Using cached connector directory for discoverable tools list (#21497 )

## Summary Startup tool construction currently depends on connector directory metadata for `tool_suggest` discoverables. On a cold directory cache, that can put slow connector-directory requests on the blocking path even though the tools array only needs directory data for install suggestions, not for the live connector MCP tools themselves. This PR keeps the discoverables path off that cold network fetch: - read connector directory metadata from cache only when building discoverable tools - persist connector directory metadata to `~/.codex/cache/codex_app_directory/<hash>.json` and use it to hydrate the in-memory cache on later runs before the normal refresh path updates it - use connector-directory-specific cache naming to distinguish this metadata cache from the separate Codex Apps tools-spec cache This reduces first-turn startup work without changing how live connector MCP tools are sourced. Longer term, directory-backed install suggestions should move to a search-based flow so they no longer need to be inlined into the tools prompt at all. ## Testing - `cargo test -p codex-connectors` - `cargo test -p codex-chatgpt` - `cargo test -p codex-core request_plugin_install_is_available_without_search_tool_after_discovery_attempts` - `cargo test -p codex-core tool_suggest_uses_connector_id_fallback_when_directory_cache_is_empty`
Enable --deny-warnings for cargo shear (#21616 )
2026-05-08 21:32:33 +00:00 · 2026-05-08 14:14:11 -07:00 · 2026-05-08 20:29:00 +00:00 · 2026-05-08 13:20:05 -07:00 · 2026-05-08 13:00:57 -07:00 · 2026-05-08 22:37:10 +03:00
566 changed files with 12490 additions and 12362 deletions
--- a/.github/ISSUE_TEMPLATE/3-cli.yml
+++ b/.github/ISSUE_TEMPLATE/3-cli.yml
@@ -2,7 +2,6 @@ name: 💻 CLI Bug
 description: Report an issue in the Codex CLI
 labels:
  - bug
-  - needs triage
 body:
  - type: markdown
    attributes:
@@ -41,9 +40,9 @@ body:
    id: terminal
    attributes:
      label: What terminal emulator and version are you using (if applicable)?
-      description: Also note any multiplexer in use (screen / tmux / zellij)
      description: |
-        E.g, VSCode, Terminal.app, iTerm2, Ghostty, Windows Terminal (WSL / PowerShell)
+        Also note any multiplexer in use (screen / tmux / zellij).
+        E.g., VS Code, Terminal.app, iTerm2, Ghostty, Windows Terminal (WSL / PowerShell)
  - type: textarea
    id: actual
    attributes:
--- a/.github/ISSUE_TEMPLATE/5-feature-request.yml
+++ b/.github/ISSUE_TEMPLATE/5-feature-request.yml
@@ -10,7 +10,7 @@ body:

        Before you submit a feature:
        1. Search existing issues for similar features. If you find one, 👍 it rather than opening a new one.
-        2. The Codex team will try to balance the varying needs of the community when prioritizing or rejecting new features. Not all features will be accepted. See [Contributing](https://github.com/openai/codex#contributing) for more details.
+        2. The Codex team will try to balance the varying needs of the community when prioritizing or rejecting new features. Not all features will be accepted. See [Contributing](https://github.com/openai/codex/blob/main/docs/contributing.md) for more details.

  - type: input
    id: variant
--- a/.github/ISSUE_TEMPLATE/6-docs-issue.yml
+++ b/.github/ISSUE_TEMPLATE/6-docs-issue.yml
@@ -1,6 +1,6 @@
 name: 📗 Documentation Issue
 description: Tell us if there is missing or incorrect documentation
-labels: [docs]
+labels: [documentation]
 body:
  - type: markdown
    attributes:
@@ -24,4 +24,4 @@ body:
  - type: textarea
    attributes:
      label: Where did you find it?
-      description: If possible, please provide the URL(s) where you found this issue.
+      description: If possible, please provide the URL(s) where you found this issue.
--- a/.github/actions/prepare-bazel-ci/action.yml
+++ b/.github/actions/prepare-bazel-ci/action.yml
@@ -50,7 +50,7 @@ runs:
    - name: Restore bazel repository cache
      id: cache_bazel_repository_restore
      continue-on-error: true
-      uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+      uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
      with:
        path: ${{ steps.setup_bazel.outputs.repository-cache-path }}
        key: ${{ steps.cache_bazel_repository_key.outputs.repository-cache-key }}
--- a/.github/actions/windows-code-sign/action.yml
+++ b/.github/actions/windows-code-sign/action.yml
@@ -30,7 +30,7 @@ runs:
  using: composite
  steps:
    - name: Azure login for Trusted Signing (OIDC)
-      uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2
+      uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
      with:
        client-id: ${{ inputs.client-id }}
        tenant-id: ${{ inputs.tenant-id }}
@@ -54,7 +54,7 @@ runs:
        } >> "$GITHUB_OUTPUT"

    - name: Sign Windows binaries with Azure Trusted Signing
-      uses: azure/trusted-signing-action@1d365fec12862c4aa68fcac418143d73f0cea293 # v0
+      uses: azure/trusted-signing-action@1d365fec12862c4aa68fcac418143d73f0cea293 # v0.5.11
      with:
        endpoint: ${{ inputs.endpoint }}
        trusted-signing-account-name: ${{ inputs.account-name }}
--- a/.github/dependabot.yaml
+++ b/.github/dependabot.yaml
@@ -6,25 +6,37 @@ updates:
    directory: .github/actions/codex
    schedule:
      interval: weekly
+    cooldown:
+      default-days: 7
  - package-ecosystem: cargo
    directories:
      - codex-rs
      - codex-rs/*
    schedule:
      interval: weekly
+    cooldown:
+      default-days: 7
  - package-ecosystem: devcontainers
    directory: /
    schedule:
      interval: weekly
+    cooldown:
+      default-days: 7
  - package-ecosystem: docker
    directory: codex-cli
    schedule:
      interval: weekly
+    cooldown:
+      default-days: 7
  - package-ecosystem: github-actions
    directory: /
    schedule:
      interval: weekly
+    cooldown:
+      default-days: 7
  - package-ecosystem: rust-toolchain
    directory: codex-rs
    schedule:
      interval: weekly
+    cooldown:
+      default-days: 7
--- a/.github/workflows/bazel.yml
+++ b/.github/workflows/bazel.yml
@@ -56,7 +56,9 @@ jobs:
    name: Bazel test on ${{ matrix.os }} for ${{ matrix.target }}

    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false

      - name: Check rusty_v8 MODULE.bazel checksums
        if: matrix.os == 'ubuntu-24.04' && matrix.target == 'x86_64-unknown-linux-gnu'
@@ -122,7 +124,7 @@ jobs:
      - name: Upload Bazel execution logs
        if: always() && !cancelled()
        continue-on-error: true
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
        with:
          name: bazel-execution-logs-test-${{ matrix.target }}
          path: ${{ runner.temp }}/bazel-execution-logs
@@ -133,7 +135,7 @@ jobs:
      - name: Save bazel repository cache
        if: always() && !cancelled() && steps.prepare_bazel.outputs.repository-cache-hit != 'true'
        continue-on-error: true
-        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
        with:
          path: ${{ steps.prepare_bazel.outputs.repository-cache-path }}
          key: ${{ steps.prepare_bazel.outputs.repository-cache-key }}
@@ -148,7 +150,9 @@ jobs:
    name: Bazel test on windows-latest for x86_64-pc-windows-gnullvm (native main)

    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false

      - name: Prepare Bazel CI
        id: prepare_bazel
@@ -195,7 +199,7 @@ jobs:
      - name: Upload Bazel execution logs
        if: always() && !cancelled()
        continue-on-error: true
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
        with:
          name: bazel-execution-logs-test-windows-native-x86_64-pc-windows-gnullvm
          path: ${{ runner.temp }}/bazel-execution-logs
@@ -206,7 +210,7 @@ jobs:
      - name: Save bazel repository cache
        if: always() && !cancelled() && steps.prepare_bazel.outputs.repository-cache-hit != 'true'
        continue-on-error: true
-        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
        with:
          path: ${{ steps.prepare_bazel.outputs.repository-cache-path }}
          key: ${{ steps.prepare_bazel.outputs.repository-cache-key }}
@@ -231,7 +235,9 @@ jobs:
    name: Bazel clippy on ${{ matrix.os }} for ${{ matrix.target }}

    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false

      - name: Prepare Bazel CI
        id: prepare_bazel
@@ -286,7 +292,7 @@ jobs:
      - name: Upload Bazel execution logs
        if: always() && !cancelled()
        continue-on-error: true
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
        with:
          name: bazel-execution-logs-clippy-${{ matrix.target }}
          path: ${{ runner.temp }}/bazel-execution-logs
@@ -297,7 +303,7 @@ jobs:
      - name: Save bazel repository cache
        if: always() && !cancelled() && steps.prepare_bazel.outputs.repository-cache-hit != 'true'
        continue-on-error: true
-        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
        with:
          path: ${{ steps.prepare_bazel.outputs.repository-cache-path }}
          key: ${{ steps.prepare_bazel.outputs.repository-cache-key }}
@@ -318,7 +324,9 @@ jobs:
    name: Verify release build on ${{ matrix.os }} for ${{ matrix.target }}

    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false

      - name: Prepare Bazel CI
        id: prepare_bazel
@@ -390,7 +398,7 @@ jobs:
      - name: Upload Bazel execution logs
        if: always() && !cancelled()
        continue-on-error: true
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
        with:
          name: bazel-execution-logs-verify-release-build-${{ matrix.target }}
          path: ${{ runner.temp }}/bazel-execution-logs
@@ -401,7 +409,7 @@ jobs:
      - name: Save bazel repository cache
        if: always() && !cancelled() && steps.prepare_bazel.outputs.repository-cache-hit != 'true'
        continue-on-error: true
-        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
        with:
          path: ${{ steps.prepare_bazel.outputs.repository-cache-path }}
          key: ${{ steps.prepare_bazel.outputs.repository-cache-key }}
--- a/.github/workflows/blob-size-policy.yml
+++ b/.github/workflows/blob-size-policy.yml
@@ -8,9 +8,10 @@ jobs:
    name: Blob size policy
    runs-on: ubuntu-24.04
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0
+          persist-credentials: false

      - name: Determine PR comparison range
        id: range
--- a/.github/workflows/cargo-deny.yml
+++ b/.github/workflows/cargo-deny.yml
@@ -14,7 +14,9 @@ jobs:
        working-directory: ./codex-rs
    steps:
      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false

      - name: Install Rust toolchain
        uses: dtolnay/rust-toolchain@a0b273b48ed29de4470960879e8381ff45632f26 # 1.93.0
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -12,7 +12,9 @@ jobs:
      NODE_OPTIONS: --max-old-space-size=4096
    steps:
      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false

      - name: Verify codex-rs Cargo manifests inherit workspace settings
        run: python3 .github/scripts/verify_cargo_workspace_manifests.py
@@ -29,7 +31,7 @@ jobs:
          run_install: false

      - name: Setup Node.js
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
        with:
          node-version: 22

@@ -63,7 +65,7 @@ jobs:
          echo "pack_output=$PACK_OUTPUT" >> "$GITHUB_OUTPUT"

      - name: Upload staged npm package artifact
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
        with:
          name: codex-npm-staging
          path: ${{ steps.stage_npm_package.outputs.pack_output }}
--- a/.github/workflows/close-stale-contributor-prs.yml
+++ b/.github/workflows/close-stale-contributor-prs.yml
@@ -17,7 +17,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Close inactive PRs from contributors
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@@ -18,9 +18,11 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
      - name: Annotate locations with typos
-        uses: codespell-project/codespell-problem-matcher@b80729f885d32f78a716c2f107b4db1025001c42 # v1
+        uses: codespell-project/codespell-problem-matcher@b80729f885d32f78a716c2f107b4db1025001c42 # v1.1.0
      - name: Codespell
        uses: codespell-project/actions-codespell@8f01853be192eb0f849a5c7d721450e7a467c579 # v2.2
        with:
--- a/.github/workflows/issue-deduplicator.yml
+++ b/.github/workflows/issue-deduplicator.yml
@@ -19,7 +19,9 @@ jobs:
      reason: ${{ steps.normalize-all.outputs.reason }}
      has_matches: ${{ steps.normalize-all.outputs.has_matches }}
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false

      - name: Prepare Codex inputs
        env:
@@ -155,7 +157,9 @@ jobs:
      reason: ${{ steps.normalize-open.outputs.reason }}
      has_matches: ${{ steps.normalize-open.outputs.has_matches }}
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false

      - name: Prepare Codex inputs
        env:
@@ -342,7 +346,7 @@ jobs:
      issues: write
    steps:
      - name: Comment on issue
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
        env:
          CODEX_OUTPUT: ${{ needs.select-final.outputs.codex_output }}
        with:
--- a/.github/workflows/issue-labeler.yml
+++ b/.github/workflows/issue-labeler.yml
@@ -17,7 +17,9 @@ jobs:
    outputs:
      codex_output: ${{ steps.codex.outputs.final-message }}
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false

      - id: codex
        uses: openai/codex-action@5c3f4ccdb2b8790f73d6b21751ac00e602aa0c02 # v1.7
--- a/.github/workflows/rust-ci-full.yml
+++ b/.github/workflows/rust-ci-full.yml
@@ -7,6 +7,11 @@ on:
  workflow_dispatch:

 # CI builds in debug (dev) for faster signal.
+env:
+  # Cargo's libgit2 transport has been flaky on macOS when fetching git
+  # dependencies with nested submodules. Use the system git CLI, which has
+  # better network/proxy behavior and matches Cargo's own suggested fallback.
+  CARGO_NET_GIT_FETCH_WITH_CLI: "true"

 jobs:
  # --- CI that doesn't need specific targets ---------------------------------
@@ -17,7 +22,9 @@ jobs:
      run:
        working-directory: codex-rs
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
      - uses: dtolnay/rust-toolchain@a0b273b48ed29de4470960879e8381ff45632f26 # 1.93.0
        with:
          components: rustfmt
@@ -31,14 +38,15 @@ jobs:
      run:
        working-directory: codex-rs
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - uses: dtolnay/rust-toolchain@a0b273b48ed29de4470960879e8381ff45632f26 # 1.93.0
-      - uses: taiki-e/install-action@44c6d64aa62cd779e873306675c7a58e86d6d532 # v2
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
-          tool: cargo-shear
-          version: 1.5.1
+          persist-credentials: false
+      - uses: dtolnay/rust-toolchain@a0b273b48ed29de4470960879e8381ff45632f26 # 1.93.0
+      - uses: taiki-e/install-action@44c6d64aa62cd779e873306675c7a58e86d6d532 # v2.62.49
+        with:
+          tool: cargo-shear@1.11.2
      - name: cargo shear
-        run: cargo shear
+        run: cargo shear --deny-warnings

  argument_comment_lint_package:
    name: Argument comment lint package
@@ -47,14 +55,16 @@ jobs:
      CARGO_DYLINT_VERSION: 5.0.0
      DYLINT_LINK_VERSION: 5.0.0
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
      - uses: dtolnay/rust-toolchain@a0b273b48ed29de4470960879e8381ff45632f26 # 1.93.0
        with:
          toolchain: nightly-2025-09-18
          components: llvm-tools-preview, rustc-dev, rust-src
      - name: Cache cargo-dylint tooling
        id: cargo_dylint_cache
-        uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
        with:
          path: |
            ~/.cargo/bin/cargo-dylint
@@ -97,7 +107,9 @@ jobs:
              group: codex-runners
              labels: codex-windows-x64
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
      - uses: ./.github/actions/setup-bazel-ci
        with:
          target: ${{ runner.os }}
@@ -233,7 +245,9 @@ jobs:
              labels: codex-windows-arm64

    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
      - name: Install Linux build dependencies
        if: ${{ runner.os == 'Linux' }}
        shell: bash
@@ -276,7 +290,7 @@ jobs:
      # avoid caching the large target dir on the gnu-dev job.
      - name: Restore cargo home cache
        id: cache_cargo_home_restore
-        uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
        with:
          path: |
            ~/.cargo/bin/
@@ -294,7 +308,7 @@ jobs:
      # Install and restore sccache cache
      - name: Install sccache
        if: ${{ env.USE_SCCACHE == 'true' }}
-        uses: taiki-e/install-action@44c6d64aa62cd779e873306675c7a58e86d6d532 # v2
+        uses: taiki-e/install-action@44c6d64aa62cd779e873306675c7a58e86d6d532 # v2.62.49
        with:
          tool: sccache
          version: 0.7.5
@@ -321,7 +335,7 @@ jobs:
      - name: Restore sccache cache (fallback)
        if: ${{ env.USE_SCCACHE == 'true' && env.SCCACHE_GHA_ENABLED != 'true' }}
        id: cache_sccache_restore
-        uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
        with:
          path: ${{ github.workspace }}/.sccache/
          key: sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ steps.lockhash.outputs.hash }}-${{ github.run_id }}
@@ -348,7 +362,7 @@ jobs:
      - if: ${{ matrix.target == 'x86_64-unknown-linux-musl' || matrix.target == 'aarch64-unknown-linux-musl'}}
        name: Restore APT cache (musl)
        id: cache_apt_restore
-        uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
        with:
          path: |
            /var/cache/apt
@@ -356,7 +370,7 @@ jobs:

      - if: ${{ matrix.target == 'x86_64-unknown-linux-musl' || matrix.target == 'aarch64-unknown-linux-musl'}}
        name: Install Zig
-        uses: mlugg/setup-zig@d1434d08867e3ee9daa34448df10607b98908d29 # v2
+        uses: mlugg/setup-zig@d1434d08867e3ee9daa34448df10607b98908d29 # v2.2.1
        with:
          version: 0.14.0

@@ -430,7 +444,7 @@ jobs:

      - name: Install cargo-chef
        if: ${{ matrix.profile == 'release' }}
-        uses: taiki-e/install-action@44c6d64aa62cd779e873306675c7a58e86d6d532 # v2
+        uses: taiki-e/install-action@44c6d64aa62cd779e873306675c7a58e86d6d532 # v2.62.49
        with:
          tool: cargo-chef
          version: 0.1.71
@@ -449,7 +463,7 @@ jobs:

      - name: Upload Cargo timings (clippy)
        if: always()
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
        with:
          name: cargo-timings-rust-ci-clippy-${{ matrix.target }}-${{ matrix.profile }}
          path: codex-rs/target/**/cargo-timings/cargo-timing.html
@@ -460,7 +474,7 @@ jobs:
      - name: Save cargo home cache
        if: always() && !cancelled() && steps.cache_cargo_home_restore.outputs.cache-hit != 'true'
        continue-on-error: true
-        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
        with:
          path: |
            ~/.cargo/bin/
@@ -476,7 +490,7 @@ jobs:
      - name: Save sccache cache (fallback)
        if: always() && !cancelled() && env.USE_SCCACHE == 'true' && env.SCCACHE_GHA_ENABLED != 'true'
        continue-on-error: true
-        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
        with:
          path: ${{ github.workspace }}/.sccache/
          key: sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ steps.lockhash.outputs.hash }}-${{ github.run_id }}
@@ -501,7 +515,7 @@ jobs:
      - name: Save APT cache (musl)
        if: always() && !cancelled() && (matrix.target == 'x86_64-unknown-linux-musl' || matrix.target == 'aarch64-unknown-linux-musl') && steps.cache_apt_restore.outputs.cache-hit != 'true'
        continue-on-error: true
-        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
        with:
          path: |
            /var/cache/apt
@@ -559,7 +573,9 @@ jobs:
              labels: codex-windows-arm64

    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
      - name: Install Linux build dependencies
        if: ${{ runner.os == 'Linux' }}
        shell: bash
@@ -567,7 +583,7 @@ jobs:
          set -euo pipefail
          if command -v apt-get >/dev/null 2>&1; then
            sudo apt-get update -y
-            sudo DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends pkg-config libcap-dev
+            sudo DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends pkg-config libcap-dev bubblewrap
          fi

      # Some integration tests rely on DotSlash being installed.
@@ -590,7 +606,7 @@ jobs:

      - name: Restore cargo home cache
        id: cache_cargo_home_restore
-        uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
        with:
          path: |
            ~/.cargo/bin/
@@ -603,7 +619,7 @@ jobs:

      - name: Install sccache
        if: ${{ env.USE_SCCACHE == 'true' }}
-        uses: taiki-e/install-action@44c6d64aa62cd779e873306675c7a58e86d6d532 # v2
+        uses: taiki-e/install-action@44c6d64aa62cd779e873306675c7a58e86d6d532 # v2.62.49
        with:
          tool: sccache
          version: 0.7.5
@@ -630,7 +646,7 @@ jobs:
      - name: Restore sccache cache (fallback)
        if: ${{ env.USE_SCCACHE == 'true' && env.SCCACHE_GHA_ENABLED != 'true' }}
        id: cache_sccache_restore
-        uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache/restore@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
        with:
          path: ${{ github.workspace }}/.sccache/
          key: sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ steps.lockhash.outputs.hash }}-${{ github.run_id }}
@@ -638,7 +654,7 @@ jobs:
            sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ steps.lockhash.outputs.hash }}-
            sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-

