instant,
 }
 
@@ -287,7 +312,7 @@ impl GuardianReviewTrackContext {
             approval_request_source,
             reviewed_action,
             review_timeout_ms,
-            started_at: now_unix_seconds(),
+            started_at_ms: now_unix_millis(),
             started_instant: Instant::now(),
         }
     }
@@ -320,7 +345,7 @@ impl GuardianReviewTrackContext {
             tool_call_count: None,
             time_to_first_token_ms: result.time_to_first_token_ms,
             completion_latency_ms: Some(self.started_instant.elapsed().as_millis() as u64),
-            started_at: self.started_at,
+            started_at: self.started_at_ms / 1_000,
             completed_at: Some(now_unix_seconds()),
             input_tokens: result.token_usage.as_ref().map(|usage| usage.input_tokens),
             cached_input_tokens: result
@@ -448,13 +473,16 @@ pub(crate) struct CodexToolItemEventBase {
     pub(crate) item_id: String,
     pub(crate) app_server_client: CodexAppServerClientMetadata,
     pub(crate) runtime: CodexRuntimeMetadata,
-    pub(crate) thread_source: Option<&'static str>,
+    pub(crate) thread_source: Option<ThreadSource>,
     pub(crate) subagent_source: Option<String>,
     pub(crate) parent_thread_id: Option<String>,
     pub(crate) tool_name: String,
     pub(crate) started_at_ms: u64,
     pub(crate) completed_at_ms: u64,
+    // Observed item lifecycle duration. This may undercount end-to-end execution
+    // for tools where app-server only sees part of the upstream flow.
     pub(crate) duration_ms: Option<u64>,
+    pub(crate) execution_duration_ms: Option<u64>,
     pub(crate) review_count: u64,
     pub(crate) guardian_review_count: u64,
     pub(crate) user_review_count: u64,
@@ -468,13 +496,79 @@ pub(crate) struct CodexToolItemEventBase {
 #[allow(dead_code)]
 #[derive(Clone, Copy, Debug, Serialize)]
 #[serde(rename_all = "snake_case")]
-pub(crate) enum CommandExecutionSource {
-    Agent,
-    UserShell,
-    UnifiedExecStartup,
-    UnifiedExecInteraction,
+pub(crate) enum ReviewSubjectKind {
+    CommandExecution,
+    FileChange,
+    McpToolCall,
+    Permissions,
+    NetworkAccess,
 }
 
+#[allow(dead_code)]
+#[derive(Clone, Copy, Debug, Serialize)]
+#[serde(rename_all = "snake_case")]
+pub(crate) enum Reviewer {
+    Guardian,
+    User,
+}
+
+#[allow(dead_code)]
+#[derive(Clone, Copy, Debug, Serialize)]
+#[serde(rename_all = "snake_case")]
+pub(crate) enum ReviewTrigger {
+    Initial,
+    SandboxDenial,
+    NetworkPolicyDenial,
+    ExecveIntercept,
+}
+
+#[allow(dead_code)]
+#[derive(Clone, Copy, Debug, Serialize)]
+#[serde(rename_all = "snake_case")]
+pub(crate) enum ReviewStatus {
+    Approved,
+    Denied,
+    Aborted,
+    TimedOut,
+}
+
+#[allow(dead_code)]
+#[derive(Clone, Copy, Debug, Serialize)]
+#[serde(rename_all = "snake_case")]
+pub(crate) enum ReviewResolution {
+    None,
+    SessionApproval,
+    ExecPolicyAmendment,
+    NetworkPolicyAmendment,
+}
+
+#[derive(Serialize)]
+pub(crate) struct CodexReviewEventParams {
+    pub(crate) thread_id: String,
+    pub(crate) turn_id: String,
+    pub(crate) item_id: Option<String>,
+    pub(crate) review_id: String,
+    pub(crate) app_server_client: CodexAppServerClientMetadata,
+    pub(crate) runtime: CodexRuntimeMetadata,
+    pub(crate) thread_source: Option<ThreadSource>,
+    pub(crate) subagent_source: Option<String>,
+    pub(crate) parent_thread_id: Option<String>,
+    pub(crate) tool_kind: ReviewSubjectKind,
+    pub(crate) tool_name: String,
+    pub(crate) reviewer: Reviewer,
+    pub(crate) trigger: ReviewTrigger,
+    pub(crate) status: ReviewStatus,
+    pub(crate) resolution: ReviewResolution,
+    pub(crate) started_at_ms: u64,
+    pub(crate) completed_at_ms: u64,
+    pub(crate) duration_ms: Option<u64>,
+}
+
+#[derive(Serialize)]
+pub(crate) struct CodexReviewEventRequest {
+    pub(crate) event_type: &'static str,
+    pub(crate) event_params: CodexReviewEventParams,
+}
 #[allow(dead_code)]
 #[derive(Clone, Copy, Debug, Serialize)]
 #[serde(rename_all = "snake_case")]
@@ -592,7 +686,6 @@ pub(crate) struct CodexWebSearchEventRequest {
 pub(crate) struct CodexImageGenerationEventParams {
     #[serde(flatten)]
     pub(crate) base: CodexToolItemEventBase,
-    pub(crate) image_generation_status: String,
     pub(crate) revised_prompt_present: bool,
     pub(crate) saved_path_present: bool,
 }
@@ -895,6 +988,8 @@ fn analytics_hook_event_name(event_name: HookEventName) -> &'static str {
         HookEventName::PreToolUse => "PreToolUse",
         HookEventName::PermissionRequest => "PermissionRequest",
         HookEventName::PostToolUse => "PostToolUse",
+        HookEventName::PreCompact => "PreCompact",
+        HookEventName::PostCompact => "PostCompact",
         HookEventName::SessionStart => "SessionStart",
         HookEventName::UserPromptSubmit => "UserPromptSubmit",
         HookEventName::Stop => "Stop",

codex-rs/analytics/src/facts.rs

@@ -28,6 +28,12 @@ use codex_protocol::protocol::TokenUsage;
 use serde::Serialize;
 use std::path::PathBuf;
 
+#[derive(Clone, Debug, PartialEq, Eq, Serialize)]
+pub struct AcceptedLineFingerprint {
+    pub path_hash: String,
+    pub line_hash: String,
+}
+
 #[derive(Clone)]
 pub struct TrackEventsContext {
     pub model_slug: String,
@@ -296,6 +302,7 @@ pub(crate) enum AnalyticsFact {
         request: Box<ServerRequest>,
     },
     ServerResponse {
+        completed_at_ms: u64,
         response: Box<ServerResponse>,
     },
     Notification(Box<ServerNotification>),

codex-rs/analytics/src/lib.rs

@@ -1,3 +1,4 @@
+mod accepted_lines;
 mod client;
 mod events;
 mod facts;
@@ -6,6 +7,8 @@ mod reducer;
 use std::time::SystemTime;
 use std::time::UNIX_EPOCH;
 
+pub use accepted_lines::accepted_line_fingerprints_from_unified_diff;
+pub use accepted_lines::fingerprint_hash;
 pub use client::AnalyticsEventsClient;
 pub use events::AppServerRpcTransport;
 pub use events::GuardianApprovalRequestSource;
@@ -17,6 +20,7 @@ pub use events::GuardianReviewSessionKind;
 pub use events::GuardianReviewTerminalStatus;
 pub use events::GuardianReviewTrackContext;
 pub use events::GuardianReviewedAction;
+pub use facts::AcceptedLineFingerprint;
 pub use facts::AnalyticsJsonRpcError;
 pub use facts::AppInvocation;
 pub use facts::CodexCompactionEvent;
@@ -51,3 +55,27 @@ pub fn now_unix_seconds() -> u64 {
         .unwrap_or_default()
         .as_secs()
 }
+
+pub fn now_unix_millis() -> u64 {
+    u64::try_from(
+        SystemTime::now()
+            .duration_since(UNIX_EPOCH)
+            .unwrap_or_default()
+            .as_millis(),
+    )
+    .unwrap_or(u64::MAX)
+}
+
+pub(crate) fn serialize_enum_as_string<T: serde::Serialize>(value: &T) -> Option<String> {
+    serde_json::to_value(value)
+        .ok()
+        .and_then(|value| value.as_str().map(str::to_string))
+}
+
+pub(crate) fn usize_to_u64(value: usize) -> u64 {
+    u64::try_from(value).unwrap_or(u64::MAX)
+}
+
+pub(crate) fn option_i64_to_u64(value: Option<i64>) -> Option<u64> {
+    value.and_then(|value| u64::try_from(value).ok())
+}

codex-rs/analytics/src/reducer.rs

@@ -1,16 +1,35 @@
+use crate::accepted_lines::AcceptedLineFingerprintEventInput;
+use crate::accepted_lines::accepted_line_fingerprint_event_requests;
+use crate::accepted_lines::accepted_line_fingerprints_from_unified_diff;
+use crate::accepted_lines::accepted_line_repo_hash_for_cwd;
 use crate::events::AppServerRpcTransport;
 use crate::events::CodexAppMentionedEventRequest;
 use crate::events::CodexAppServerClientMetadata;
 use crate::events::CodexAppUsedEventRequest;
+use crate::events::CodexCollabAgentToolCallEventParams;
+use crate::events::CodexCollabAgentToolCallEventRequest;
+use crate::events::CodexCommandExecutionEventParams;
+use crate::events::CodexCommandExecutionEventRequest;
 use crate::events::CodexCompactionEventRequest;
+use crate::events::CodexDynamicToolCallEventParams;
+use crate::events::CodexDynamicToolCallEventRequest;
+use crate::events::CodexFileChangeEventParams;
+use crate::events::CodexFileChangeEventRequest;
 use crate::events::CodexHookRunEventRequest;
+use crate::events::CodexImageGenerationEventParams;
+use crate::events::CodexImageGenerationEventRequest;
+use crate::events::CodexMcpToolCallEventParams;
+use crate::events::CodexMcpToolCallEventRequest;
 use crate::events::CodexPluginEventRequest;
 use crate::events::CodexPluginUsedEventRequest;
 use crate::events::CodexRuntimeMetadata;
+use crate::events::CodexToolItemEventBase;
 use crate::events::CodexTurnEventParams;
 use crate::events::CodexTurnEventRequest;
 use crate::events::CodexTurnSteerEventParams;
 use crate::events::CodexTurnSteerEventRequest;
+use crate::events::CodexWebSearchEventParams;
+use crate::events::CodexWebSearchEventRequest;
 use crate::events::GuardianReviewEventParams;
 use crate::events::GuardianReviewEventPayload;
 use crate::events::GuardianReviewEventRequest;
@@ -18,7 +37,11 @@ use crate::events::SkillInvocationEventParams;
 use crate::events::SkillInvocationEventRequest;
 use crate::events::ThreadInitializedEvent;
 use crate::events::ThreadInitializedEventParams;
+use crate::events::ToolItemFailureKind;
+use crate::events::ToolItemFinalApprovalOutcome;
+use crate::events::ToolItemTerminalStatus;
 use crate::events::TrackEventRequest;
+use crate::events::WebSearchActionKind;
 use crate::events::codex_app_metadata;
 use crate::events::codex_compaction_event_params;
 use crate::events::codex_hook_run_metadata;
@@ -47,14 +70,30 @@ use crate::facts::TurnSteerRejectionReason;
 use crate::facts::TurnSteerResult;
 use crate::facts::TurnTokenUsageFact;
 use crate::now_unix_seconds;
+use crate::option_i64_to_u64;
+use crate::serialize_enum_as_string;
+use crate::usize_to_u64;
 use codex_app_server_protocol::ClientRequest;
 use codex_app_server_protocol::ClientResponse;
 use codex_app_server_protocol::CodexErrorInfo;
+use codex_app_server_protocol::CollabAgentStatus;
+use codex_app_server_protocol::CollabAgentTool;
+use codex_app_server_protocol::CollabAgentToolCallStatus;
+use codex_app_server_protocol::CommandAction;
+use codex_app_server_protocol::CommandExecutionSource;
+use codex_app_server_protocol::CommandExecutionStatus;
+use codex_app_server_protocol::DynamicToolCallOutputContentItem;
+use codex_app_server_protocol::DynamicToolCallStatus;
 use codex_app_server_protocol::InitializeParams;
+use codex_app_server_protocol::McpToolCallStatus;
+use codex_app_server_protocol::PatchApplyStatus;
+use codex_app_server_protocol::PatchChangeKind;
 use codex_app_server_protocol::RequestId;
 use codex_app_server_protocol::ServerNotification;
+use codex_app_server_protocol::ThreadItem;
 use codex_app_server_protocol::TurnSteerResponse;
 use codex_app_server_protocol::UserInput;
+use codex_app_server_protocol::WebSearchAction;
 use codex_git_utils::collect_git_info;
 use codex_git_utils::get_git_repo_root;
 use codex_login::default_client::originator;
@@ -69,6 +108,7 @@ use codex_protocol::protocol::TokenUsage;
 use sha1::Digest;
 use std::collections::HashMap;
 use std::path::Path;
+use std::path::PathBuf;
 
 #[derive(Default)]
 pub(crate) struct AnalyticsReducer {
@@ -76,6 +116,7 @@ pub(crate) struct AnalyticsReducer {
     turns: HashMap<String, TurnState>,
     connections: HashMap<u64, ConnectionState>,
     threads: HashMap<String, ThreadAnalyticsState>,
+    tool_items_started_at_ms: HashMap<ToolItemKey, u64>,
 }
 
 struct ConnectionState {
@@ -119,6 +160,19 @@ impl<'a> AnalyticsDropSite<'a> {
         }
     }
 
+    fn tool_item(
+        notification: &'a codex_app_server_protocol::ItemCompletedNotification,
+        item_id: &'a str,
+    ) -> Self {
+        Self {
+            event_name: "tool item",
+            thread_id: &notification.thread_id,
+            turn_id: Some(&notification.turn_id),
+            review_id: None,
+            item_id: Some(item_id),
+        }
+    }
+
     fn turn_steer(thread_id: &'a str) -> Self {
         Self {
             event_name: "turn steer",
@@ -215,9 +269,17 @@ struct TurnState {
     started_at: Option<u64>,
     token_usage: Option<TokenUsage>,
     completed: Option<CompletedTurnState>,
+    latest_diff: Option<String>,
     steer_count: usize,
 }
 
+#[derive(Hash, Eq, PartialEq)]
+struct ToolItemKey {
+    thread_id: String,
+    turn_id: String,
+    item_id: String,
+}
+
 impl AnalyticsReducer {
     pub(crate) async fn ingest(&mut self, input: AnalyticsFact, out: &mut Vec<TrackEventRequest>) {
         match input {
@@ -249,7 +311,7 @@ impl AnalyticsReducer {
                 response,
             } => {
                 if let Some(response) = response.into_client_response(request_id) {
-                    self.ingest_response(connection_id, response, out);
+                    self.ingest_response(connection_id, response, out).await;
                 }
             }
             AnalyticsFact::ErrorResponse {
@@ -261,7 +323,7 @@ impl AnalyticsReducer {
                 self.ingest_error_response(connection_id, request_id, error_type, out);
             }
             AnalyticsFact::Notification(notification) => {
-                self.ingest_notification(*notification, out);
+                self.ingest_notification(*notification, out).await;
             }
             AnalyticsFact::ServerRequest {
                 connection_id: _connection_id,
@@ -269,6 +331,7 @@ impl AnalyticsReducer {
             } => {}
             AnalyticsFact::ServerResponse {
                 response: _response,
+                ..
             } => {}
             AnalyticsFact::Custom(input) => match input {
                 CustomAnalyticsFact::SubAgentThreadStarted(input) => {
@@ -281,10 +344,10 @@ impl AnalyticsReducer {
                     self.ingest_guardian_review(*input, out);
                 }
                 CustomAnalyticsFact::TurnResolvedConfig(input) => {
-                    self.ingest_turn_resolved_config(*input, out);
+                    self.ingest_turn_resolved_config(*input, out).await;
                 }
                 CustomAnalyticsFact::TurnTokenUsage(input) => {
-                    self.ingest_turn_token_usage(*input, out);
+                    self.ingest_turn_token_usage(*input, out).await;
                 }
                 CustomAnalyticsFact::SkillInvoked(input) => {
                     self.ingest_skill_invoked(input, out).await;
@@ -416,7 +479,7 @@ impl AnalyticsReducer {
         }
     }
 
-    fn ingest_turn_resolved_config(
+    async fn ingest_turn_resolved_config(
         &mut self,
         input: TurnResolvedConfigFact,
         out: &mut Vec<TrackEventRequest>,
@@ -432,15 +495,16 @@ impl AnalyticsReducer {
             started_at: None,
             token_usage: None,
             completed: None,
+            latest_diff: None,
             steer_count: 0,
         });
         turn_state.thread_id = Some(thread_id);
         turn_state.num_input_images = Some(num_input_images);
         turn_state.resolved_config = Some(input);
-        self.maybe_emit_turn_event(&turn_id, out);
+        self.maybe_emit_turn_event(&turn_id, out).await;
     }
 
-    fn ingest_turn_token_usage(
+    async fn ingest_turn_token_usage(
         &mut self,
         input: TurnTokenUsageFact,
         out: &mut Vec<TrackEventRequest>,
@@ -454,11 +518,12 @@ impl AnalyticsReducer {
             started_at: None,
             token_usage: None,
             completed: None,
+            latest_diff: None,
             steer_count: 0,
         });
         turn_state.thread_id = Some(input.thread_id);
         turn_state.token_usage = Some(input.token_usage);
-        self.maybe_emit_turn_event(&turn_id, out);
+        self.maybe_emit_turn_event(&turn_id, out).await;
     }
 
     async fn ingest_skill_invoked(
@@ -565,7 +630,7 @@ impl AnalyticsReducer {
         });
     }
 
-    fn ingest_response(
+    async fn ingest_response(
         &mut self,
         connection_id: u64,
         response: ClientResponse,
@@ -617,12 +682,13 @@ impl AnalyticsReducer {
                     started_at: None,
                     token_usage: None,
                     completed: None,
+                    latest_diff: None,
                     steer_count: 0,
                 });
                 turn_state.connection_id = Some(connection_id);
                 turn_state.thread_id = Some(pending_request.thread_id);
                 turn_state.num_input_images = Some(pending_request.num_input_images);
-                self.maybe_emit_turn_event(&turn_id, out);
+                self.maybe_emit_turn_event(&turn_id, out).await;
             }
             ClientResponse::TurnSteer {
                 request_id,
@@ -684,12 +750,68 @@ impl AnalyticsReducer {
         );
     }
 
-    fn ingest_notification(
+    async fn ingest_notification(
         &mut self,
         notification: ServerNotification,
         out: &mut Vec<TrackEventRequest>,
     ) {
         match notification {
+            ServerNotification::ItemStarted(notification) => {
+                let Some(item_id) = tracked_tool_item_id(&notification.item) else {
+                    return;
+                };
+                let Some(started_at_ms) = option_i64_to_u64(Some(notification.started_at_ms))
+                else {
+                    return;
+                };
+                self.tool_items_started_at_ms.insert(
+                    ToolItemKey {
+                        thread_id: notification.thread_id,
+                        turn_id: notification.turn_id,
+                        item_id: item_id.to_string(),
+                    },
+                    started_at_ms,
+                );
+            }
+            ServerNotification::ItemCompleted(notification) => {
+                let Some(item_id) = tracked_tool_item_id(&notification.item) else {
+                    return;
+                };
+                let key = ToolItemKey {
+                    thread_id: notification.thread_id.clone(),
+                    turn_id: notification.turn_id.clone(),
+                    item_id: item_id.to_string(),
+                };
+                let Some(started_at_ms) = self.tool_items_started_at_ms.remove(&key) else {
+                    tracing::warn!(
+                        thread_id = %notification.thread_id,
+                        turn_id = %notification.turn_id,
+                        item_id,
+                        "dropping tool item analytics event: missing item started notification"
+                    );
+                    return;
+                };
+                let Some(completed_at_ms) = option_i64_to_u64(Some(notification.completed_at_ms))
+                else {
+                    return;
+                };
+                let Some((connection_state, thread_metadata)) = self
+                    .thread_context_or_warn(AnalyticsDropSite::tool_item(&notification, item_id))
+                else {
+                    return;
+                };
+                if let Some(event) = tool_item_event(
+                    &notification.thread_id,
+                    &notification.turn_id,
+                    &notification.item,
+                    started_at_ms,
+                    completed_at_ms,
+                    connection_state,
+                    thread_metadata,
+                ) {
+                    out.push(event);
+                }
+            }
             ServerNotification::TurnStarted(notification) => {
                 let turn_state = self.turns.entry(notification.turn.id).or_insert(TurnState {
                     connection_id: None,
@@ -699,6 +821,7 @@ impl AnalyticsReducer {
                     started_at: None,
                     token_usage: None,
                     completed: None,
+                    latest_diff: None,
                     steer_count: 0,
                 });
                 turn_state.started_at = notification
@@ -706,6 +829,24 @@ impl AnalyticsReducer {
                     .started_at
                     .and_then(|started_at| u64::try_from(started_at).ok());
             }
+            ServerNotification::TurnDiffUpdated(notification) => {
+                let turn_state =
+                    self.turns
+                        .entry(notification.turn_id.clone())
+                        .or_insert(TurnState {
+                            connection_id: None,
+                            thread_id: None,
+                            num_input_images: None,
+                            resolved_config: None,
+                            started_at: None,
+                            token_usage: None,
+                            completed: None,
+                            latest_diff: None,
+                            steer_count: 0,
+                        });
+                turn_state.thread_id = Some(notification.thread_id);
+                turn_state.latest_diff = Some(notification.diff);
+            }
             ServerNotification::TurnCompleted(notification) => {
                 let turn_state =
                     self.turns
@@ -718,6 +859,7 @@ impl AnalyticsReducer {
                             started_at: None,
                             token_usage: None,
                             completed: None,
+                            latest_diff: None,
                             steer_count: 0,
                         });
                 turn_state.completed = Some(CompletedTurnState {
@@ -737,7 +879,7 @@ impl AnalyticsReducer {
                         .and_then(|duration_ms| u64::try_from(duration_ms).ok()),
                 });
                 let turn_id = notification.turn.id;
-                self.maybe_emit_turn_event(&turn_id, out);
+                self.maybe_emit_turn_event(&turn_id, out).await;
             }
             _ => {}
         }
@@ -779,7 +921,7 @@ impl AnalyticsReducer {
                     ephemeral: thread.ephemeral,
                     thread_source: thread_metadata.thread_source,
                     initialization_mode,
-                    subagent_source: thread_metadata.subagent_source,
+                    subagent_source: thread_metadata.subagent_source.clone(),
                     parent_thread_id: thread_metadata.parent_thread_id,
                     created_at: u64::try_from(thread.created_at).unwrap_or_default(),
                 },
@@ -873,7 +1015,7 @@ impl AnalyticsReducer {
         }));
     }
 