-      - uses: taiki-e/install-action@44c6d64aa62cd779e873306675c7a58e86d6d532 # v2
+      - uses: taiki-e/install-action@44c6d64aa62cd779e873306675c7a58e86d6d532 # v2.62.49
        with:
          tool: nextest
          version: 0.9.103
@@ -674,7 +690,7 @@ jobs:

      - name: Upload Cargo timings (nextest)
        if: always()
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
        with:
          name: cargo-timings-rust-ci-nextest-${{ matrix.target }}-${{ matrix.profile }}
          path: codex-rs/target/**/cargo-timings/cargo-timing.html
@@ -683,7 +699,7 @@ jobs:
      - name: Save cargo home cache
        if: always() && !cancelled() && steps.cache_cargo_home_restore.outputs.cache-hit != 'true'
        continue-on-error: true
-        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
        with:
          path: |
            ~/.cargo/bin/
@@ -695,7 +711,7 @@ jobs:
      - name: Save sccache cache (fallback)
        if: always() && !cancelled() && env.USE_SCCACHE == 'true' && env.SCCACHE_GHA_ENABLED != 'true'
        continue-on-error: true
-        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
        with:
          path: ${{ github.workspace }}/.sccache/
          key: sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ steps.lockhash.outputs.hash }}-${{ github.run_id }}
@@ -722,10 +738,12 @@ jobs:
        shell: bash
        run: |
          set +e
-          if [[ "${{ steps.test.outcome }}" != "success" ]]; then
+          if [[ "${STEPS_TEST_OUTCOME}" != "success" ]]; then
            docker logs codex-remote-test-env || true
          fi
          docker rm -f codex-remote-test-env >/dev/null 2>&1 || true
+        env:
+          STEPS_TEST_OUTCOME: ${{ steps.test.outcome }}

      - name: verify tests passed
        if: steps.test.outcome == 'failure'
--- a/.github/workflows/rust-ci.yml
+++ b/.github/workflows/rust-ci.yml
@@ -14,9 +14,10 @@ jobs:
      codex: ${{ steps.detect.outputs.codex }}
      workflows: ${{ steps.detect.outputs.workflows }}
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0
+          persist-credentials: false
      - name: Detect changed paths (no external action)
        id: detect
        shell: bash
@@ -61,7 +62,9 @@ jobs:
      run:
        working-directory: codex-rs
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
      - uses: dtolnay/rust-toolchain@a0b273b48ed29de4470960879e8381ff45632f26 # 1.93.0
        with:
          components: rustfmt
@@ -77,14 +80,15 @@ jobs:
      run:
        working-directory: codex-rs
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - uses: dtolnay/rust-toolchain@a0b273b48ed29de4470960879e8381ff45632f26 # 1.93.0
-      - uses: taiki-e/install-action@44c6d64aa62cd779e873306675c7a58e86d6d532 # v2
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
-          tool: cargo-shear
-          version: 1.5.1
+          persist-credentials: false
+      - uses: dtolnay/rust-toolchain@a0b273b48ed29de4470960879e8381ff45632f26 # 1.93.0
+      - uses: taiki-e/install-action@44c6d64aa62cd779e873306675c7a58e86d6d532 # v2.62.49
+        with:
+          tool: cargo-shear@1.11.2
      - name: cargo shear
-        run: cargo shear
+        run: cargo shear --deny-warnings

  argument_comment_lint_package:
    name: Argument comment lint package
@@ -95,7 +99,9 @@ jobs:
      CARGO_DYLINT_VERSION: 5.0.0
      DYLINT_LINK_VERSION: 5.0.0
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
      - uses: dtolnay/rust-toolchain@a0b273b48ed29de4470960879e8381ff45632f26 # 1.93.0
      - name: Install nightly argument-comment-lint toolchain
        shell: bash
@@ -109,7 +115,7 @@ jobs:
          rustup default nightly-2025-09-18
      - name: Cache cargo-dylint tooling
        id: cargo_dylint_cache
-        uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
        with:
          path: |
            ~/.cargo/bin/cargo-dylint
@@ -170,8 +176,10 @@ jobs:

          echo "No argument-comment-lint relevant changes."
          echo "run=false" >> "$GITHUB_OUTPUT"
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        if: ${{ steps.argument_comment_lint_gate.outputs.run == 'true' }}
+        with:
+          persist-credentials: false
      - name: Run argument comment lint on codex-rs via Bazel
        if: ${{ steps.argument_comment_lint_gate.outputs.run == 'true' }}
        uses: ./.github/actions/run-argument-comment-lint
@@ -203,20 +211,25 @@ jobs:

          # If nothing relevant changed (PR touching only root README, etc.),
          # declare success regardless of other jobs.
-          if [[ '${{ needs.changed.outputs.argument_comment_lint }}' != 'true' && '${{ needs.changed.outputs.codex }}' != 'true' && '${{ needs.changed.outputs.workflows }}' != 'true' ]]; then
+          if [[ "${NEEDS_CHANGED_OUTPUTS_ARGUMENT_COMMENT_LINT}" != 'true' && "${NEEDS_CHANGED_OUTPUTS_CODEX}" != 'true' && "${NEEDS_CHANGED_OUTPUTS_WORKFLOWS}" != 'true' ]]; then
            echo 'No relevant changes -> CI not required.'
            exit 0
          fi

-          if [[ '${{ needs.changed.outputs.argument_comment_lint_package }}' == 'true' ]]; then
+          if [[ "${NEEDS_CHANGED_OUTPUTS_ARGUMENT_COMMENT_LINT_PACKAGE}" == 'true' ]]; then
            [[ '${{ needs.argument_comment_lint_package.result }}' == 'success' ]] || { echo 'argument_comment_lint_package failed'; exit 1; }
          fi

-          if [[ '${{ needs.changed.outputs.argument_comment_lint }}' == 'true' || '${{ needs.changed.outputs.workflows }}' == 'true' ]]; then
+          if [[ "${NEEDS_CHANGED_OUTPUTS_ARGUMENT_COMMENT_LINT}" == 'true' || "${NEEDS_CHANGED_OUTPUTS_WORKFLOWS}" == 'true' ]]; then
            [[ '${{ needs.argument_comment_lint_prebuilt.result }}' == 'success' ]] || { echo 'argument_comment_lint_prebuilt failed'; exit 1; }
          fi

-          if [[ '${{ needs.changed.outputs.codex }}' == 'true' || '${{ needs.changed.outputs.workflows }}' == 'true' ]]; then
+          if [[ "${NEEDS_CHANGED_OUTPUTS_CODEX}" == 'true' || "${NEEDS_CHANGED_OUTPUTS_WORKFLOWS}" == 'true' ]]; then
            [[ '${{ needs.general.result }}' == 'success' ]] || { echo 'general failed'; exit 1; }
            [[ '${{ needs.cargo_shear.result }}' == 'success' ]] || { echo 'cargo_shear failed'; exit 1; }
          fi
+        env:
+          NEEDS_CHANGED_OUTPUTS_ARGUMENT_COMMENT_LINT: ${{ needs.changed.outputs.argument_comment_lint }}
+          NEEDS_CHANGED_OUTPUTS_CODEX: ${{ needs.changed.outputs.codex }}
+          NEEDS_CHANGED_OUTPUTS_WORKFLOWS: ${{ needs.changed.outputs.workflows }}
+          NEEDS_CHANGED_OUTPUTS_ARGUMENT_COMMENT_LINT_PACKAGE: ${{ needs.changed.outputs.argument_comment_lint_package }}
--- a/.github/workflows/rust-release-argument-comment-lint.yml
+++ b/.github/workflows/rust-release-argument-comment-lint.yml
@@ -56,7 +56,9 @@ jobs:
              labels: codex-windows-x64

    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false

      - uses: dtolnay/rust-toolchain@a0b273b48ed29de4470960879e8381ff45632f26 # 1.93.0
        with:
@@ -100,7 +102,7 @@ jobs:
            (cd "${RUNNER_TEMP}" && tar -czf "$GITHUB_WORKSPACE/$archive_path" argument-comment-lint)
          fi

-      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
        with:
          name: argument-comment-lint-${{ matrix.target }}
          path: dist/argument-comment-lint/${{ matrix.target }}/*
--- a/.github/workflows/rust-release-prepare.yml
+++ b/.github/workflows/rust-release-prepare.yml
@@ -18,10 +18,11 @@ jobs:
    if: github.repository == 'openai/codex'
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          ref: main
          fetch-depth: 0
+          persist-credentials: false

      - name: Update models.json
        env:
@@ -43,7 +44,7 @@ jobs:
          curl --http1.1 --fail --show-error --location "${headers[@]}" "${url}" | jq '.' > codex-rs/models-manager/models.json

      - name: Open pull request (if changed)
-        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8
+        uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
        with:
          commit-message: "Update models.json"
          title: "Update models.json"
--- a/.github/workflows/rust-release-windows.yml
+++ b/.github/workflows/rust-release-windows.yml
@@ -83,7 +83,9 @@ jobs:
              labels: codex-windows-arm64

    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
      - name: Print runner specs (Windows)
        shell: powershell
        run: |
@@ -112,7 +114,7 @@ jobs:
          cargo build --target ${{ matrix.target }} --release --timings "${build_args[@]}"

      - name: Upload Cargo timings
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
        with:
          name: cargo-timings-rust-release-windows-${{ matrix.target }}-${{ matrix.bundle }}
          path: codex-rs/target/**/cargo-timings/cargo-timing.html
@@ -128,7 +130,7 @@ jobs:
          done

      - name: Upload Windows binaries
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
        with:
          name: windows-binaries-${{ matrix.target }}-${{ matrix.bundle }}
          path: |
@@ -165,22 +167,24 @@ jobs:
              labels: codex-windows-arm64

    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false

      - name: Download prebuilt Windows primary binaries
-        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        with:
          name: windows-binaries-${{ matrix.target }}-primary
          path: codex-rs/target/${{ matrix.target }}/release

      - name: Download prebuilt Windows helper binaries
-        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        with:
          name: windows-binaries-${{ matrix.target }}-helpers
          path: codex-rs/target/${{ matrix.target }}/release

      - name: Download prebuilt Windows app-server binary
-        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        with:
          name: windows-binaries-${{ matrix.target }}-app-server
          path: codex-rs/target/${{ matrix.target }}/release
@@ -281,7 +285,7 @@ jobs:
            "${GITHUB_WORKSPACE}/.github/workflows/zstd" -T0 -19 "$dest/$base"
          done

-      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
        with:
          name: ${{ matrix.target }}
          path: |
--- a/.github/workflows/rust-release-zsh.yml
+++ b/.github/workflows/rust-release-zsh.yml
@@ -45,7 +45,9 @@ jobs:
            git \
            libncursesw5-dev

-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false

      - name: Build, smoke-test, and stage zsh artifact
        shell: bash
@@ -53,7 +55,7 @@ jobs:
          "${GITHUB_WORKSPACE}/.github/scripts/build-zsh-release-artifact.sh" \
            "dist/zsh/${{ matrix.target }}/${{ matrix.archive_name }}"

-      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
        with:
          name: codex-zsh-${{ matrix.target }}
          path: dist/zsh/${{ matrix.target }}/*
@@ -81,7 +83,9 @@ jobs:
            brew install autoconf
          fi

-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false

      - name: Build, smoke-test, and stage zsh artifact
        shell: bash
@@ -89,7 +93,7 @@ jobs:
          "${GITHUB_WORKSPACE}/.github/scripts/build-zsh-release-artifact.sh" \
            "dist/zsh/${{ matrix.target }}/${{ matrix.archive_name }}"

-      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
        with:
          name: codex-zsh-${{ matrix.target }}
          path: dist/zsh/${{ matrix.target }}/*
--- a/.github/workflows/rust-release.yml
+++ b/.github/workflows/rust-release.yml
@@ -19,7 +19,9 @@ jobs:
  tag-check:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
      - uses: dtolnay/rust-toolchain@a0b273b48ed29de4470960879e8381ff45632f26 # 1.93.0
      - name: Validate tag matches Cargo.toml version
        shell: bash
@@ -118,7 +120,9 @@ jobs:
            build_dmg: "false"

    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
      - name: Print runner specs (Linux)
        if: ${{ runner.os == 'Linux' }}
        shell: bash
@@ -181,9 +185,10 @@ jobs:

      - if: ${{ matrix.target == 'x86_64-unknown-linux-musl' || matrix.target == 'aarch64-unknown-linux-musl'}}
        name: Install Zig
-        uses: mlugg/setup-zig@d1434d08867e3ee9daa34448df10607b98908d29 # v2
+        uses: mlugg/setup-zig@d1434d08867e3ee9daa34448df10607b98908d29 # v2.2.1
        with:
          version: 0.14.0
+          use-cache: false

      - if: ${{ matrix.target == 'x86_64-unknown-linux-musl' || matrix.target == 'aarch64-unknown-linux-musl'}}
        name: Install musl build tools
@@ -284,7 +289,7 @@ jobs:
          cargo build --target ${{ matrix.target }} --release --timings "${build_args[@]}"

      - name: Upload Cargo timings
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
        with:
          name: cargo-timings-rust-release-${{ matrix.target }}-${{ matrix.bundle }}
          path: codex-rs/target/**/cargo-timings/cargo-timing.html
@@ -430,7 +435,7 @@ jobs:
            zstd -T0 -19 --rm "$dest/$base"
          done

-      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
        with:
          name: ${{ matrix.artifact_name }}
          # Upload the per-binary .zst files, .tar.gz equivalents, and any
@@ -476,7 +481,9 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false

      - name: Generate release notes from tag commit message
        id: release_notes
@@ -498,7 +505,7 @@ jobs:

          echo "path=${notes_path}" >> "${GITHUB_OUTPUT}"

-      - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
+      - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        with:
          path: dist

@@ -553,7 +560,7 @@ jobs:
          run_install: false

      - name: Setup Node.js for npm packaging
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
        with:
          node-version: 22

@@ -579,7 +586,7 @@ jobs:
          cp scripts/install/install.ps1 dist/install.ps1

      - name: Create GitHub Release
-        uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2
+        uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2.6.1
        with:
          name: ${{ steps.release_name.outputs.name }}
          tag_name: ${{ github.ref_name }}
@@ -638,7 +645,7 @@ jobs:

    steps:
      - name: Setup Node.js
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
        with:
          # Node 24 bundles npm >= 11.5.1, which trusted publishing requires.
          node-version: 24
--- a/.github/workflows/rusty-v8-release.yml
+++ b/.github/workflows/rusty-v8-release.yml
@@ -17,10 +17,12 @@ jobs:
      v8_version: ${{ steps.v8_version.outputs.version }}

    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false

      - name: Set up Python
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
        with:
          python-version: "3.12"

@@ -69,7 +71,9 @@ jobs:
            target: aarch64-unknown-linux-musl

    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false

      - name: Set up Bazel
        uses: ./.github/actions/setup-bazel-ci
@@ -77,7 +81,7 @@ jobs:
          target: ${{ matrix.target }}

      - name: Set up Python
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
        with:
          python-version: "3.12"

@@ -133,7 +137,7 @@ jobs:
            --output-dir "dist/${TARGET}"

      - name: Upload staged musl artifacts
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
        with:
          name: rusty-v8-${{ needs.metadata.outputs.v8_version }}-${{ matrix.target }}
          path: dist/${{ matrix.target }}/*
@@ -161,12 +165,12 @@ jobs:
            exit 1
          fi

-      - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
+      - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
        with:
          path: dist

      - name: Create GitHub Release
-        uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2
+        uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2.6.1
        with:
          tag_name: ${{ needs.metadata.outputs.release_tag }}
          name: ${{ needs.metadata.outputs.release_tag }}
--- a/.github/workflows/sdk.yml
+++ b/.github/workflows/sdk.yml
@@ -13,7 +13,9 @@ jobs:
    timeout-minutes: 10
    steps:
      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false

      - name: Install Linux bwrap build dependencies
        shell: bash
@@ -28,7 +30,7 @@ jobs:
          run_install: false

      - name: Setup Node.js
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
        with:
          node-version: 22
          cache: pnpm
@@ -115,7 +117,7 @@ jobs:
      - name: Save bazel repository cache
        if: always() && !cancelled() && steps.setup_bazel.outputs.cache-hit != 'true'
        continue-on-error: true
-        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
+        uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
        with:
          path: |
            ~/.cache/bazel-repo-cache
--- a/.github/workflows/v8-canary.yml
+++ b/.github/workflows/v8-canary.yml
@@ -40,10 +40,12 @@ jobs:
      v8_version: ${{ steps.v8_version.outputs.version }}

    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false

      - name: Set up Python
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
        with:
          python-version: "3.12"

@@ -74,7 +76,9 @@ jobs:
            target: aarch64-unknown-linux-musl

    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false

      - name: Set up Bazel
        uses: ./.github/actions/setup-bazel-ci
@@ -82,7 +86,7 @@ jobs:
          target: ${{ matrix.target }}

      - name: Set up Python
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
        with:
          python-version: "3.12"

@@ -132,7 +136,7 @@ jobs:
            --output-dir "dist/${TARGET}"

      - name: Upload staged musl artifacts
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
        with:
          name: v8-canary-${{ needs.metadata.outputs.v8_version }}-${{ matrix.target }}
          path: dist/${{ matrix.target }}/*
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -26,7 +26,7 @@ In the codex-rs folder where the rust code lives:
  - Implementations may still use `async fn foo(&self, ...) -> T` when they satisfy that contract.
  - Do not use `#[allow(async_fn_in_trait)]` as a shortcut around spelling the future contract explicitly.
 - When writing tests, prefer comparing the equality of entire objects over fields one by one.
- When making a change that adds or changes an API, ensure that the documentation in the `docs/` folder is up to date if applicable.
+- Do not add general product or user-facing documentation to the `docs/` folder. The official Codex documentation lives elsewhere. The exception is app-server API documentation, which is covered by the app-server guidance below.
 - Prefer private modules and explicitly exported public crate API.
 - If you change `ConfigToml` or nested config types, run `just write-config-schema` to update `codex-rs/core/config.schema.json`.
 - When working with MCP tool calls, prefer using `codex-rs/codex-mcp/src/mcp_connection_manager.rs` to handle mutation of tools and tool calls. Aim to minimize the footprint of changes and leverage existing abstractions rather than plumbing code through multiple levels of function calls.
@@ -130,7 +130,7 @@ When UI or text output changes intentionally, update the snapshots as follows:

 If you don’t have the tool:

- `cargo install cargo-insta`
+- `cargo install --locked cargo-insta`

 ### Test assertions

@@ -210,7 +210,7 @@ These guidelines apply to app-server protocol work in `codex-rs`, especially:

 ### Development Workflow

- Update docs/examples when API behavior changes (at minimum `app-server/README.md`).
+- Update app-server docs/examples when API behavior changes (at minimum `app-server/README.md`).
 - Regenerate schema fixtures when API shapes change:
  `just write-app-server-schema`
  (and `just write-app-server-schema --experimental` when experimental API fixtures are affected).
--- a/MODULE.bazel.lock
+++ b/MODULE.bazel.lock
@@ -665,6 +665,7 @@
      "aws-lc-rs_1.16.2": "{\"dependencies\":[{\"name\":\"aws-lc-fips-sys\",\"optional\":true,\"req\":\"^0.13.1\"},{\"default_features\":false,\"name\":\"aws-lc-sys\",\"optional\":true,\"req\":\"^0.39.0\"},{\"features\":[\"derive\"],\"kind\":\"dev\",\"name\":\"clap\",\"req\":\"^4.4\"},{\"kind\":\"dev\",\"name\":\"hex\",\"req\":\"^0.4.3\"},{\"kind\":\"dev\",\"name\":\"lazy_static\",\"req\":\"^1.5.0\"},{\"kind\":\"dev\",\"name\":\"paste\",\"req\":\"^1.0.15\"},{\"kind\":\"dev\",\"name\":\"regex\",\"req\":\"^1.11.1\"},{\"name\":\"untrusted\",\"optional\":true,\"req\":\"^0.7.1\"},{\"name\":\"zeroize\",\"req\":\"^1.8.1\"}],\"features\":{\"alloc\":[],\"asan\":[\"aws-lc-sys?/asan\",\"aws-lc-fips-sys?/asan\"],\"bindgen\":[\"aws-lc-sys?/bindgen\",\"aws-lc-fips-sys?/bindgen\"],\"default\":[\"aws-lc-sys\",\"alloc\",\"ring-io\",\"ring-sig-verify\"],\"dev-tests-only\":[],\"fips\":[\"dep:aws-lc-fips-sys\"],\"non-fips\":[\"aws-lc-sys\"],\"prebuilt-nasm\":[\"aws-lc-sys?/prebuilt-nasm\"],\"ring-io\":[\"dep:untrusted\"],\"ring-sig-verify\":[\"dep:untrusted\"],\"test_logging\":[],\"unstable\":[]}}",
      "aws-lc-sys_0.39.0": "{\"dependencies\":[{\"kind\":\"build\",\"name\":\"bindgen\",\"optional\":true,\"req\":\"^0.72.0\"},{\"features\":[\"parallel\"],\"kind\":\"build\",\"name\":\"cc\",\"req\":\"^1.2.26\"},{\"kind\":\"build\",\"name\":\"cmake\",\"req\":\"^0.1.54\"},{\"kind\":\"build\",\"name\":\"dunce\",\"req\":\"^1.0.5\"},{\"kind\":\"build\",\"name\":\"fs_extra\",\"req\":\"^1.3.0\"}],\"features\":{\"all-bindings\":[],\"asan\":[],\"bindgen\":[\"dep:bindgen\"],\"default\":[\"all-bindings\"],\"disable-prebuilt-nasm\":[],\"fips\":[\"dep:bindgen\"],\"prebuilt-nasm\":[],\"ssl\":[\"bindgen\",\"all-bindings\"]}}",
      "aws-runtime_1.5.17": "{\"dependencies\":[{\"kind\":\"dev\",\"name\":\"arbitrary\",\"req\":\"^1.3\"},{\"name\":\"aws-credential-types\",\"req\":\"^1.2.11\"},{\"features\":[\"test-util\"],\"kind\":\"dev\",\"name\":\"aws-credential-types\",\"req\":\"^1.2.11\"},{\"features\":[\"http0-compat\"],\"name\":\"aws-sigv4\",\"req\":\"^1.3.7\"},{\"name\":\"aws-smithy-async\",\"req\":\"^1.2.7\"},{\"features\":[\"test-util\"],\"kind\":\"dev\",\"name\":\"aws-smithy-async\",\"req\":\"^1.2.7\"},{\"name\":\"aws-smithy-eventstream\",\"optional\":true,\"req\":\"^0.60.14\"},{\"name\":\"aws-smithy-http\",\"req\":\"^0.62.6\"},{\"kind\":\"dev\",\"name\":\"aws-smithy-protocol-test\",\"req\":\"^0.63.7\"},{\"features\":[\"client\"],\"name\":\"aws-smithy-runtime\",\"req\":\"^1.9.5\"},{\"features\":[\"client\"],\"name\":\"aws-smithy-runtime-api\",\"req\":\"^1.9.3\"},{\"features\":[\"test-util\"],\"kind\":\"dev\",\"name\":\"aws-smithy-runtime-api\",\"req\":\"^1.9.3\"},{\"name\":\"aws-smithy-types\",\"req\":\"^1.3.5\"},{\"features\":[\"test-util\"],\"kind\":\"dev\",\"name\":\"aws-smithy-types\",\"req\":\"^1.3.5\"},{\"name\":\"aws-types\",\"req\":\"^1.3.11\"},{\"name\":\"bytes\",\"req\":\"^1.10.0\"},{\"kind\":\"dev\",\"name\":\"bytes-utils\",\"req\":\"^0.1.2\"},{\"kind\":\"dev\",\"name\":\"convert_case\",\"req\":\"^0.6.0\"},{\"name\":\"fastrand\",\"req\":\"^2.3.0\"},{\"default_features\":false,\"kind\":\"dev\",\"name\":\"futures-util\",\"req\":\"^0.3.29\"},{\"name\":\"http-02x\",\"package\":\"http\",\"req\":\"^0.2.9\"},{\"name\":\"http-1x\",\"optional\":true,\"package\":\"http\",\"req\":\"^1.1.0\"},{\"name\":\"http-body-04x\",\"package\":\"http-body\",\"req\":\"^0.4.5\"},{\"name\":\"http-body-1x\",\"optional\":true,\"package\":\"http-body\",\"req\":\"^1.0.0\"},{\"name\":\"percent-encoding\",\"req\":\"^2.3.1\"},{\"name\":\"pin-project-lite\",\"req\":\"^0.2.14\"},{\"kind\":\"dev\",\"name\":\"proptest\",\"req\":\"^1.2\"},{\"name\":\"regex-lite\",\"optional\":true,\"req\":\"^0.1.5\"},{\"features\":[\"derive\"],\"kind\":\"dev\",\"name\":\"serde\",\"req\":\"^1\"},{\"kind\":\"dev\",\"name\":\"serde_json\",\"req\":\"^1\"},{\"features\":[\"macros\",\"rt\",\"time\"],\"kind\":\"dev\",\"name\":\"tokio\",\"req\":\"^1.23.1\"},{\"name\":\"tracing\",\"req\":\"^0.1.40\"},{\"features\":[\"env-filter\"],\"kind\":\"dev\",\"name\":\"tracing-subscriber\",\"req\":\"^0.3.17\"},{\"kind\":\"dev\",\"name\":\"tracing-test\",\"req\":\"^0.2.4\"},{\"name\":\"uuid\",\"req\":\"^1\"}],\"features\":{\"event-stream\":[\"dep:aws-smithy-eventstream\",\"aws-sigv4/sign-eventstream\"],\"http-02x\":[],\"http-1x\":[\"dep:http-1x\",\"dep:http-body-1x\"],\"sigv4a\":[\"aws-sigv4/sigv4a\"],\"test-util\":[\"dep:regex-lite\"]}}",
+      "aws-sdk-signin_1.2.0": "{\"dependencies\":[{\"name\":\"aws-credential-types\",\"req\":\"^1.2.11\"},{\"features\":[\"test-util\"],\"kind\":\"dev\",\"name\":\"aws-credential-types\",\"req\":\"^1.2.11\"},{\"name\":\"aws-runtime\",\"req\":\"^1.5.17\"},{\"name\":\"aws-smithy-async\",\"req\":\"^1.2.7\"},{\"name\":\"aws-smithy-http\",\"req\":\"^0.62.6\"},{\"name\":\"aws-smithy-json\",\"req\":\"^0.61.8\"},{\"features\":[\"client\"],\"name\":\"aws-smithy-runtime\",\"req\":\"^1.9.5\"},{\"features\":[\"client\",\"http-02x\"],\"name\":\"aws-smithy-runtime-api\",\"req\":\"^1.9.3\"},{\"name\":\"aws-smithy-types\",\"req\":\"^1.3.5\"},{\"name\":\"aws-types\",\"req\":\"^1.3.11\"},{\"name\":\"bytes\",\"req\":\"^1.4.0\"},{\"name\":\"fastrand\",\"req\":\"^2.0.0\"},{\"name\":\"http\",\"req\":\"^0.2.9\"},{\"kind\":\"dev\",\"name\":\"proptest\",\"req\":\"^1\"},{\"name\":\"regex-lite\",\"req\":\"^0.1.5\"},{\"features\":[\"macros\",\"test-util\",\"rt-multi-thread\"],\"kind\":\"dev\",\"name\":\"tokio\",\"req\":\"^1.23.1\"},{\"name\":\"tracing\",\"req\":\"^0.1\"}],\"features\":{\"behavior-version-latest\":[],\"default\":[\"rustls\",\"default-https-client\",\"rt-tokio\"],\"default-https-client\":[\"aws-smithy-runtime/default-https-client\"],\"gated-tests\":[],\"rt-tokio\":[\"aws-smithy-async/rt-tokio\",\"aws-smithy-types/rt-tokio\"],\"rustls\":[\"aws-smithy-runtime/tls-rustls\"],\"test-util\":[\"aws-credential-types/test-util\",\"aws-smithy-runtime/test-util\"]}}",
      "aws-sdk-sso_1.91.0": "{\"dependencies\":[{\"name\":\"aws-credential-types\",\"req\":\"^1.2.11\"},{\"features\":[\"test-util\"],\"kind\":\"dev\",\"name\":\"aws-credential-types\",\"req\":\"^1.2.11\"},{\"name\":\"aws-runtime\",\"req\":\"^1.5.17\"},{\"name\":\"aws-smithy-async\",\"req\":\"^1.2.7\"},{\"name\":\"aws-smithy-http\",\"req\":\"^0.62.6\"},{\"name\":\"aws-smithy-json\",\"req\":\"^0.61.8\"},{\"features\":[\"client\"],\"name\":\"aws-smithy-runtime\",\"req\":\"^1.9.5\"},{\"features\":[\"client\",\"http-02x\"],\"name\":\"aws-smithy-runtime-api\",\"req\":\"^1.9.3\"},{\"name\":\"aws-smithy-types\",\"req\":\"^1.3.5\"},{\"name\":\"aws-types\",\"req\":\"^1.3.11\"},{\"name\":\"bytes\",\"req\":\"^1.4.0\"},{\"name\":\"fastrand\",\"req\":\"^2.0.0\"},{\"name\":\"http\",\"req\":\"^0.2.9\"},{\"kind\":\"dev\",\"name\":\"proptest\",\"req\":\"^1\"},{\"name\":\"regex-lite\",\"req\":\"^0.1.5\"},{\"features\":[\"macros\",\"test-util\",\"rt-multi-thread\"],\"kind\":\"dev\",\"name\":\"tokio\",\"req\":\"^1.23.1\"},{\"name\":\"tracing\",\"req\":\"^0.1\"}],\"features\":{\"behavior-version-latest\":[],\"default\":[\"rustls\",\"default-https-client\",\"rt-tokio\"],\"default-https-client\":[\"aws-smithy-runtime/default-https-client\"],\"gated-tests\":[],\"rt-tokio\":[\"aws-smithy-async/rt-tokio\",\"aws-smithy-types/rt-tokio\"],\"rustls\":[\"aws-smithy-runtime/tls-rustls\"],\"test-util\":[\"aws-credential-types/test-util\",\"aws-smithy-runtime/test-util\"]}}",
      "aws-sdk-ssooidc_1.93.0": "{\"dependencies\":[{\"name\":\"aws-credential-types\",\"req\":\"^1.2.11\"},{\"features\":[\"test-util\"],\"kind\":\"dev\",\"name\":\"aws-credential-types\",\"req\":\"^1.2.11\"},{\"name\":\"aws-runtime\",\"req\":\"^1.5.17\"},{\"name\":\"aws-smithy-async\",\"req\":\"^1.2.7\"},{\"name\":\"aws-smithy-http\",\"req\":\"^0.62.6\"},{\"name\":\"aws-smithy-json\",\"req\":\"^0.61.8\"},{\"features\":[\"client\"],\"name\":\"aws-smithy-runtime\",\"req\":\"^1.9.5\"},{\"features\":[\"client\",\"http-02x\"],\"name\":\"aws-smithy-runtime-api\",\"req\":\"^1.9.3\"},{\"name\":\"aws-smithy-types\",\"req\":\"^1.3.5\"},{\"name\":\"aws-types\",\"req\":\"^1.3.11\"},{\"name\":\"bytes\",\"req\":\"^1.4.0\"},{\"name\":\"fastrand\",\"req\":\"^2.0.0\"},{\"name\":\"http\",\"req\":\"^0.2.9\"},{\"kind\":\"dev\",\"name\":\"proptest\",\"req\":\"^1\"},{\"name\":\"regex-lite\",\"req\":\"^0.1.5\"},{\"features\":[\"macros\",\"test-util\",\"rt-multi-thread\"],\"kind\":\"dev\",\"name\":\"tokio\",\"req\":\"^1.23.1\"},{\"name\":\"tracing\",\"req\":\"^0.1\"}],\"features\":{\"behavior-version-latest\":[],\"default\":[\"rustls\",\"default-https-client\",\"rt-tokio\"],\"default-https-client\":[\"aws-smithy-runtime/default-https-client\"],\"gated-tests\":[],\"rt-tokio\":[\"aws-smithy-async/rt-tokio\",\"aws-smithy-types/rt-tokio\"],\"rustls\":[\"aws-smithy-runtime/tls-rustls\"],\"test-util\":[\"aws-credential-types/test-util\",\"aws-smithy-runtime/test-util\"]}}",
      "aws-sdk-sts_1.95.0": "{\"dependencies\":[{\"name\":\"aws-credential-types\",\"req\":\"^1.2.11\"},{\"features\":[\"test-util\"],\"kind\":\"dev\",\"name\":\"aws-credential-types\",\"req\":\"^1.2.11\"},{\"name\":\"aws-runtime\",\"req\":\"^1.5.17\"},{\"features\":[\"test-util\"],\"kind\":\"dev\",\"name\":\"aws-runtime\",\"req\":\"^1.5.17\"},{\"name\":\"aws-smithy-async\",\"req\":\"^1.2.7\"},{\"features\":[\"test-util\"],\"kind\":\"dev\",\"name\":\"aws-smithy-async\",\"req\":\"^1.2.7\"},{\"name\":\"aws-smithy-http\",\"req\":\"^0.62.6\"},{\"features\":[\"test-util\",\"wire-mock\"],\"kind\":\"dev\",\"name\":\"aws-smithy-http-client\",\"req\":\"^1.1.5\"},{\"name\":\"aws-smithy-json\",\"req\":\"^0.61.8\"},{\"kind\":\"dev\",\"name\":\"aws-smithy-protocol-test\",\"req\":\"^0.63.7\"},{\"name\":\"aws-smithy-query\",\"req\":\"^0.60.9\"},{\"features\":[\"client\"],\"name\":\"aws-smithy-runtime\",\"req\":\"^1.9.5\"},{\"features\":[\"test-util\"],\"kind\":\"dev\",\"name\":\"aws-smithy-runtime\",\"req\":\"^1.9.5\"},{\"features\":[\"client\",\"http-02x\"],\"name\":\"aws-smithy-runtime-api\",\"req\":\"^1.9.3\"},{\"features\":[\"test-util\"],\"kind\":\"dev\",\"name\":\"aws-smithy-runtime-api\",\"req\":\"^1.9.3\"},{\"name\":\"aws-smithy-types\",\"req\":\"^1.3.5\"},{\"features\":[\"test-util\"],\"kind\":\"dev\",\"name\":\"aws-smithy-types\",\"req\":\"^1.3.5\"},{\"name\":\"aws-smithy-xml\",\"req\":\"^0.60.13\"},{\"name\":\"aws-types\",\"req\":\"^1.3.11\"},{\"name\":\"fastrand\",\"req\":\"^2.0.0\"},{\"default_features\":false,\"features\":[\"alloc\"],\"kind\":\"dev\",\"name\":\"futures-util\",\"req\":\"^0.3.25\"},{\"name\":\"http\",\"req\":\"^0.2.9\"},{\"kind\":\"dev\",\"name\":\"http-1x\",\"package\":\"http\",\"req\":\"^1\"},{\"kind\":\"dev\",\"name\":\"proptest\",\"req\":\"^1\"},{\"name\":\"regex-lite\",\"req\":\"^0.1.5\"},{\"kind\":\"dev\",\"name\":\"serde_json\",\"req\":\"^1.0.0\"},{\"features\":[\"macros\",\"test-util\",\"rt-multi-thread\"],\"kind\":\"dev\",\"name\":\"tokio\",\"req\":\"^1.23.1\"},{\"name\":\"tracing\",\"req\":\"^0.1\"},{\"features\":[\"env-filter\",\"json\"],\"kind\":\"dev\",\"name\":\"tracing-subscriber\",\"req\":\"^0.3.16\"}],\"features\":{\"behavior-version-latest\":[],\"default\":[\"rustls\",\"default-https-client\",\"rt-tokio\"],\"default-https-client\":[\"aws-smithy-runtime/default-https-client\"],\"gated-tests\":[],\"rt-tokio\":[\"aws-smithy-async/rt-tokio\",\"aws-smithy-types/rt-tokio\"],\"rustls\":[\"aws-smithy-runtime/tls-rustls\"],\"test-util\":[\"aws-credential-types/test-util\",\"aws-smithy-runtime/test-util\"]}}",
--- a/codex-rs/Cargo.lock
+++ b/codex-rs/Cargo.lock
@@ -757,6 +757,7 @@ checksum = "96571e6996817bf3d58f6b569e4b9fd2e9d2fcf9f7424eed07b2ce9bb87535e5"
 dependencies = [
 "aws-credential-types",
 "aws-runtime",
+ "aws-sdk-signin",
 "aws-sdk-sso",
 "aws-sdk-ssooidc",
 "aws-sdk-sts",
@@ -767,15 +768,20 @@ dependencies = [
 "aws-smithy-runtime-api",
 "aws-smithy-types",
 "aws-types",
+ "base64-simd",
 "bytes",
 "fastrand",
 "hex",
 "http 1.4.0",
+ "p256",
+ "rand 0.8.5",
 "ring",
+ "sha2",
 "time",
 "tokio",
 "tracing",
 "url",
+ "uuid",
 "zeroize",
 ]

@@ -838,6 +844,28 @@ dependencies = [
 "uuid",
 ]

+[[package]]
+name = "aws-sdk-signin"
+version = "1.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c084bd63941916e1348cb8d9e05ac2e49bdd40a380e9167702683184c6c6be53"
+dependencies = [
+ "aws-credential-types",
+ "aws-runtime",
+ "aws-smithy-async",
+ "aws-smithy-http",
+ "aws-smithy-json",
+ "aws-smithy-runtime",
+ "aws-smithy-runtime-api",
+ "aws-smithy-types",
+ "aws-types",
+ "bytes",
+ "fastrand",
+ "http 0.2.12",
+ "regex-lite",
+ "tracing",
+]
+
 [[package]]
 name = "aws-sdk-sso"
 version = "1.91.0"
@@ -1866,7 +1894,6 @@ dependencies = [
 "codex-config",
 "codex-core",
 "codex-core-plugins",
- "codex-device-key",
 "codex-exec-server",
 "codex-external-agent-migration",
 "codex-external-agent-sessions",
@@ -2414,7 +2441,11 @@ dependencies = [
 "codex-app-server-protocol",
 "pretty_assertions",
 "serde",
+ "serde_json",
+ "sha1",
+ "tempfile",
 "tokio",
+ "tracing",
 "urlencoding",
 ]

@@ -2637,22 +2668,6 @@ dependencies = [
 "serde_json",
 ]

-[[package]]
-name = "codex-device-key"
-version = "0.0.0"
-dependencies = [
- "async-trait",
- "base64 0.22.1",
- "p256",
- "pretty_assertions",
- "rand 0.9.3",
- "serde",
- "serde_json",
- "thiserror 2.0.18",
- "tokio",
- "url",
-]
-
 [[package]]
 name = "codex-exec"
 version = "0.0.0"
@@ -2729,6 +2744,7 @@ dependencies = [
 "tokio",
 "tokio-tungstenite",
 "tokio-util",
+ "toml 0.9.11+spec-1.1.0",
 "tracing",
 "uuid",
 "wiremock",
@@ -3319,7 +3335,6 @@ dependencies = [
 "codex-utils-absolute-path",
 "codex-utils-image",
 "codex-utils-string",
- "codex-utils-template",
 "encoding_rs",
 "globset",
 "http 1.4.0",
@@ -3626,16 +3641,11 @@ dependencies = [
 "codex-rollout",
 "codex-state",
 "pretty_assertions",
- "prost 0.14.3",
 "serde",
 "serde_json",
 "tempfile",
 "thiserror 2.0.18",
 "tokio",
- "tokio-stream",
- "tonic",
- "tonic-prost",
- "tonic-prost-build",
 "tracing",
 "uuid",
 ]
--- a/codex-rs/Cargo.toml
+++ b/codex-rs/Cargo.toml
@@ -30,7 +30,6 @@ members = [
    "collaboration-mode-templates",
    "connectors",
    "config",
-    "device-key",
    "shell-command",
    "shell-escalation",
    "skills",
@@ -154,7 +153,6 @@ codex-core = { path = "core" }
 codex-core-api = { path = "core-api" }
 codex-core-plugins = { path = "core-plugins" }
 codex-core-skills = { path = "core-skills" }
-codex-device-key = { path = "device-key" }
 codex-exec = { path = "exec" }
 codex-file-system = { path = "file-system" }
 codex-exec-server = { path = "exec-server" }
@@ -319,7 +317,6 @@ os_info = "3.12.0"
 owo-colors = "4.3.0"
 path-absolutize = "3.1.1"
 pathdiff = "0.2"
-p256 = "0.13.2"
 portable-pty = "0.9.0"
 predicates = "3"
 pretty_assertions = "1.4.1"
@@ -467,24 +464,21 @@ unwrap_used = "deny"
 [workspace.metadata.cargo-shear]
 ignored = [
    "codex-agent-graph-store",
-    "codex-memories-mcp",
    "icu_provider",
    "openssl-sys",
-    "codex-utils-readiness",
-    "codex-utils-template",
    "codex-v8-poc",
 ]