-    fn maybe_emit_turn_event(&mut self, turn_id: &str, out: &mut Vec<TrackEventRequest>) {
+    async fn maybe_emit_turn_event(&mut self, turn_id: &str, out: &mut Vec<TrackEventRequest>) {
         let Some(turn_state) = self.turns.get(turn_id) else {
             return;
         };
@@ -906,18 +1048,23 @@ impl AnalyticsReducer {
             warn_missing_analytics_context(&drop_site, MissingAnalyticsContext::ThreadMetadata);
             return;
         };
-        out.push(TrackEventRequest::TurnEvent(Box::new(
-            CodexTurnEventRequest {
-                event_type: "codex_turn_event",
-                event_params: codex_turn_event_params(
-                    connection_state.app_server_client.clone(),
-                    connection_state.runtime.clone(),
-                    turn_id.to_string(),
-                    turn_state,
-                    thread_metadata,
-                ),
-            },
-        )));
+        let turn_event = TrackEventRequest::TurnEvent(Box::new(CodexTurnEventRequest {
+            event_type: "codex_turn_event",
+            event_params: codex_turn_event_params(
+                connection_state.app_server_client.clone(),
+                connection_state.runtime.clone(),
+                turn_id.to_string(),
+                turn_state,
+                thread_metadata,
+            ),
+        }));
+        let accepted_line_event = accepted_line_event_input(turn_id, turn_state);
+
+        out.push(turn_event);
+        if let Some((mut input, cwd)) = accepted_line_event {
+            input.repo_hash = accepted_line_repo_hash_for_cwd(cwd.as_path()).await;
+            out.extend(accepted_line_fingerprint_event_requests(input));
+        }
         self.turns.remove(turn_id);
     }
 
@@ -983,6 +1130,582 @@ fn warn_missing_analytics_context(
     );
 }
 
+fn tracked_tool_item_id(item: &ThreadItem) -> Option<&str> {
+    match item {
+        ThreadItem::CommandExecution { id, .. }
+        | ThreadItem::FileChange { id, .. }
+        | ThreadItem::McpToolCall { id, .. }
+        | ThreadItem::DynamicToolCall { id, .. }
+        | ThreadItem::CollabAgentToolCall { id, .. }
+        | ThreadItem::WebSearch { id, .. }
+        | ThreadItem::ImageGeneration { id, .. } => Some(id),
+        ThreadItem::UserMessage { .. }
+        | ThreadItem::HookPrompt { .. }
+        | ThreadItem::AgentMessage { .. }
+        | ThreadItem::Plan { .. }
+        | ThreadItem::Reasoning { .. }
+        | ThreadItem::ImageView { .. }
+        | ThreadItem::EnteredReviewMode { .. }
+        | ThreadItem::ExitedReviewMode { .. }
+        | ThreadItem::ContextCompaction { .. } => None,
+    }
+}
+
+fn tool_item_event(
+    thread_id: &str,
+    turn_id: &str,
+    item: &ThreadItem,
+    started_at_ms: u64,
+    completed_at_ms: u64,
+    connection_state: &ConnectionState,
+    thread_metadata: &ThreadMetadataState,
+) -> Option<TrackEventRequest> {
+    let context = ToolItemContext {
+        started_at_ms,
+        completed_at_ms,
+        connection_state,
+        thread_metadata,
+    };
+    match item {
+        ThreadItem::CommandExecution {
+            id,
+            source,
+            status,
+            command_actions,
+            exit_code,
+            duration_ms,
+            ..
+        } => {
+            let (terminal_status, failure_kind) = command_execution_outcome(status)?;
+            let action_counts = command_action_counts(command_actions);
+            let base = tool_item_base(
+                thread_id,
+                turn_id,
+                id.clone(),
+                command_execution_tool_name(*source).to_string(),
+                ToolItemOutcome {
+                    terminal_status,
+                    failure_kind,
+                    execution_duration_ms: option_i64_to_u64(*duration_ms),
+                },
+                context,
+            );
+            Some(TrackEventRequest::CommandExecution(
+                CodexCommandExecutionEventRequest {
+                    event_type: "codex_command_execution_event",
+                    event_params: CodexCommandExecutionEventParams {
+                        base,
+                        command_execution_source: *source,
+                        exit_code: *exit_code,
+                        command_total_action_count: action_counts.total,
+                        command_read_action_count: action_counts.read,
+                        command_list_files_action_count: action_counts.list_files,
+                        command_search_action_count: action_counts.search,
+                        command_unknown_action_count: action_counts.unknown,
+                    },
+                },
+            ))
+        }
+        ThreadItem::FileChange {
+            id,
+            changes,
+            status,
+        } => {
+            let (terminal_status, failure_kind) = patch_apply_outcome(status)?;
+            let counts = file_change_counts(changes);
+            let base = tool_item_base(
+                thread_id,
+                turn_id,
+                id.clone(),
+                "apply_patch".to_string(),
+                ToolItemOutcome {
+                    terminal_status,
+                    failure_kind,
+                    execution_duration_ms: None,
+                },
+                context,
+            );
+            Some(TrackEventRequest::FileChange(CodexFileChangeEventRequest {
+                event_type: "codex_file_change_event",
+                event_params: CodexFileChangeEventParams {
+                    base,
+                    file_change_count: usize_to_u64(changes.len()),
+                    file_add_count: counts.add,
+                    file_update_count: counts.update,
+                    file_delete_count: counts.delete,
+                    file_move_count: counts.move_,
+                },
+            }))
+        }
+        ThreadItem::McpToolCall {
+            id,
+            server,
+            tool,
+            status,
+            error,
+            duration_ms,
+            ..
+        } => {
+            let (terminal_status, failure_kind) = mcp_tool_call_outcome(status)?;
+            let base = tool_item_base(
+                thread_id,
+                turn_id,
+                id.clone(),
+                tool.clone(),
+                ToolItemOutcome {
+                    terminal_status,
+                    failure_kind,
+                    execution_duration_ms: option_i64_to_u64(*duration_ms),
+                },
+                context,
+            );
+            Some(TrackEventRequest::McpToolCall(
+                CodexMcpToolCallEventRequest {
+                    event_type: "codex_mcp_tool_call_event",
+                    event_params: CodexMcpToolCallEventParams {
+                        base,
+                        mcp_server_name: server.clone(),
+                        mcp_tool_name: tool.clone(),
+                        mcp_error_present: error.is_some(),
+                    },
+                },
+            ))
+        }
+        ThreadItem::DynamicToolCall {
+            id,
+            tool,
+            status,
+            content_items,
+            success,
+            duration_ms,
+            ..
+        } => {
+            let (terminal_status, failure_kind) = dynamic_tool_call_outcome(status)?;
+            let counts = content_items
+                .as_ref()
+                .map(|items| dynamic_content_counts(items));
+            let base = tool_item_base(
+                thread_id,
+                turn_id,
+                id.clone(),
+                tool.clone(),
+                ToolItemOutcome {
+                    terminal_status,
+                    failure_kind,
+                    execution_duration_ms: option_i64_to_u64(*duration_ms),
+                },
+                context,
+            );
+            Some(TrackEventRequest::DynamicToolCall(
+                CodexDynamicToolCallEventRequest {
+                    event_type: "codex_dynamic_tool_call_event",
+                    event_params: CodexDynamicToolCallEventParams {
+                        base,
+                        dynamic_tool_name: tool.clone(),
+                        success: *success,
+                        output_content_item_count: counts.map(|counts| counts.total),
+                        output_text_item_count: counts.map(|counts| counts.text),
+                        output_image_item_count: counts.map(|counts| counts.image),
+                    },
+                },
+            ))
+        }
+        ThreadItem::CollabAgentToolCall {
+            id,
+            tool,
+            status,
+            sender_thread_id,
+            receiver_thread_ids,
+            model,
+            reasoning_effort,
+            agents_states,
+            ..
+        } => {
+            let (terminal_status, failure_kind) = collab_tool_call_outcome(status)?;
+            let base = tool_item_base(
+                thread_id,
+                turn_id,
+                id.clone(),
+                collab_agent_tool_name(tool).to_string(),
+                ToolItemOutcome {
+                    terminal_status,
+                    failure_kind,
+                    execution_duration_ms: None,
+                },
+                context,
+            );
+            Some(TrackEventRequest::CollabAgentToolCall(
+                CodexCollabAgentToolCallEventRequest {
+                    event_type: "codex_collab_agent_tool_call_event",
+                    event_params: CodexCollabAgentToolCallEventParams {
+                        base,
+                        sender_thread_id: sender_thread_id.clone(),
+                        receiver_thread_count: usize_to_u64(receiver_thread_ids.len()),
+                        receiver_thread_ids: Some(receiver_thread_ids.clone()),
+                        requested_model: model.clone(),
+                        requested_reasoning_effort: reasoning_effort
+                            .as_ref()
+                            .and_then(serialize_enum_as_string),
+                        agent_state_count: Some(usize_to_u64(agents_states.len())),
+                        completed_agent_count: Some(usize_to_u64(
+                            agents_states
+                                .values()
+                                .filter(|state| state.status == CollabAgentStatus::Completed)
+                                .count(),
+                        )),
+                        failed_agent_count: Some(usize_to_u64(
+                            agents_states
+                                .values()
+                                .filter(|state| {
+                                    matches!(
+                                        state.status,
+                                        CollabAgentStatus::Errored
+                                            | CollabAgentStatus::Shutdown
+                                            | CollabAgentStatus::NotFound
+                                    )
+                                })
+                                .count(),
+                        )),
+                    },
+                },
+            ))
+        }
+        ThreadItem::WebSearch { id, query, action } => {
+            let base = tool_item_base(
+                thread_id,
+                turn_id,
+                id.clone(),
+                "web_search".to_string(),
+                ToolItemOutcome {
+                    terminal_status: ToolItemTerminalStatus::Completed,
+                    failure_kind: None,
+                    execution_duration_ms: None,
+                },
+                context,
+            );
+            Some(TrackEventRequest::WebSearch(CodexWebSearchEventRequest {
+                event_type: "codex_web_search_event",
+                event_params: CodexWebSearchEventParams {
+                    base,
+                    web_search_action: action.as_ref().map(web_search_action_kind),
+                    query_present: !query.trim().is_empty(),
+                    query_count: web_search_query_count(query, action.as_ref()),
+                },
+            }))
+        }
+        ThreadItem::ImageGeneration {
+            id,
+            status,
+            revised_prompt,
+            saved_path,
+            ..
+        } => {
+            let (terminal_status, failure_kind) = image_generation_outcome(status.as_str());
+            let base = tool_item_base(
+                thread_id,
+                turn_id,
+                id.clone(),
+                "image_generation".to_string(),
+                ToolItemOutcome {
+                    terminal_status,
+                    failure_kind,
+                    execution_duration_ms: None,
+                },
+                context,
+            );
+            Some(TrackEventRequest::ImageGeneration(
+                CodexImageGenerationEventRequest {
+                    event_type: "codex_image_generation_event",
+                    event_params: CodexImageGenerationEventParams {
+                        base,
+                        revised_prompt_present: revised_prompt.is_some(),
+                        saved_path_present: saved_path.is_some(),
+                    },
+                },
+            ))
+        }
+        _ => None,
+    }
+}
+
+struct ToolItemOutcome {
+    terminal_status: ToolItemTerminalStatus,
+    failure_kind: Option<ToolItemFailureKind>,
+    execution_duration_ms: Option<u64>,
+}
+
+#[derive(Default)]
+struct CommandActionCounts {
+    total: u64,
+    read: u64,
+    list_files: u64,
+    search: u64,
+    unknown: u64,
+}
+
+fn command_action_counts(command_actions: &[CommandAction]) -> CommandActionCounts {
+    let mut counts = CommandActionCounts {
+        total: usize_to_u64(command_actions.len()),
+        ..Default::default()
+    };
+    for action in command_actions {
+        match action {
+            CommandAction::Read { .. } => counts.read += 1,
+            CommandAction::ListFiles { .. } => counts.list_files += 1,
+            CommandAction::Search { .. } => counts.search += 1,
+            CommandAction::Unknown { .. } => counts.unknown += 1,
+        }
+    }
+    counts
+}
+
+#[derive(Clone, Copy)]
+struct ToolItemContext<'a> {
+    started_at_ms: u64,
+    completed_at_ms: u64,
+    connection_state: &'a ConnectionState,
+    thread_metadata: &'a ThreadMetadataState,
+}
+
+fn tool_item_base(
+    thread_id: &str,
+    turn_id: &str,
+    item_id: String,
+    tool_name: String,
+    outcome: ToolItemOutcome,
+    context: ToolItemContext<'_>,
+) -> CodexToolItemEventBase {
+    let thread_metadata = context.thread_metadata;
+    CodexToolItemEventBase {
+        thread_id: thread_id.to_string(),
+        turn_id: turn_id.to_string(),
+        item_id,
+        app_server_client: context.connection_state.app_server_client.clone(),
+        runtime: context.connection_state.runtime.clone(),
+        thread_source: thread_metadata.thread_source,
+        subagent_source: thread_metadata.subagent_source.clone(),
+        parent_thread_id: thread_metadata.parent_thread_id.clone(),
+        tool_name,
+        started_at_ms: context.started_at_ms,
+        completed_at_ms: context.completed_at_ms,
+        // duration_ms reflects item lifecycle observed by app-server. For web
+        // search and image generation in particular, that can be narrower than
+        // full upstream execution time.
+        duration_ms: observed_duration_ms(context.started_at_ms, context.completed_at_ms),
+        execution_duration_ms: outcome.execution_duration_ms,
+        review_count: 0,
+        guardian_review_count: 0,
+        user_review_count: 0,
+        final_approval_outcome: ToolItemFinalApprovalOutcome::Unknown,
+        terminal_status: outcome.terminal_status,
+        failure_kind: outcome.failure_kind,
+        requested_additional_permissions: false,
+        requested_network_access: false,
+    }
+}
+
+fn observed_duration_ms(started_at_ms: u64, completed_at_ms: u64) -> Option<u64> {
+    completed_at_ms.checked_sub(started_at_ms)
+}
+
+fn command_execution_tool_name(source: CommandExecutionSource) -> &'static str {
+    match source {
+        CommandExecutionSource::UnifiedExecStartup
+        | CommandExecutionSource::UnifiedExecInteraction => "unified_exec",
+        CommandExecutionSource::UserShell => "user_shell",
+        CommandExecutionSource::Agent => "shell",
+    }
+}
+
+fn command_execution_outcome(
+    status: &CommandExecutionStatus,
+) -> Option<(ToolItemTerminalStatus, Option<ToolItemFailureKind>)> {
+    match status {
+        CommandExecutionStatus::InProgress => None,
+        CommandExecutionStatus::Completed => Some((ToolItemTerminalStatus::Completed, None)),
+        CommandExecutionStatus::Failed => Some((
+            ToolItemTerminalStatus::Failed,
+            Some(ToolItemFailureKind::ToolError),
+        )),
+        CommandExecutionStatus::Declined => Some((
+            ToolItemTerminalStatus::Rejected,
+            Some(ToolItemFailureKind::ApprovalDenied),
+        )),
+    }
+}
+
+fn patch_apply_outcome(
+    status: &PatchApplyStatus,
+) -> Option<(ToolItemTerminalStatus, Option<ToolItemFailureKind>)> {
+    match status {
+        PatchApplyStatus::InProgress => None,
+        PatchApplyStatus::Completed => Some((ToolItemTerminalStatus::Completed, None)),
+        PatchApplyStatus::Failed => Some((
+            ToolItemTerminalStatus::Failed,
+            Some(ToolItemFailureKind::ToolError),
+        )),
+        PatchApplyStatus::Declined => Some((
+            ToolItemTerminalStatus::Rejected,
+            Some(ToolItemFailureKind::ApprovalDenied),
+        )),
+    }
+}
+
+fn mcp_tool_call_outcome(
+    status: &McpToolCallStatus,
+) -> Option<(ToolItemTerminalStatus, Option<ToolItemFailureKind>)> {
+    match status {
+        McpToolCallStatus::InProgress => None,
+        McpToolCallStatus::Completed => Some((ToolItemTerminalStatus::Completed, None)),
+        McpToolCallStatus::Failed => Some((
+            ToolItemTerminalStatus::Failed,
+            Some(ToolItemFailureKind::ToolError),
+        )),
+    }
+}
+
+fn dynamic_tool_call_outcome(
+    status: &DynamicToolCallStatus,
+) -> Option<(ToolItemTerminalStatus, Option<ToolItemFailureKind>)> {
+    match status {
+        DynamicToolCallStatus::InProgress => None,
+        DynamicToolCallStatus::Completed => Some((ToolItemTerminalStatus::Completed, None)),
+        DynamicToolCallStatus::Failed => Some((
+            ToolItemTerminalStatus::Failed,
+            Some(ToolItemFailureKind::ToolError),
+        )),
+    }
+}
+
+fn collab_tool_call_outcome(
+    status: &CollabAgentToolCallStatus,
+) -> Option<(ToolItemTerminalStatus, Option<ToolItemFailureKind>)> {
+    match status {
+        CollabAgentToolCallStatus::InProgress => None,
+        CollabAgentToolCallStatus::Completed => Some((ToolItemTerminalStatus::Completed, None)),
+        CollabAgentToolCallStatus::Failed => Some((
+            ToolItemTerminalStatus::Failed,
+            Some(ToolItemFailureKind::ToolError),
+        )),
+    }
+}
+
+fn image_generation_outcome(status: &str) -> (ToolItemTerminalStatus, Option<ToolItemFailureKind>) {
+    match status {
+        "failed" | "error" => (
+            ToolItemTerminalStatus::Failed,
+            Some(ToolItemFailureKind::ToolError),
+        ),
+        _ => (ToolItemTerminalStatus::Completed, None),
+    }
+}
+
+fn collab_agent_tool_name(tool: &CollabAgentTool) -> &'static str {
+    match tool {
+        CollabAgentTool::SpawnAgent => "spawn_agent",
+        CollabAgentTool::SendInput => "send_input",
+        CollabAgentTool::ResumeAgent => "resume_agent",
+        CollabAgentTool::Wait => "wait_agent",
+        CollabAgentTool::CloseAgent => "close_agent",
+    }
+}
+
+#[derive(Default)]
+struct FileChangeCounts {
+    add: u64,
+    update: u64,
+    delete: u64,
+    move_: u64,
+}
+
+fn file_change_counts(changes: &[codex_app_server_protocol::FileUpdateChange]) -> FileChangeCounts {
+    let mut counts = FileChangeCounts::default();
+    for change in changes {
+        match &change.kind {
+            PatchChangeKind::Add => counts.add += 1,
+            PatchChangeKind::Delete => counts.delete += 1,
+            PatchChangeKind::Update { move_path: Some(_) } => counts.move_ += 1,
+            PatchChangeKind::Update { move_path: None } => counts.update += 1,
+        }
+    }
+    counts
+}
+
+#[derive(Clone, Copy)]
+struct DynamicContentCounts {
+    total: u64,
+    text: u64,
+    image: u64,
+}
+
+fn dynamic_content_counts(items: &[DynamicToolCallOutputContentItem]) -> DynamicContentCounts {
+    let mut text = 0;
+    let mut image = 0;
+    for item in items {
+        match item {
+            DynamicToolCallOutputContentItem::InputText { .. } => text += 1,
+            DynamicToolCallOutputContentItem::InputImage { .. } => image += 1,
+        }
+    }
+    DynamicContentCounts {
+        total: usize_to_u64(items.len()),
+        text,
+        image,
+    }
+}
+
+fn web_search_action_kind(action: &WebSearchAction) -> WebSearchActionKind {
+    match action {
+        WebSearchAction::Search { .. } => WebSearchActionKind::Search,
+        WebSearchAction::OpenPage { .. } => WebSearchActionKind::OpenPage,
+        WebSearchAction::FindInPage { .. } => WebSearchActionKind::FindInPage,
+        WebSearchAction::Other => WebSearchActionKind::Other,
+    }
+}
+
+fn web_search_query_count(query: &str, action: Option<&WebSearchAction>) -> Option<u64> {
+    match action {
+        Some(WebSearchAction::Search { query, queries }) => queries
+            .as_ref()
+            .map(|queries| usize_to_u64(queries.len()))
+            .or_else(|| query.as_ref().map(|_| 1)),
+        Some(WebSearchAction::OpenPage { .. })
+        | Some(WebSearchAction::FindInPage { .. })
+        | Some(WebSearchAction::Other) => None,
+        None => (!query.trim().is_empty()).then_some(1),
+    }
+}
+
+fn accepted_line_event_input(
+    turn_id: &str,
+    turn_state: &TurnState,
+) -> Option<(AcceptedLineFingerprintEventInput, PathBuf)> {
+    let latest_diff = turn_state.latest_diff.as_deref()?;
+    let summary = accepted_line_fingerprints_from_unified_diff(latest_diff);
+    if summary.accepted_added_lines == 0 && summary.accepted_deleted_lines == 0 {
+        return None;
+    }
+
+    let thread_id = turn_state.thread_id.clone()?;
+    let resolved_config = turn_state.resolved_config.clone()?;
+
+    Some((
+        AcceptedLineFingerprintEventInput {
+            event_type: "codex.accepted_line_fingerprints",
+            turn_id: turn_id.to_string(),
+            thread_id,
+            product_surface: Some("codex".to_string()),
+            model_slug: Some(resolved_config.model.clone()),
+            completed_at: now_unix_seconds(),
+            repo_hash: None,
+            accepted_added_lines: summary.accepted_added_lines,
+            accepted_deleted_lines: summary.accepted_deleted_lines,
+            line_fingerprints: summary.line_fingerprints,
+        },
+        resolved_config.permission_profile_cwd,
+    ))
+}
+
 fn codex_turn_event_params(
     app_server_client: CodexAppServerClientMetadata,
     runtime: CodexRuntimeMetadata,

codex-rs/ansi-escape/Cargo.toml

@@ -7,6 +7,8 @@ license.workspace = true
 [lib]
 name = "codex_ansi_escape"
 path = "src/lib.rs"
+test = false
+doctest = false
 