 [profile.dev]
 # Keep line tables/backtraces while avoiding expensive full variable debug info
 # across local dev builds.
-debug = 1
+debug = "limited"

 [profile.dev-small]
 inherits = "dev"
 opt-level = 0
-debug = 0
-strip = true
+debug = "none"
+strip = "symbols"

 [profile.release]
 lto = "fat"
@@ -496,8 +490,15 @@ strip = "symbols"
 # See https://github.com/openai/codex/issues/1411 for details.
 codegen-units = 1

+[profile.profiling]
+inherits = "release"
+debug = "full"
+lto = false
+strip = false
+
 [profile.ci-test]
-debug = 1         # Reduce debug symbol size
+# Reduce binary size to reduce disk pressure.
+debug = "limited"
 inherits = "test"
 opt-level = 0

--- a/codex-rs/agent-graph-store/Cargo.toml
+++ b/codex-rs/agent-graph-store/Cargo.toml
@@ -7,6 +7,7 @@ version.workspace = true
 [lib]
 name = "codex_agent_graph_store"
 path = "src/lib.rs"
+doctest = false

 [lints]
 workspace = true
--- a/codex-rs/analytics/src/accepted_lines.rs
+++ b/codex-rs/analytics/src/accepted_lines.rs
@@ -0,0 +1,298 @@
+use crate::events::CodexAcceptedLineFingerprintsEventParams;
+use crate::events::CodexAcceptedLineFingerprintsEventRequest;
+use crate::events::TrackEventRequest;
+use crate::facts::AcceptedLineFingerprint;
+use codex_git_utils::canonicalize_git_remote_url;
+use codex_git_utils::get_git_remote_urls_assume_git_repo;
+use sha1::Digest;
+use std::path::Path;
+
+const ACCEPTED_LINE_FINGERPRINT_EVENT_TARGET_BYTES: usize = 2 * 1024 * 1024;
+const ACCEPTED_LINE_FINGERPRINT_EVENT_FIXED_BYTES: usize = 1024;
+
+#[derive(Clone, Debug, PartialEq, Eq)]
+pub struct AcceptedLineFingerprintSummary {
+    pub accepted_added_lines: u64,
+    pub accepted_deleted_lines: u64,
+    pub line_fingerprints: Vec<AcceptedLineFingerprint>,
+}
+
+pub(crate) struct AcceptedLineFingerprintEventInput {
+    pub(crate) event_type: &'static str,
+    pub(crate) turn_id: String,
+    pub(crate) thread_id: String,
+    pub(crate) product_surface: Option<String>,
+    pub(crate) model_slug: Option<String>,
+    pub(crate) completed_at: u64,
+    pub(crate) repo_hash: Option<String>,
+    pub(crate) accepted_added_lines: u64,
+    pub(crate) accepted_deleted_lines: u64,
+    pub(crate) line_fingerprints: Vec<AcceptedLineFingerprint>,
+}
+
+pub fn accepted_line_fingerprints_from_unified_diff(
+    unified_diff: &str,
+) -> AcceptedLineFingerprintSummary {
+    let mut current_path: Option<String> = None;
+    let mut in_hunk = false;
+    let mut accepted_added_lines = 0;
+    let mut accepted_deleted_lines = 0;
+    let mut line_fingerprints = Vec::new();
+
+    for line in unified_diff.lines() {
+        if line.starts_with("diff --git ") {
+            current_path = None;
+            in_hunk = false;
+            continue;
+        }
+
+        if line.starts_with("@@ ") {
+            in_hunk = true;
+            continue;
+        }
+
+        if !in_hunk && let Some(path) = line.strip_prefix("+++ ") {
+            current_path = normalize_diff_path(path);
+            continue;
+        }
+
+        if !in_hunk && line.starts_with("--- ") {
+            continue;
+        }
+
+        if let Some(added_line) = line.strip_prefix('+') {
+            accepted_added_lines += 1;
+            if let Some(path) = current_path.as_deref()
+                && let Some(normalized_line) = normalize_effective_line(added_line)
+            {
+                line_fingerprints.push(AcceptedLineFingerprint {
+                    path_hash: fingerprint_hash("path", path),
+                    line_hash: fingerprint_hash("line", &normalized_line),
+                });
+            }
+            continue;
+        }
+
+        if line.starts_with('-') {
+            accepted_deleted_lines += 1;
+        }
+    }
+
+    AcceptedLineFingerprintSummary {
+        accepted_added_lines,
+        accepted_deleted_lines,
+        line_fingerprints,
+    }
+}
+
+pub fn fingerprint_hash(domain: &str, value: &str) -> String {
+    let mut hasher = sha1::Sha1::new();
+    hasher.update(b"file-line-v1\0");
+    hasher.update(domain.as_bytes());
+    hasher.update(b"\0");
+    hasher.update(value.as_bytes());
+    format!("{:x}", hasher.finalize())
+}
+
+pub(crate) fn accepted_line_fingerprint_event_requests(
+    input: AcceptedLineFingerprintEventInput,
+) -> Vec<TrackEventRequest> {
+    let chunks = accepted_line_fingerprint_chunks(input.line_fingerprints);
+    chunks
+        .into_iter()
+        .enumerate()
+        .map(|(index, line_fingerprints)| {
+            let is_first_chunk = index == 0;
+            TrackEventRequest::AcceptedLineFingerprints(Box::new(
+                CodexAcceptedLineFingerprintsEventRequest {
+                    event_type: "codex_accepted_line_fingerprints",
+                    event_params: CodexAcceptedLineFingerprintsEventParams {
+                        event_type: input.event_type,
+                        turn_id: input.turn_id.clone(),
+                        thread_id: input.thread_id.clone(),
+                        product_surface: input.product_surface.clone(),
+                        model_slug: input.model_slug.clone(),
+                        completed_at: input.completed_at,
+                        repo_hash: input.repo_hash.clone(),
+                        accepted_added_lines: if is_first_chunk {
+                            input.accepted_added_lines
+                        } else {
+                            0
+                        },
+                        accepted_deleted_lines: if is_first_chunk {
+                            input.accepted_deleted_lines
+                        } else {
+                            0
+                        },
+                        line_fingerprints,
+                    },
+                },
+            ))
+        })
+        .collect()
+}
+
+pub async fn accepted_line_repo_hash_for_cwd(cwd: &Path) -> Option<String> {
+    let remotes = get_git_remote_urls_assume_git_repo(cwd).await?;
+    remotes
+        .get("origin")
+        .or_else(|| remotes.values().next())
+        .map(|remote_url| {
+            let canonical_remote_url =
+                canonicalize_git_remote_url(remote_url).unwrap_or_else(|| remote_url.to_string());
+            fingerprint_hash("repo", &canonical_remote_url)
+        })
+}
+
+fn normalize_diff_path(path: &str) -> Option<String> {
+    let path = path.trim();
+    if path == "/dev/null" {
+        return None;
+    }
+
+    Some(
+        path.strip_prefix("b/")
+            .or_else(|| path.strip_prefix("a/"))
+            .unwrap_or(path)
+            .to_string(),
+    )
+}
+
+fn normalize_effective_line(line: &str) -> Option<String> {
+    let normalized = line.split_whitespace().collect::<Vec<_>>().join(" ");
+    if normalized.len() <= 3 {
+        return None;
+    }
+    if !normalized
+        .chars()
+        .any(|ch| ch.is_alphanumeric() || ch == '_')
+    {
+        return None;
+    }
+    Some(normalized)
+}
+
+fn accepted_line_fingerprint_chunks(
+    line_fingerprints: Vec<AcceptedLineFingerprint>,
+) -> Vec<Vec<AcceptedLineFingerprint>> {
+    if line_fingerprints.is_empty() {
+        return vec![Vec::new()];
+    }
+
+    let mut chunks = Vec::new();
+    let mut current = Vec::new();
+    let mut current_bytes = ACCEPTED_LINE_FINGERPRINT_EVENT_FIXED_BYTES;
+
+    for fingerprint in line_fingerprints {
+        let item_bytes = accepted_line_fingerprint_json_bytes(&fingerprint);
+        let separator_bytes = usize::from(!current.is_empty());
+        if !current.is_empty()
+            && current_bytes + separator_bytes + item_bytes
+                > ACCEPTED_LINE_FINGERPRINT_EVENT_TARGET_BYTES
+        {
+            chunks.push(current);
+            current = Vec::new();
+            current_bytes = ACCEPTED_LINE_FINGERPRINT_EVENT_FIXED_BYTES;
+        }
+        current_bytes += usize::from(!current.is_empty()) + item_bytes;
+        current.push(fingerprint);
+    }
+
+    if !current.is_empty() {
+        chunks.push(current);
+    }
+    chunks
+}
+
+fn accepted_line_fingerprint_json_bytes(fingerprint: &AcceptedLineFingerprint) -> usize {
+    // {"path_hash":"...","line_hash":"..."} plus one byte of array comma
+    // accounted for by the caller when needed.
+    32 + fingerprint.path_hash.len() + fingerprint.line_hash.len()
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn parses_counts_and_effective_added_fingerprints() {
+        let diff = "\
+diff --git a/src/lib.rs b/src/lib.rs
+index 1111111..2222222
+--- a/src/lib.rs
+++ b/src/lib.rs
+@@ -1,3 +1,5 @@
+-old line
+fn useful() {
+}
+    return user.id;
+ context
+";
+
+        let summary = accepted_line_fingerprints_from_unified_diff(diff);
+
+        assert_eq!(
+            summary,
+            AcceptedLineFingerprintSummary {
+                accepted_added_lines: 3,
+                accepted_deleted_lines: 1,
+                line_fingerprints: vec![
+                    AcceptedLineFingerprint {
+                        path_hash: fingerprint_hash("path", "src/lib.rs"),
+                        line_hash: fingerprint_hash("line", "fn useful() {"),
+                    },
+                    AcceptedLineFingerprint {
+                        path_hash: fingerprint_hash("path", "src/lib.rs"),
+                        line_hash: fingerprint_hash("line", "return user.id;"),
+                    },
+                ],
+            }
+        );
+    }
+
+    #[test]
+    fn skips_added_file_metadata_headers() {
+        let diff = "\
+diff --git a/new.py b/new.py
+new file mode 100644
+index 0000000..1111111
+--- /dev/null
+++ b/new.py
+@@ -0,0 +1 @@
+print('hello')
+";
+
+        let summary = accepted_line_fingerprints_from_unified_diff(diff);
+
+        assert_eq!(summary.accepted_added_lines, 1);
+        assert_eq!(summary.accepted_deleted_lines, 0);
+        assert_eq!(summary.line_fingerprints.len(), 1);
+    }
+
+    #[test]
+    fn parses_hunk_lines_that_look_like_file_headers() {
+        let diff = "\
+diff --git a/src/lib.rs b/src/lib.rs
+index 1111111..2222222
+--- a/src/lib.rs
+++ b/src/lib.rs
+@@ -1,2 +1,2 @@
+--- old value
+++ new value
+";
+
+        let summary = accepted_line_fingerprints_from_unified_diff(diff);
+
+        assert_eq!(
+            summary,
+            AcceptedLineFingerprintSummary {
+                accepted_added_lines: 1,
+                accepted_deleted_lines: 1,
+                line_fingerprints: vec![AcceptedLineFingerprint {
+                    path_hash: fingerprint_hash("path", "src/lib.rs"),
+                    line_hash: fingerprint_hash("line", "++ new value"),
+                }],
+            }
+        );
+    }
+}
--- a/codex-rs/analytics/src/analytics_client_tests.rs
+++ b/codex-rs/analytics/src/analytics_client_tests.rs
@@ -1,5 +1,7 @@
 use crate::client::AnalyticsEventsQueue;
 use crate::events::AppServerRpcTransport;
+use crate::events::CodexAcceptedLineFingerprintsEventParams;
+use crate::events::CodexAcceptedLineFingerprintsEventRequest;
 use crate::events::CodexAppMentionedEventRequest;
 use crate::events::CodexAppServerClientMetadata;
 use crate::events::CodexAppUsedEventRequest;
@@ -28,6 +30,7 @@ use crate::events::codex_hook_run_metadata;
 use crate::events::codex_plugin_metadata;
 use crate::events::codex_plugin_used_metadata;
 use crate::events::subagent_thread_started_event_request;
+use crate::facts::AcceptedLineFingerprint;
 use crate::facts::AnalyticsFact;
 use crate::facts::AnalyticsJsonRpcError;
 use crate::facts::AppInvocation;
@@ -89,6 +92,7 @@ use codex_app_server_protocol::ThreadStartResponse;
 use codex_app_server_protocol::ThreadStatus as AppServerThreadStatus;
 use codex_app_server_protocol::Turn;
 use codex_app_server_protocol::TurnCompletedNotification;
+use codex_app_server_protocol::TurnDiffUpdatedNotification;
 use codex_app_server_protocol::TurnError as AppServerTurnError;
 use codex_app_server_protocol::TurnStartParams;
 use codex_app_server_protocol::TurnStartedNotification;
@@ -636,6 +640,7 @@ fn sample_initialize_fact(connection_id: u64) -> AnalyticsFact {
            },
            capabilities: Some(InitializeCapabilities {
                experimental_api: false,
+                request_attestation: false,
                opt_out_notification_methods: None,
            }),
        },
@@ -827,6 +832,206 @@ fn app_used_event_serializes_expected_shape() {
    );
 }

+#[test]
+fn accepted_line_fingerprints_event_serializes_expected_shape() {
+    let event = TrackEventRequest::AcceptedLineFingerprints(Box::new(
+        CodexAcceptedLineFingerprintsEventRequest {
+            event_type: "codex_accepted_line_fingerprints",
+            event_params: CodexAcceptedLineFingerprintsEventParams {
+                event_type: "codex.accepted_line_fingerprints",
+                turn_id: "turn-1".to_string(),
+                thread_id: "thread-1".to_string(),
+                product_surface: Some("codex".to_string()),
+                model_slug: Some("gpt-5.1-codex".to_string()),
+                completed_at: 1710000000,
+                repo_hash: Some("repo-hash-1".to_string()),
+                accepted_added_lines: 42,
+                accepted_deleted_lines: 40,
+                line_fingerprints: vec![AcceptedLineFingerprint {
+                    path_hash: "path-hash-1".to_string(),
+                    line_hash: "line-hash-1".to_string(),
+                }],
+            },
+        },
+    ));
+
+    let payload = serde_json::to_value(&event).expect("serialize accepted line fingerprints event");
+
+    assert_eq!(
+        payload,
+        json!({
+            "event_type": "codex_accepted_line_fingerprints",
+            "event_params": {
+                "event_type": "codex.accepted_line_fingerprints",
+                "turn_id": "turn-1",
+                "thread_id": "thread-1",
+                "product_surface": "codex",
+                "model_slug": "gpt-5.1-codex",
+                "completed_at": 1710000000,
+                "repo_hash": "repo-hash-1",
+                "accepted_added_lines": 42,
+                "accepted_deleted_lines": 40,
+                "line_fingerprints": [
+                    {
+                        "path_hash": "path-hash-1",
+                        "line_hash": "line-hash-1"
+                    }
+                ]
+            }
+        })
+    );
+}
+
+#[tokio::test]
+async fn reducer_chunks_large_accepted_line_fingerprint_events_without_repeating_counts() {
+    let mut reducer = AnalyticsReducer::default();
+    let mut events = Vec::new();
+
+    ingest_turn_prerequisites(
+        &mut reducer,
+        &mut events,
+        /*include_initialize*/ true,
+        /*include_resolved_config*/ true,
+        /*include_started*/ true,
+        /*include_token_usage*/ true,
+    )
+    .await;
+    events.clear();
+
+    let mut diff = "\
+diff --git a/src/lib.rs b/src/lib.rs
+index 1111111..2222222
+--- a/src/lib.rs
+++ b/src/lib.rs
+@@ -0,0 +1,20000 @@
+"
+    .to_string();
+    for index in 0..20_000 {
+        diff.push_str(&format!("+let value_{index} = {index};\n"));
+    }
+
+    reducer
+        .ingest(
+            AnalyticsFact::Notification(Box::new(ServerNotification::TurnDiffUpdated(
+                TurnDiffUpdatedNotification {
+                    thread_id: "thread-2".to_string(),
+                    turn_id: "turn-2".to_string(),
+                    diff,
+                },
+            ))),
+            &mut events,
+        )
+        .await;
+    assert!(events.is_empty());
+
+    reducer
+        .ingest(
+            AnalyticsFact::Notification(Box::new(sample_turn_completed_notification(
+                "thread-2",
+                "turn-2",
+                AppServerTurnStatus::Completed,
+                /*codex_error_info*/ None,
+            ))),
+            &mut events,
+        )
+        .await;
+
+    let accepted_line_events = events
+        .iter()
+        .filter_map(|event| match event {
+            TrackEventRequest::AcceptedLineFingerprints(event) => Some(event),
+            _ => None,
+        })
+        .collect::<Vec<_>>();
+    assert!(accepted_line_events.len() > 1);
+    let mut total_fingerprints = 0;
+    for (index, event) in accepted_line_events.iter().enumerate() {
+        assert_eq!(event.event_params.turn_id, "turn-2");
+        assert_eq!(event.event_params.thread_id, "thread-2");
+        total_fingerprints += event.event_params.line_fingerprints.len();
+        if index == 0 {
+            assert_eq!(event.event_params.accepted_added_lines, 20_000);
+            assert_eq!(event.event_params.accepted_deleted_lines, 0);
+        } else {
+            assert_eq!(event.event_params.accepted_added_lines, 0);
+            assert_eq!(event.event_params.accepted_deleted_lines, 0);
+        }
+        assert!(serde_json::to_vec(event).expect("serialize chunk").len() < 2_100_000);
+    }
+    assert_eq!(total_fingerprints, 20_000);
+}
+
+#[tokio::test]
+async fn reducer_emits_accepted_line_fingerprints_once_from_latest_turn_diff_on_completion() {
+    let mut reducer = AnalyticsReducer::default();
+    let mut events = Vec::new();
+
+    ingest_turn_prerequisites(
+        &mut reducer,
+        &mut events,
+        /*include_initialize*/ true,
+        /*include_resolved_config*/ true,
+        /*include_started*/ true,
+        /*include_token_usage*/ true,
+    )
+    .await;
+    events.clear();
+
+    for line in ["let old_value = 1;", "let latest_value = 2;"] {
+        let diff = format!(
+            "\
+diff --git a/src/lib.rs b/src/lib.rs
+index 1111111..2222222
+--- a/src/lib.rs
+++ b/src/lib.rs
+@@ -0,0 +1 @@
+{line}
+"
+        );
+        reducer
+            .ingest(
+                AnalyticsFact::Notification(Box::new(ServerNotification::TurnDiffUpdated(
+                    TurnDiffUpdatedNotification {
+                        thread_id: "thread-2".to_string(),
+                        turn_id: "turn-2".to_string(),
+                        diff,
+                    },
+                ))),
+                &mut events,
+            )
+            .await;
+    }
+    assert!(events.is_empty());
+
+    reducer
+        .ingest(
+            AnalyticsFact::Notification(Box::new(sample_turn_completed_notification(
+                "thread-2",
+                "turn-2",
+                AppServerTurnStatus::Completed,
+                /*codex_error_info*/ None,
+            ))),
+            &mut events,
+        )
+        .await;
+
+    let accepted_line_events = events
+        .iter()
+        .filter_map(|event| match event {
+            TrackEventRequest::AcceptedLineFingerprints(event) => Some(event),
+            _ => None,
+        })
+        .collect::<Vec<_>>();
+    assert_eq!(accepted_line_events.len(), 1);
+    let event = accepted_line_events[0];
+    assert_eq!(event.event_params.accepted_added_lines, 1);
+    assert_eq!(event.event_params.line_fingerprints.len(), 1);
+    assert_eq!(
+        event.event_params.line_fingerprints[0].line_hash,
+        crate::fingerprint_hash("line", "let latest_value = 2;")
+    );
+}
+
 #[test]
 fn compaction_event_serializes_expected_shape() {
    let event = TrackEventRequest::Compaction(Box::new(CodexCompactionEventRequest {
@@ -1012,7 +1217,7 @@ fn command_execution_event_serializes_expected_shape() {
                    runtime_os_version: "15.3.1".to_string(),
                    runtime_arch: "aarch64".to_string(),
                },
-                thread_source: Some("user"),
+                thread_source: Some(ThreadSource::User),
                subagent_source: None,
                parent_thread_id: None,
                tool_name: "shell".to_string(),
@@ -1122,6 +1327,7 @@ async fn initialize_caches_client_and_thread_lifecycle_publishes_once_initialize
                    },
                    capabilities: Some(InitializeCapabilities {
                        experimental_api: false,
+                        request_attestation: false,
                        opt_out_notification_methods: None,
                    }),
                },
@@ -1269,6 +1475,7 @@ async fn compaction_event_ingests_custom_fact() {
                    },
                    capabilities: Some(InitializeCapabilities {
                        experimental_api: false,
+                        request_attestation: false,
                        opt_out_notification_methods: None,
                    }),
                },
@@ -1382,6 +1589,7 @@ async fn guardian_review_event_ingests_custom_fact_with_optional_target_item() {
                    },
                    capabilities: Some(InitializeCapabilities {
                        experimental_api: false,
+                        request_attestation: false,
                        opt_out_notification_methods: None,
                    }),
                },
--- a/codex-rs/analytics/src/client.rs
+++ b/codex-rs/analytics/src/client.rs
@@ -30,6 +30,7 @@ use codex_app_server_protocol::ServerNotification;
 use codex_app_server_protocol::ServerRequest;
 use codex_app_server_protocol::ServerResponse;
 use codex_login::AuthManager;
+use codex_login::CodexAuth;
 use codex_login::default_client::create_client;
 use codex_plugin::PluginTelemetryMetadata;
 use std::collections::HashSet;
@@ -340,8 +341,9 @@ impl AnalyticsEventsClient {
        });
    }