 [lints]
 workspace = true

codex-rs/app-server-client/Cargo.toml

@@ -7,6 +7,7 @@ license.workspace = true
 [lib]
 name = "codex_app_server_client"
 path = "src/lib.rs"
+doctest = false
 
 [lints]
 workspace = true
@@ -33,4 +34,5 @@ url = { workspace = true }
 [dev-dependencies]
 pretty_assertions = { workspace = true }
 serde_json = { workspace = true }
+tempfile = { workspace = true }
 tokio = { workspace = true, features = ["macros", "rt-multi-thread"] }

codex-rs/app-server-client/src/lib.rs

@@ -29,6 +29,7 @@ pub use codex_app_server::in_process::DEFAULT_IN_PROCESS_CHANNEL_CAPACITY;
 pub use codex_app_server::in_process::InProcessServerEvent;
 use codex_app_server::in_process::InProcessStartArgs;
 use codex_app_server::in_process::LogDbLayer;
+pub use codex_app_server::in_process::StateDbHandle;
 use codex_app_server_protocol::ClientInfo;
 use codex_app_server_protocol::ClientNotification;
 use codex_app_server_protocol::ClientRequest;
@@ -46,10 +47,8 @@ use codex_config::LoaderOverrides;
 use codex_config::NoopThreadConfigLoader;
 use codex_config::RemoteThreadConfigLoader;
 use codex_config::ThreadConfigLoader;
-pub use codex_core::StateDbHandle;
 use codex_core::config::Config;
 pub use codex_exec_server::EnvironmentManager;
-pub use codex_exec_server::EnvironmentManagerArgs;
 pub use codex_exec_server::ExecServerRuntimePaths;
 use codex_feedback::CodexFeedback;
 use codex_protocol::protocol::SessionSource;
@@ -72,12 +71,9 @@ pub mod legacy_core {
     pub use codex_core::DEFAULT_AGENTS_MD_FILENAME;
     pub use codex_core::LOCAL_AGENTS_MD_FILENAME;
     pub use codex_core::McpManager;
-    pub use codex_core::append_message_history_entry;
     pub use codex_core::check_execpolicy_for_warnings;
     pub use codex_core::format_exec_policy_error_with_source;
     pub use codex_core::grant_read_root_non_elevated;
-    pub use codex_core::lookup_message_history_entry;
-    pub use codex_core::message_history_metadata;
     pub use codex_core::web_search_detail;
 
     pub mod config {
@@ -378,6 +374,7 @@ impl InProcessClientStartArgs {
     pub fn initialize_params(&self) -> InitializeParams {
         let capabilities = InitializeCapabilities {
             experimental_api: self.experimental_api,
+            request_attestation: false,
             opt_out_notification_methods: if self.opt_out_notification_methods.is_empty() {
                 None
             } else {
@@ -954,9 +951,13 @@ mod tests {
     use codex_app_server_protocol::ToolRequestUserInputParams;
     use codex_app_server_protocol::ToolRequestUserInputQuestion;
     use codex_core::config::ConfigBuilder;
+    use codex_core::init_state_db;
     use futures::SinkExt;
     use futures::StreamExt;
     use pretty_assertions::assert_eq;
+    use std::ops::Deref;
+    use std::path::Path;
+    use tempfile::TempDir;
     use tokio::net::TcpListener;
     use tokio::time::Duration;
     use tokio::time::timeout;
@@ -975,19 +976,59 @@ mod tests {
         }
     }
 
+    async fn build_test_config_for_codex_home(codex_home: &Path) -> Config {
+        match ConfigBuilder::default()
+            .codex_home(codex_home.to_path_buf())
+            .build()
+            .await
+        {
+            Ok(config) => config,
+            Err(_) => Config::load_default_with_cli_overrides_for_codex_home(
+                codex_home.to_path_buf(),
+                Vec::new(),
+            )
+            .await
+            .expect("default config should load"),
+        }
+    }
+
+    struct TestClient {
+        _codex_home: TempDir,
+        client: InProcessAppServerClient,
+    }
+
+    impl Deref for TestClient {
+        type Target = InProcessAppServerClient;
+
+        fn deref(&self) -> &Self::Target {
+            &self.client
+        }
+    }
+
+    impl TestClient {
+        async fn shutdown(self) -> IoResult<()> {
+            self.client.shutdown().await
+        }
+    }
+
     async fn start_test_client_with_capacity(
         session_source: SessionSource,
         channel_capacity: usize,
-    ) -> InProcessAppServerClient {
-        InProcessAppServerClient::start(InProcessClientStartArgs {
+    ) -> TestClient {
+        let codex_home = TempDir::new().expect("temp dir");
+        let config = Arc::new(build_test_config_for_codex_home(codex_home.path()).await);
+        let state_db = init_state_db(config.as_ref())
+            .await
+            .expect("state db should initialize for in-process test");
+        let client = InProcessAppServerClient::start(InProcessClientStartArgs {
             arg0_paths: Arg0DispatchPaths::default(),
-            config: Arc::new(build_test_config().await),
+            config,
             cli_overrides: Vec::new(),
             loader_overrides: LoaderOverrides::default(),
             cloud_requirements: CloudRequirementsLoader::default(),
             feedback: CodexFeedback::new(),
             log_db: None,
-            state_db: None,
+            state_db: Some(state_db),
             environment_manager: Arc::new(EnvironmentManager::default_for_tests()),
             config_warnings: Vec::new(),
             session_source,
@@ -999,10 +1040,15 @@ mod tests {
             channel_capacity,
         })
         .await
-        .expect("in-process app-server client should start")
+        .expect("in-process app-server client should start");
+
+        TestClient {
+            _codex_home: codex_home,
+            client,
+        }
     }
 
-    async fn start_test_client(session_source: SessionSource) -> InProcessAppServerClient {
+    async fn start_test_client(session_source: SessionSource) -> TestClient {
         start_test_client_with_capacity(session_source, DEFAULT_IN_PROCESS_CHANNEL_CAPACITY).await
     }
 

codex-rs/app-server-client/src/remote.rs

@@ -73,6 +73,7 @@ impl RemoteAppServerConnectArgs {
     fn initialize_params(&self) -> InitializeParams {
         let capabilities = InitializeCapabilities {
             experimental_api: self.experimental_api,
+            request_attestation: false,
             opt_out_notification_methods: if self.opt_out_notification_methods.is_empty() {
                 None
             } else {

codex-rs/app-server-daemon/BUILD.bazel

@@ -0,0 +1,6 @@
+load("//:defs.bzl", "codex_rust_crate")
+
+codex_rust_crate(
+    name = "app-server-daemon",
+    crate_name = "codex_app_server_daemon",
+)

codex-rs/app-server-daemon/Cargo.toml

@@ -0,0 +1,39 @@
+[package]
+name = "codex-app-server-daemon"
+version.workspace = true
+edition.workspace = true
+license.workspace = true
+
+[lib]
+name = "codex_app_server_daemon"
+path = "src/lib.rs"
+doctest = false
+
+[lints]
+workspace = true
+
+[dependencies]
+anyhow = { workspace = true }
+codex-app-server-protocol = { workspace = true }
+codex-app-server-transport = { workspace = true }
+codex-core = { workspace = true }
+codex-uds = { workspace = true }
+futures = { workspace = true }
+libc = { workspace = true }
+reqwest = { workspace = true, features = ["rustls-tls"] }
+serde = { workspace = true, features = ["derive"] }
+serde_json = { workspace = true }
+tokio = { workspace = true, features = [
+    "fs",
+    "io-util",
+    "macros",
+    "process",
+    "rt-multi-thread",
+    "signal",
+    "time",
+] }
+tokio-tungstenite = { workspace = true }
+
+[dev-dependencies]
+pretty_assertions = { workspace = true }
+tempfile = { workspace = true }

codex-rs/app-server-daemon/README.md

@@ -0,0 +1,104 @@
+# codex-app-server-daemon
+
+> `codex-app-server-daemon` is experimental and its lifecycle contract may
+> change while the remote-management flow is still being developed.
+
+`codex-app-server-daemon` backs the machine-readable `codex app-server`
+lifecycle commands used by remote clients such as the desktop and mobile apps.
+It is intended for Codex instances launched over SSH, including fresh developer
+machines that should expose app-server with `remote_control` enabled.
+
+## Platform support
+
+The current daemon implementation is Unix-only. It uses pidfile-backed
+daemonization plus Unix process and file-locking primitives, and does not yet
+support Windows lifecycle management.
+
+## Commands
+
+```sh
+codex app-server daemon start
+codex app-server daemon restart
+codex app-server daemon enable-remote-control
+codex app-server daemon disable-remote-control
+codex app-server daemon stop
+codex app-server daemon version
+codex app-server daemon bootstrap --remote-control
+```
+
+On success, every command writes exactly one JSON object to stdout. Consumers
+should parse that JSON rather than relying on human-readable text. Lifecycle
+responses report the resolved backend, socket path, local CLI version, and
+running app-server version when applicable.
+
+## Bootstrap flow
+
+For a new remote machine:
+
+```sh
+curl -fsSL https://chatgpt.com/codex/install.sh | sh
+$HOME/.codex/packages/standalone/current/codex app-server daemon bootstrap --remote-control
+```
+
+`bootstrap` requires the standalone managed install. It records the daemon
+settings under `CODEX_HOME/app-server-daemon/`, starts app-server as a
+pidfile-backed detached process, and launches a detached updater loop.
+
+## Installation and update cases
+
+The daemon assumes Codex is installed through `install.sh` and always launches
+the standalone managed binary under `CODEX_HOME`.
+
+| Situation | What starts | Does this daemon fetch new binaries? | Does a running app-server eventually move to a newer binary on its own? |
+| --- | --- | --- | --- |
+| `install.sh` has run, but only `start` is used | `start` uses `CODEX_HOME/packages/standalone/current/codex` | No | No. The managed path is used when starting or restarting, but no updater is installed. |
+| `install.sh` has run, then `bootstrap` is used | The pidfile backend uses `CODEX_HOME/packages/standalone/current/codex` | Yes. Bootstrap launches a detached updater loop that runs `install.sh` hourly. | Yes, while that updater process is alive. After a successful fetch, it restarts a currently running app-server only when the managed binary reports a different version. |
+| Some other tool updates the managed binary path | The next fresh start or restart uses the updated file at that path | No | Not automatically. The existing process keeps the old executable image until an explicit `restart`. |
+
+### Standalone installs
+
+For installs created by `install.sh`:
+
+- lifecycle commands always use the standalone managed binary path
+- `bootstrap` is supported
+- `bootstrap` starts a detached pid-backed updater loop that fetches via
+  `install.sh`, then restarts app-server if it is running on a different version
+- the updater loop is not reboot-persistent; it must be started again by
+  rerunning `bootstrap` after a reboot
+
+### Out-of-band updates
+
+This daemon does not watch arbitrary executable files for replacement. If some
+other tool updates a binary that the daemon would use on its next launch:
+
+- a currently running app-server remains on the old executable image
+- `restart` will launch the updated binary
+- for bootstrapped daemons, the detached updater loop only reacts to updates it
+  fetched itself; it does not watch arbitrary file replacement
+
+## Lifecycle semantics
+
+`start` is idempotent and returns after app-server is ready to answer the normal
+JSON-RPC initialize handshake on the Unix control socket.
+
+`restart` stops any managed daemon and starts it again.
+
+`enable-remote-control` and `disable-remote-control` persist the launch setting
+for future starts. If a managed app-server is already running, they restart it
+so the new setting takes effect immediately.
+
+`stop` sends a graceful termination request first, then sends a second
+termination signal after the grace window if the process is still alive.
+
+All mutating lifecycle commands are serialized per `CODEX_HOME`, so a concurrent
+`start`, `restart`, `enable-remote-control`, `disable-remote-control`, `stop`,
+or `bootstrap` does not race another in-flight lifecycle operation.
+
+## State
+
+The daemon stores its local state under `CODEX_HOME/app-server-daemon/`:
+
+- `settings.json` for persisted launch settings
+- `app-server.pid` for the app-server process record
+- `app-server-updater.pid` for the pid-backed standalone updater loop
+- `daemon.lock` for daemon-wide lifecycle serialization

codex-rs/app-server-daemon/src/backend/mod.rs

@@ -0,0 +1,33 @@
+mod pid;
+
+use std::path::PathBuf;
+
+use serde::Serialize;
+
+pub(crate) use pid::PidBackend;
+
+#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub enum BackendKind {
+    Pid,
+}
+
+#[derive(Debug, Clone)]
+pub(crate) struct BackendPaths {
+    pub(crate) codex_bin: PathBuf,
+    pub(crate) pid_file: PathBuf,
+    pub(crate) update_pid_file: PathBuf,
+    pub(crate) remote_control_enabled: bool,
+}
+
+pub(crate) fn pid_backend(paths: BackendPaths) -> PidBackend {
+    PidBackend::new(
+        paths.codex_bin,
+        paths.pid_file,
+        paths.remote_control_enabled,
+    )
+}
+
+pub(crate) fn pid_update_loop_backend(paths: BackendPaths) -> PidBackend {
+    PidBackend::new_update_loop(paths.codex_bin, paths.update_pid_file)
+}