-    pub fn track_server_response(&self, response: ServerResponse) {
+    pub fn track_server_response(&self, completed_at_ms: u64, response: ServerResponse) {
        self.record_fact(AnalyticsFact::ServerResponse {
+            completed_at_ms,
            response: Box::new(response),
        });
    }
@@ -351,6 +353,7 @@ impl AnalyticsEventsClient {
            notification,
            ServerNotification::TurnStarted(_)
                | ServerNotification::TurnCompleted(_)
+                | ServerNotification::TurnDiffUpdated(_)
                | ServerNotification::ItemStarted(_)
                | ServerNotification::ItemCompleted(_)
                | ServerNotification::ItemGuardianApprovalReviewStarted(_)
@@ -370,6 +373,7 @@ async fn send_track_events(
    if events.is_empty() {
        return;
    }
+
    let Some(auth) = auth_manager.auth().await else {
        return;
    };
@@ -379,12 +383,45 @@ async fn send_track_events(

    let base_url = base_url.trim_end_matches('/');
    let url = format!("{base_url}/codex/analytics-events/events");
+    for events in track_event_request_batches(events) {
+        send_track_events_request(&auth, &url, events).await;
+    }
+}
+
+fn track_event_request_batches(events: Vec<TrackEventRequest>) -> Vec<Vec<TrackEventRequest>> {
+    let mut batches = Vec::new();
+    let mut current_batch = Vec::new();
+
+    for event in events {
+        if event.should_send_in_isolated_request() {
+            if !current_batch.is_empty() {
+                batches.push(current_batch);
+                current_batch = Vec::new();
+            }
+            batches.push(vec![event]);
+        } else {
+            current_batch.push(event);
+        }
+    }
+
+    if !current_batch.is_empty() {
+        batches.push(current_batch);
+    }
+
+    batches
+}
+
+async fn send_track_events_request(auth: &CodexAuth, url: &str, events: Vec<TrackEventRequest>) {
+    if events.is_empty() {
+        return;
+    }
+
    let payload = TrackEventsRequest { events };

    let response = create_client()
-        .post(&url)
+        .post(url)
        .timeout(ANALYTICS_EVENTS_TIMEOUT)
-        .headers(codex_model_provider::auth_provider_from_auth(&auth).to_auth_headers())
+        .headers(codex_model_provider::auth_provider_from_auth(auth).to_auth_headers())
        .header("Content-Type", "application/json")
        .json(&payload)
        .send()
--- a/codex-rs/analytics/src/client_tests.rs
+++ b/codex-rs/analytics/src/client_tests.rs
@@ -1,6 +1,14 @@
 use super::AnalyticsEventsClient;
 use super::AnalyticsEventsQueue;
+use super::track_event_request_batches;
+use crate::events::CodexAcceptedLineFingerprintsEventParams;
+use crate::events::CodexAcceptedLineFingerprintsEventRequest;
+use crate::events::SkillInvocationEventParams;
+use crate::events::SkillInvocationEventRequest;
+use crate::events::TrackEventRequest;
+use crate::facts::AcceptedLineFingerprint;
 use crate::facts::AnalyticsFact;
+use crate::facts::InvocationType;
 use codex_app_server_protocol::ApprovalsReviewer as AppServerApprovalsReviewer;
 use codex_app_server_protocol::AskForApproval as AppServerAskForApproval;
 use codex_app_server_protocol::ClientRequest;
@@ -31,6 +39,47 @@ use std::sync::Mutex;
 use tokio::sync::mpsc;
 use tokio::sync::mpsc::error::TryRecvError;

+fn sample_accepted_line_fingerprint_event(thread_id: &str) -> TrackEventRequest {
+    TrackEventRequest::AcceptedLineFingerprints(Box::new(
+        CodexAcceptedLineFingerprintsEventRequest {
+            event_type: "codex_accepted_line_fingerprints",
+            event_params: CodexAcceptedLineFingerprintsEventParams {
+                event_type: "codex.accepted_line_fingerprints",
+                turn_id: "turn-1".to_string(),
+                thread_id: thread_id.to_string(),
+                product_surface: Some("codex".to_string()),
+                model_slug: Some("gpt-5.1-codex".to_string()),
+                completed_at: 1,
+                repo_hash: None,
+                accepted_added_lines: 1,
+                accepted_deleted_lines: 0,
+                line_fingerprints: vec![AcceptedLineFingerprint {
+                    path_hash: "path-hash".to_string(),
+                    line_hash: "line-hash".to_string(),
+                }],
+            },
+        },
+    ))
+}
+
+fn sample_regular_track_event(thread_id: &str) -> TrackEventRequest {
+    TrackEventRequest::SkillInvocation(SkillInvocationEventRequest {
+        event_type: "skill_invocation",
+        skill_id: format!("skill-{thread_id}"),
+        skill_name: "doc".to_string(),
+        event_params: SkillInvocationEventParams {
+            product_client_id: None,
+            skill_scope: None,
+            plugin_id: None,
+            repo_url: None,
+            thread_id: Some(thread_id.to_string()),
+            turn_id: Some("turn-1".to_string()),
+            invoke_type: Some(InvocationType::Explicit),
+            model_slug: Some("gpt-5.1-codex".to_string()),
+        },
+    })
+}
+
 fn client_with_receiver() -> (AnalyticsEventsClient, mpsc::Receiver<AnalyticsFact>) {
    let (sender, receiver) = mpsc::channel(8);
    let queue = AnalyticsEventsQueue {
@@ -222,3 +271,23 @@ fn track_response_only_enqueues_analytics_relevant_responses() {
    );
    assert!(matches!(receiver.try_recv(), Err(TryRecvError::Empty)));
 }
+
+#[test]
+fn track_event_request_batches_only_isolates_accepted_line_fingerprint_events() {
+    let batches = track_event_request_batches(vec![
+        sample_regular_track_event("thread-1"),
+        sample_regular_track_event("thread-2"),
+        sample_accepted_line_fingerprint_event("thread-3"),
+        sample_accepted_line_fingerprint_event("thread-4"),
+        sample_regular_track_event("thread-5"),
+        sample_regular_track_event("thread-6"),
+    ]);
+
+    assert_eq!(batches.len(), 4);
+    assert_eq!(batches[0].len(), 2);
+    assert_eq!(batches[1].len(), 1);
+    assert_eq!(batches[2].len(), 1);
+    assert_eq!(batches[3].len(), 2);
+    assert!(batches[1][0].should_send_in_isolated_request());
+    assert!(batches[2][0].should_send_in_isolated_request());
+}
--- a/codex-rs/analytics/src/events.rs
+++ b/codex-rs/analytics/src/events.rs
@@ -1,5 +1,6 @@
 use std::time::Instant;

+use crate::facts::AcceptedLineFingerprint;
 use crate::facts::AppInvocation;
 use crate::facts::CodexCompactionEvent;
 use crate::facts::CompactionImplementation;
@@ -18,6 +19,7 @@ use crate::facts::TurnStatus;
 use crate::facts::TurnSteerRejectionReason;
 use crate::facts::TurnSteerResult;
 use crate::facts::TurnSubmissionType;
+use crate::now_unix_millis;
 use crate::now_unix_seconds;
 use codex_app_server_protocol::CodexErrorInfo;
 use codex_app_server_protocol::CommandExecutionSource;
@@ -70,6 +72,9 @@ pub(crate) enum TrackEventRequest {
    CollabAgentToolCall(CodexCollabAgentToolCallEventRequest),
    WebSearch(CodexWebSearchEventRequest),
    ImageGeneration(CodexImageGenerationEventRequest),
+    AcceptedLineFingerprints(Box<CodexAcceptedLineFingerprintsEventRequest>),
+    #[allow(dead_code)]
+    ReviewEvent(CodexReviewEventRequest),
    PluginUsed(CodexPluginUsedEventRequest),
    PluginInstalled(CodexPluginEventRequest),
    PluginUninstalled(CodexPluginEventRequest),
@@ -77,6 +82,32 @@ pub(crate) enum TrackEventRequest {
    PluginDisabled(CodexPluginEventRequest),
 }

+impl TrackEventRequest {
+    pub(crate) fn should_send_in_isolated_request(&self) -> bool {
+        matches!(self, Self::AcceptedLineFingerprints(_))
+    }
+}
+
+#[derive(Serialize)]
+pub(crate) struct CodexAcceptedLineFingerprintsEventParams {
+    pub(crate) event_type: &'static str,
+    pub(crate) turn_id: String,
+    pub(crate) thread_id: String,
+    pub(crate) product_surface: Option<String>,
+    pub(crate) model_slug: Option<String>,
+    pub(crate) completed_at: u64,
+    pub(crate) repo_hash: Option<String>,
+    pub(crate) accepted_added_lines: u64,
+    pub(crate) accepted_deleted_lines: u64,
+    pub(crate) line_fingerprints: Vec<AcceptedLineFingerprint>,
+}
+
+#[derive(Serialize)]
+pub(crate) struct CodexAcceptedLineFingerprintsEventRequest {
+    pub(crate) event_type: &'static str,
+    pub(crate) event_params: CodexAcceptedLineFingerprintsEventParams,
+}
+
 #[derive(Serialize)]
 pub(crate) struct SkillInvocationEventRequest {
    pub(crate) event_type: &'static str,
@@ -259,7 +290,7 @@ pub struct GuardianReviewTrackContext {
    approval_request_source: GuardianApprovalRequestSource,
    reviewed_action: GuardianReviewedAction,
    review_timeout_ms: u64,
-    started_at: u64,
+    pub started_at_ms: u64,
    started_instant: Instant,
 }

@@ -281,7 +312,7 @@ impl GuardianReviewTrackContext {
            approval_request_source,
            reviewed_action,
            review_timeout_ms,
-            started_at: now_unix_seconds(),
+            started_at_ms: now_unix_millis(),
            started_instant: Instant::now(),
        }
    }
@@ -314,7 +345,7 @@ impl GuardianReviewTrackContext {
            tool_call_count: None,
            time_to_first_token_ms: result.time_to_first_token_ms,
            completion_latency_ms: Some(self.started_instant.elapsed().as_millis() as u64),
-            started_at: self.started_at,
+            started_at: self.started_at_ms / 1_000,
            completed_at: Some(now_unix_seconds()),
            input_tokens: result.token_usage.as_ref().map(|usage| usage.input_tokens),
            cached_input_tokens: result
@@ -442,7 +473,7 @@ pub(crate) struct CodexToolItemEventBase {
    pub(crate) item_id: String,
    pub(crate) app_server_client: CodexAppServerClientMetadata,
    pub(crate) runtime: CodexRuntimeMetadata,
-    pub(crate) thread_source: Option<&'static str>,
+    pub(crate) thread_source: Option<ThreadSource>,
    pub(crate) subagent_source: Option<String>,
    pub(crate) parent_thread_id: Option<String>,
    pub(crate) tool_name: String,
@@ -462,6 +493,83 @@ pub(crate) struct CodexToolItemEventBase {
    pub(crate) requested_network_access: bool,
 }

+#[allow(dead_code)]
+#[derive(Clone, Copy, Debug, Serialize)]
+#[serde(rename_all = "snake_case")]
+pub(crate) enum ReviewSubjectKind {
+    CommandExecution,
+    FileChange,
+    McpToolCall,
+    Permissions,
+    NetworkAccess,
+}
+
+#[allow(dead_code)]
+#[derive(Clone, Copy, Debug, Serialize)]
+#[serde(rename_all = "snake_case")]
+pub(crate) enum Reviewer {
+    Guardian,
+    User,
+}
+
+#[allow(dead_code)]
+#[derive(Clone, Copy, Debug, Serialize)]
+#[serde(rename_all = "snake_case")]
+pub(crate) enum ReviewTrigger {
+    Initial,
+    SandboxDenial,
+    NetworkPolicyDenial,
+    ExecveIntercept,
+}
+
+#[allow(dead_code)]
+#[derive(Clone, Copy, Debug, Serialize)]
+#[serde(rename_all = "snake_case")]
+pub(crate) enum ReviewStatus {
+    Approved,
+    Denied,
+    Aborted,
+    TimedOut,
+}
+
+#[allow(dead_code)]
+#[derive(Clone, Copy, Debug, Serialize)]
+#[serde(rename_all = "snake_case")]
+pub(crate) enum ReviewResolution {
+    None,
+    SessionApproval,
+    ExecPolicyAmendment,
+    NetworkPolicyAmendment,
+}
+
+#[derive(Serialize)]
+pub(crate) struct CodexReviewEventParams {
+    pub(crate) thread_id: String,
+    pub(crate) turn_id: String,
+    pub(crate) item_id: Option<String>,
+    pub(crate) review_id: String,
+    pub(crate) app_server_client: CodexAppServerClientMetadata,
+    pub(crate) runtime: CodexRuntimeMetadata,
+    pub(crate) thread_source: Option<ThreadSource>,
+    pub(crate) subagent_source: Option<String>,
+    pub(crate) parent_thread_id: Option<String>,
+    pub(crate) tool_kind: ReviewSubjectKind,
+    pub(crate) tool_name: String,
+    pub(crate) reviewer: Reviewer,
+    pub(crate) trigger: ReviewTrigger,
+    pub(crate) status: ReviewStatus,
+    pub(crate) resolution: ReviewResolution,
+    pub(crate) started_at_ms: u64,
+    pub(crate) completed_at_ms: u64,
+    pub(crate) duration_ms: Option<u64>,
+}
+
+#[derive(Serialize)]
+pub(crate) struct CodexReviewEventRequest {
+    pub(crate) event_type: &'static str,
+    pub(crate) event_params: CodexReviewEventParams,
+}
+#[allow(dead_code)]
 #[derive(Clone, Copy, Debug, Serialize)]
 #[serde(rename_all = "snake_case")]
 pub(crate) enum WebSearchActionKind {
--- a/codex-rs/analytics/src/facts.rs
+++ b/codex-rs/analytics/src/facts.rs
@@ -28,6 +28,12 @@ use codex_protocol::protocol::TokenUsage;
 use serde::Serialize;
 use std::path::PathBuf;

+#[derive(Clone, Debug, PartialEq, Eq, Serialize)]
+pub struct AcceptedLineFingerprint {
+    pub path_hash: String,
+    pub line_hash: String,
+}
+
 #[derive(Clone)]
 pub struct TrackEventsContext {
    pub model_slug: String,
@@ -296,6 +302,7 @@ pub(crate) enum AnalyticsFact {
        request: Box<ServerRequest>,
    },
    ServerResponse {
+        completed_at_ms: u64,
        response: Box<ServerResponse>,
    },
    Notification(Box<ServerNotification>),
--- a/codex-rs/analytics/src/lib.rs
+++ b/codex-rs/analytics/src/lib.rs
@@ -1,3 +1,4 @@
+mod accepted_lines;
 mod client;
 mod events;
 mod facts;
@@ -6,6 +7,8 @@ mod reducer;
 use std::time::SystemTime;
 use std::time::UNIX_EPOCH;

+pub use accepted_lines::accepted_line_fingerprints_from_unified_diff;
+pub use accepted_lines::fingerprint_hash;
 pub use client::AnalyticsEventsClient;
 pub use events::AppServerRpcTransport;
 pub use events::GuardianApprovalRequestSource;
@@ -17,6 +20,7 @@ pub use events::GuardianReviewSessionKind;
 pub use events::GuardianReviewTerminalStatus;
 pub use events::GuardianReviewTrackContext;
 pub use events::GuardianReviewedAction;
+pub use facts::AcceptedLineFingerprint;
 pub use facts::AnalyticsJsonRpcError;
 pub use facts::AppInvocation;
 pub use facts::CodexCompactionEvent;
--- a/codex-rs/analytics/src/reducer.rs
+++ b/codex-rs/analytics/src/reducer.rs
@@ -1,3 +1,7 @@
+use crate::accepted_lines::AcceptedLineFingerprintEventInput;
+use crate::accepted_lines::accepted_line_fingerprint_event_requests;
+use crate::accepted_lines::accepted_line_fingerprints_from_unified_diff;
+use crate::accepted_lines::accepted_line_repo_hash_for_cwd;
 use crate::events::AppServerRpcTransport;
 use crate::events::CodexAppMentionedEventRequest;
 use crate::events::CodexAppServerClientMetadata;
@@ -104,6 +108,7 @@ use codex_protocol::protocol::TokenUsage;
 use sha1::Digest;
 use std::collections::HashMap;
 use std::path::Path;
+use std::path::PathBuf;

 #[derive(Default)]
 pub(crate) struct AnalyticsReducer {
@@ -264,6 +269,7 @@ struct TurnState {
    started_at: Option<u64>,
    token_usage: Option<TokenUsage>,
    completed: Option<CompletedTurnState>,
+    latest_diff: Option<String>,
    steer_count: usize,
 }

@@ -305,7 +311,7 @@ impl AnalyticsReducer {
                response,
            } => {
                if let Some(response) = response.into_client_response(request_id) {
-                    self.ingest_response(connection_id, response, out);
+                    self.ingest_response(connection_id, response, out).await;
                }
            }
            AnalyticsFact::ErrorResponse {
@@ -317,7 +323,7 @@ impl AnalyticsReducer {
                self.ingest_error_response(connection_id, request_id, error_type, out);
            }
            AnalyticsFact::Notification(notification) => {
-                self.ingest_notification(*notification, out);
+                self.ingest_notification(*notification, out).await;
            }
            AnalyticsFact::ServerRequest {
                connection_id: _connection_id,
@@ -325,6 +331,7 @@ impl AnalyticsReducer {
            } => {}
            AnalyticsFact::ServerResponse {
                response: _response,
+                ..
            } => {}
            AnalyticsFact::Custom(input) => match input {
                CustomAnalyticsFact::SubAgentThreadStarted(input) => {
@@ -337,10 +344,10 @@ impl AnalyticsReducer {
                    self.ingest_guardian_review(*input, out);
                }
                CustomAnalyticsFact::TurnResolvedConfig(input) => {
-                    self.ingest_turn_resolved_config(*input, out);
+                    self.ingest_turn_resolved_config(*input, out).await;
                }
                CustomAnalyticsFact::TurnTokenUsage(input) => {
-                    self.ingest_turn_token_usage(*input, out);
+                    self.ingest_turn_token_usage(*input, out).await;
                }
                CustomAnalyticsFact::SkillInvoked(input) => {
                    self.ingest_skill_invoked(input, out).await;
@@ -472,7 +479,7 @@ impl AnalyticsReducer {
        }
    }

-    fn ingest_turn_resolved_config(
+    async fn ingest_turn_resolved_config(
        &mut self,
        input: TurnResolvedConfigFact,
        out: &mut Vec<TrackEventRequest>,
@@ -488,15 +495,16 @@ impl AnalyticsReducer {
            started_at: None,
            token_usage: None,
            completed: None,
+            latest_diff: None,
            steer_count: 0,
        });
        turn_state.thread_id = Some(thread_id);
        turn_state.num_input_images = Some(num_input_images);
        turn_state.resolved_config = Some(input);
-        self.maybe_emit_turn_event(&turn_id, out);
+        self.maybe_emit_turn_event(&turn_id, out).await;
    }