codex-rs/app-server-daemon/src/backend/pid.rs

@@ -0,0 +1,600 @@
+use std::path::Path;
+use std::path::PathBuf;
+#[cfg(unix)]
+use std::process::Stdio;
+use std::time::Duration;
+
+use anyhow::Context;
+use anyhow::Result;
+use anyhow::bail;
+use serde::Deserialize;
+use serde::Serialize;
+use tokio::fs;
+#[cfg(unix)]
+use tokio::process::Command;
+use tokio::time::sleep;
+
+const STOP_POLL_INTERVAL: Duration = Duration::from_millis(50);
+const STOP_GRACE_PERIOD: Duration = Duration::from_secs(60);
+const STOP_TIMEOUT: Duration = Duration::from_secs(70);
+const START_TIMEOUT: Duration = Duration::from_secs(10);
+
+#[derive(Debug)]
+#[cfg_attr(not(unix), allow(dead_code))]
+pub(crate) struct PidBackend {
+    codex_bin: PathBuf,
+    pid_file: PathBuf,
+    lock_file: PathBuf,
+    command_kind: PidCommandKind,
+}
+
+#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+struct PidRecord {
+    pid: u32,
+    process_start_time: String,
+}
+
+#[derive(Debug, Clone, PartialEq, Eq)]
+enum PidFileState {
+    Missing,
+    Starting,
+    Running(PidRecord),
+}
+
+#[derive(Debug, Clone, Copy)]
+#[cfg_attr(not(unix), allow(dead_code))]
+enum PidCommandKind {
+    AppServer { remote_control_enabled: bool },
+    UpdateLoop,
+}
+
+impl PidBackend {
+    pub(crate) fn new(codex_bin: PathBuf, pid_file: PathBuf, remote_control_enabled: bool) -> Self {
+        let lock_file = pid_file.with_extension("pid.lock");
+        Self {
+            codex_bin,
+            pid_file,
+            lock_file,
+            command_kind: PidCommandKind::AppServer {
+                remote_control_enabled,
+            },
+        }
+    }
+
+    pub(crate) fn new_update_loop(codex_bin: PathBuf, pid_file: PathBuf) -> Self {
+        let lock_file = pid_file.with_extension("pid.lock");
+        Self {
+            codex_bin,
+            pid_file,
+            lock_file,
+            command_kind: PidCommandKind::UpdateLoop,
+        }
+    }
+
+    pub(crate) async fn is_starting_or_running(&self) -> Result<bool> {
+        loop {
+            match self.read_pid_file_state().await? {
+                PidFileState::Missing => return Ok(false),
+                PidFileState::Starting => return Ok(true),
+                PidFileState::Running(record) => {
+                    if self.record_is_active(&record).await? {
+                        return Ok(true);
+                    }
+                    match self.refresh_after_stale_record(&record).await? {
+                        PidFileState::Missing => return Ok(false),
+                        PidFileState::Starting | PidFileState::Running(_) => continue,
+                    }
+                }
+            }
+        }
+    }
+
+    #[cfg(unix)]
+    pub(crate) async fn start(&self) -> Result<Option<u32>> {
+        if let Some(parent) = self.pid_file.parent() {
+            fs::create_dir_all(parent)
+                .await
+                .with_context(|| format!("failed to create pid directory {}", parent.display()))?;
+        }
+        let reservation_lock = self.acquire_reservation_lock().await?;
+        let _pid_file = loop {
+            match fs::OpenOptions::new()
+                .create_new(true)
+                .write(true)
+                .open(&self.pid_file)
+                .await
+            {
+                Ok(pid_file) => break pid_file,
+                Err(err) if err.kind() == std::io::ErrorKind::AlreadyExists => {
+                    match self.read_pid_file_state_with_lock_held().await? {
+                        PidFileState::Missing => continue,
+                        PidFileState::Running(record) => {
+                            if self.record_is_active(&record).await? {
+                                return Ok(None);
+                            }
+                            let _ = fs::remove_file(&self.pid_file).await;
+                            continue;
+                        }
+                        PidFileState::Starting => {
+                            unreachable!("lock holder cannot observe starting")
+                        }
+                    }
+                }
+                Err(err) => {
+                    return Err(err).with_context(|| {
+                        format!("failed to reserve pid file {}", self.pid_file.display())
+                    });
+                }
+            }
+        };
+        let mut command = Command::new(&self.codex_bin);
+        command
+            .args(self.command_args())
+            .stdin(Stdio::null())
+            .stdout(Stdio::null())
+            .stderr(Stdio::null());
+
+        #[cfg(unix)]
+        {
+            unsafe {
+                command.pre_exec(|| {
+                    if libc::setsid() == -1 {
+                        return Err(std::io::Error::last_os_error());
+                    }
+                    Ok(())
+                });
+            }
+        }
+
+        let child = match command.spawn() {
+            Ok(child) => child,
+            Err(err) => {
+                let _ = fs::remove_file(&self.pid_file).await;
+                return Err(err).with_context(|| {
+                    format!(
+                        "failed to spawn detached app-server process using {}",
+                        self.codex_bin.display()
+                    )
+                });
+            }
+        };
+        let pid = child
+            .id()
+            .context("spawned app-server process has no pid")?;
+        let record = match read_process_start_time(pid).await {
+            Ok(process_start_time) => PidRecord {
+                pid,
+                process_start_time,
+            },
+            Err(err) => {
+                let _ = self.terminate_process(pid);
+                let _ = fs::remove_file(&self.pid_file).await;
+                return Err(err);
+            }
+        };
+        let contents = serde_json::to_vec(&record).context("failed to serialize pid record")?;
+        let temp_pid_file = self.pid_file.with_extension("pid.tmp");
+        if let Err(err) = fs::write(&temp_pid_file, &contents).await {
+            let _ = self.terminate_process(pid);
+            let _ = fs::remove_file(&self.pid_file).await;
+            return Err(err).with_context(|| {
+                format!("failed to write pid temp file {}", temp_pid_file.display())
+            });
+        }
+        if let Err(err) = fs::rename(&temp_pid_file, &self.pid_file).await {
+            let _ = self.terminate_process(pid);
+            let _ = fs::remove_file(&temp_pid_file).await;
+            let _ = fs::remove_file(&self.pid_file).await;
+            return Err(err).with_context(|| {
+                format!("failed to publish pid file {}", self.pid_file.display())
+            });
+        }
+        drop(reservation_lock);
+        Ok(Some(pid))
+    }
+
+    #[cfg(not(unix))]
+    pub(crate) async fn start(&self) -> Result<Option<u32>> {
+        bail!("pid-managed app-server startup is unsupported on this platform")
+    }
+
+    pub(crate) async fn stop(&self) -> Result<()> {
+        loop {
+            let Some(record) = self.wait_for_pid_start().await? else {
+                return Ok(());
+            };
+            if !self.record_is_active(&record).await? {
+                match self.refresh_after_stale_record(&record).await? {
+                    PidFileState::Missing => return Ok(()),
+                    PidFileState::Starting | PidFileState::Running(_) => continue,
+                }
+            }
+
+            let pid = record.pid;
+            self.terminate_process(pid)?;
+            let started_at = tokio::time::Instant::now();
+            let deadline = tokio::time::Instant::now() + STOP_TIMEOUT;
+            let mut forced = false;
+            while tokio::time::Instant::now() < deadline {
+                if !self.record_is_active(&record).await? {
+                    match self.refresh_after_stale_record(&record).await? {
+                        PidFileState::Missing => return Ok(()),
+                        PidFileState::Starting | PidFileState::Running(_) => break,
+                    }
+                }
+                if !forced && started_at.elapsed() >= STOP_GRACE_PERIOD {
+                    self.force_terminate_process(pid)?;
+                    forced = true;
+                }
+                sleep(STOP_POLL_INTERVAL).await;
+            }
+
+            if self.record_is_active(&record).await? {
+                bail!("timed out waiting for pid-managed app server {pid} to stop");
+            }
+        }
+    }
+
+    async fn wait_for_pid_start(&self) -> Result<Option<PidRecord>> {
+        let deadline = tokio::time::Instant::now() + START_TIMEOUT;
+        loop {
+            match self.read_pid_file_state().await? {
+                PidFileState::Missing => return Ok(None),
+                PidFileState::Running(record) => return Ok(Some(record)),
+                PidFileState::Starting if tokio::time::Instant::now() < deadline => {
+                    sleep(STOP_POLL_INTERVAL).await;
+                }
+                PidFileState::Starting => {
+                    bail!(
+                        "timed out waiting for pid reservation in {} to finish initializing",
+                        self.pid_file.display()
+                    );
+                }
+            }
+        }
+    }
+
+    async fn read_pid_file_state(&self) -> Result<PidFileState> {
+        let contents = match fs::read_to_string(&self.pid_file).await {
+            Ok(contents) => contents,
+            Err(err) if err.kind() == std::io::ErrorKind::NotFound => {
+                return if reservation_lock_is_active(&self.lock_file).await? {
+                    Ok(PidFileState::Starting)
+                } else {
+                    Ok(PidFileState::Missing)
+                };
+            }
+            Err(err) => {
+                return Err(err).with_context(|| {
+                    format!("failed to read pid file {}", self.pid_file.display())
+                });
+            }
+        };
+        if contents.trim().is_empty() {
+            match inspect_empty_pid_reservation(&self.pid_file, &self.lock_file).await? {
+                EmptyPidReservation::Active => {
+                    return Ok(PidFileState::Starting);
+                }
+                EmptyPidReservation::Stale => {
+                    return Ok(PidFileState::Missing);
+                }
+                EmptyPidReservation::Record(record) => return Ok(PidFileState::Running(record)),
+            }
+        }
+        let record = serde_json::from_str(&contents)
+            .with_context(|| format!("invalid pid file contents in {}", self.pid_file.display()))?;
+        Ok(PidFileState::Running(record))
+    }
+
+    async fn read_pid_file_state_with_lock_held(&self) -> Result<PidFileState> {
+        let contents = match fs::read_to_string(&self.pid_file).await {
+            Ok(contents) => contents,
+            Err(err) if err.kind() == std::io::ErrorKind::NotFound => {
+                return Ok(PidFileState::Missing);
+            }
+            Err(err) => {
+                return Err(err).with_context(|| {
+                    format!("failed to read pid file {}", self.pid_file.display())
+                });
+            }
+        };
+        if contents.trim().is_empty() {
+            let _ = fs::remove_file(&self.pid_file).await;
+            return Ok(PidFileState::Missing);
+        }
+        let record = serde_json::from_str(&contents)
+            .with_context(|| format!("invalid pid file contents in {}", self.pid_file.display()))?;
+        Ok(PidFileState::Running(record))
+    }
+
+    async fn refresh_after_stale_record(&self, expected: &PidRecord) -> Result<PidFileState> {
+        let reservation_lock = self.acquire_reservation_lock().await?;
+        let state = match self.read_pid_file_state_with_lock_held().await? {
+            PidFileState::Running(record) if record == *expected => {
+                let _ = fs::remove_file(&self.pid_file).await;
+                PidFileState::Missing
+            }
+            state => state,
+        };
+        drop(reservation_lock);
+        Ok(state)
+    }
+
+    async fn acquire_reservation_lock(&self) -> Result<fs::File> {
+        let reservation_lock = fs::OpenOptions::new()
+            .create(true)
+            .truncate(false)
+            .write(true)
+            .open(&self.lock_file)
+            .await
+            .with_context(|| {
+                format!("failed to open pid lock file {}", self.lock_file.display())
+            })?;
+        let lock_deadline = tokio::time::Instant::now() + START_TIMEOUT;
+        while !try_lock_file(&reservation_lock)? {
+            if tokio::time::Instant::now() >= lock_deadline {
+                bail!(
+                    "timed out waiting for pid lock {}",
+                    self.lock_file.display()
+                );
+            }
+            sleep(STOP_POLL_INTERVAL).await;
+        }
+        Ok(reservation_lock)
+    }
+
+    #[cfg(unix)]
+    fn command_args(&self) -> Vec<&'static str> {
+        match self.command_kind {
+            PidCommandKind::AppServer {
+                remote_control_enabled: true,
+            } => vec![
+                "--enable",
+                "remote_control",
+                "app-server",
+                "--listen",
+                "unix://",
+            ],
+            PidCommandKind::AppServer {
+                remote_control_enabled: false,
+            } => vec!["app-server", "--listen", "unix://"],
+            PidCommandKind::UpdateLoop => vec!["app-server", "daemon", "pid-update-loop"],
+        }
+    }
+
+    fn terminate_process(&self, pid: u32) -> Result<()> {
+        match self.command_kind {
+            PidCommandKind::AppServer { .. } => terminate_process(pid),
+            PidCommandKind::UpdateLoop => terminate_process(pid),
+        }
+    }
+
+    fn force_terminate_process(&self, pid: u32) -> Result<()> {
+        match self.command_kind {
+            PidCommandKind::AppServer { .. } => force_terminate_process(pid),
+            PidCommandKind::UpdateLoop => force_terminate_process_group(pid),
+        }
+    }
+
+    async fn record_is_active(&self, record: &PidRecord) -> Result<bool> {
+        process_matches_record(record).await
+    }
+}
+
+#[cfg(unix)]
+fn process_exists(pid: u32) -> bool {
+    let Ok(pid) = libc::pid_t::try_from(pid) else {
+        return false;
+    };
+    let result = unsafe { libc::kill(pid, 0) };
+    result == 0 || std::io::Error::last_os_error().raw_os_error() == Some(libc::EPERM)
+}
+
+#[cfg(unix)]
+fn terminate_process(pid: u32) -> Result<()> {
+    let raw_pid = libc::pid_t::try_from(pid)
+        .with_context(|| format!("pid-managed app server pid {pid} is out of range"))?;
+    let result = unsafe { libc::kill(raw_pid, libc::SIGTERM) };
+    if result == 0 {
+        return Ok(());
+    }
+    let err = std::io::Error::last_os_error();
+    if err.raw_os_error() == Some(libc::ESRCH) {
+        return Ok(());
+    }
+    Err(err).with_context(|| format!("failed to terminate pid-managed app server {pid}"))
+}
+
+#[cfg(unix)]
+fn force_terminate_process(pid: u32) -> Result<()> {
+    let raw_pid = libc::pid_t::try_from(pid)
+        .with_context(|| format!("pid-managed app server pid {pid} is out of range"))?;
+    let result = unsafe { libc::kill(raw_pid, libc::SIGKILL) };
+    if result == 0 {
+        return Ok(());
+    }
+    let err = std::io::Error::last_os_error();
+    if err.raw_os_error() == Some(libc::ESRCH) {
+        return Ok(());
+    }
+    Err(err).with_context(|| format!("failed to force terminate pid-managed app server {pid}"))
+}
+
+#[cfg(unix)]
+fn force_terminate_process_group(pid: u32) -> Result<()> {
+    let raw_pid = libc::pid_t::try_from(pid)
+        .with_context(|| format!("pid-managed updater pid {pid} is out of range"))?;
+    let result = unsafe { libc::kill(-raw_pid, libc::SIGKILL) };
+    if result == 0 {
+        return Ok(());
+    }
+    let err = std::io::Error::last_os_error();
+    if err.raw_os_error() == Some(libc::ESRCH) {
+        return Ok(());
+    }
+    Err(err).with_context(|| format!("failed to force terminate pid-managed updater group {pid}"))
+}
+
+#[cfg(not(unix))]
+fn terminate_process(_pid: u32) -> Result<()> {
+    bail!("pid-managed app-server shutdown is unsupported on this platform")
+}
+
+#[cfg(not(unix))]
+fn force_terminate_process(_pid: u32) -> Result<()> {
+    bail!("pid-managed app-server shutdown is unsupported on this platform")
+}
+
+#[cfg(not(unix))]
+fn force_terminate_process_group(_pid: u32) -> Result<()> {
+    bail!("pid-managed updater shutdown is unsupported on this platform")
+}
+
+#[cfg(unix)]
+async fn process_matches_record(record: &PidRecord) -> Result<bool> {
+    if !process_exists(record.pid) {
+        return Ok(false);
+    }
+
+    match read_process_start_time(record.pid).await {
+        Ok(start_time) => Ok(start_time == record.process_start_time),
+        Err(_err) if !process_exists(record.pid) => Ok(false),
+        Err(err) => Err(err),
+    }
+}
+
+#[cfg(not(unix))]
+async fn process_matches_record(_record: &PidRecord) -> Result<bool> {
+    Ok(false)
+}
+
+#[derive(Debug, Clone, PartialEq, Eq)]
+#[cfg_attr(not(unix), allow(dead_code))]
+enum EmptyPidReservation {
+    Active,
+    Stale,
+    Record(PidRecord),
+}
+
+#[cfg(unix)]
+fn try_lock_file(file: &fs::File) -> Result<bool> {
+    use std::os::fd::AsRawFd;
+
+    let result = unsafe { libc::flock(file.as_raw_fd(), libc::LOCK_EX | libc::LOCK_NB) };
+    if result == 0 {
+        return Ok(true);
+    }
+
+    let err = std::io::Error::last_os_error();
+    if err.raw_os_error() == Some(libc::EWOULDBLOCK) {
+        return Ok(false);
+    }
+    Err(err).context("failed to lock pid reservation")
+}
+
+#[cfg(not(unix))]
+fn try_lock_file(_file: &fs::File) -> Result<bool> {
+    bail!("pid-managed app-server startup is unsupported on this platform")
+}
+
+#[cfg(unix)]
+async fn reservation_lock_is_active(path: &Path) -> Result<bool> {
+    let file = match fs::OpenOptions::new()
+        .write(true)
+        .create(true)
+        .truncate(false)
+        .open(path)
+        .await
+    {
+        Ok(file) => file,
+        Err(err) if err.kind() == std::io::ErrorKind::NotFound => {
+            return Ok(false);
+        }
+        Err(err) => {
+            return Err(err)
+                .with_context(|| format!("failed to inspect pid lock file {}", path.display()));
+        }
+    };
+    Ok(!try_lock_file(&file)?)
+}
+
+#[cfg(not(unix))]
+async fn reservation_lock_is_active(_path: &Path) -> Result<bool> {
+    Ok(false)
+}
+
+#[cfg(unix)]
+async fn inspect_empty_pid_reservation(
+    pid_path: &Path,
+    lock_path: &Path,
+) -> Result<EmptyPidReservation> {
+    let file = match fs::OpenOptions::new()
+        .write(true)
+        .create(true)
+        .truncate(false)
+        .open(lock_path)
+        .await
+    {
+        Ok(file) => file,
+        Err(err) => {
+            return Err(err).with_context(|| {
+                format!("failed to inspect pid lock file {}", lock_path.display())
+            });
+        }
+    };
+    if !try_lock_file(&file)? {
+        return Ok(EmptyPidReservation::Active);
+    }
+
+    let contents = match fs::read_to_string(pid_path).await {
+        Ok(contents) => contents,
+        Err(err) if err.kind() == std::io::ErrorKind::NotFound => {
+            return Ok(EmptyPidReservation::Stale);
+        }
+        Err(err) => {
+            return Err(err)
+                .with_context(|| format!("failed to reread pid file {}", pid_path.display()));
+        }
+    };
+    if contents.trim().is_empty() {
+        let _ = fs::remove_file(pid_path).await;
+        return Ok(EmptyPidReservation::Stale);
+    }
+
+    let record = serde_json::from_str(&contents)
+        .with_context(|| format!("invalid pid file contents in {}", pid_path.display()))?;
+    Ok(EmptyPidReservation::Record(record))
+}
+
+#[cfg(not(unix))]
+async fn inspect_empty_pid_reservation(
+    _pid_path: &Path,
+    _lock_path: &Path,
+) -> Result<EmptyPidReservation> {
+    Ok(EmptyPidReservation::Stale)
+}
+
+#[cfg(unix)]
+async fn read_process_start_time(pid: u32) -> Result<String> {
+    let output = Command::new("ps")
+        .args(["-p", &pid.to_string(), "-o", "lstart="])
+        .output()
+        .await
+        .context("failed to invoke ps for pid-managed app server")?;
+    if !output.status.success() {
+        bail!("failed to read start time for pid-managed app server {pid}");
+    }
+
+    let start_time = String::from_utf8(output.stdout)
+        .context("pid-managed app server start time was not utf-8")?;
+    let start_time = start_time.trim();
+    if start_time.is_empty() {
+        bail!("pid-managed app server {pid} has no recorded start time");
+    }
+    Ok(start_time.to_string())
+}
+
+#[cfg(all(test, unix))]
+#[path = "pid_tests.rs"]
+mod tests;

codex-rs/app-server-daemon/src/backend/pid_tests.rs

@@ -0,0 +1,158 @@
+use std::time::Duration;
+
+use pretty_assertions::assert_eq;
+use tempfile::TempDir;
+
+use super::PidBackend;
+use super::PidCommandKind;
+use super::PidFileState;
+use super::PidRecord;
+use super::try_lock_file;
+
+#[tokio::test]
+async fn locked_empty_pid_file_is_treated_as_active_reservation() {
+    let temp_dir = TempDir::new().expect("temp dir");
+    let pid_file = temp_dir.path().join("app-server.pid");
+    tokio::fs::write(&pid_file, "")
+        .await
+        .expect("write pid file");
+    let backend = PidBackend::new(
+        temp_dir.path().join("codex"),
+        pid_file.clone(),
+        /*remote_control_enabled*/ false,
+    );
+    let reservation = tokio::fs::OpenOptions::new()
+        .create(true)
+        .truncate(false)
+        .write(true)
+        .open(&backend.lock_file)
+        .await
+        .expect("open pid lock file");
+    assert!(try_lock_file(&reservation).expect("lock reservation"));
+
+    assert_eq!(
+        backend.read_pid_file_state().await.expect("read pid"),
+        PidFileState::Starting
+    );
+    assert!(pid_file.exists());
+}
+
+#[tokio::test]
+async fn unlocked_empty_pid_file_is_treated_as_stale_reservation() {
+    let temp_dir = TempDir::new().expect("temp dir");
+    let pid_file = temp_dir.path().join("app-server.pid");
+    tokio::fs::write(&pid_file, "")
+        .await
+        .expect("write pid file");
+    let backend = PidBackend::new(
+        temp_dir.path().join("codex"),
+        pid_file.clone(),
+        /*remote_control_enabled*/ false,
+    );
+
+    assert_eq!(
+        backend.read_pid_file_state().await.expect("read pid"),
+        PidFileState::Missing
+    );
+    assert!(!pid_file.exists());
+}
+
+#[tokio::test]
+async fn stop_waits_for_live_reservation_to_resolve() {
+    let temp_dir = TempDir::new().expect("temp dir");
+    let pid_file = temp_dir.path().join("app-server.pid");
+    tokio::fs::write(&pid_file, "")
+        .await
+        .expect("write pid file");
+    let backend = PidBackend::new(
+        temp_dir.path().join("codex"),
+        pid_file.clone(),
+        /*remote_control_enabled*/ false,
+    );
+    let reservation = tokio::fs::OpenOptions::new()
+        .create(true)
+        .truncate(false)
+        .write(true)
+        .open(&backend.lock_file)
+        .await
+        .expect("open pid lock file");
+    assert!(try_lock_file(&reservation).expect("lock reservation"));
+    let cleanup = tokio::spawn(async move {
+        tokio::time::sleep(Duration::from_millis(50)).await;
+        drop(reservation);
+        tokio::fs::remove_file(pid_file)
+            .await
+            .expect("remove pid file");
+    });
+
+    backend.stop().await.expect("stop");
+    cleanup.await.expect("cleanup task");
+}
+
+#[tokio::test]
+async fn start_retries_stale_empty_pid_file_under_its_own_lock() {
+    let temp_dir = TempDir::new().expect("temp dir");
+    let pid_file = temp_dir.path().join("app-server.pid");
+    tokio::fs::write(&pid_file, "")
+        .await
+        .expect("write pid file");
+    let backend = PidBackend::new(
+        temp_dir.path().join("missing-codex"),
+        pid_file,
+        /*remote_control_enabled*/ false,
+    );
+
+    let err = backend.start().await.expect_err("start");
+    assert!(
+        err.to_string()
+            .starts_with("failed to spawn detached app-server process using ")
+    );
+}
+
+#[tokio::test]
+async fn stale_record_cleanup_preserves_replacement_record() {
+    let temp_dir = TempDir::new().expect("temp dir");
+    let pid_file = temp_dir.path().join("app-server.pid");
+    let backend = PidBackend::new(
+        temp_dir.path().join("codex"),
+        pid_file.clone(),
+        /*remote_control_enabled*/ false,
+    );
+    let stale = PidRecord {
+        pid: 1,
+        process_start_time: "old".to_string(),
+    };
+    let replacement = PidRecord {
+        pid: 2,
+        process_start_time: "new".to_string(),
+    };
+    tokio::fs::write(
+        &pid_file,
+        serde_json::to_vec(&replacement).expect("serialize replacement"),
+    )
+    .await
+    .expect("write replacement pid file");
+
+    assert_eq!(
+        backend
+            .refresh_after_stale_record(&stale)
+            .await
+            .expect("cleanup"),
+        PidFileState::Running(replacement)
+    );
+}
+
+#[test]
+fn update_loop_uses_hidden_app_server_subcommand() {
+    let backend = PidBackend {
+        codex_bin: "codex".into(),
+        pid_file: "updater.pid".into(),
+        lock_file: "updater.pid.lock".into(),
+        command_kind: PidCommandKind::UpdateLoop,
+    };
+
+    assert_eq!(
+        backend.command_args(),
+        vec!["app-server", "daemon", "pid-update-loop"]
+    );
+}

codex-rs/app-server-daemon/src/client.rs

@@ -0,0 +1,131 @@
+use std::path::Path;
+use std::time::Duration;
+
+use anyhow::Context;
+use anyhow::Result;
+use anyhow::anyhow;
+use codex_app_server_protocol::ClientInfo;
+use codex_app_server_protocol::InitializeParams;
+use codex_app_server_protocol::InitializeResponse;
+use codex_app_server_protocol::JSONRPCMessage;
+use codex_app_server_protocol::JSONRPCNotification;
+use codex_app_server_protocol::JSONRPCRequest;
+use codex_app_server_protocol::RequestId;
+use codex_uds::UnixStream;
+use futures::SinkExt;
+use futures::StreamExt;
+use tokio::time::timeout;
+use tokio_tungstenite::client_async;
+use tokio_tungstenite::tungstenite::Message;
+
+const PROBE_TIMEOUT: Duration = Duration::from_secs(2);
+const CLIENT_NAME: &str = "codex_app_server_daemon";
+
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub(crate) struct ProbeInfo {
+    pub(crate) app_server_version: String,
+}
+
+pub(crate) async fn probe(socket_path: &Path) -> Result<ProbeInfo> {
+    timeout(PROBE_TIMEOUT, probe_inner(socket_path))
+        .await
+        .with_context(|| {
+            format!(
+                "timed out probing app-server control socket {}",
+                socket_path.display()
+            )
+        })?
+}
+
+async fn probe_inner(socket_path: &Path) -> Result<ProbeInfo> {
+    let stream = UnixStream::connect(socket_path)
+        .await
+        .with_context(|| format!("failed to connect to {}", socket_path.display()))?;
+    let (mut websocket, _response) = client_async("ws://localhost/", stream)
+        .await
+        .with_context(|| format!("failed to upgrade {}", socket_path.display()))?;
+
+    let initialize = JSONRPCMessage::Request(JSONRPCRequest {
+        id: RequestId::Integer(1),
+        method: "initialize".to_string(),
+        params: Some(serde_json::to_value(InitializeParams {
+            client_info: ClientInfo {
+                name: CLIENT_NAME.to_string(),
+                title: Some("Codex App Server Daemon".to_string()),
+                version: env!("CARGO_PKG_VERSION").to_string(),
+            },
+            capabilities: None,
+        })?),
+        trace: None,
+    });
+    websocket
+        .send(Message::Text(serde_json::to_string(&initialize)?.into()))
+        .await
+        .context("failed to send initialize request")?;
+
+    let response = loop {
+        let frame = websocket
+            .next()
+            .await
+            .ok_or_else(|| anyhow!("app-server closed before initialize response"))??;
+        let Message::Text(payload) = frame else {
+            continue;
+        };
+        let message = serde_json::from_str::<JSONRPCMessage>(&payload)?;
+        if let JSONRPCMessage::Response(response) = message
+            && response.id == RequestId::Integer(1)
+        {
+            break response;
+        }
+    };
+    let initialize_response = serde_json::from_value::<InitializeResponse>(response.result)?;
+
+    let initialized = JSONRPCMessage::Notification(JSONRPCNotification {
+        method: "initialized".to_string(),
+        params: None,
+    });
+    websocket
+        .send(Message::Text(serde_json::to_string(&initialized)?.into()))
+        .await
+        .context("failed to send initialized notification")?;
+    websocket.close(None).await.ok();
+
+    Ok(ProbeInfo {
+        app_server_version: parse_version_from_user_agent(&initialize_response.user_agent)?,
+    })
+}
+
+fn parse_version_from_user_agent(user_agent: &str) -> Result<String> {
+    let (_originator, rest) = user_agent
+        .split_once('/')
+        .ok_or_else(|| anyhow!("app-server user-agent omitted version separator"))?;
+    let version = rest
+        .split_whitespace()
+        .next()
+        .filter(|version| !version.is_empty())
+        .ok_or_else(|| anyhow!("app-server user-agent omitted version"))?;
+    Ok(version.to_string())
+}
+
+#[cfg(all(test, unix))]
+mod tests {
+    use pretty_assertions::assert_eq;
+
+    use super::parse_version_from_user_agent;
+
+    #[test]
+    fn parses_version_from_codex_user_agent() {
+        assert_eq!(
+            parse_version_from_user_agent(
+                "codex_app_server_daemon/1.2.3 (Linux 6.8.0; x86_64) codex_cli_rs/1.2.3",
+            )
+            .expect("version"),
+            "1.2.3"
+        );
+    }
+
+    #[test]
+    fn rejects_user_agent_without_version() {
+        assert!(parse_version_from_user_agent("codex_app_server_daemon").is_err());
+    }
+}

codex-rs/app-server-daemon/src/lib.rs

@@ -0,0 +1,630 @@
+mod backend;
+mod client;
+mod managed_install;
+mod settings;
+mod update_loop;
+
+use std::path::PathBuf;
+use std::time::Duration;
+
+use anyhow::Context;
+use anyhow::Result;
+use anyhow::anyhow;
+pub use backend::BackendKind;
+use backend::BackendPaths;
+use codex_app_server_transport::app_server_control_socket_path;
+use codex_core::config::find_codex_home;
+use managed_install::managed_codex_bin;
+#[cfg(unix)]
+use managed_install::managed_codex_version;
+use serde::Serialize;
+use settings::DaemonSettings;
+use tokio::time::sleep;
+
+const START_POLL_INTERVAL: Duration = Duration::from_millis(50);
+const START_TIMEOUT: Duration = Duration::from_secs(10);
+const OPERATION_LOCK_TIMEOUT: Duration = Duration::from_secs(75);
+const PID_FILE_NAME: &str = "app-server.pid";
+const UPDATE_PID_FILE_NAME: &str = "app-server-updater.pid";
+const OPERATION_LOCK_FILE_NAME: &str = "daemon.lock";
+const SETTINGS_FILE_NAME: &str = "settings.json";
+const STATE_DIR_NAME: &str = "app-server-daemon";
+
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+pub enum LifecycleCommand {
+    Start,
+    Restart,
+    Stop,
+    Version,
+}
+
+#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub enum LifecycleStatus {
+    AlreadyRunning,
+    Started,
+    Restarted,
+    Stopped,
+    NotRunning,
+    Running,
+}
+
+#[derive(Debug, Clone, PartialEq, Eq, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct LifecycleOutput {
+    pub status: LifecycleStatus,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub backend: Option<BackendKind>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub pid: Option<u32>,
+    pub socket_path: PathBuf,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub cli_version: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub app_server_version: Option<String>,
+}
+
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+pub struct BootstrapOptions {
+    pub remote_control_enabled: bool,
+}
+
+#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub enum BootstrapStatus {
+    Bootstrapped,
+}
+
+#[derive(Debug, Clone, PartialEq, Eq, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct BootstrapOutput {
+    pub status: BootstrapStatus,
+    pub backend: BackendKind,
+    pub auto_update_enabled: bool,
+    pub remote_control_enabled: bool,
+    pub managed_codex_path: PathBuf,
+    pub socket_path: PathBuf,
+    pub cli_version: String,
+    pub app_server_version: String,
+}
+
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+pub enum RemoteControlMode {
+    Enabled,
+    Disabled,
+}
+
+impl RemoteControlMode {
+    fn is_enabled(self) -> bool {
+        matches!(self, Self::Enabled)
+    }
+}
+
+#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub enum RemoteControlStatus {
+    Enabled,
+    Disabled,
+    AlreadyEnabled,
+    AlreadyDisabled,
+}
+
+#[derive(Debug, Clone, PartialEq, Eq, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct RemoteControlOutput {
+    pub status: RemoteControlStatus,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub backend: Option<BackendKind>,
+    pub remote_control_enabled: bool,
+    pub socket_path: PathBuf,
+    pub cli_version: String,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub app_server_version: Option<String>,
+}
+
+#[cfg(unix)]
+pub(crate) enum RestartIfRunningOutcome {
+    Completed,
+    Busy,
+}
+
+pub async fn run(command: LifecycleCommand) -> Result<LifecycleOutput> {
+    ensure_supported_platform()?;
+    Daemon::from_environment()?.run(command).await
+}
+
+pub async fn bootstrap(options: BootstrapOptions) -> Result<BootstrapOutput> {
+    ensure_supported_platform()?;
+    Daemon::from_environment()?.bootstrap(options).await
+}
+
+pub async fn set_remote_control(mode: RemoteControlMode) -> Result<RemoteControlOutput> {
+    ensure_supported_platform()?;
+    Daemon::from_environment()?.set_remote_control(mode).await
+}
+
+pub async fn run_pid_update_loop() -> Result<()> {
+    ensure_supported_platform()?;
+    update_loop::run().await
+}
+
+#[cfg(unix)]
+fn ensure_supported_platform() -> Result<()> {
+    Ok(())
+}
+
+#[cfg(not(unix))]
+fn ensure_supported_platform() -> Result<()> {
+    Err(anyhow!(
+        "codex app-server daemon lifecycle is only supported on Unix platforms"
+    ))
+}
+
+struct Daemon {
+    socket_path: PathBuf,
+    pid_file: PathBuf,
+    update_pid_file: PathBuf,
+    operation_lock_file: PathBuf,
+    settings_file: PathBuf,
+    managed_codex_bin: PathBuf,
+}
+
+impl Daemon {
+    fn from_environment() -> Result<Self> {
+        let codex_home = find_codex_home().context("failed to resolve CODEX_HOME")?;
+        let socket_path = app_server_control_socket_path(codex_home.as_path())?
+            .as_path()
+            .to_path_buf();
+        let state_dir = codex_home.as_path().join(STATE_DIR_NAME);
+        Ok(Self {
+            socket_path,
+            pid_file: state_dir.join(PID_FILE_NAME),
+            update_pid_file: state_dir.join(UPDATE_PID_FILE_NAME),
+            operation_lock_file: state_dir.join(OPERATION_LOCK_FILE_NAME),
+            settings_file: state_dir.join(SETTINGS_FILE_NAME),
+            managed_codex_bin: managed_codex_bin(codex_home.as_path()),
+        })
+    }
+
+    async fn run(&self, command: LifecycleCommand) -> Result<LifecycleOutput> {
+        match command {
+            LifecycleCommand::Start => {
+                let _operation_lock = self.acquire_operation_lock().await?;
+                self.start().await
+            }
+            LifecycleCommand::Restart => {
+                let _operation_lock = self.acquire_operation_lock().await?;
+                self.restart().await
+            }
+            LifecycleCommand::Stop => {
+                let _operation_lock = self.acquire_operation_lock().await?;
+                self.stop().await
+            }
+            LifecycleCommand::Version => self.version().await,
+        }
+    }
+
+    async fn start(&self) -> Result<LifecycleOutput> {
+        let settings = self.load_settings().await?;
+        if let Ok(info) = client::probe(&self.socket_path).await {
+            return Ok(self.output(
+                LifecycleStatus::AlreadyRunning,
+                self.running_backend(&settings).await?,
+                /*pid*/ None,
+                Some(info.app_server_version),
+            ));
+        }
+
+        if self.running_backend_instance(&settings).await?.is_some() {
+            let info = self.wait_until_ready().await?;
+            return Ok(self.output(
+                LifecycleStatus::AlreadyRunning,
+                Some(BackendKind::Pid),
+                /*pid*/ None,
+                Some(info.app_server_version),
+            ));
+        }
+
+        self.ensure_managed_codex_bin()?;
+        let pid = self.start_managed_backend(&settings).await?;
+        let info = self.wait_until_ready().await?;
+        Ok(self.output(
+            LifecycleStatus::Started,
+            Some(BackendKind::Pid),
+            pid,
+            Some(info.app_server_version),
+        ))
+    }
+
+    async fn restart(&self) -> Result<LifecycleOutput> {
+        let settings = self.load_settings().await?;
+        if client::probe(&self.socket_path).await.is_ok()
+            && self.running_backend(&settings).await?.is_none()
+        {
+            return Err(anyhow!(
+                "app server is running but is not managed by codex app-server daemon"
+            ));
+        }
+
+        self.ensure_managed_codex_bin()?;
+        if let Some(backend) = self.running_backend_instance(&settings).await? {
+            backend.stop().await?;
+        }
+
+        let pid = self.start_managed_backend(&settings).await?;
+        let info = self.wait_until_ready().await?;
+        Ok(self.output(
+            LifecycleStatus::Restarted,
+            Some(BackendKind::Pid),
+            pid,
+            Some(info.app_server_version),
+        ))
+    }
+
+    #[cfg(unix)]
+    pub(crate) async fn try_restart_if_running(&self) -> Result<RestartIfRunningOutcome> {
+        let operation_lock = self.open_operation_lock_file().await?;
+        if !try_lock_file(&operation_lock)? {
+            return Ok(RestartIfRunningOutcome::Busy);
+        }
+        let settings = self.load_settings().await?;
+        if let Some(backend) = self.running_backend_instance(&settings).await? {
+            let Ok(info) = client::probe(&self.socket_path).await else {
+                return Ok(RestartIfRunningOutcome::Completed);
+            };
+            let managed_version = managed_codex_version(&self.managed_codex_bin).await?;
+            if info.app_server_version == managed_version {
+                return Ok(RestartIfRunningOutcome::Completed);
+            }
+            backend.stop().await?;
+            let _ = self.start_managed_backend(&settings).await?;
+            self.wait_until_ready().await?;
+            return Ok(RestartIfRunningOutcome::Completed);
+        }
+
+        if client::probe(&self.socket_path).await.is_ok() {
+            return Err(anyhow!(
+                "app server is running but is not managed by codex app-server daemon"
+            ));
+        }
+
+        Ok(RestartIfRunningOutcome::Completed)
+    }
+
+    async fn stop(&self) -> Result<LifecycleOutput> {
+        let settings = self.load_settings().await?;
+        if let Some(backend) = self.running_backend_instance(&settings).await? {
+            backend.stop().await?;
+            return Ok(self.output(
+                LifecycleStatus::Stopped,
+                Some(BackendKind::Pid),
+                /*pid*/ None,
+                /*app_server_version*/ None,
+            ));
+        }
+
+        if client::probe(&self.socket_path).await.is_ok() {
+            return Err(anyhow!(
+                "app server is running but is not managed by codex app-server daemon"
+            ));
+        }
+
+        Ok(self.output(
+            LifecycleStatus::NotRunning,
+            /*backend*/ None,
+            /*pid*/ None,
+            /*app_server_version*/ None,
+        ))
+    }
+
+    async fn version(&self) -> Result<LifecycleOutput> {
+        let settings = self.load_settings().await?;
+        let info = client::probe(&self.socket_path).await?;
+        Ok(self.output(
+            LifecycleStatus::Running,
+            self.running_backend(&settings).await?,
+            /*pid*/ None,
+            Some(info.app_server_version),
+        ))
+    }
+
+    async fn wait_until_ready(&self) -> Result<client::ProbeInfo> {
+        let deadline = tokio::time::Instant::now() + START_TIMEOUT;
+        loop {
+            match client::probe(&self.socket_path).await {
+                Ok(info) => return Ok(info),
+                Err(err) if tokio::time::Instant::now() < deadline => {
+                    let _ = err;
+                    sleep(START_POLL_INTERVAL).await;
+                }
+                Err(err) => {
+                    return Err(err).with_context(|| {
+                        format!(
+                            "app server did not become ready on {}",
+                            self.socket_path.display()
+                        )
+                    });
+                }
+            }
+        }
+    }
+
+    async fn bootstrap(&self, options: BootstrapOptions) -> Result<BootstrapOutput> {
+        let _operation_lock = self.acquire_operation_lock().await?;
+        self.bootstrap_locked(options).await
+    }
+
+    async fn set_remote_control(&self, mode: RemoteControlMode) -> Result<RemoteControlOutput> {
+        let _operation_lock = self.acquire_operation_lock().await?;
+        let previous_settings = self.load_settings().await?;
+        let mut settings = previous_settings.clone();
+        let remote_control_enabled = mode.is_enabled();
+        let backend = self.running_backend_instance(&previous_settings).await?;
+
+        if backend.is_none() && client::probe(&self.socket_path).await.is_ok() {
+            return Err(anyhow!(
+                "app server is running but is not managed by codex app-server daemon"
+            ));
+        }
+
+        if settings.remote_control_enabled == remote_control_enabled {
+            let info = if backend.is_some() {
+                Some(self.wait_until_ready().await?)
+            } else {
+                None
+            };
+            return Ok(self.remote_control_output(
+                already_remote_control_status(mode),
+                backend.map(|_| BackendKind::Pid),
+                remote_control_enabled,
+                info.map(|info| info.app_server_version),
+            ));
+        }
+
+        settings.remote_control_enabled = remote_control_enabled;
+        settings.save(&self.settings_file).await?;
+
+        let app_server_version = if let Some(backend) = backend {
+            self.ensure_managed_codex_bin()?;
+            backend.stop().await?;
+            let _ = self.start_managed_backend(&settings).await?;
+            Some(self.wait_until_ready().await?.app_server_version)
+        } else {
+            None
+        };
+
+        Ok(self.remote_control_output(
+            remote_control_status(mode),
+            app_server_version.as_ref().map(|_| BackendKind::Pid),
+            remote_control_enabled,
+            app_server_version,
+        ))
+    }
+
+    async fn bootstrap_locked(&self, options: BootstrapOptions) -> Result<BootstrapOutput> {
+        self.ensure_managed_codex_bin()?;
+
+        let settings = DaemonSettings {
+            remote_control_enabled: options.remote_control_enabled,
+        };
+        if client::probe(&self.socket_path).await.is_ok()
+            && self.running_backend(&settings).await?.is_none()
+        {
+            return Err(anyhow!(
+                "app server is running but is not managed by codex app-server daemon"
+            ));
+        }
+        settings.save(&self.settings_file).await?;
+
+        if let Some(backend) = self.running_backend_instance(&settings).await? {
+            backend.stop().await?;
+        }
+
+        let backend = backend::pid_backend(self.backend_paths(&settings));
+        backend.start().await?;
+        let updater = backend::pid_update_loop_backend(self.backend_paths(&settings));
+        if updater.is_starting_or_running().await? {
+            updater.stop().await?;
+        }
+        updater.start().await?;
+
+        let info = self.wait_until_ready().await?;
+        Ok(BootstrapOutput {
+            status: BootstrapStatus::Bootstrapped,
+            backend: BackendKind::Pid,
+            auto_update_enabled: true,
+            remote_control_enabled: settings.remote_control_enabled,
+            managed_codex_path: self.managed_codex_bin.clone(),
+            socket_path: self.socket_path.clone(),
+            cli_version: env!("CARGO_PKG_VERSION").to_string(),
+            app_server_version: info.app_server_version,
+        })
+    }
+
+    async fn running_backend(&self, settings: &DaemonSettings) -> Result<Option<BackendKind>> {
+        Ok(self
+            .running_backend_instance(settings)
+            .await?
+            .map(|_| BackendKind::Pid))
+    }
+
+    async fn running_backend_instance(
+        &self,
+        settings: &DaemonSettings,
+    ) -> Result<Option<backend::PidBackend>> {
+        let backend = backend::pid_backend(self.backend_paths(settings));
+        if backend.is_starting_or_running().await? {
+            return Ok(Some(backend));
+        }
+        Ok(None)
+    }
+
+    async fn start_managed_backend(&self, settings: &DaemonSettings) -> Result<Option<u32>> {
+        let backend = backend::pid_backend(self.backend_paths(settings));
+        backend.start().await
+    }
+
+    fn ensure_managed_codex_bin(&self) -> Result<()> {
+        if self.managed_codex_bin.is_file() {
+            return Ok(());
+        }
+
+        Err(anyhow!(
+            "managed standalone Codex install not found at {}; install Codex first",
+            self.managed_codex_bin.display()
+        ))
+    }
+
+    fn backend_paths(&self, settings: &DaemonSettings) -> BackendPaths {
+        BackendPaths {
+            codex_bin: self.managed_codex_bin.clone(),
+            pid_file: self.pid_file.clone(),
+            update_pid_file: self.update_pid_file.clone(),
+            remote_control_enabled: settings.remote_control_enabled,
+        }
+    }
+
+    async fn load_settings(&self) -> Result<DaemonSettings> {
+        DaemonSettings::load(&self.settings_file).await
+    }
+
+    async fn acquire_operation_lock(&self) -> Result<tokio::fs::File> {
+        let operation_lock = self.open_operation_lock_file().await?;
+        let deadline = tokio::time::Instant::now() + OPERATION_LOCK_TIMEOUT;
+        while !try_lock_file(&operation_lock)? {
+            if tokio::time::Instant::now() >= deadline {
+                return Err(anyhow!(
+                    "timed out waiting for daemon operation lock {}",
+                    self.operation_lock_file.display()
+                ));
+            }
+            sleep(START_POLL_INTERVAL).await;
+        }
+        Ok(operation_lock)
+    }
+
+    async fn open_operation_lock_file(&self) -> Result<tokio::fs::File> {
+        if let Some(parent) = self.operation_lock_file.parent() {
+            tokio::fs::create_dir_all(parent).await.with_context(|| {
+                format!(
+                    "failed to create daemon state directory {}",
+                    parent.display()
+                )
+            })?;
+        }
+        tokio::fs::OpenOptions::new()
+            .create(true)
+            .truncate(false)
+            .write(true)
+            .open(&self.operation_lock_file)
+            .await
+            .with_context(|| {
+                format!(
+                    "failed to open daemon operation lock {}",
+                    self.operation_lock_file.display()
+                )
+            })
+    }
+
+    fn output(
+        &self,
+        status: LifecycleStatus,
+        backend: Option<BackendKind>,
+        pid: Option<u32>,
+        app_server_version: Option<String>,
+    ) -> LifecycleOutput {
+        LifecycleOutput {
+            status,
+            backend,
+            pid,
+            socket_path: self.socket_path.clone(),
+            cli_version: Some(env!("CARGO_PKG_VERSION").to_string()),
+            app_server_version,
+        }
+    }
+
+    fn remote_control_output(
+        &self,
+        status: RemoteControlStatus,
+        backend: Option<BackendKind>,
+        remote_control_enabled: bool,
+        app_server_version: Option<String>,
+    ) -> RemoteControlOutput {
+        RemoteControlOutput {
+            status,
+            backend,
+            remote_control_enabled,
+            socket_path: self.socket_path.clone(),
+            cli_version: env!("CARGO_PKG_VERSION").to_string(),
+            app_server_version,
+        }
+    }
+}
+
+fn remote_control_status(mode: RemoteControlMode) -> RemoteControlStatus {
+    match mode {
+        RemoteControlMode::Enabled => RemoteControlStatus::Enabled,
+        RemoteControlMode::Disabled => RemoteControlStatus::Disabled,
+    }
+}
+
+fn already_remote_control_status(mode: RemoteControlMode) -> RemoteControlStatus {
+    match mode {
+        RemoteControlMode::Enabled => RemoteControlStatus::AlreadyEnabled,
+        RemoteControlMode::Disabled => RemoteControlStatus::AlreadyDisabled,
+    }
+}
+
+#[cfg(unix)]
+fn try_lock_file(file: &tokio::fs::File) -> Result<bool> {
+    use std::os::fd::AsRawFd;
+
+    let result = unsafe { libc::flock(file.as_raw_fd(), libc::LOCK_EX | libc::LOCK_NB) };
+    if result == 0 {
+        return Ok(true);
+    }
+
+    let err = std::io::Error::last_os_error();
+    if err.raw_os_error() == Some(libc::EWOULDBLOCK) {
+        return Ok(false);
+    }
+    Err(err).context("failed to lock daemon operation")
+}
+
+#[cfg(not(unix))]
+fn try_lock_file(_file: &tokio::fs::File) -> Result<bool> {
+    Ok(true)
+}
+
+#[cfg(all(test, unix))]
+mod tests {
+    use pretty_assertions::assert_eq;
+
+    use super::BootstrapStatus;
+    use super::LifecycleStatus;
+    use super::RemoteControlStatus;
+
+    #[test]
+    fn lifecycle_status_uses_camel_case_json() {
+        assert_eq!(
+            serde_json::to_string(&LifecycleStatus::AlreadyRunning).expect("serialize"),
+            "\"alreadyRunning\""
+        );
+    }
+
+    #[test]
+    fn bootstrap_status_uses_camel_case_json() {
+        assert_eq!(
+            serde_json::to_string(&BootstrapStatus::Bootstrapped).expect("serialize"),
+            "\"bootstrapped\""
+        );
+    }
+
+    #[test]
+    fn remote_control_status_uses_camel_case_json() {
+        assert_eq!(
+            serde_json::to_string(&RemoteControlStatus::AlreadyEnabled).expect("serialize"),
+            "\"alreadyEnabled\""
+        );
+    }
+}

codex-rs/app-server-daemon/src/managed_install.rs

@@ -0,0 +1,66 @@
+use std::path::Path;
+use std::path::PathBuf;
+
+#[cfg(unix)]
+use anyhow::Context;
+#[cfg(unix)]
+use anyhow::Result;
+#[cfg(unix)]
+use anyhow::anyhow;
+#[cfg(unix)]
+use tokio::process::Command;
+
+pub(crate) fn managed_codex_bin(codex_home: &Path) -> PathBuf {
+    codex_home
+        .join("packages")
+        .join("standalone")
+        .join("current")
+        .join(managed_codex_file_name())
+}
+
+#[cfg(unix)]
+pub(crate) async fn managed_codex_version(codex_bin: &Path) -> Result<String> {
+    let output = Command::new(codex_bin)
+        .arg("--version")
+        .output()
+        .await
+        .with_context(|| {
+            format!(
+                "failed to invoke managed Codex binary {}",
+                codex_bin.display()
+            )
+        })?;
+    if !output.status.success() {
+        return Err(anyhow!(
+            "managed Codex binary {} exited with status {}",
+            codex_bin.display(),
+            output.status
+        ));
+    }
+
+    let stdout = String::from_utf8(output.stdout).with_context(|| {
+        format!(
+            "managed Codex version was not utf-8: {}",
+            codex_bin.display()
+        )
+    })?;
+    parse_codex_version(&stdout)
+}
+
+fn managed_codex_file_name() -> &'static str {
+    if cfg!(windows) { "codex.exe" } else { "codex" }
+}
+
+#[cfg(unix)]
+fn parse_codex_version(output: &str) -> Result<String> {
+    let version = output
+        .split_whitespace()
+        .nth(1)
+        .filter(|version| !version.is_empty())
+        .ok_or_else(|| anyhow!("managed Codex version output was malformed"))?;
+    Ok(version.to_string())
+}
+
+#[cfg(all(test, unix))]
+#[path = "managed_install_tests.rs"]
+mod tests;