-    fn ingest_turn_token_usage(
+    async fn ingest_turn_token_usage(
        &mut self,
        input: TurnTokenUsageFact,
        out: &mut Vec<TrackEventRequest>,
@@ -510,11 +518,12 @@ impl AnalyticsReducer {
            started_at: None,
            token_usage: None,
            completed: None,
+            latest_diff: None,
            steer_count: 0,
        });
        turn_state.thread_id = Some(input.thread_id);
        turn_state.token_usage = Some(input.token_usage);
-        self.maybe_emit_turn_event(&turn_id, out);
+        self.maybe_emit_turn_event(&turn_id, out).await;
    }

    async fn ingest_skill_invoked(
@@ -621,7 +630,7 @@ impl AnalyticsReducer {
        });
    }

-    fn ingest_response(
+    async fn ingest_response(
        &mut self,
        connection_id: u64,
        response: ClientResponse,
@@ -673,12 +682,13 @@ impl AnalyticsReducer {
                    started_at: None,
                    token_usage: None,
                    completed: None,
+                    latest_diff: None,
                    steer_count: 0,
                });
                turn_state.connection_id = Some(connection_id);
                turn_state.thread_id = Some(pending_request.thread_id);
                turn_state.num_input_images = Some(pending_request.num_input_images);
-                self.maybe_emit_turn_event(&turn_id, out);
+                self.maybe_emit_turn_event(&turn_id, out).await;
            }
            ClientResponse::TurnSteer {
                request_id,
@@ -740,7 +750,7 @@ impl AnalyticsReducer {
        );
    }

-    fn ingest_notification(
+    async fn ingest_notification(
        &mut self,
        notification: ServerNotification,
        out: &mut Vec<TrackEventRequest>,
@@ -811,6 +821,7 @@ impl AnalyticsReducer {
                    started_at: None,
                    token_usage: None,
                    completed: None,
+                    latest_diff: None,
                    steer_count: 0,
                });
                turn_state.started_at = notification
@@ -818,6 +829,24 @@ impl AnalyticsReducer {
                    .started_at
                    .and_then(|started_at| u64::try_from(started_at).ok());
            }
+            ServerNotification::TurnDiffUpdated(notification) => {
+                let turn_state =
+                    self.turns
+                        .entry(notification.turn_id.clone())
+                        .or_insert(TurnState {
+                            connection_id: None,
+                            thread_id: None,
+                            num_input_images: None,
+                            resolved_config: None,
+                            started_at: None,
+                            token_usage: None,
+                            completed: None,
+                            latest_diff: None,
+                            steer_count: 0,
+                        });
+                turn_state.thread_id = Some(notification.thread_id);
+                turn_state.latest_diff = Some(notification.diff);
+            }
            ServerNotification::TurnCompleted(notification) => {
                let turn_state =
                    self.turns
@@ -830,6 +859,7 @@ impl AnalyticsReducer {
                            started_at: None,
                            token_usage: None,
                            completed: None,
+                            latest_diff: None,
                            steer_count: 0,
                        });
                turn_state.completed = Some(CompletedTurnState {
@@ -849,7 +879,7 @@ impl AnalyticsReducer {
                        .and_then(|duration_ms| u64::try_from(duration_ms).ok()),
                });
                let turn_id = notification.turn.id;
-                self.maybe_emit_turn_event(&turn_id, out);
+                self.maybe_emit_turn_event(&turn_id, out).await;
            }
            _ => {}
        }
@@ -985,7 +1015,7 @@ impl AnalyticsReducer {
        }));
    }

-    fn maybe_emit_turn_event(&mut self, turn_id: &str, out: &mut Vec<TrackEventRequest>) {
+    async fn maybe_emit_turn_event(&mut self, turn_id: &str, out: &mut Vec<TrackEventRequest>) {
        let Some(turn_state) = self.turns.get(turn_id) else {
            return;
        };
@@ -1018,18 +1048,23 @@ impl AnalyticsReducer {
            warn_missing_analytics_context(&drop_site, MissingAnalyticsContext::ThreadMetadata);
            return;
        };
-        out.push(TrackEventRequest::TurnEvent(Box::new(
-            CodexTurnEventRequest {
-                event_type: "codex_turn_event",
-                event_params: codex_turn_event_params(
-                    connection_state.app_server_client.clone(),
-                    connection_state.runtime.clone(),
-                    turn_id.to_string(),
-                    turn_state,
-                    thread_metadata,
-                ),
-            },
-        )));
+        let turn_event = TrackEventRequest::TurnEvent(Box::new(CodexTurnEventRequest {
+            event_type: "codex_turn_event",
+            event_params: codex_turn_event_params(
+                connection_state.app_server_client.clone(),
+                connection_state.runtime.clone(),
+                turn_id.to_string(),
+                turn_state,
+                thread_metadata,
+            ),
+        }));
+        let accepted_line_event = accepted_line_event_input(turn_id, turn_state);
+
+        out.push(turn_event);
+        if let Some((mut input, cwd)) = accepted_line_event {
+            input.repo_hash = accepted_line_repo_hash_for_cwd(cwd.as_path()).await;
+            out.extend(accepted_line_fingerprint_event_requests(input));
+        }
        self.turns.remove(turn_id);
    }

@@ -1447,7 +1482,7 @@ fn tool_item_base(
        item_id,
        app_server_client: context.connection_state.app_server_client.clone(),
        runtime: context.connection_state.runtime.clone(),
-        thread_source: thread_metadata.thread_source.map(ThreadSource::as_str),
+        thread_source: thread_metadata.thread_source,
        subagent_source: thread_metadata.subagent_source.clone(),
        parent_thread_id: thread_metadata.parent_thread_id.clone(),
        tool_name,
@@ -1641,6 +1676,36 @@ fn web_search_query_count(query: &str, action: Option<&WebSearchAction>) -> Opti
    }
 }

+fn accepted_line_event_input(
+    turn_id: &str,
+    turn_state: &TurnState,
+) -> Option<(AcceptedLineFingerprintEventInput, PathBuf)> {
+    let latest_diff = turn_state.latest_diff.as_deref()?;
+    let summary = accepted_line_fingerprints_from_unified_diff(latest_diff);
+    if summary.accepted_added_lines == 0 && summary.accepted_deleted_lines == 0 {
+        return None;
+    }
+
+    let thread_id = turn_state.thread_id.clone()?;
+    let resolved_config = turn_state.resolved_config.clone()?;
+
+    Some((
+        AcceptedLineFingerprintEventInput {
+            event_type: "codex.accepted_line_fingerprints",
+            turn_id: turn_id.to_string(),
+            thread_id,
+            product_surface: Some("codex".to_string()),
+            model_slug: Some(resolved_config.model.clone()),
+            completed_at: now_unix_seconds(),
+            repo_hash: None,
+            accepted_added_lines: summary.accepted_added_lines,
+            accepted_deleted_lines: summary.accepted_deleted_lines,
+            line_fingerprints: summary.line_fingerprints,
+        },
+        resolved_config.permission_profile_cwd,
+    ))
+}
+
 fn codex_turn_event_params(
    app_server_client: CodexAppServerClientMetadata,
    runtime: CodexRuntimeMetadata,
--- a/codex-rs/ansi-escape/Cargo.toml
+++ b/codex-rs/ansi-escape/Cargo.toml
@@ -7,6 +7,8 @@ license.workspace = true
 [lib]
 name = "codex_ansi_escape"
 path = "src/lib.rs"
+test = false
+doctest = false

 [lints]
 workspace = true
--- a/codex-rs/app-server-client/Cargo.toml
+++ b/codex-rs/app-server-client/Cargo.toml
@@ -7,6 +7,7 @@ license.workspace = true
 [lib]
 name = "codex_app_server_client"
 path = "src/lib.rs"
+doctest = false

 [lints]
 workspace = true
--- a/codex-rs/app-server-client/src/lib.rs
+++ b/codex-rs/app-server-client/src/lib.rs
@@ -49,7 +49,6 @@ use codex_config::RemoteThreadConfigLoader;
 use codex_config::ThreadConfigLoader;
 use codex_core::config::Config;
 pub use codex_exec_server::EnvironmentManager;
-pub use codex_exec_server::EnvironmentManagerArgs;
 pub use codex_exec_server::ExecServerRuntimePaths;
 use codex_feedback::CodexFeedback;
 use codex_protocol::protocol::SessionSource;
@@ -375,6 +374,7 @@ impl InProcessClientStartArgs {
    pub fn initialize_params(&self) -> InitializeParams {
        let capabilities = InitializeCapabilities {
            experimental_api: self.experimental_api,
+            request_attestation: false,
            opt_out_notification_methods: if self.opt_out_notification_methods.is_empty() {
                None
            } else {
--- a/codex-rs/app-server-client/src/remote.rs
+++ b/codex-rs/app-server-client/src/remote.rs
@@ -73,6 +73,7 @@ impl RemoteAppServerConnectArgs {
    fn initialize_params(&self) -> InitializeParams {
        let capabilities = InitializeCapabilities {
            experimental_api: self.experimental_api,
+            request_attestation: false,
            opt_out_notification_methods: if self.opt_out_notification_methods.is_empty() {
                None
            } else {
--- a/codex-rs/app-server-protocol/Cargo.toml
+++ b/codex-rs/app-server-protocol/Cargo.toml
@@ -7,6 +7,7 @@ license.workspace = true
 [lib]
 name = "codex_app_server_protocol"
 path = "src/lib.rs"
+doctest = false