codex-rs/app-server-daemon/src/managed_install_tests.rs

@@ -0,0 +1,16 @@
+use pretty_assertions::assert_eq;
+
+use super::parse_codex_version;
+
+#[test]
+fn parses_codex_cli_version_output() {
+    assert_eq!(
+        parse_codex_version("codex 1.2.3\n").expect("version"),
+        "1.2.3"
+    );
+}
+
+#[test]
+fn rejects_malformed_codex_cli_version_output() {
+    assert!(parse_codex_version("codex\n").is_err());
+}

codex-rs/app-server-daemon/src/settings.rs

@@ -0,0 +1,63 @@
+use std::path::Path;
+
+use anyhow::Context;
+use anyhow::Result;
+use serde::Deserialize;
+use serde::Serialize;
+use tokio::fs;
+
+#[derive(Debug, Clone, Default, PartialEq, Eq, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub(crate) struct DaemonSettings {
+    pub(crate) remote_control_enabled: bool,
+}
+
+impl DaemonSettings {
+    pub(crate) async fn load(path: &Path) -> Result<Self> {
+        let contents = match fs::read_to_string(path).await {
+            Ok(contents) => contents,
+            Err(err) if err.kind() == std::io::ErrorKind::NotFound => return Ok(Self::default()),
+            Err(err) => {
+                return Err(err)
+                    .with_context(|| format!("failed to read daemon settings {}", path.display()));
+            }
+        };
+
+        serde_json::from_str(&contents)
+            .with_context(|| format!("failed to parse daemon settings {}", path.display()))
+    }
+
+    pub(crate) async fn save(&self, path: &Path) -> Result<()> {
+        if let Some(parent) = path.parent() {
+            fs::create_dir_all(parent).await.with_context(|| {
+                format!(
+                    "failed to create daemon settings directory {}",
+                    parent.display()
+                )
+            })?;
+        }
+
+        let contents = serde_json::to_vec_pretty(self).context("failed to serialize settings")?;
+        fs::write(path, contents)
+            .await
+            .with_context(|| format!("failed to write daemon settings {}", path.display()))
+    }
+}
+
+#[cfg(all(test, unix))]
+mod tests {
+    use pretty_assertions::assert_eq;
+
+    use super::DaemonSettings;
+
+    #[test]
+    fn daemon_settings_use_camel_case_json() {
+        assert_eq!(
+            serde_json::to_string(&DaemonSettings {
+                remote_control_enabled: true,
+            })
+            .expect("serialize"),
+            r#"{"remoteControlEnabled":true}"#
+        );
+    }
+}

codex-rs/app-server-daemon/src/update_loop.rs

@@ -0,0 +1,132 @@
+#[cfg(unix)]
+use std::process::Stdio;
+#[cfg(unix)]
+use std::time::Duration;
+
+#[cfg(unix)]
+use anyhow::Context;
+use anyhow::Result;
+#[cfg(not(unix))]
+use anyhow::bail;
+#[cfg(unix)]
+use futures::FutureExt;
+#[cfg(unix)]
+use tokio::io::AsyncWriteExt;
+#[cfg(unix)]
+use tokio::process::Command;
+#[cfg(unix)]
+use tokio::signal::unix::Signal;
+#[cfg(unix)]
+use tokio::signal::unix::SignalKind;
+#[cfg(unix)]
+use tokio::signal::unix::signal;
+#[cfg(unix)]
+use tokio::time::sleep;
+
+#[cfg(unix)]
+use crate::Daemon;
+#[cfg(unix)]
+use crate::RestartIfRunningOutcome;
+
+#[cfg(unix)]
+const INITIAL_UPDATE_DELAY: Duration = Duration::from_secs(5 * 60);
+#[cfg(unix)]
+const RESTART_RETRY_INTERVAL: Duration = Duration::from_millis(50);
+#[cfg(unix)]
+const UPDATE_INTERVAL: Duration = Duration::from_secs(60 * 60);
+
+#[cfg(unix)]
+pub(crate) async fn run() -> Result<()> {
+    let mut terminate =
+        signal(SignalKind::terminate()).context("failed to install updater shutdown handler")?;
+    if sleep_or_terminate(INITIAL_UPDATE_DELAY, &mut terminate).await {
+        return Ok(());
+    }
+    loop {
+        match update_once(&mut terminate).await {
+            Ok(UpdateLoopControl::Continue) | Err(_) => {}
+            Ok(UpdateLoopControl::Stop) => return Ok(()),
+        }
+        if sleep_or_terminate(UPDATE_INTERVAL, &mut terminate).await {
+            return Ok(());
+        }
+    }
+}
+
+#[cfg(not(unix))]
+pub(crate) async fn run() -> Result<()> {
+    bail!("pid-managed updater loop is unsupported on this platform")
+}
+
+#[cfg(unix)]
+async fn sleep_or_terminate(duration: Duration, terminate: &mut Signal) -> bool {
+    tokio::select! {
+        _ = sleep(duration) => false,
+        _ = terminate.recv() => true,
+    }
+}
+
+#[cfg(unix)]
+enum UpdateLoopControl {
+    Continue,
+    Stop,
+}
+
+#[cfg(unix)]
+async fn update_once(terminate: &mut Signal) -> Result<UpdateLoopControl> {
+    install_latest_standalone().await?;
+
+    let daemon = Daemon::from_environment()?;
+    loop {
+        if terminate.recv().now_or_never().flatten().is_some() {
+            return Ok(UpdateLoopControl::Stop);
+        }
+        match daemon.try_restart_if_running().await? {
+            RestartIfRunningOutcome::Completed => return Ok(UpdateLoopControl::Continue),
+            RestartIfRunningOutcome::Busy => {
+                if sleep_or_terminate(RESTART_RETRY_INTERVAL, terminate).await {
+                    return Ok(UpdateLoopControl::Stop);
+                }
+            }
+        }
+    }
+}
+
+#[cfg(unix)]
+async fn install_latest_standalone() -> Result<()> {
+    let script = reqwest::get("https://chatgpt.com/codex/install.sh")
+        .await
+        .context("failed to fetch standalone Codex updater")?
+        .error_for_status()
+        .context("standalone Codex updater request failed")?
+        .bytes()
+        .await
+        .context("failed to read standalone Codex updater")?;
+
+    let mut child = Command::new("/bin/sh")
+        .arg("-s")
+        .stdin(Stdio::piped())
+        .stdout(Stdio::null())
+        .stderr(Stdio::null())
+        .spawn()
+        .context("failed to invoke standalone Codex updater")?;
+    let mut stdin = child
+        .stdin
+        .take()
+        .context("standalone Codex updater stdin was unavailable")?;
+    stdin
+        .write_all(&script)
+        .await
+        .context("failed to pass standalone Codex updater to shell")?;
+    drop(stdin);
+    let status = child
+        .wait()
+        .await
+        .context("failed to wait for standalone Codex updater")?;
+
+    if status.success() {
+        Ok(())
+    } else {
+        anyhow::bail!("standalone Codex updater exited with status {status}")
+    }
+}

codex-rs/app-server-protocol/Cargo.toml

@@ -7,6 +7,7 @@ license.workspace = true
 [lib]
 name = "codex_app_server_protocol"
 path = "src/lib.rs"
+doctest = false
 
 [lints]
 workspace = true

codex-rs/app-server-protocol/schema/json/AttestationGenerateParams.json

@@ -0,0 +1,5 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "title": "AttestationGenerateParams",
+  "type": "object"
+}

codex-rs/app-server-protocol/schema/json/AttestationGenerateResponse.json

@@ -1,14 +1,14 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
-  "description": "Fetch a controller-local device key public key by id.",
   "properties": {
-    "keyId": {
+    "token": {
+      "description": "Opaque client attestation token.",
       "type": "string"
     }
   },
   "required": [
-    "keyId"
+    "token"
   ],
-  "title": "DeviceKeyPublicParams",
+  "title": "AttestationGenerateResponse",
   "type": "object"
 }

codex-rs/app-server-protocol/schema/json/ClientRequest.json

@@ -533,200 +533,6 @@
         }
       ]
     },
-    "DeviceKeyCreateParams": {
-      "description": "Create a controller-local device key with a random key id.",
-      "properties": {
-        "accountUserId": {
-          "type": "string"
-        },
-        "clientId": {
-          "type": "string"
-        },
-        "protectionPolicy": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/DeviceKeyProtectionPolicy"
-            },
-            {
-              "type": "null"
-            }
-          ],
-          "description": "Defaults to `hardware_only` when omitted."
-        }
-      },
-      "required": [
-        "accountUserId",
-        "clientId"
-      ],
-      "type": "object"
-    },
-    "DeviceKeyProtectionPolicy": {
-      "description": "Protection policy for creating or loading a controller-local device key.",
-      "enum": [
-        "hardware_only",
-        "allow_os_protected_nonextractable"
-      ],
-      "type": "string"
-    },
-    "DeviceKeyPublicParams": {
-      "description": "Fetch a controller-local device key public key by id.",
-      "properties": {
-        "keyId": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "keyId"
-      ],
-      "type": "object"
-    },
-    "DeviceKeySignParams": {
-      "description": "Sign an accepted structured payload with a controller-local device key.",
-      "properties": {
-        "keyId": {
-          "type": "string"
-        },
-        "payload": {
-          "$ref": "#/definitions/DeviceKeySignPayload"
-        }
-      },
-      "required": [
-        "keyId",
-        "payload"
-      ],
-      "type": "object"
-    },
-    "DeviceKeySignPayload": {
-      "description": "Structured payloads accepted by `device/key/sign`.",
-      "oneOf": [
-        {
-          "description": "Payload bound to one remote-control controller websocket `/client` connection challenge.",
-          "properties": {
-            "accountUserId": {
-              "type": "string"
-            },
-            "audience": {
-              "$ref": "#/definitions/RemoteControlClientConnectionAudience"
-            },
-            "clientId": {
-              "type": "string"
-            },
-            "nonce": {
-              "type": "string"
-            },
-            "scopes": {
-              "description": "Must contain exactly `remote_control_controller_websocket`.",
-              "items": {
-                "type": "string"
-              },
-              "type": "array"
-            },
-            "sessionId": {
-              "description": "Backend-issued websocket session id that this proof authorizes.",
-              "type": "string"
-            },
-            "targetOrigin": {
-              "description": "Origin of the backend endpoint that issued the challenge and will verify this proof.",
-              "type": "string"
-            },
-            "targetPath": {
-              "description": "Websocket route path that this proof authorizes.",
-              "type": "string"
-            },
-            "tokenExpiresAt": {
-              "description": "Remote-control token expiration as Unix seconds.",
-              "format": "int64",
-              "type": "integer"
-            },
-            "tokenSha256Base64url": {
-              "description": "SHA-256 of the controller-scoped remote-control token, encoded as unpadded base64url.",
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "remoteControlClientConnection"
-              ],
-              "title": "RemoteControlClientConnectionDeviceKeySignPayloadType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "accountUserId",
-            "audience",
-            "clientId",
-            "nonce",
-            "scopes",
-            "sessionId",
-            "targetOrigin",
-            "targetPath",
-            "tokenExpiresAt",
-            "tokenSha256Base64url",
-            "type"
-          ],
-          "title": "RemoteControlClientConnectionDeviceKeySignPayload",
-          "type": "object"
-        },
-        {
-          "description": "Payload bound to a remote-control client `/client/enroll` ownership challenge.",
-          "properties": {
-            "accountUserId": {
-              "type": "string"
-            },
-            "audience": {
-              "$ref": "#/definitions/RemoteControlClientEnrollmentAudience"
-            },
-            "challengeExpiresAt": {
-              "description": "Enrollment challenge expiration as Unix seconds.",
-              "format": "int64",
-              "type": "integer"
-            },
-            "challengeId": {
-              "description": "Backend-issued enrollment challenge id that this proof authorizes.",
-              "type": "string"
-            },
-            "clientId": {
-              "type": "string"
-            },
-            "deviceIdentitySha256Base64url": {
-              "description": "SHA-256 of the requested device identity operation, encoded as unpadded base64url.",
-              "type": "string"
-            },
-            "nonce": {
-              "type": "string"
-            },
-            "targetOrigin": {
-              "description": "Origin of the backend endpoint that issued the challenge and will verify this proof.",
-              "type": "string"
-            },
-            "targetPath": {
-              "description": "HTTP route path that this proof authorizes.",
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "remoteControlClientEnrollment"
-              ],
-              "title": "RemoteControlClientEnrollmentDeviceKeySignPayloadType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "accountUserId",
-            "audience",
-            "challengeExpiresAt",
-            "challengeId",
-            "clientId",
-            "deviceIdentitySha256Base64url",
-            "nonce",
-            "targetOrigin",
-            "targetPath",
-            "type"
-          ],
-          "title": "RemoteControlClientEnrollmentDeviceKeySignPayload",
-          "type": "object"
-        }
-      ]
-    },
     "DynamicToolSpec": {
       "properties": {
         "deferLoading": {
@@ -1453,6 +1259,11 @@
             "array",
             "null"
           ]
+        },
+        "requestAttestation": {
+          "default": false,
+          "description": "Opt into `attestation/generate` requests for upstream `x-oai-attestation`.",
+          "type": "boolean"
         }
       },
       "type": "object"
@@ -2144,6 +1955,14 @@
       ],
       "type": "object"
     },
+    "PluginListMarketplaceKind": {
+      "enum": [
+        "local",
+        "workspace-directory",
+        "shared-with-me"
+      ],
+      "type": "string"
+    },
     "PluginListParams": {
       "properties": {
         "cwds": {
@@ -2155,6 +1974,16 @@
             "array",
             "null"
           ]
+        },
+        "marketplaceKinds": {
+          "description": "Optional marketplace kind filter. When omitted, only local marketplaces are queried, plus the default remote catalog when enabled by feature flag.",
+          "items": {
+            "$ref": "#/definitions/PluginListMarketplaceKind"
+          },
+          "type": [
+            "array",
+            "null"
+          ]
         }
       },
       "type": "object"
@@ -2259,16 +2088,37 @@
         },
         "principalType": {
           "$ref": "#/definitions/PluginSharePrincipalType"
+        },
+        "role": {
+          "$ref": "#/definitions/PluginShareTargetRole"
         }
       },
       "required": [
         "principalId",
-        "principalType"
+        "principalType",
+        "role"
       ],
       "type": "object"
     },
+    "PluginShareTargetRole": {
+      "enum": [
+        "reader",
+        "editor"
+      ],
+      "type": "string"
+    },
+    "PluginShareUpdateDiscoverability": {
+      "enum": [
+        "UNLISTED",
+        "PRIVATE"
+      ],
+      "type": "string"
+    },
     "PluginShareUpdateTargetsParams": {
       "properties": {
+        "discoverability": {
+          "$ref": "#/definitions/PluginShareUpdateDiscoverability"
+        },
         "remotePluginId": {
           "type": "string"
         },
@@ -2280,6 +2130,7 @@
         }
       },
       "required": [
+        "discoverability",
         "remotePluginId",
         "shareTargets"
       ],
@@ -2486,20 +2337,6 @@
         }
       ]
     },
-    "RemoteControlClientConnectionAudience": {
-      "description": "Audience for a remote-control client connection device-key proof.",
-      "enum": [
-        "remote_control_client_websocket"
-      ],
-      "type": "string"
-    },
-    "RemoteControlClientEnrollmentAudience": {
-      "description": "Audience for a remote-control client enrollment device-key proof.",
-      "enum": [
-        "remote_control_client_enrollment"
-      ],
-      "type": "string"
-    },
     "RequestId": {
       "anyOf": [
         {
@@ -3324,13 +3161,6 @@
       ],
       "type": "object"
     },
-    "ServiceTier": {
-      "enum": [
-        "fast",
-        "flex"
-      ],
-      "type": "string"
-    },
     "SessionMigration": {
       "properties": {
         "cwd": {
@@ -3409,24 +3239,6 @@
       ],
       "type": "object"
     },
-    "SkillsListExtraRootsForCwd": {
-      "properties": {
-        "cwd": {
-          "type": "string"
-        },
-        "extraUserRoots": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "required": [
-        "cwd",
-        "extraUserRoots"
-      ],
-      "type": "object"
-    },
     "SkillsListParams": {
       "properties": {
         "cwds": {
@@ -3439,17 +3251,6 @@
         "forceReload": {
           "description": "When true, bypass the skills cache and re-scan skills from disk.",
           "type": "boolean"
-        },
-        "perCwdExtraUserRoots": {
-          "default": null,
-          "description": "Optional per-cwd extra roots to scan as user-scoped skills.",
-          "items": {
-            "$ref": "#/definitions/SkillsListExtraRootsForCwd"
-          },
-          "type": [
-            "array",
-            "null"
-          ]
         }
       },
       "type": "object"
@@ -3608,20 +3409,9 @@
           ]
         },
         "serviceTier": {
-          "anyOf": [
-            {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ServiceTier"
-                },
-                {
-                  "type": "null"
-                }
-              ]
-            },
-            {
-              "type": "null"
-            }
+          "type": [
+            "string",
+            "null"
           ]
         },
         "threadId": {
@@ -4030,20 +3820,9 @@
           ]
         },
         "serviceTier": {
-          "anyOf": [
-            {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ServiceTier"
-                },
-                {
-                  "type": "null"
-                }
-              ]
-            },
-            {
-              "type": "null"
-            }
+          "type": [
+            "string",
+            "null"
           ]
         },
         "threadId": {
@@ -4227,20 +4006,9 @@
           ]
         },
         "serviceTier": {
-          "anyOf": [
-            {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ServiceTier"
-                },
-                {
-                  "type": "null"
-                }
-              ]
-            },
-            {
-              "type": "null"
-            }
+          "type": [
+            "string",
+            "null"
           ]
         },
         "sessionStartSource": {
@@ -4326,6 +4094,31 @@
       ],
       "type": "object"
     },
+    "TurnItemsView": {
+      "oneOf": [
+        {
+          "description": "`items` was not loaded for this turn. The field is intentionally empty.",
+          "enum": [
+            "notLoaded"
+          ],
+          "type": "string"
+        },
+        {
+          "description": "`items` contains only a display summary for this turn.",
+          "enum": [
+            "summary"
+          ],
+          "type": "string"
+        },
+        {
+          "description": "`items` contains every ThreadItem available from persisted app-server history for this turn.",
+          "enum": [
+            "full"
+          ],
+          "type": "string"
+        }
+      ]
+    },
     "TurnStartParams": {
       "properties": {
         "approvalPolicy": {
@@ -4407,22 +4200,11 @@
           "description": "Override the sandbox policy for this turn and subsequent turns."
         },
         "serviceTier": {
-          "anyOf": [
-            {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/ServiceTier"
-                },
-                {
-                  "type": "null"
-                }
-              ]
-            },
-            {
-              "type": "null"
-            }
-          ],
-          "description": "Override the service tier for this turn and subsequent turns."
+          "description": "Override the service tier for this turn and subsequent turns.",
+          "type": [
+            "string",
+            "null"
+          ]
         },
         "summary": {
           "anyOf": [
@@ -5341,78 +5123,6 @@
       "title": "App/listRequest",
       "type": "object"
     },
-    {
-      "properties": {
-        "id": {
-          "$ref": "#/definitions/RequestId"
-        },
-        "method": {
-          "enum": [
-            "device/key/create"
-          ],
-          "title": "Device/key/createRequestMethod",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "#/definitions/DeviceKeyCreateParams"
-        }
-      },
-      "required": [
-        "id",
-        "method",
-        "params"
-      ],
-      "title": "Device/key/createRequest",
-      "type": "object"
-    },
-    {
-      "properties": {
-        "id": {
-          "$ref": "#/definitions/RequestId"
-        },
-        "method": {
-          "enum": [
-            "device/key/public"
-          ],
-          "title": "Device/key/publicRequestMethod",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "#/definitions/DeviceKeyPublicParams"
-        }
-      },
-      "required": [
-        "id",
-        "method",
-        "params"
-      ],
-      "title": "Device/key/publicRequest",
-      "type": "object"
-    },
-    {
-      "properties": {
-        "id": {
-          "$ref": "#/definitions/RequestId"
-        },
-        "method": {
-          "enum": [
-            "device/key/sign"
-          ],
-          "title": "Device/key/signRequestMethod",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "#/definitions/DeviceKeySignParams"
-        }
-      },
-      "required": [
-        "id",
-        "method",
-        "params"
-      ],
-      "title": "Device/key/signRequest",
-      "type": "object"
-    },
     {
       "properties": {
         "id": {

codex-rs/app-server-protocol/schema/json/CommandExecutionRequestApprovalParams.json