 [lints]
 workspace = true
--- a/codex-rs/app-server-protocol/schema/json/AttestationGenerateParams.json
+++ b/codex-rs/app-server-protocol/schema/json/AttestationGenerateParams.json
@@ -0,0 +1,5 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "title": "AttestationGenerateParams",
+  "type": "object"
+}
--- a/codex-rs/app-server-protocol/schema/json/AttestationGenerateResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/AttestationGenerateResponse.json
@@ -1,14 +1,14 @@
 {
  "$schema": "http://json-schema.org/draft-07/schema#",
-  "description": "Fetch a controller-local device key public key by id.",
  "properties": {
-    "keyId": {
+    "token": {
+      "description": "Opaque client attestation token.",
      "type": "string"
    }
  },
  "required": [
-    "keyId"
+    "token"
  ],
-  "title": "DeviceKeyPublicParams",
+  "title": "AttestationGenerateResponse",
  "type": "object"
 }
--- a/codex-rs/app-server-protocol/schema/json/ClientRequest.json
+++ b/codex-rs/app-server-protocol/schema/json/ClientRequest.json
@@ -533,200 +533,6 @@
        }
      ]
    },
-    "DeviceKeyCreateParams": {
-      "description": "Create a controller-local device key with a random key id.",
-      "properties": {
-        "accountUserId": {
-          "type": "string"
-        },
-        "clientId": {
-          "type": "string"
-        },
-        "protectionPolicy": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/DeviceKeyProtectionPolicy"
-            },
-            {
-              "type": "null"
-            }
-          ],
-          "description": "Defaults to `hardware_only` when omitted."
-        }
-      },
-      "required": [
-        "accountUserId",
-        "clientId"
-      ],
-      "type": "object"
-    },
-    "DeviceKeyProtectionPolicy": {
-      "description": "Protection policy for creating or loading a controller-local device key.",
-      "enum": [
-        "hardware_only",
-        "allow_os_protected_nonextractable"
-      ],
-      "type": "string"
-    },
-    "DeviceKeyPublicParams": {
-      "description": "Fetch a controller-local device key public key by id.",
-      "properties": {
-        "keyId": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "keyId"
-      ],
-      "type": "object"
-    },
-    "DeviceKeySignParams": {
-      "description": "Sign an accepted structured payload with a controller-local device key.",
-      "properties": {
-        "keyId": {
-          "type": "string"
-        },
-        "payload": {
-          "$ref": "#/definitions/DeviceKeySignPayload"
-        }
-      },
-      "required": [
-        "keyId",
-        "payload"
-      ],
-      "type": "object"
-    },
-    "DeviceKeySignPayload": {
-      "description": "Structured payloads accepted by `device/key/sign`.",
-      "oneOf": [
-        {
-          "description": "Payload bound to one remote-control controller websocket `/client` connection challenge.",
-          "properties": {
-            "accountUserId": {
-              "type": "string"
-            },
-            "audience": {
-              "$ref": "#/definitions/RemoteControlClientConnectionAudience"
-            },
-            "clientId": {
-              "type": "string"
-            },
-            "nonce": {
-              "type": "string"
-            },
-            "scopes": {
-              "description": "Must contain exactly `remote_control_controller_websocket`.",
-              "items": {
-                "type": "string"
-              },
-              "type": "array"
-            },
-            "sessionId": {
-              "description": "Backend-issued websocket session id that this proof authorizes.",
-              "type": "string"
-            },
-            "targetOrigin": {
-              "description": "Origin of the backend endpoint that issued the challenge and will verify this proof.",
-              "type": "string"
-            },
-            "targetPath": {
-              "description": "Websocket route path that this proof authorizes.",
-              "type": "string"
-            },
-            "tokenExpiresAt": {
-              "description": "Remote-control token expiration as Unix seconds.",
-              "format": "int64",
-              "type": "integer"
-            },
-            "tokenSha256Base64url": {
-              "description": "SHA-256 of the controller-scoped remote-control token, encoded as unpadded base64url.",
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "remoteControlClientConnection"
-              ],
-              "title": "RemoteControlClientConnectionDeviceKeySignPayloadType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "accountUserId",
-            "audience",
-            "clientId",
-            "nonce",
-            "scopes",
-            "sessionId",
-            "targetOrigin",
-            "targetPath",
-            "tokenExpiresAt",
-            "tokenSha256Base64url",
-            "type"
-          ],
-          "title": "RemoteControlClientConnectionDeviceKeySignPayload",
-          "type": "object"
-        },
-        {
-          "description": "Payload bound to a remote-control client `/client/enroll` ownership challenge.",
-          "properties": {
-            "accountUserId": {
-              "type": "string"
-            },
-            "audience": {
-              "$ref": "#/definitions/RemoteControlClientEnrollmentAudience"
-            },
-            "challengeExpiresAt": {
-              "description": "Enrollment challenge expiration as Unix seconds.",
-              "format": "int64",
-              "type": "integer"
-            },
-            "challengeId": {
-              "description": "Backend-issued enrollment challenge id that this proof authorizes.",
-              "type": "string"
-            },
-            "clientId": {
-              "type": "string"
-            },
-            "deviceIdentitySha256Base64url": {
-              "description": "SHA-256 of the requested device identity operation, encoded as unpadded base64url.",
-              "type": "string"
-            },
-            "nonce": {
-              "type": "string"
-            },
-            "targetOrigin": {
-              "description": "Origin of the backend endpoint that issued the challenge and will verify this proof.",
-              "type": "string"
-            },
-            "targetPath": {
-              "description": "HTTP route path that this proof authorizes.",
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "remoteControlClientEnrollment"
-              ],
-              "title": "RemoteControlClientEnrollmentDeviceKeySignPayloadType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "accountUserId",
-            "audience",
-            "challengeExpiresAt",
-            "challengeId",
-            "clientId",
-            "deviceIdentitySha256Base64url",
-            "nonce",
-            "targetOrigin",
-            "targetPath",
-            "type"
-          ],
-          "title": "RemoteControlClientEnrollmentDeviceKeySignPayload",
-          "type": "object"
-        }
-      ]
-    },
    "DynamicToolSpec": {
      "properties": {
        "deferLoading": {
@@ -1453,6 +1259,11 @@
            "array",
            "null"
          ]
+        },
+        "requestAttestation": {
+          "default": false,
+          "description": "Opt into `attestation/generate` requests for upstream `x-oai-attestation`.",
+          "type": "boolean"
        }
      },
      "type": "object"
@@ -2285,8 +2096,18 @@
      ],
      "type": "object"
    },
+    "PluginShareUpdateDiscoverability": {
+      "enum": [
+        "UNLISTED",
+        "PRIVATE"
+      ],
+      "type": "string"
+    },
    "PluginShareUpdateTargetsParams": {
      "properties": {
+        "discoverability": {
+          "$ref": "#/definitions/PluginShareUpdateDiscoverability"
+        },
        "remotePluginId": {
          "type": "string"
        },
@@ -2298,6 +2119,7 @@
        }
      },
      "required": [
+        "discoverability",
        "remotePluginId",
        "shareTargets"
      ],
@@ -2504,20 +2326,6 @@
        }
      ]
    },
-    "RemoteControlClientConnectionAudience": {
-      "description": "Audience for a remote-control client connection device-key proof.",
-      "enum": [
-        "remote_control_client_websocket"
-      ],
-      "type": "string"
-    },
-    "RemoteControlClientEnrollmentAudience": {
-      "description": "Audience for a remote-control client enrollment device-key proof.",
-      "enum": [
-        "remote_control_client_enrollment"
-      ],
-      "type": "string"
-    },
    "RequestId": {
      "anyOf": [
        {
@@ -3420,24 +3228,6 @@
      ],
      "type": "object"
    },
-    "SkillsListExtraRootsForCwd": {
-      "properties": {
-        "cwd": {
-          "type": "string"
-        },
-        "extraUserRoots": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "required": [
-        "cwd",
-        "extraUserRoots"
-      ],
-      "type": "object"
-    },
    "SkillsListParams": {
      "properties": {
        "cwds": {
@@ -3450,17 +3240,6 @@
        "forceReload": {
          "description": "When true, bypass the skills cache and re-scan skills from disk.",
          "type": "boolean"
-        },
-        "perCwdExtraUserRoots": {
-          "default": null,
-          "description": "Optional per-cwd extra roots to scan as user-scoped skills.",
-          "items": {
-            "$ref": "#/definitions/SkillsListExtraRootsForCwd"
-          },
-          "type": [
-            "array",
-            "null"
-          ]
        }
      },
      "type": "object"
@@ -4304,6 +4083,31 @@
      ],
      "type": "object"
    },
+    "TurnItemsView": {
+      "oneOf": [
+        {
+          "description": "`items` was not loaded for this turn. The field is intentionally empty.",
+          "enum": [
+            "notLoaded"
+          ],
+          "type": "string"
+        },
+        {
+          "description": "`items` contains only a display summary for this turn.",
+          "enum": [
+            "summary"
+          ],
+          "type": "string"
+        },
+        {
+          "description": "`items` contains every ThreadItem available from persisted app-server history for this turn.",
+          "enum": [
+            "full"
+          ],
+          "type": "string"
+        }
+      ]
+    },
    "TurnStartParams": {
      "properties": {
        "approvalPolicy": {
@@ -5308,78 +5112,6 @@
      "title": "App/listRequest",
      "type": "object"
    },
-    {
-      "properties": {
-        "id": {
-          "$ref": "#/definitions/RequestId"
-        },
-        "method": {
-          "enum": [
-            "device/key/create"
-          ],
-          "title": "Device/key/createRequestMethod",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "#/definitions/DeviceKeyCreateParams"
-        }
-      },
-      "required": [
-        "id",
-        "method",
-        "params"
-      ],
-      "title": "Device/key/createRequest",
-      "type": "object"
-    },
-    {
-      "properties": {
-        "id": {
-          "$ref": "#/definitions/RequestId"
-        },
-        "method": {
-          "enum": [
-            "device/key/public"
-          ],
-          "title": "Device/key/publicRequestMethod",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "#/definitions/DeviceKeyPublicParams"
-        }
-      },
-      "required": [
-        "id",
-        "method",
-        "params"
-      ],
-      "title": "Device/key/publicRequest",
-      "type": "object"
-    },
-    {
-      "properties": {
-        "id": {
-          "$ref": "#/definitions/RequestId"
-        },
-        "method": {
-          "enum": [
-            "device/key/sign"
-          ],
-          "title": "Device/key/signRequestMethod",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "#/definitions/DeviceKeySignParams"
-        }
-      },
-      "required": [
-        "id",
-        "method",
-        "params"
-      ],
-      "title": "Device/key/signRequest",
-      "type": "object"
-    },
    {
      "properties": {
        "id": {
--- a/codex-rs/app-server-protocol/schema/json/CommandExecutionRequestApprovalParams.json
+++ b/codex-rs/app-server-protocol/schema/json/CommandExecutionRequestApprovalParams.json
@@ -593,6 +593,11 @@
        "null"
      ]
    },
+    "startedAtMs": {
+      "description": "Unix timestamp (in milliseconds) when this approval request started.",
+      "format": "int64",
+      "type": "integer"
+    },
    "threadId": {
      "type": "string"
    },
@@ -602,6 +607,7 @@
  },
  "required": [
    "itemId",
+    "startedAtMs",
    "threadId",
    "turnId"
  ],
--- a/codex-rs/app-server-protocol/schema/json/FileChangeRequestApprovalParams.json
+++ b/codex-rs/app-server-protocol/schema/json/FileChangeRequestApprovalParams.json
@@ -18,6 +18,11 @@
        "null"
      ]
    },
+    "startedAtMs": {
+      "description": "Unix timestamp (in milliseconds) when this approval request started.",
+      "format": "int64",
+      "type": "integer"
+    },
    "threadId": {
      "type": "string"
    },
@@ -27,6 +32,7 @@
  },
  "required": [
    "itemId",
+    "startedAtMs",
    "threadId",
    "turnId"
  ],
--- a/codex-rs/app-server-protocol/schema/json/PermissionsRequestApprovalParams.json
+++ b/codex-rs/app-server-protocol/schema/json/PermissionsRequestApprovalParams.json
@@ -297,6 +297,11 @@
        "null"
      ]
    },
+    "startedAtMs": {
+      "description": "Unix timestamp (in milliseconds) when this approval request started.",
+      "format": "int64",
+      "type": "integer"
+    },
    "threadId": {
      "type": "string"
    },
@@ -308,6 +313,7 @@
    "cwd",
    "itemId",
    "permissions",
+    "startedAtMs",
    "threadId",
    "turnId"
  ],
--- a/codex-rs/app-server-protocol/schema/json/ServerNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/ServerNotification.json
@@ -1963,6 +1963,11 @@
        "action": {
          "$ref": "#/definitions/GuardianApprovalReviewAction"
        },
+        "completedAtMs": {
+          "description": "Unix timestamp (in milliseconds) when this review completed.",
+          "format": "int64",
+          "type": "integer"
+        },
        "decisionSource": {
          "$ref": "#/definitions/AutoReviewDecisionSource"
        },
@@ -1973,6 +1978,11 @@
          "description": "Stable identifier for this review.",
          "type": "string"
        },
+        "startedAtMs": {
+          "description": "Unix timestamp (in milliseconds) when this review started.",
+          "format": "int64",
+          "type": "integer"
+        },
        "targetItemId": {
          "description": "Identifier for the reviewed item or tool call when one exists.\n\nIn most cases, one review maps to one target item. The exceptions are - execve reviews, where a single command may contain multiple execve calls to review (only possible when using the shell_zsh_fork feature) - network policy reviews, where there is no target item\n\nA network call is triggered by a CommandExecution item, so having a target_item_id set to the CommandExecution item would be misleading because the review is about the network call, not the command execution. Therefore, target_item_id is set to None for network policy reviews.",
          "type": [
@@ -1989,9 +1999,11 @@
      },
      "required": [
        "action",
+        "completedAtMs",
        "decisionSource",
        "review",
        "reviewId",
+        "startedAtMs",
        "threadId",
        "turnId"
      ],
@@ -2010,6 +2022,11 @@
          "description": "Stable identifier for this review.",
          "type": "string"
        },
+        "startedAtMs": {
+          "description": "Unix timestamp (in milliseconds) when this review started.",
+          "format": "int64",
+          "type": "integer"
+        },
        "targetItemId": {
          "description": "Identifier for the reviewed item or tool call when one exists.\n\nIn most cases, one review maps to one target item. The exceptions are - execve reviews, where a single command may contain multiple execve calls to review (only possible when using the shell_zsh_fork feature) - network policy reviews, where there is no target item\n\nA network call is triggered by a CommandExecution item, so having a target_item_id set to the CommandExecution item would be misleading because the review is about the network call, not the command execution. Therefore, target_item_id is set to None for network policy reviews.",
          "type": [
@@ -2028,6 +2045,7 @@
        "action",
        "review",
        "reviewId",
+        "startedAtMs",
        "threadId",
        "turnId"
      ],
@@ -2719,7 +2737,7 @@
      "type": "string"
    },
    "RemoteControlStatusChangedNotification": {
-      "description": "Current remote-control connection status and environment id exposed to clients.",
+      "description": "Current remote-control connection status and remote identity exposed to clients.",
      "properties": {
        "environmentId": {
          "type": [
@@ -2727,11 +2745,15 @@
            "null"
          ]
        },
+        "installationId": {
+          "type": "string"
+        },
        "status": {
          "$ref": "#/definitions/RemoteControlConnectionStatus"
        }
      },
      "required": [
+        "installationId",
        "status"
      ],
      "type": "object"
--- a/codex-rs/app-server-protocol/schema/json/ServerRequest.json
+++ b/codex-rs/app-server-protocol/schema/json/ServerRequest.json
@@ -121,6 +121,9 @@
      ],
      "type": "object"
    },
+    "AttestationGenerateParams": {
+      "type": "object"
+    },
    "ChatgptAuthTokensRefreshParams": {
      "properties": {
        "previousAccountId": {
@@ -417,6 +420,11 @@
            "null"
          ]
        },
+        "startedAtMs": {
+          "description": "Unix timestamp (in milliseconds) when this approval request started.",
+          "format": "int64",
+          "type": "integer"
+        },
        "threadId": {
          "type": "string"
        },
@@ -426,6 +434,7 @@
      },
      "required": [
        "itemId",
+        "startedAtMs",
        "threadId",
        "turnId"
      ],
@@ -598,6 +607,11 @@
            "null"
          ]
        },
+        "startedAtMs": {
+          "description": "Unix timestamp (in milliseconds) when this approval request started.",
+          "format": "int64",
+          "type": "integer"
+        },
        "threadId": {
          "type": "string"
        },
@@ -607,6 +621,7 @@
      },
      "required": [
        "itemId",
+        "startedAtMs",
        "threadId",
        "turnId"
      ],
@@ -1587,6 +1602,11 @@
            "null"
          ]
        },
+        "startedAtMs": {
+          "description": "Unix timestamp (in milliseconds) when this approval request started.",
+          "format": "int64",
+          "type": "integer"
+        },
        "threadId": {
          "type": "string"
        },
@@ -1598,6 +1618,7 @@
        "cwd",
        "itemId",
        "permissions",
+        "startedAtMs",
        "threadId",
        "turnId"
      ],
@@ -1900,6 +1921,31 @@
      "title": "Account/chatgptAuthTokens/refreshRequest",
      "type": "object"
    },
+    {
+      "description": "Generate a fresh upstream attestation result on demand.",
+      "properties": {
+        "id": {
+          "$ref": "#/definitions/RequestId"
+        },
+        "method": {
+          "enum": [
+            "attestation/generate"
+          ],
+          "title": "Attestation/generateRequestMethod",
+          "type": "string"
+        },
+        "params": {
+          "$ref": "#/definitions/AttestationGenerateParams"
+        }
+      },
+      "required": [
+        "id",
+        "method",
+        "params"
+      ],
+      "title": "Attestation/generateRequest",
+      "type": "object"
+    },
    {
      "description": "DEPRECATED APIs below Request to approve a patch. This request is used for Turns started via the legacy APIs (i.e. SendUserTurn, SendUserMessage).",
      "properties": {
--- a/codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.schemas.json
+++ b/codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.schemas.json
@@ -83,6 +83,25 @@
      "title": "ApplyPatchApprovalResponse",
      "type": "object"
    },
+    "AttestationGenerateParams": {
+      "$schema": "http://json-schema.org/draft-07/schema#",
+      "title": "AttestationGenerateParams",
+      "type": "object"
+    },
+    "AttestationGenerateResponse": {
+      "$schema": "http://json-schema.org/draft-07/schema#",
+      "properties": {
+        "token": {
+          "description": "Opaque client attestation token.",
+          "type": "string"
+        }
+      },
+      "required": [
+        "token"
+      ],
+      "title": "AttestationGenerateResponse",
+      "type": "object"
+    },
    "ChatgptAuthTokensRefreshParams": {
      "$schema": "http://json-schema.org/draft-07/schema#",
      "properties": {
@@ -906,78 +925,6 @@
          "title": "App/listRequest",
          "type": "object"
        },
-        {
-          "properties": {
-            "id": {
-              "$ref": "#/definitions/v2/RequestId"
-            },
-            "method": {
-              "enum": [
-                "device/key/create"
-              ],
-              "title": "Device/key/createRequestMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/v2/DeviceKeyCreateParams"
-            }
-          },
-          "required": [
-            "id",
-            "method",
-            "params"
-          ],
-          "title": "Device/key/createRequest",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "id": {
-              "$ref": "#/definitions/v2/RequestId"
-            },
-            "method": {
-              "enum": [
-                "device/key/public"
-              ],
-              "title": "Device/key/publicRequestMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/v2/DeviceKeyPublicParams"
-            }
-          },
-          "required": [
-            "id",
-            "method",
-            "params"
-          ],
-          "title": "Device/key/publicRequest",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "id": {
-              "$ref": "#/definitions/v2/RequestId"
-            },
-            "method": {
-              "enum": [
-                "device/key/sign"
-              ],
-              "title": "Device/key/signRequestMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/v2/DeviceKeySignParams"
-            }
-          },
-          "required": [
-            "id",
-            "method",
-            "params"
-          ],
-          "title": "Device/key/signRequest",
-          "type": "object"
-        },
        {
          "properties": {
            "id": {
@@ -2218,6 +2165,11 @@
            "null"
          ]
        },
+        "startedAtMs": {
+          "description": "Unix timestamp (in milliseconds) when this approval request started.",
+          "format": "int64",
+          "type": "integer"
+        },
        "threadId": {
          "type": "string"
        },
@@ -2227,6 +2179,7 @@
      },
      "required": [
        "itemId",
+        "startedAtMs",
        "threadId",
        "turnId"
      ],
@@ -2483,6 +2436,11 @@
            "null"
          ]
        },
+        "startedAtMs": {
+          "description": "Unix timestamp (in milliseconds) when this approval request started.",
+          "format": "int64",
+          "type": "integer"
+        },
        "threadId": {
          "type": "string"
        },
@@ -2492,6 +2450,7 @@
      },
      "required": [
        "itemId",
+        "startedAtMs",
        "threadId",
        "turnId"
      ],
@@ -2680,6 +2639,11 @@
            "array",
            "null"
          ]
+        },
+        "requestAttestation": {
+          "default": false,
+          "description": "Opt into `attestation/generate` requests for upstream `x-oai-attestation`.",
+          "type": "boolean"
        }
      },
      "type": "object"
@@ -3663,6 +3627,11 @@
            "null"
          ]
        },
+        "startedAtMs": {
+          "description": "Unix timestamp (in milliseconds) when this approval request started.",
+          "format": "int64",
+          "type": "integer"
+        },
        "threadId": {
          "type": "string"
        },
@@ -3674,6 +3643,7 @@
        "cwd",
        "itemId",
        "permissions",
+        "startedAtMs",
        "threadId",
        "turnId"
      ],
@@ -5261,6 +5231,31 @@
          "title": "Account/chatgptAuthTokens/refreshRequest",
          "type": "object"
        },
+        {
+          "description": "Generate a fresh upstream attestation result on demand.",
+          "properties": {
+            "id": {
+              "$ref": "#/definitions/v2/RequestId"
+            },
+            "method": {
+              "enum": [
+                "attestation/generate"
+              ],
+              "title": "Attestation/generateRequestMethod",
+              "type": "string"
+            },
+            "params": {
+              "$ref": "#/definitions/AttestationGenerateParams"
+            }
+          },
+          "required": [
+            "id",
+            "method",
+            "params"
+          ],
+          "title": "Attestation/generateRequest",
+          "type": "object"
+        },
        {
          "description": "DEPRECATED APIs below Request to approve a patch. This request is used for Turns started via the legacy APIs (i.e. SendUserTurn, SendUserMessage).",
          "properties": {
@@ -7947,300 +7942,6 @@
        "title": "DeprecationNoticeNotification",
        "type": "object"
      },
-      "DeviceKeyAlgorithm": {
-        "description": "Device-key algorithm reported at enrollment and signing boundaries.",
-        "enum": [
-          "ecdsa_p256_sha256"
-        ],
-        "type": "string"
-      },
-      "DeviceKeyCreateParams": {
-        "$schema": "http://json-schema.org/draft-07/schema#",
-        "description": "Create a controller-local device key with a random key id.",
-        "properties": {
-          "accountUserId": {
-            "type": "string"
-          },
-          "clientId": {
-            "type": "string"
-          },
-          "protectionPolicy": {
-            "anyOf": [
-              {
-                "$ref": "#/definitions/v2/DeviceKeyProtectionPolicy"
-              },
-              {
-                "type": "null"
-              }
-            ],
-            "description": "Defaults to `hardware_only` when omitted."
-          }
-        },
-        "required": [
-          "accountUserId",
-          "clientId"
-        ],
-        "title": "DeviceKeyCreateParams",
-        "type": "object"
-      },
-      "DeviceKeyCreateResponse": {
-        "$schema": "http://json-schema.org/draft-07/schema#",
-        "description": "Device-key metadata and public key returned by create/public APIs.",
-        "properties": {
-          "algorithm": {
-            "$ref": "#/definitions/v2/DeviceKeyAlgorithm"
-          },
-          "keyId": {
-            "type": "string"
-          },
-          "protectionClass": {
-            "$ref": "#/definitions/v2/DeviceKeyProtectionClass"
-          },
-          "publicKeySpkiDerBase64": {
-            "description": "SubjectPublicKeyInfo DER encoded as base64.",
-            "type": "string"
-          }
-        },
-        "required": [
-          "algorithm",
-          "keyId",
-          "protectionClass",
-          "publicKeySpkiDerBase64"
-        ],
-        "title": "DeviceKeyCreateResponse",
-        "type": "object"
-      },
-      "DeviceKeyProtectionClass": {
-        "description": "Platform protection class for a controller-local device key.",
-        "enum": [
-          "hardware_secure_enclave",
-          "hardware_tpm",
-          "os_protected_nonextractable"
-        ],
-        "type": "string"
-      },
-      "DeviceKeyProtectionPolicy": {
-        "description": "Protection policy for creating or loading a controller-local device key.",
-        "enum": [
-          "hardware_only",
-          "allow_os_protected_nonextractable"
-        ],
-        "type": "string"
-      },
-      "DeviceKeyPublicParams": {
-        "$schema": "http://json-schema.org/draft-07/schema#",
-        "description": "Fetch a controller-local device key public key by id.",
-        "properties": {
-          "keyId": {
-            "type": "string"
-          }
-        },
-        "required": [
-          "keyId"
-        ],
-        "title": "DeviceKeyPublicParams",
-        "type": "object"
-      },
-      "DeviceKeyPublicResponse": {
-        "$schema": "http://json-schema.org/draft-07/schema#",
-        "description": "Device-key public metadata returned by `device/key/public`.",
-        "properties": {
-          "algorithm": {
-            "$ref": "#/definitions/v2/DeviceKeyAlgorithm"
-          },
-          "keyId": {
-            "type": "string"
-          },
-          "protectionClass": {
-            "$ref": "#/definitions/v2/DeviceKeyProtectionClass"
-          },
-          "publicKeySpkiDerBase64": {
-            "description": "SubjectPublicKeyInfo DER encoded as base64.",
-            "type": "string"
-          }
-        },
-        "required": [
-          "algorithm",
-          "keyId",
-          "protectionClass",
-          "publicKeySpkiDerBase64"
-        ],
-        "title": "DeviceKeyPublicResponse",
-        "type": "object"
-      },
-      "DeviceKeySignParams": {
-        "$schema": "http://json-schema.org/draft-07/schema#",
-        "description": "Sign an accepted structured payload with a controller-local device key.",
-        "properties": {
-          "keyId": {
-            "type": "string"
-          },
-          "payload": {
-            "$ref": "#/definitions/v2/DeviceKeySignPayload"
-          }
-        },
-        "required": [
-          "keyId",
-          "payload"
-        ],
-        "title": "DeviceKeySignParams",