@@ -593,6 +593,11 @@
         "null"
       ]
     },
+    "startedAtMs": {
+      "description": "Unix timestamp (in milliseconds) when this approval request started.",
+      "format": "int64",
+      "type": "integer"
+    },
     "threadId": {
       "type": "string"
     },
@@ -602,6 +607,7 @@
   },
   "required": [
     "itemId",
+    "startedAtMs",
     "threadId",
     "turnId"
   ],

codex-rs/app-server-protocol/schema/json/FileChangeRequestApprovalParams.json

@@ -18,6 +18,11 @@
         "null"
       ]
     },
+    "startedAtMs": {
+      "description": "Unix timestamp (in milliseconds) when this approval request started.",
+      "format": "int64",
+      "type": "integer"
+    },
     "threadId": {
       "type": "string"
     },
@@ -27,6 +32,7 @@
   },
   "required": [
     "itemId",
+    "startedAtMs",
     "threadId",
     "turnId"
   ],

codex-rs/app-server-protocol/schema/json/PermissionsRequestApprovalParams.json

@@ -297,6 +297,11 @@
         "null"
       ]
     },
+    "startedAtMs": {
+      "description": "Unix timestamp (in milliseconds) when this approval request started.",
+      "format": "int64",
+      "type": "integer"
+    },
     "threadId": {
       "type": "string"
     },
@@ -308,6 +313,7 @@
     "cwd",
     "itemId",
     "permissions",
+    "startedAtMs",
     "threadId",
     "turnId"
   ],

codex-rs/app-server-protocol/schema/json/ServerNotification.json

@@ -1736,6 +1736,8 @@
         "preToolUse",
         "permissionRequest",
         "postToolUse",
+        "preCompact",
+        "postCompact",
         "sessionStart",
         "userPromptSubmit",
         "stop"
@@ -1961,6 +1963,11 @@
         "action": {
           "$ref": "#/definitions/GuardianApprovalReviewAction"
         },
+        "completedAtMs": {
+          "description": "Unix timestamp (in milliseconds) when this review completed.",
+          "format": "int64",
+          "type": "integer"
+        },
         "decisionSource": {
           "$ref": "#/definitions/AutoReviewDecisionSource"
         },
@@ -1971,6 +1978,11 @@
           "description": "Stable identifier for this review.",
           "type": "string"
         },
+        "startedAtMs": {
+          "description": "Unix timestamp (in milliseconds) when this review started.",
+          "format": "int64",
+          "type": "integer"
+        },
         "targetItemId": {
           "description": "Identifier for the reviewed item or tool call when one exists.\n\nIn most cases, one review maps to one target item. The exceptions are - execve reviews, where a single command may contain multiple execve calls to review (only possible when using the shell_zsh_fork feature) - network policy reviews, where there is no target item\n\nA network call is triggered by a CommandExecution item, so having a target_item_id set to the CommandExecution item would be misleading because the review is about the network call, not the command execution. Therefore, target_item_id is set to None for network policy reviews.",
           "type": [
@@ -1987,9 +1999,11 @@
       },
       "required": [
         "action",
+        "completedAtMs",
         "decisionSource",
         "review",
         "reviewId",
+        "startedAtMs",
         "threadId",
         "turnId"
       ],
@@ -2008,6 +2022,11 @@
           "description": "Stable identifier for this review.",
           "type": "string"
         },
+        "startedAtMs": {
+          "description": "Unix timestamp (in milliseconds) when this review started.",
+          "format": "int64",
+          "type": "integer"
+        },
         "targetItemId": {
           "description": "Identifier for the reviewed item or tool call when one exists.\n\nIn most cases, one review maps to one target item. The exceptions are - execve reviews, where a single command may contain multiple execve calls to review (only possible when using the shell_zsh_fork feature) - network policy reviews, where there is no target item\n\nA network call is triggered by a CommandExecution item, so having a target_item_id set to the CommandExecution item would be misleading because the review is about the network call, not the command execution. Therefore, target_item_id is set to None for network policy reviews.",
           "type": [
@@ -2026,6 +2045,7 @@
         "action",
         "review",
         "reviewId",
+        "startedAtMs",
         "threadId",
         "turnId"
       ],
@@ -2717,7 +2737,7 @@
       "type": "string"
     },
     "RemoteControlStatusChangedNotification": {
-      "description": "Current remote-control connection status and environment id exposed to clients.",
+      "description": "Current remote-control connection status and remote identity exposed to clients.",
       "properties": {
         "environmentId": {
           "type": [
@@ -2725,11 +2745,15 @@
             "null"
           ]
         },
+        "installationId": {
+          "type": "string"
+        },
         "status": {
           "$ref": "#/definitions/RemoteControlConnectionStatus"
         }
       },
       "required": [
+        "installationId",
         "status"
       ],
       "type": "object"
@@ -3072,6 +3096,10 @@
           "description": "Usually the first user message in the thread, if available.",
           "type": "string"
         },
+        "sessionId": {
+          "description": "Session id shared by threads that belong to the same session tree.",
+          "type": "string"
+        },
         "source": {
           "allOf": [
             {
@@ -3120,6 +3148,7 @@
         "id",
         "modelProvider",
         "preview",
+        "sessionId",
         "source",
         "status",
         "turns",

codex-rs/app-server-protocol/schema/json/ServerRequest.json

@@ -121,6 +121,9 @@
       ],
       "type": "object"
     },
+    "AttestationGenerateParams": {
+      "type": "object"
+    },
     "ChatgptAuthTokensRefreshParams": {
       "properties": {
         "previousAccountId": {
@@ -417,6 +420,11 @@
             "null"
           ]
         },
+        "startedAtMs": {
+          "description": "Unix timestamp (in milliseconds) when this approval request started.",
+          "format": "int64",
+          "type": "integer"
+        },
         "threadId": {
           "type": "string"
         },
@@ -426,6 +434,7 @@
       },
       "required": [
         "itemId",
+        "startedAtMs",
         "threadId",
         "turnId"
       ],
@@ -598,6 +607,11 @@
             "null"
           ]
         },
+        "startedAtMs": {
+          "description": "Unix timestamp (in milliseconds) when this approval request started.",
+          "format": "int64",
+          "type": "integer"
+        },
         "threadId": {
           "type": "string"
         },
@@ -607,6 +621,7 @@
       },
       "required": [
         "itemId",
+        "startedAtMs",
         "threadId",
         "turnId"
       ],
@@ -1587,6 +1602,11 @@
             "null"
           ]
         },
+        "startedAtMs": {
+          "description": "Unix timestamp (in milliseconds) when this approval request started.",
+          "format": "int64",
+          "type": "integer"
+        },
         "threadId": {
           "type": "string"
         },
@@ -1598,6 +1618,7 @@
         "cwd",
         "itemId",
         "permissions",
+        "startedAtMs",
         "threadId",
         "turnId"
       ],
@@ -1900,6 +1921,31 @@
       "title": "Account/chatgptAuthTokens/refreshRequest",
       "type": "object"
     },
+    {
+      "description": "Generate a fresh upstream attestation result on demand.",
+      "properties": {
+        "id": {
+          "$ref": "#/definitions/RequestId"
+        },
+        "method": {
+          "enum": [
+            "attestation/generate"
+          ],
+          "title": "Attestation/generateRequestMethod",
+          "type": "string"
+        },
+        "params": {
+          "$ref": "#/definitions/AttestationGenerateParams"
+        }
+      },
+      "required": [
+        "id",
+        "method",
+        "params"
+      ],
+      "title": "Attestation/generateRequest",
+      "type": "object"
+    },
     {
       "description": "DEPRECATED APIs below Request to approve a patch. This request is used for Turns started via the legacy APIs (i.e. SendUserTurn, SendUserMessage).",
       "properties": {

codex-rs/app-server-protocol/schema/json/v1/InitializeParams.json

@@ -39,6 +39,11 @@
             "array",
             "null"
           ]
+        },
+        "requestAttestation": {
+          "default": false,
+          "description": "Opt into `attestation/generate` requests for upstream `x-oai-attestation`.",
+          "type": "boolean"
         }
       },
       "type": "object"

codex-rs/app-server-protocol/schema/json/v2/ConfigReadResponse.json

@@ -352,13 +352,9 @@
           ]
         },
         "service_tier": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/ServiceTier"
-            },
-            {
-              "type": "null"
-            }
+          "type": [
+            "string",
+            "null"
           ]
         },
         "tools": {
@@ -658,13 +654,9 @@
           ]
         },
         "service_tier": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/ServiceTier"
-            },
-            {
-              "type": "null"
-            }
+          "type": [
+            "string",
+            "null"
           ]
         },
         "tools": {
@@ -754,13 +746,6 @@
       },
       "type": "object"
     },
-    "ServiceTier": {
-      "enum": [
-        "fast",
-        "flex"
-      ],
-      "type": "string"
-    },
     "ToolsV2": {
       "properties": {
         "view_image": {

codex-rs/app-server-protocol/schema/json/v2/ConfigRequirementsReadResponse.json

@@ -213,12 +213,24 @@
           },
           "type": "array"
         },
+        "PostCompact": {
+          "items": {
+            "$ref": "#/definitions/ConfiguredHookMatcherGroup"
+          },
+          "type": "array"
+        },
         "PostToolUse": {
           "items": {
             "$ref": "#/definitions/ConfiguredHookMatcherGroup"
           },
           "type": "array"
         },
+        "PreCompact": {
+          "items": {
+            "$ref": "#/definitions/ConfiguredHookMatcherGroup"
+          },
+          "type": "array"
+        },
         "PreToolUse": {
           "items": {
             "$ref": "#/definitions/ConfiguredHookMatcherGroup"
@@ -258,7 +270,9 @@
       },
       "required": [
         "PermissionRequest",
+        "PostCompact",
         "PostToolUse",
+        "PreCompact",
         "PreToolUse",
         "SessionStart",
         "Stop",

codex-rs/app-server-protocol/schema/json/v2/DeviceKeyCreateParams.json

@@ -1,39 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "DeviceKeyProtectionPolicy": {
-      "description": "Protection policy for creating or loading a controller-local device key.",
-      "enum": [
-        "hardware_only",
-        "allow_os_protected_nonextractable"
-      ],
-      "type": "string"
-    }
-  },
-  "description": "Create a controller-local device key with a random key id.",
-  "properties": {
-    "accountUserId": {
-      "type": "string"
-    },
-    "clientId": {
-      "type": "string"
-    },
-    "protectionPolicy": {
-      "anyOf": [
-        {
-          "$ref": "#/definitions/DeviceKeyProtectionPolicy"
-        },
-        {
-          "type": "null"
-        }
-      ],
-      "description": "Defaults to `hardware_only` when omitted."
-    }
-  },
-  "required": [
-    "accountUserId",
-    "clientId"
-  ],
-  "title": "DeviceKeyCreateParams",
-  "type": "object"
-}

codex-rs/app-server-protocol/schema/json/v2/DeviceKeyCreateResponse.json

@@ -1,45 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "DeviceKeyAlgorithm": {
-      "description": "Device-key algorithm reported at enrollment and signing boundaries.",
-      "enum": [
-        "ecdsa_p256_sha256"
-      ],
-      "type": "string"
-    },
-    "DeviceKeyProtectionClass": {
-      "description": "Platform protection class for a controller-local device key.",
-      "enum": [
-        "hardware_secure_enclave",
-        "hardware_tpm",
-        "os_protected_nonextractable"
-      ],
-      "type": "string"
-    }
-  },
-  "description": "Device-key metadata and public key returned by create/public APIs.",
-  "properties": {
-    "algorithm": {
-      "$ref": "#/definitions/DeviceKeyAlgorithm"
-    },
-    "keyId": {
-      "type": "string"
-    },
-    "protectionClass": {
-      "$ref": "#/definitions/DeviceKeyProtectionClass"
-    },
-    "publicKeySpkiDerBase64": {
-      "description": "SubjectPublicKeyInfo DER encoded as base64.",
-      "type": "string"
-    }
-  },
-  "required": [
-    "algorithm",
-    "keyId",
-    "protectionClass",
-    "publicKeySpkiDerBase64"
-  ],
-  "title": "DeviceKeyCreateResponse",
-  "type": "object"
-}

codex-rs/app-server-protocol/schema/json/v2/DeviceKeyPublicResponse.json

@@ -1,45 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "DeviceKeyAlgorithm": {
-      "description": "Device-key algorithm reported at enrollment and signing boundaries.",
-      "enum": [
-        "ecdsa_p256_sha256"
-      ],
-      "type": "string"
-    },
-    "DeviceKeyProtectionClass": {
-      "description": "Platform protection class for a controller-local device key.",
-      "enum": [
-        "hardware_secure_enclave",
-        "hardware_tpm",
-        "os_protected_nonextractable"
-      ],
-      "type": "string"
-    }
-  },
-  "description": "Device-key public metadata returned by `device/key/public`.",
-  "properties": {
-    "algorithm": {
-      "$ref": "#/definitions/DeviceKeyAlgorithm"
-    },
-    "keyId": {
-      "type": "string"
-    },
-    "protectionClass": {
-      "$ref": "#/definitions/DeviceKeyProtectionClass"
-    },
-    "publicKeySpkiDerBase64": {
-      "description": "SubjectPublicKeyInfo DER encoded as base64.",
-      "type": "string"
-    }
-  },
-  "required": [
-    "algorithm",
-    "keyId",
-    "protectionClass",
-    "publicKeySpkiDerBase64"
-  ],
-  "title": "DeviceKeyPublicResponse",
-  "type": "object"
-}

codex-rs/app-server-protocol/schema/json/v2/DeviceKeySignParams.json

@@ -1,165 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "DeviceKeySignPayload": {
-      "description": "Structured payloads accepted by `device/key/sign`.",
-      "oneOf": [
-        {
-          "description": "Payload bound to one remote-control controller websocket `/client` connection challenge.",
-          "properties": {
-            "accountUserId": {
-              "type": "string"
-            },
-            "audience": {
-              "$ref": "#/definitions/RemoteControlClientConnectionAudience"
-            },
-            "clientId": {
-              "type": "string"
-            },
-            "nonce": {
-              "type": "string"
-            },
-            "scopes": {
-              "description": "Must contain exactly `remote_control_controller_websocket`.",
-              "items": {
-                "type": "string"
-              },
-              "type": "array"
-            },
-            "sessionId": {
-              "description": "Backend-issued websocket session id that this proof authorizes.",
-              "type": "string"
-            },
-            "targetOrigin": {
-              "description": "Origin of the backend endpoint that issued the challenge and will verify this proof.",
-              "type": "string"
-            },
-            "targetPath": {
-              "description": "Websocket route path that this proof authorizes.",
-              "type": "string"
-            },
-            "tokenExpiresAt": {
-              "description": "Remote-control token expiration as Unix seconds.",
-              "format": "int64",
-              "type": "integer"
-            },
-            "tokenSha256Base64url": {
-              "description": "SHA-256 of the controller-scoped remote-control token, encoded as unpadded base64url.",
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "remoteControlClientConnection"
-              ],
-              "title": "RemoteControlClientConnectionDeviceKeySignPayloadType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "accountUserId",
-            "audience",
-            "clientId",
-            "nonce",
-            "scopes",
-            "sessionId",
-            "targetOrigin",
-            "targetPath",
-            "tokenExpiresAt",
-            "tokenSha256Base64url",
-            "type"
-          ],
-          "title": "RemoteControlClientConnectionDeviceKeySignPayload",
-          "type": "object"
-        },
-        {
-          "description": "Payload bound to a remote-control client `/client/enroll` ownership challenge.",
-          "properties": {
-            "accountUserId": {
-              "type": "string"
-            },
-            "audience": {
-              "$ref": "#/definitions/RemoteControlClientEnrollmentAudience"
-            },
-            "challengeExpiresAt": {
-              "description": "Enrollment challenge expiration as Unix seconds.",
-              "format": "int64",
-              "type": "integer"
-            },
-            "challengeId": {
-              "description": "Backend-issued enrollment challenge id that this proof authorizes.",
-              "type": "string"
-            },
-            "clientId": {
-              "type": "string"
-            },
-            "deviceIdentitySha256Base64url": {
-              "description": "SHA-256 of the requested device identity operation, encoded as unpadded base64url.",
-              "type": "string"
-            },
-            "nonce": {
-              "type": "string"
-            },
-            "targetOrigin": {
-              "description": "Origin of the backend endpoint that issued the challenge and will verify this proof.",
-              "type": "string"
-            },
-            "targetPath": {
-              "description": "HTTP route path that this proof authorizes.",
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "remoteControlClientEnrollment"
-              ],
-              "title": "RemoteControlClientEnrollmentDeviceKeySignPayloadType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "accountUserId",
-            "audience",
-            "challengeExpiresAt",
-            "challengeId",
-            "clientId",
-            "deviceIdentitySha256Base64url",
-            "nonce",
-            "targetOrigin",
-            "targetPath",
-            "type"
-          ],
-          "title": "RemoteControlClientEnrollmentDeviceKeySignPayload",
-          "type": "object"
-        }
-      ]
-    },
-    "RemoteControlClientConnectionAudience": {
-      "description": "Audience for a remote-control client connection device-key proof.",
-      "enum": [
-        "remote_control_client_websocket"
-      ],
-      "type": "string"
-    },
-    "RemoteControlClientEnrollmentAudience": {
-      "description": "Audience for a remote-control client enrollment device-key proof.",
-      "enum": [
-        "remote_control_client_enrollment"
-      ],
-      "type": "string"
-    }
-  },
-  "description": "Sign an accepted structured payload with a controller-local device key.",
-  "properties": {
-    "keyId": {
-      "type": "string"
-    },
-    "payload": {
-      "$ref": "#/definitions/DeviceKeySignPayload"
-    }
-  },
-  "required": [
-    "keyId",
-    "payload"
-  ],
-  "title": "DeviceKeySignParams",
-  "type": "object"
-}

codex-rs/app-server-protocol/schema/json/v2/DeviceKeySignResponse.json

@@ -1,33 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "DeviceKeyAlgorithm": {
-      "description": "Device-key algorithm reported at enrollment and signing boundaries.",
-      "enum": [
-        "ecdsa_p256_sha256"
-      ],
-      "type": "string"
-    }
-  },
-  "description": "ASN.1 DER signature returned by `device/key/sign`.",
-  "properties": {
-    "algorithm": {
-      "$ref": "#/definitions/DeviceKeyAlgorithm"
-    },
-    "signatureDerBase64": {
-      "description": "ECDSA signature DER encoded as base64.",
-      "type": "string"
-    },
-    "signedPayloadBase64": {
-      "description": "Exact bytes signed by the device key, encoded as base64. Verifiers must verify this byte string directly and must not reserialize `payload`.",
-      "type": "string"
-    }
-  },
-  "required": [
-    "algorithm",
-    "signatureDerBase64",
-    "signedPayloadBase64"
-  ],
-  "title": "DeviceKeySignResponse",
-  "type": "object"
-}

codex-rs/app-server-protocol/schema/json/v2/HookCompletedNotification.json

@@ -10,6 +10,8 @@
         "preToolUse",
         "permissionRequest",
         "postToolUse",
+        "preCompact",
+        "postCompact",
         "sessionStart",
         "userPromptSubmit",
         "stop"

codex-rs/app-server-protocol/schema/json/v2/HookStartedNotification.json

@@ -10,6 +10,8 @@
         "preToolUse",
         "permissionRequest",
         "postToolUse",
+        "preCompact",
+        "postCompact",
         "sessionStart",
         "userPromptSubmit",
         "stop"

codex-rs/app-server-protocol/schema/json/v2/HooksListResponse.json

@@ -25,6 +25,8 @@
         "preToolUse",
         "permissionRequest",
         "postToolUse",
+        "preCompact",
+        "postCompact",
         "sessionStart",
         "userPromptSubmit",
         "stop"

codex-rs/app-server-protocol/schema/json/v2/ItemGuardianApprovalReviewCompletedNotification.json

@@ -574,6 +574,11 @@
     "action": {
       "$ref": "#/definitions/GuardianApprovalReviewAction"
     },
+    "completedAtMs": {
+      "description": "Unix timestamp (in milliseconds) when this review completed.",
+      "format": "int64",
+      "type": "integer"
+    },
     "decisionSource": {
       "$ref": "#/definitions/AutoReviewDecisionSource"
     },
@@ -584,6 +589,11 @@
       "description": "Stable identifier for this review.",
       "type": "string"
     },
+    "startedAtMs": {
+      "description": "Unix timestamp (in milliseconds) when this review started.",
+      "format": "int64",
+      "type": "integer"
+    },
     "targetItemId": {
       "description": "Identifier for the reviewed item or tool call when one exists.\n\nIn most cases, one review maps to one target item. The exceptions are - execve reviews, where a single command may contain multiple execve calls to review (only possible when using the shell_zsh_fork feature) - network policy reviews, where there is no target item\n\nA network call is triggered by a CommandExecution item, so having a target_item_id set to the CommandExecution item would be misleading because the review is about the network call, not the command execution. Therefore, target_item_id is set to None for network policy reviews.",
       "type": [
@@ -600,9 +610,11 @@
   },
   "required": [
     "action",
+    "completedAtMs",
     "decisionSource",
     "review",
     "reviewId",
+    "startedAtMs",
     "threadId",
     "turnId"
   ],

codex-rs/app-server-protocol/schema/json/v2/ItemGuardianApprovalReviewStartedNotification.json

@@ -574,6 +574,11 @@
       "description": "Stable identifier for this review.",
       "type": "string"
     },
+    "startedAtMs": {
+      "description": "Unix timestamp (in milliseconds) when this review started.",
+      "format": "int64",
+      "type": "integer"
+    },
     "targetItemId": {
       "description": "Identifier for the reviewed item or tool call when one exists.\n\nIn most cases, one review maps to one target item. The exceptions are - execve reviews, where a single command may contain multiple execve calls to review (only possible when using the shell_zsh_fork feature) - network policy reviews, where there is no target item\n\nA network call is triggered by a CommandExecution item, so having a target_item_id set to the CommandExecution item would be misleading because the review is about the network call, not the command execution. Therefore, target_item_id is set to None for network policy reviews.",
       "type": [
@@ -592,6 +597,7 @@
     "action",
     "review",
     "reviewId",
+    "startedAtMs",
     "threadId",
     "turnId"
   ],

codex-rs/app-server-protocol/schema/json/v2/PluginListParams.json

@@ -4,6 +4,14 @@
     "AbsolutePathBuf": {
       "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
       "type": "string"
+    },
+    "PluginListMarketplaceKind": {
+      "enum": [
+        "local",
+        "workspace-directory",
+        "shared-with-me"
+      ],
+      "type": "string"
     }
   },
   "properties": {
@@ -16,6 +24,16 @@
         "array",
         "null"
       ]
+    },
+    "marketplaceKinds": {
+      "description": "Optional marketplace kind filter. When omitted, only local marketplaces are queried, plus the default remote catalog when enabled by feature flag.",
+      "items": {
+        "$ref": "#/definitions/PluginListMarketplaceKind"
+      },
+      "type": [
+        "array",
+        "null"
+      ]
     }
   },
   "title": "PluginListParams",

codex-rs/app-server-protocol/schema/json/v2/PluginListResponse.json

@@ -232,6 +232,101 @@
       ],
       "type": "object"
     },
+    "PluginShareContext": {
+      "properties": {
+        "creatorAccountUserId": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "creatorName": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "discoverability": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/PluginShareDiscoverability"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "remotePluginId": {
+          "type": "string"
+        },
+        "sharePrincipals": {
+          "items": {
+            "$ref": "#/definitions/PluginSharePrincipal"
+          },
+          "type": [
+            "array",
+            "null"
+          ]
+        },
+        "shareUrl": {
+          "type": [
+            "string",
+            "null"
+          ]
+        }
+      },
+      "required": [
+        "remotePluginId"
+      ],
+      "type": "object"
+    },
+    "PluginShareDiscoverability": {
+      "enum": [
+        "LISTED",
+        "UNLISTED",
+        "PRIVATE"
+      ],
+      "type": "string"
+    },
+    "PluginSharePrincipal": {
+      "properties": {
+        "name": {
+          "type": "string"
+        },
+        "principalId": {
+          "type": "string"
+        },
+        "principalType": {
+          "$ref": "#/definitions/PluginSharePrincipalType"
+        },
+        "role": {
+          "$ref": "#/definitions/PluginSharePrincipalRole"
+        }
+      },
+      "required": [
+        "name",
+        "principalId",
+        "principalType",
+        "role"
+      ],
+      "type": "object"
+    },
+    "PluginSharePrincipalRole": {
+      "enum": [
+        "reader",
+        "editor",
+        "owner"
+      ],
+      "type": "string"
+    },
+    "PluginSharePrincipalType": {
+      "enum": [
+        "user",
+        "group",
+        "workspace"
+      ],
+      "type": "string"
+    },
     "PluginSource": {
       "oneOf": [
         {
@@ -357,6 +452,17 @@
         "name": {
           "type": "string"
         },
+        "shareContext": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/PluginShareContext"
+            },
+            {
+              "type": "null"
+            }
+          ],
+          "description": "Remote sharing context associated with this plugin when available."
+        },
         "source": {
           "$ref": "#/definitions/PluginSource"
         }

codex-rs/app-server-protocol/schema/json/v2/PluginReadResponse.json

@@ -37,6 +37,19 @@
       ],
       "type": "object"
     },
+    "HookEventName": {
+      "enum": [
+        "preToolUse",
+        "permissionRequest",
+        "postToolUse",
+        "preCompact",
+        "postCompact",
+        "sessionStart",
+        "userPromptSubmit",
+        "stop"
+      ],
+      "type": "string"
+    },
     "PluginAuthPolicy": {
       "enum": [
         "ON_INSTALL",
@@ -75,6 +88,12 @@
             "null"
           ]
         },
+        "hooks": {
+          "items": {
+            "$ref": "#/definitions/PluginHookSummary"
+          },
+          "type": "array"
+        },
         "marketplaceName": {
           "type": "string"
         },
@@ -106,6 +125,7 @@
       },
       "required": [
         "apps",
+        "hooks",
         "marketplaceName",
         "mcpServers",
         "skills",
@@ -113,6 +133,21 @@
       ],
       "type": "object"
     },
+    "PluginHookSummary": {
+      "properties": {
+        "eventName": {
+          "$ref": "#/definitions/HookEventName"
+        },
+        "key": {
+          "type": "string"
+        }
+      },
+      "required": [
+        "eventName",
+        "key"
+      ],
+      "type": "object"
+    },
     "PluginInstallPolicy": {
       "enum": [
         "NOT_AVAILABLE",
@@ -251,6 +286,101 @@
       ],
       "type": "object"
     },
+    "PluginShareContext": {
+      "properties": {
+        "creatorAccountUserId": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "creatorName": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "discoverability": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/PluginShareDiscoverability"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "remotePluginId": {
+          "type": "string"
+        },
+        "sharePrincipals": {
+          "items": {
+            "$ref": "#/definitions/PluginSharePrincipal"
+          },
+          "type": [
+            "array",
+            "null"
+          ]
+        },
+        "shareUrl": {
+          "type": [
+            "string",
+            "null"
+          ]
+        }
+      },
+      "required": [
+        "remotePluginId"
+      ],
+      "type": "object"
+    },
+    "PluginShareDiscoverability": {
+      "enum": [
+        "LISTED",
+        "UNLISTED",
+        "PRIVATE"
+      ],
+      "type": "string"
+    },
+    "PluginSharePrincipal": {
+      "properties": {
+        "name": {
+          "type": "string"
+        },
+        "principalId": {
+          "type": "string"
+        },
+        "principalType": {
+          "$ref": "#/definitions/PluginSharePrincipalType"
+        },
+        "role": {
+          "$ref": "#/definitions/PluginSharePrincipalRole"
+        }
+      },
+      "required": [
+        "name",
+        "principalId",
+        "principalType",
+        "role"
+      ],
+      "type": "object"
+    },
+    "PluginSharePrincipalRole": {
+      "enum": [
+        "reader",
+        "editor",
+        "owner"
+      ],
+      "type": "string"
+    },
+    "PluginSharePrincipalType": {
+      "enum": [
+        "user",
+        "group",
+        "workspace"
+      ],
+      "type": "string"
+    },
     "PluginSource": {
       "oneOf": [
         {
@@ -376,6 +506,17 @@
         "name": {
           "type": "string"
         },
+        "shareContext": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/PluginShareContext"
+            },
+            {
+              "type": "null"
+            }
+          ],
+          "description": "Remote sharing context associated with this plugin when available."
+        },
         "source": {
           "$ref": "#/definitions/PluginSource"
         }

codex-rs/app-server-protocol/schema/json/v2/PluginShareListResponse.json

@@ -167,6 +167,62 @@
       ],
       "type": "object"
     },
+    "PluginShareContext": {
+      "properties": {
+        "creatorAccountUserId": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "creatorName": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "discoverability": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/PluginShareDiscoverability"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "remotePluginId": {
+          "type": "string"
+        },
+        "sharePrincipals": {
+          "items": {
+            "$ref": "#/definitions/PluginSharePrincipal"
+          },
+          "type": [
+            "array",
+            "null"
+          ]
+        },
+        "shareUrl": {
+          "type": [
+            "string",
+            "null"
+          ]
+        }
+      },
+      "required": [
+        "remotePluginId"
+      ],
+      "type": "object"
+    },
+    "PluginShareDiscoverability": {
+      "enum": [
+        "LISTED",
+        "UNLISTED",
+        "PRIVATE"
+      ],
+      "type": "string"
+    },
     "PluginShareListItem": {
       "properties": {
         "localPluginPath": {
@@ -181,17 +237,52 @@
         },
         "plugin": {
           "$ref": "#/definitions/PluginSummary"
-        },
-        "shareUrl": {
-          "type": "string"
         }
       },
       "required": [
-        "plugin",
-        "shareUrl"
+        "plugin"
       ],
       "type": "object"
     },
+    "PluginSharePrincipal": {
+      "properties": {
+        "name": {
+          "type": "string"
+        },
+        "principalId": {
+          "type": "string"
+        },
+        "principalType": {
+          "$ref": "#/definitions/PluginSharePrincipalType"
+        },
+        "role": {
+          "$ref": "#/definitions/PluginSharePrincipalRole"
+        }
+      },
+      "required": [
+        "name",
+        "principalId",
+        "principalType",
+        "role"
+      ],
+      "type": "object"
+    },
+    "PluginSharePrincipalRole": {
+      "enum": [
+        "reader",
+        "editor",
+        "owner"
+      ],
+      "type": "string"
+    },
+    "PluginSharePrincipalType": {
+      "enum": [
+        "user",
+        "group",
+        "workspace"
+      ],
+      "type": "string"
+    },
     "PluginSource": {
       "oneOf": [
         {
@@ -317,6 +408,17 @@
         "name": {
           "type": "string"
         },
+        "shareContext": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/PluginShareContext"
+            },
+            {
+              "type": "null"
+            }
+          ],
+          "description": "Remote sharing context associated with this plugin when available."
+        },
         "source": {
           "$ref": "#/definitions/PluginSource"
         }

codex-rs/app-server-protocol/schema/json/v2/PluginShareSaveParams.json

@@ -28,13 +28,24 @@
         },
         "principalType": {
           "$ref": "#/definitions/PluginSharePrincipalType"
+        },
+        "role": {
+          "$ref": "#/definitions/PluginShareTargetRole"
         }
       },
       "required": [
         "principalId",
-        "principalType"
+        "principalType",
+        "role"
       ],
       "type": "object"
+    },
+    "PluginShareTargetRole": {
+      "enum": [
+        "reader",
+        "editor"
+      ],
+      "type": "string"
     }
   },
   "properties": {

codex-rs/app-server-protocol/schema/json/v2/PluginShareUpdateTargetsParams.json

@@ -16,16 +16,37 @@
         },
         "principalType": {
           "$ref": "#/definitions/PluginSharePrincipalType"
+        },
+        "role": {
+          "$ref": "#/definitions/PluginShareTargetRole"
         }
       },
       "required": [
         "principalId",
-        "principalType"
+        "principalType",
+        "role"
       ],
       "type": "object"
+    },
+    "PluginShareTargetRole": {
+      "enum": [
+        "reader",
+        "editor"
+      ],
+      "type": "string"
+    },
+    "PluginShareUpdateDiscoverability": {
+      "enum": [
+        "UNLISTED",
+        "PRIVATE"
+      ],
+      "type": "string"
     }
   },
   "properties": {
+    "discoverability": {
+      "$ref": "#/definitions/PluginShareUpdateDiscoverability"
+    },
     "remotePluginId": {
       "type": "string"
     },
@@ -37,6 +58,7 @@
     }
   },
   "required": [
+    "discoverability",
     "remotePluginId",
     "shareTargets"
   ],

codex-rs/app-server-protocol/schema/json/v2/PluginShareUpdateTargetsResponse.json

@@ -1,6 +1,14 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
   "definitions": {
+    "PluginShareDiscoverability": {
+      "enum": [
+        "LISTED",
+        "UNLISTED",
+        "PRIVATE"
+      ],
+      "type": "string"
+    },
     "PluginSharePrincipal": {
       "properties": {
         "name": {
@@ -11,15 +19,27 @@
         },
         "principalType": {
           "$ref": "#/definitions/PluginSharePrincipalType"
+        },
+        "role": {
+          "$ref": "#/definitions/PluginSharePrincipalRole"
         }
       },
       "required": [
         "name",
         "principalId",
-        "principalType"
+        "principalType",
+        "role"
       ],
       "type": "object"
     },
+    "PluginSharePrincipalRole": {
+      "enum": [
+        "reader",
+        "editor",
+        "owner"
+      ],
+      "type": "string"
+    },
     "PluginSharePrincipalType": {
       "enum": [
         "user",
@@ -30,6 +50,9 @@
     }
   },
   "properties": {
+    "discoverability": {
+      "$ref": "#/definitions/PluginShareDiscoverability"
+    },
     "principals": {
       "items": {
         "$ref": "#/definitions/PluginSharePrincipal"
@@ -38,6 +61,7 @@
     }
   },
   "required": [
+    "discoverability",
     "principals"
   ],
   "title": "PluginShareUpdateTargetsResponse",

codex-rs/app-server-protocol/schema/json/v2/RemoteControlStatusChangedNotification.json

@@ -11,7 +11,7 @@
       "type": "string"
     }
   },
-  "description": "Current remote-control connection status and environment id exposed to clients.",
+  "description": "Current remote-control connection status and remote identity exposed to clients.",
   "properties": {
     "environmentId": {
       "type": [
@@ -19,11 +19,15 @@
         "null"
       ]
     },
+    "installationId": {
+      "type": "string"
+    },
     "status": {
       "$ref": "#/definitions/RemoteControlConnectionStatus"
     }
   },
   "required": [
+    "installationId",
     "status"
   ],
   "title": "RemoteControlStatusChangedNotification",

codex-rs/app-server-protocol/schema/json/v2/SkillsListParams.json

@@ -1,25 +1,5 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "SkillsListExtraRootsForCwd": {
-      "properties": {
-        "cwd": {
-          "type": "string"
-        },
-        "extraUserRoots": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "required": [
-        "cwd",
-        "extraUserRoots"
-      ],
-      "type": "object"
-    }
-  },
   "properties": {
     "cwds": {
       "description": "When empty, defaults to the current session working directory.",
@@ -31,17 +11,6 @@
     "forceReload": {
       "description": "When true, bypass the skills cache and re-scan skills from disk.",
       "type": "boolean"
-    },
-    "perCwdExtraUserRoots": {
-      "default": null,
-      "description": "Optional per-cwd extra roots to scan as user-scoped skills.",
-      "items": {
-        "$ref": "#/definitions/SkillsListExtraRootsForCwd"
-      },
-      "type": [
-        "array",
-        "null"
-      ]
     }
   },
   "title": "SkillsListParams",

codex-rs/app-server-protocol/schema/json/v2/ThreadForkParams.json

@@ -131,13 +131,6 @@
       ],
       "type": "string"
     },
-    "ServiceTier": {
-      "enum": [
-        "fast",
-        "flex"
-      ],
-      "type": "string"
-    },
     "ThreadSource": {
       "enum": [
         "user",
@@ -222,20 +215,9 @@
       ]
     },
     "serviceTier": {
-      "anyOf": [
-        {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/ServiceTier"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
-        {
-          "type": "null"
-        }
+      "type": [
+        "string",
+        "null"
       ]
     },
     "threadId": {

codex-rs/app-server-protocol/schema/json/v2/ThreadForkResponse.json

@@ -1177,13 +1177,6 @@
         }
       ]
     },
-    "ServiceTier": {
-      "enum": [
-        "fast",
-        "flex"
-      ],
-      "type": "string"
-    },
     "SessionSource": {
       "oneOf": [
         {
@@ -1403,6 +1396,10 @@
           "description": "Usually the first user message in the thread, if available.",
           "type": "string"
         },
+        "sessionId": {
+          "description": "Session id shared by threads that belong to the same session tree.",
+          "type": "string"
+        },
         "source": {
           "allOf": [
             {
@@ -1451,6 +1448,7 @@
         "id",
         "modelProvider",
         "preview",
+        "sessionId",
         "source",
         "status",
         "turns",
@@ -2610,13 +2608,9 @@
       "description": "Legacy sandbox policy retained for compatibility. Experimental clients should prefer `permissionProfile` when they need exact runtime permissions."
     },
     "serviceTier": {
-      "anyOf": [
-        {
-          "$ref": "#/definitions/ServiceTier"
-        },
-        {
-          "type": "null"
-        }
+      "type": [
+        "string",
+        "null"
       ]
     },
     "thread": {

codex-rs/app-server-protocol/schema/json/v2/ThreadListResponse.json

@@ -853,6 +853,10 @@
           "description": "Usually the first user message in the thread, if available.",
           "type": "string"
         },
+        "sessionId": {
+          "description": "Session id shared by threads that belong to the same session tree.",
+          "type": "string"
+        },
         "source": {
           "allOf": [
             {
@@ -901,6 +905,7 @@
         "id",
         "modelProvider",
         "preview",
+        "sessionId",
         "source",
         "status",
         "turns",

codex-rs/app-server-protocol/schema/json/v2/ThreadMetadataUpdateResponse.json

@@ -853,6 +853,10 @@
           "description": "Usually the first user message in the thread, if available.",
           "type": "string"
         },
+        "sessionId": {
+          "description": "Session id shared by threads that belong to the same session tree.",
+          "type": "string"
+        },
         "source": {
           "allOf": [
             {
@@ -901,6 +905,7 @@
         "id",
         "modelProvider",
         "preview",
+        "sessionId",
         "source",
         "status",
         "turns",

codex-rs/app-server-protocol/schema/json/v2/ThreadReadResponse.json

@@ -853,6 +853,10 @@
           "description": "Usually the first user message in the thread, if available.",
           "type": "string"
         },
+        "sessionId": {
+          "description": "Session id shared by threads that belong to the same session tree.",
+          "type": "string"
+        },
         "source": {
           "allOf": [
             {
@@ -901,6 +905,7 @@
         "id",
         "modelProvider",
         "preview",
+        "sessionId",
         "source",
         "status",
         "turns",

codex-rs/app-server-protocol/schema/json/v2/ThreadResumeParams.json

@@ -1010,13 +1010,6 @@
         "danger-full-access"
       ],
       "type": "string"
-    },
-    "ServiceTier": {
-      "enum": [
-        "fast",
-        "flex"
-      ],
-      "type": "string"
     }
   },
   "description": "There are three ways to resume a thread: 1. By thread_id: load the thread from disk by thread_id and resume it. 2. By history: instantiate the thread from memory and resume it. 3. By path: load the thread from disk by path and resume it.\n\nThe precedence is: history > path > thread_id. If using history or path, the thread_id param will be ignored.\n\nPrefer using thread_id whenever possible.",
@@ -1101,20 +1094,9 @@
       ]
     },
     "serviceTier": {
-      "anyOf": [
-        {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/ServiceTier"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
-        {
-          "type": "null"
-        }
+      "type": [
+        "string",
+        "null"
       ]
     },
     "threadId": {

codex-rs/app-server-protocol/schema/json/v2/ThreadResumeResponse.json

@@ -1177,13 +1177,6 @@
         }
       ]
     },
-    "ServiceTier": {
-      "enum": [
-        "fast",
-        "flex"
-      ],
-      "type": "string"
-    },
     "SessionSource": {
       "oneOf": [
         {
@@ -1403,6 +1396,10 @@
           "description": "Usually the first user message in the thread, if available.",
           "type": "string"
         },
+        "sessionId": {
+          "description": "Session id shared by threads that belong to the same session tree.",
+          "type": "string"
+        },
         "source": {
           "allOf": [
             {
@@ -1451,6 +1448,7 @@
         "id",
         "modelProvider",
         "preview",
+        "sessionId",
         "source",
         "status",
         "turns",
@@ -2610,13 +2608,9 @@
       "description": "Legacy sandbox policy retained for compatibility. Experimental clients should prefer `permissionProfile` when they need exact runtime permissions."
     },
     "serviceTier": {
-      "anyOf": [
-        {
-          "$ref": "#/definitions/ServiceTier"
-        },
-        {
-          "type": "null"
-        }
+      "type": [
+        "string",
+        "null"
       ]
     },
     "thread": {

codex-rs/app-server-protocol/schema/json/v2/ThreadRollbackResponse.json

@@ -853,6 +853,10 @@
           "description": "Usually the first user message in the thread, if available.",
           "type": "string"
         },
+        "sessionId": {
+          "description": "Session id shared by threads that belong to the same session tree.",
+          "type": "string"
+        },
         "source": {
           "allOf": [
             {
@@ -901,6 +905,7 @@
         "id",
         "modelProvider",
         "preview",
+        "sessionId",
         "source",
         "status",
         "turns",

codex-rs/app-server-protocol/schema/json/v2/ThreadStartParams.json

@@ -165,13 +165,6 @@
       ],
       "type": "string"
     },
-    "ServiceTier": {
-      "enum": [
-        "fast",
-        "flex"
-      ],
-      "type": "string"
-    },
     "ThreadSource": {
       "enum": [
         "user",
@@ -295,20 +288,9 @@
       ]
     },
     "serviceTier": {
-      "anyOf": [
-        {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/ServiceTier"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
-        {
-          "type": "null"
-        }
+      "type": [
+        "string",
+        "null"
       ]
     },
     "sessionStartSource": {

codex-rs/app-server-protocol/schema/json/v2/ThreadStartResponse.json

@@ -1177,13 +1177,6 @@
         }
       ]
     },
-    "ServiceTier": {
-      "enum": [
-        "fast",
-        "flex"
-      ],
-      "type": "string"
-    },
     "SessionSource": {
       "oneOf": [
         {
@@ -1403,6 +1396,10 @@
           "description": "Usually the first user message in the thread, if available.",
           "type": "string"
         },
+        "sessionId": {
+          "description": "Session id shared by threads that belong to the same session tree.",
+          "type": "string"
+        },
         "source": {
           "allOf": [
             {
@@ -1451,6 +1448,7 @@
         "id",
         "modelProvider",
         "preview",
+        "sessionId",
         "source",
         "status",
         "turns",
@@ -2610,13 +2608,9 @@
       "description": "Legacy sandbox policy retained for compatibility. Experimental clients should prefer `permissionProfile` when they need exact runtime permissions."
     },
     "serviceTier": {
-      "anyOf": [
-        {
-          "$ref": "#/definitions/ServiceTier"
-        },
-        {
-          "type": "null"
-        }
+      "type": [
+        "string",
+        "null"
       ]
     },
     "thread": {

codex-rs/app-server-protocol/schema/json/v2/ThreadStartedNotification.json

@@ -853,6 +853,10 @@
           "description": "Usually the first user message in the thread, if available.",
           "type": "string"
         },
+        "sessionId": {
+          "description": "Session id shared by threads that belong to the same session tree.",
+          "type": "string"
+        },
         "source": {
           "allOf": [
             {
@@ -901,6 +905,7 @@
         "id",
         "modelProvider",
         "preview",
+        "sessionId",
         "source",
         "status",
         "turns",

codex-rs/app-server-protocol/schema/json/v2/ThreadUnarchiveResponse.json

@@ -853,6 +853,10 @@
           "description": "Usually the first user message in the thread, if available.",
           "type": "string"
         },
+        "sessionId": {
+          "description": "Session id shared by threads that belong to the same session tree.",
+          "type": "string"
+        },
         "source": {
           "allOf": [
             {
@@ -901,6 +905,7 @@
         "id",
         "modelProvider",
         "preview",
+        "sessionId",
         "source",
         "status",
         "turns",

codex-rs/app-server-protocol/schema/json/v2/TurnStartParams.json

@@ -312,13 +312,6 @@
         }
       ]
     },
-    "ServiceTier": {
-      "enum": [
-        "fast",
-        "flex"
-      ],
-      "type": "string"
-    },
     "Settings": {
       "description": "Settings for a collaboration mode.",
       "properties": {
@@ -586,22 +579,11 @@
       "description": "Override the sandbox policy for this turn and subsequent turns."
     },
     "serviceTier": {
-      "anyOf": [
-        {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/ServiceTier"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
-        {
-          "type": "null"
-        }
-      ],
-      "description": "Override the service tier for this turn and subsequent turns."
+      "description": "Override the service tier for this turn and subsequent turns.",
+      "type": [
+        "string",
+        "null"
+      ]
     },
     "summary": {
       "anyOf": [