-        "type": "object"
-      },
-      "DeviceKeySignPayload": {
-        "description": "Structured payloads accepted by `device/key/sign`.",
-        "oneOf": [
-          {
-            "description": "Payload bound to one remote-control controller websocket `/client` connection challenge.",
-            "properties": {
-              "accountUserId": {
-                "type": "string"
-              },
-              "audience": {
-                "$ref": "#/definitions/v2/RemoteControlClientConnectionAudience"
-              },
-              "clientId": {
-                "type": "string"
-              },
-              "nonce": {
-                "type": "string"
-              },
-              "scopes": {
-                "description": "Must contain exactly `remote_control_controller_websocket`.",
-                "items": {
-                  "type": "string"
-                },
-                "type": "array"
-              },
-              "sessionId": {
-                "description": "Backend-issued websocket session id that this proof authorizes.",
-                "type": "string"
-              },
-              "targetOrigin": {
-                "description": "Origin of the backend endpoint that issued the challenge and will verify this proof.",
-                "type": "string"
-              },
-              "targetPath": {
-                "description": "Websocket route path that this proof authorizes.",
-                "type": "string"
-              },
-              "tokenExpiresAt": {
-                "description": "Remote-control token expiration as Unix seconds.",
-                "format": "int64",
-                "type": "integer"
-              },
-              "tokenSha256Base64url": {
-                "description": "SHA-256 of the controller-scoped remote-control token, encoded as unpadded base64url.",
-                "type": "string"
-              },
-              "type": {
-                "enum": [
-                  "remoteControlClientConnection"
-                ],
-                "title": "RemoteControlClientConnectionDeviceKeySignPayloadType",
-                "type": "string"
-              }
-            },
-            "required": [
-              "accountUserId",
-              "audience",
-              "clientId",
-              "nonce",
-              "scopes",
-              "sessionId",
-              "targetOrigin",
-              "targetPath",
-              "tokenExpiresAt",
-              "tokenSha256Base64url",
-              "type"
-            ],
-            "title": "RemoteControlClientConnectionDeviceKeySignPayload",
-            "type": "object"
-          },
-          {
-            "description": "Payload bound to a remote-control client `/client/enroll` ownership challenge.",
-            "properties": {
-              "accountUserId": {
-                "type": "string"
-              },
-              "audience": {
-                "$ref": "#/definitions/v2/RemoteControlClientEnrollmentAudience"
-              },
-              "challengeExpiresAt": {
-                "description": "Enrollment challenge expiration as Unix seconds.",
-                "format": "int64",
-                "type": "integer"
-              },
-              "challengeId": {
-                "description": "Backend-issued enrollment challenge id that this proof authorizes.",
-                "type": "string"
-              },
-              "clientId": {
-                "type": "string"
-              },
-              "deviceIdentitySha256Base64url": {
-                "description": "SHA-256 of the requested device identity operation, encoded as unpadded base64url.",
-                "type": "string"
-              },
-              "nonce": {
-                "type": "string"
-              },
-              "targetOrigin": {
-                "description": "Origin of the backend endpoint that issued the challenge and will verify this proof.",
-                "type": "string"
-              },
-              "targetPath": {
-                "description": "HTTP route path that this proof authorizes.",
-                "type": "string"
-              },
-              "type": {
-                "enum": [
-                  "remoteControlClientEnrollment"
-                ],
-                "title": "RemoteControlClientEnrollmentDeviceKeySignPayloadType",
-                "type": "string"
-              }
-            },
-            "required": [
-              "accountUserId",
-              "audience",
-              "challengeExpiresAt",
-              "challengeId",
-              "clientId",
-              "deviceIdentitySha256Base64url",
-              "nonce",
-              "targetOrigin",
-              "targetPath",
-              "type"
-            ],
-            "title": "RemoteControlClientEnrollmentDeviceKeySignPayload",
-            "type": "object"
-          }
-        ]
-      },
-      "DeviceKeySignResponse": {
-        "$schema": "http://json-schema.org/draft-07/schema#",
-        "description": "ASN.1 DER signature returned by `device/key/sign`.",
-        "properties": {
-          "algorithm": {
-            "$ref": "#/definitions/v2/DeviceKeyAlgorithm"
-          },
-          "signatureDerBase64": {
-            "description": "ECDSA signature DER encoded as base64.",
-            "type": "string"
-          },
-          "signedPayloadBase64": {
-            "description": "Exact bytes signed by the device key, encoded as base64. Verifiers must verify this byte string directly and must not reserialize `payload`.",
-            "type": "string"
-          }
-        },
-        "required": [
-          "algorithm",
-          "signatureDerBase64",
-          "signedPayloadBase64"
-        ],
-        "title": "DeviceKeySignResponse",
-        "type": "object"
-      },
      "DynamicToolCallOutputContentItem": {
        "oneOf": [
          {
@@ -10244,6 +9945,11 @@
          "action": {
            "$ref": "#/definitions/v2/GuardianApprovalReviewAction"
          },
+          "completedAtMs": {
+            "description": "Unix timestamp (in milliseconds) when this review completed.",
+            "format": "int64",
+            "type": "integer"
+          },
          "decisionSource": {
            "$ref": "#/definitions/v2/AutoReviewDecisionSource"
          },
@@ -10254,6 +9960,11 @@
            "description": "Stable identifier for this review.",
            "type": "string"
          },
+          "startedAtMs": {
+            "description": "Unix timestamp (in milliseconds) when this review started.",
+            "format": "int64",
+            "type": "integer"
+          },
          "targetItemId": {
            "description": "Identifier for the reviewed item or tool call when one exists.\n\nIn most cases, one review maps to one target item. The exceptions are - execve reviews, where a single command may contain multiple execve calls to review (only possible when using the shell_zsh_fork feature) - network policy reviews, where there is no target item\n\nA network call is triggered by a CommandExecution item, so having a target_item_id set to the CommandExecution item would be misleading because the review is about the network call, not the command execution. Therefore, target_item_id is set to None for network policy reviews.",
            "type": [
@@ -10270,9 +9981,11 @@
        },
        "required": [
          "action",
+          "completedAtMs",
          "decisionSource",
          "review",
          "reviewId",
+          "startedAtMs",
          "threadId",
          "turnId"
        ],
@@ -10293,6 +10006,11 @@
            "description": "Stable identifier for this review.",
            "type": "string"
          },
+          "startedAtMs": {
+            "description": "Unix timestamp (in milliseconds) when this review started.",
+            "format": "int64",
+            "type": "integer"
+          },
          "targetItemId": {
            "description": "Identifier for the reviewed item or tool call when one exists.\n\nIn most cases, one review maps to one target item. The exceptions are - execve reviews, where a single command may contain multiple execve calls to review (only possible when using the shell_zsh_fork feature) - network policy reviews, where there is no target item\n\nA network call is triggered by a CommandExecution item, so having a target_item_id set to the CommandExecution item would be misleading because the review is about the network call, not the command execution. Therefore, target_item_id is set to None for network policy reviews.",
            "type": [
@@ -10311,6 +10029,7 @@
          "action",
          "review",
          "reviewId",
+          "startedAtMs",
          "threadId",
          "turnId"
        ],
@@ -12553,6 +12272,21 @@
          },
          "remotePluginId": {
            "type": "string"
+          },
+          "shareTargets": {
+            "items": {
+              "$ref": "#/definitions/v2/PluginSharePrincipal"
+            },
+            "type": [
+              "array",
+              "null"
+            ]
+          },
+          "shareUrl": {
+            "type": [
+              "string",
+              "null"
+            ]
          }
        },
        "required": [
@@ -12729,9 +12463,19 @@
        ],
        "type": "object"
      },
+      "PluginShareUpdateDiscoverability": {
+        "enum": [
+          "UNLISTED",
+          "PRIVATE"
+        ],
+        "type": "string"
+      },
      "PluginShareUpdateTargetsParams": {
        "$schema": "http://json-schema.org/draft-07/schema#",
        "properties": {
+          "discoverability": {
+            "$ref": "#/definitions/v2/PluginShareUpdateDiscoverability"
+          },
          "remotePluginId": {
            "type": "string"
          },
@@ -12743,6 +12487,7 @@
          }
        },
        "required": [
+          "discoverability",
          "remotePluginId",
          "shareTargets"
        ],
@@ -12752,6 +12497,9 @@
      "PluginShareUpdateTargetsResponse": {
        "$schema": "http://json-schema.org/draft-07/schema#",
        "properties": {
+          "discoverability": {
+            "$ref": "#/definitions/v2/PluginShareDiscoverability"
+          },
          "principals": {
            "items": {
              "$ref": "#/definitions/v2/PluginSharePrincipal"
@@ -12760,6 +12508,7 @@
          }
        },
        "required": [
+          "discoverability",
          "principals"
        ],
        "title": "PluginShareUpdateTargetsResponse",
@@ -13595,20 +13344,6 @@
        "title": "ReasoningTextDeltaNotification",
        "type": "object"
      },
-      "RemoteControlClientConnectionAudience": {
-        "description": "Audience for a remote-control client connection device-key proof.",
-        "enum": [
-          "remote_control_client_websocket"
-        ],
-        "type": "string"
-      },
-      "RemoteControlClientEnrollmentAudience": {
-        "description": "Audience for a remote-control client enrollment device-key proof.",
-        "enum": [
-          "remote_control_client_enrollment"
-        ],
-        "type": "string"
-      },
      "RemoteControlConnectionStatus": {
        "enum": [
          "disabled",
@@ -13620,7 +13355,7 @@
      },
      "RemoteControlStatusChangedNotification": {
        "$schema": "http://json-schema.org/draft-07/schema#",
-        "description": "Current remote-control connection status and environment id exposed to clients.",
+        "description": "Current remote-control connection status and remote identity exposed to clients.",
        "properties": {
          "environmentId": {
            "type": [
@@ -13628,11 +13363,15 @@
              "null"
            ]
          },
+          "installationId": {
+            "type": "string"
+          },
          "status": {
            "$ref": "#/definitions/v2/RemoteControlConnectionStatus"
          }
        },
        "required": [
+          "installationId",
          "status"
        ],
        "title": "RemoteControlStatusChangedNotification",
@@ -15095,24 +14834,6 @@
        ],
        "type": "object"
      },
-      "SkillsListExtraRootsForCwd": {
-        "properties": {
-          "cwd": {
-            "type": "string"
-          },
-          "extraUserRoots": {
-            "items": {
-              "type": "string"
-            },
-            "type": "array"
-          }
-        },
-        "required": [
-          "cwd",
-          "extraUserRoots"
-        ],
-        "type": "object"
-      },
      "SkillsListParams": {
        "$schema": "http://json-schema.org/draft-07/schema#",
        "properties": {
@@ -15126,17 +14847,6 @@
          "forceReload": {
            "description": "When true, bypass the skills cache and re-scan skills from disk.",
            "type": "boolean"
-          },
-          "perCwdExtraUserRoots": {
-            "default": null,
-            "description": "Optional per-cwd extra roots to scan as user-scoped skills.",
-            "items": {
-              "$ref": "#/definitions/v2/SkillsListExtraRootsForCwd"
-            },
-            "type": [
-              "array",
-              "null"
-            ]
          }
        },
        "title": "SkillsListParams",
--- a/codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.v2.schemas.json
+++ b/codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.v2.schemas.json
@@ -1665,78 +1665,6 @@
          "title": "App/listRequest",
          "type": "object"
        },
-        {
-          "properties": {
-            "id": {
-              "$ref": "#/definitions/RequestId"
-            },
-            "method": {
-              "enum": [
-                "device/key/create"
-              ],
-              "title": "Device/key/createRequestMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/DeviceKeyCreateParams"
-            }
-          },
-          "required": [
-            "id",
-            "method",
-            "params"
-          ],
-          "title": "Device/key/createRequest",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "id": {
-              "$ref": "#/definitions/RequestId"
-            },
-            "method": {
-              "enum": [
-                "device/key/public"
-              ],
-              "title": "Device/key/publicRequestMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/DeviceKeyPublicParams"
-            }
-          },
-          "required": [
-            "id",
-            "method",
-            "params"
-          ],
-          "title": "Device/key/publicRequest",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "id": {
-              "$ref": "#/definitions/RequestId"
-            },
-            "method": {
-              "enum": [
-                "device/key/sign"
-              ],
-              "title": "Device/key/signRequestMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/DeviceKeySignParams"
-            }
-          },
-          "required": [
-            "id",
-            "method",
-            "params"
-          ],
-          "title": "Device/key/signRequest",
-          "type": "object"
-        },
        {
          "properties": {
            "id": {
@@ -4403,300 +4331,6 @@
      "title": "DeprecationNoticeNotification",
      "type": "object"
    },
-    "DeviceKeyAlgorithm": {
-      "description": "Device-key algorithm reported at enrollment and signing boundaries.",
-      "enum": [
-        "ecdsa_p256_sha256"
-      ],
-      "type": "string"
-    },
-    "DeviceKeyCreateParams": {
-      "$schema": "http://json-schema.org/draft-07/schema#",
-      "description": "Create a controller-local device key with a random key id.",
-      "properties": {
-        "accountUserId": {
-          "type": "string"
-        },
-        "clientId": {
-          "type": "string"
-        },
-        "protectionPolicy": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/DeviceKeyProtectionPolicy"
-            },
-            {
-              "type": "null"
-            }
-          ],
-          "description": "Defaults to `hardware_only` when omitted."
-        }
-      },
-      "required": [
-        "accountUserId",
-        "clientId"
-      ],
-      "title": "DeviceKeyCreateParams",
-      "type": "object"
-    },
-    "DeviceKeyCreateResponse": {
-      "$schema": "http://json-schema.org/draft-07/schema#",
-      "description": "Device-key metadata and public key returned by create/public APIs.",
-      "properties": {
-        "algorithm": {
-          "$ref": "#/definitions/DeviceKeyAlgorithm"
-        },
-        "keyId": {
-          "type": "string"
-        },
-        "protectionClass": {
-          "$ref": "#/definitions/DeviceKeyProtectionClass"
-        },
-        "publicKeySpkiDerBase64": {
-          "description": "SubjectPublicKeyInfo DER encoded as base64.",
-          "type": "string"
-        }
-      },
-      "required": [
-        "algorithm",
-        "keyId",
-        "protectionClass",
-        "publicKeySpkiDerBase64"
-      ],
-      "title": "DeviceKeyCreateResponse",
-      "type": "object"
-    },
-    "DeviceKeyProtectionClass": {
-      "description": "Platform protection class for a controller-local device key.",
-      "enum": [
-        "hardware_secure_enclave",
-        "hardware_tpm",
-        "os_protected_nonextractable"
-      ],
-      "type": "string"
-    },
-    "DeviceKeyProtectionPolicy": {
-      "description": "Protection policy for creating or loading a controller-local device key.",
-      "enum": [
-        "hardware_only",
-        "allow_os_protected_nonextractable"
-      ],
-      "type": "string"
-    },
-    "DeviceKeyPublicParams": {
-      "$schema": "http://json-schema.org/draft-07/schema#",
-      "description": "Fetch a controller-local device key public key by id.",
-      "properties": {
-        "keyId": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "keyId"
-      ],
-      "title": "DeviceKeyPublicParams",
-      "type": "object"
-    },
-    "DeviceKeyPublicResponse": {
-      "$schema": "http://json-schema.org/draft-07/schema#",
-      "description": "Device-key public metadata returned by `device/key/public`.",
-      "properties": {
-        "algorithm": {
-          "$ref": "#/definitions/DeviceKeyAlgorithm"
-        },
-        "keyId": {
-          "type": "string"
-        },
-        "protectionClass": {
-          "$ref": "#/definitions/DeviceKeyProtectionClass"
-        },
-        "publicKeySpkiDerBase64": {
-          "description": "SubjectPublicKeyInfo DER encoded as base64.",
-          "type": "string"
-        }
-      },
-      "required": [
-        "algorithm",
-        "keyId",
-        "protectionClass",
-        "publicKeySpkiDerBase64"
-      ],
-      "title": "DeviceKeyPublicResponse",
-      "type": "object"
-    },
-    "DeviceKeySignParams": {
-      "$schema": "http://json-schema.org/draft-07/schema#",
-      "description": "Sign an accepted structured payload with a controller-local device key.",
-      "properties": {
-        "keyId": {
-          "type": "string"
-        },
-        "payload": {
-          "$ref": "#/definitions/DeviceKeySignPayload"
-        }
-      },
-      "required": [
-        "keyId",
-        "payload"
-      ],
-      "title": "DeviceKeySignParams",
-      "type": "object"
-    },
-    "DeviceKeySignPayload": {
-      "description": "Structured payloads accepted by `device/key/sign`.",
-      "oneOf": [
-        {
-          "description": "Payload bound to one remote-control controller websocket `/client` connection challenge.",
-          "properties": {
-            "accountUserId": {
-              "type": "string"
-            },
-            "audience": {
-              "$ref": "#/definitions/RemoteControlClientConnectionAudience"
-            },
-            "clientId": {
-              "type": "string"
-            },
-            "nonce": {
-              "type": "string"
-            },
-            "scopes": {
-              "description": "Must contain exactly `remote_control_controller_websocket`.",
-              "items": {
-                "type": "string"
-              },
-              "type": "array"
-            },
-            "sessionId": {
-              "description": "Backend-issued websocket session id that this proof authorizes.",
-              "type": "string"
-            },
-            "targetOrigin": {
-              "description": "Origin of the backend endpoint that issued the challenge and will verify this proof.",
-              "type": "string"
-            },
-            "targetPath": {
-              "description": "Websocket route path that this proof authorizes.",
-              "type": "string"
-            },
-            "tokenExpiresAt": {
-              "description": "Remote-control token expiration as Unix seconds.",
-              "format": "int64",
-              "type": "integer"
-            },
-            "tokenSha256Base64url": {
-              "description": "SHA-256 of the controller-scoped remote-control token, encoded as unpadded base64url.",
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "remoteControlClientConnection"
-              ],
-              "title": "RemoteControlClientConnectionDeviceKeySignPayloadType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "accountUserId",
-            "audience",
-            "clientId",
-            "nonce",
-            "scopes",
-            "sessionId",
-            "targetOrigin",
-            "targetPath",
-            "tokenExpiresAt",
-            "tokenSha256Base64url",
-            "type"
-          ],
-          "title": "RemoteControlClientConnectionDeviceKeySignPayload",
-          "type": "object"
-        },
-        {
-          "description": "Payload bound to a remote-control client `/client/enroll` ownership challenge.",
-          "properties": {
-            "accountUserId": {
-              "type": "string"
-            },
-            "audience": {
-              "$ref": "#/definitions/RemoteControlClientEnrollmentAudience"
-            },
-            "challengeExpiresAt": {
-              "description": "Enrollment challenge expiration as Unix seconds.",
-              "format": "int64",
-              "type": "integer"
-            },
-            "challengeId": {
-              "description": "Backend-issued enrollment challenge id that this proof authorizes.",
-              "type": "string"
-            },
-            "clientId": {
-              "type": "string"
-            },
-            "deviceIdentitySha256Base64url": {
-              "description": "SHA-256 of the requested device identity operation, encoded as unpadded base64url.",
-              "type": "string"
-            },
-            "nonce": {
-              "type": "string"
-            },
-            "targetOrigin": {
-              "description": "Origin of the backend endpoint that issued the challenge and will verify this proof.",
-              "type": "string"
-            },
-            "targetPath": {
-              "description": "HTTP route path that this proof authorizes.",
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "remoteControlClientEnrollment"
-              ],
-              "title": "RemoteControlClientEnrollmentDeviceKeySignPayloadType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "accountUserId",
-            "audience",
-            "challengeExpiresAt",
-            "challengeId",
-            "clientId",
-            "deviceIdentitySha256Base64url",
-            "nonce",
-            "targetOrigin",
-            "targetPath",
-            "type"
-          ],
-          "title": "RemoteControlClientEnrollmentDeviceKeySignPayload",
-          "type": "object"
-        }
-      ]
-    },
-    "DeviceKeySignResponse": {
-      "$schema": "http://json-schema.org/draft-07/schema#",
-      "description": "ASN.1 DER signature returned by `device/key/sign`.",
-      "properties": {
-        "algorithm": {
-          "$ref": "#/definitions/DeviceKeyAlgorithm"
-        },
-        "signatureDerBase64": {
-          "description": "ECDSA signature DER encoded as base64.",
-          "type": "string"
-        },
-        "signedPayloadBase64": {
-          "description": "Exact bytes signed by the device key, encoded as base64. Verifiers must verify this byte string directly and must not reserialize `payload`.",
-          "type": "string"
-        }
-      },
-      "required": [
-        "algorithm",
-        "signatureDerBase64",
-        "signedPayloadBase64"
-      ],
-      "title": "DeviceKeySignResponse",
-      "type": "object"
-    },
    "DynamicToolCallOutputContentItem": {
      "oneOf": [
        {
@@ -6775,6 +6409,11 @@
            "array",
            "null"
          ]
+        },
+        "requestAttestation": {
+          "default": false,
+          "description": "Opt into `attestation/generate` requests for upstream `x-oai-attestation`.",
+          "type": "boolean"
        }
      },
      "type": "object"
@@ -6855,6 +6494,11 @@
        "action": {
          "$ref": "#/definitions/GuardianApprovalReviewAction"
        },
+        "completedAtMs": {
+          "description": "Unix timestamp (in milliseconds) when this review completed.",
+          "format": "int64",
+          "type": "integer"
+        },
        "decisionSource": {
          "$ref": "#/definitions/AutoReviewDecisionSource"
        },
@@ -6865,6 +6509,11 @@
          "description": "Stable identifier for this review.",
          "type": "string"
        },
+        "startedAtMs": {
+          "description": "Unix timestamp (in milliseconds) when this review started.",
+          "format": "int64",
+          "type": "integer"
+        },
        "targetItemId": {
          "description": "Identifier for the reviewed item or tool call when one exists.\n\nIn most cases, one review maps to one target item. The exceptions are - execve reviews, where a single command may contain multiple execve calls to review (only possible when using the shell_zsh_fork feature) - network policy reviews, where there is no target item\n\nA network call is triggered by a CommandExecution item, so having a target_item_id set to the CommandExecution item would be misleading because the review is about the network call, not the command execution. Therefore, target_item_id is set to None for network policy reviews.",
          "type": [
@@ -6881,9 +6530,11 @@
      },
      "required": [
        "action",
+        "completedAtMs",
        "decisionSource",
        "review",
        "reviewId",
+        "startedAtMs",
        "threadId",
        "turnId"
      ],
@@ -6904,6 +6555,11 @@
          "description": "Stable identifier for this review.",
          "type": "string"
        },
+        "startedAtMs": {
+          "description": "Unix timestamp (in milliseconds) when this review started.",
+          "format": "int64",
+          "type": "integer"
+        },
        "targetItemId": {
          "description": "Identifier for the reviewed item or tool call when one exists.\n\nIn most cases, one review maps to one target item. The exceptions are - execve reviews, where a single command may contain multiple execve calls to review (only possible when using the shell_zsh_fork feature) - network policy reviews, where there is no target item\n\nA network call is triggered by a CommandExecution item, so having a target_item_id set to the CommandExecution item would be misleading because the review is about the network call, not the command execution. Therefore, target_item_id is set to None for network policy reviews.",
          "type": [
@@ -6922,6 +6578,7 @@
        "action",
        "review",
        "reviewId",
+        "startedAtMs",
        "threadId",
        "turnId"
      ],
@@ -9164,6 +8821,21 @@
        },
        "remotePluginId": {
          "type": "string"
+        },
+        "shareTargets": {
+          "items": {
+            "$ref": "#/definitions/PluginSharePrincipal"
+          },
+          "type": [
+            "array",
+            "null"
+          ]
+        },
+        "shareUrl": {
+          "type": [
+            "string",
+            "null"
+          ]
        }
      },
      "required": [
@@ -9340,9 +9012,19 @@
      ],
      "type": "object"
    },
+    "PluginShareUpdateDiscoverability": {
+      "enum": [
+        "UNLISTED",
+        "PRIVATE"
+      ],
+      "type": "string"
+    },
    "PluginShareUpdateTargetsParams": {
      "$schema": "http://json-schema.org/draft-07/schema#",
      "properties": {
+        "discoverability": {
+          "$ref": "#/definitions/PluginShareUpdateDiscoverability"
+        },
        "remotePluginId": {
          "type": "string"
        },
@@ -9354,6 +9036,7 @@
        }
      },
      "required": [
+        "discoverability",
        "remotePluginId",
        "shareTargets"
      ],
@@ -9363,6 +9046,9 @@
    "PluginShareUpdateTargetsResponse": {
      "$schema": "http://json-schema.org/draft-07/schema#",
      "properties": {
+        "discoverability": {
+          "$ref": "#/definitions/PluginShareDiscoverability"
+        },
        "principals": {
          "items": {
            "$ref": "#/definitions/PluginSharePrincipal"
@@ -9371,6 +9057,7 @@
        }
      },
      "required": [
+        "discoverability",
        "principals"
      ],
      "title": "PluginShareUpdateTargetsResponse",
@@ -10206,20 +9893,6 @@
      "title": "ReasoningTextDeltaNotification",
      "type": "object"
    },
-    "RemoteControlClientConnectionAudience": {
-      "description": "Audience for a remote-control client connection device-key proof.",
-      "enum": [
-        "remote_control_client_websocket"
-      ],
-      "type": "string"
-    },
-    "RemoteControlClientEnrollmentAudience": {
-      "description": "Audience for a remote-control client enrollment device-key proof.",
-      "enum": [
-        "remote_control_client_enrollment"
-      ],
-      "type": "string"
-    },
    "RemoteControlConnectionStatus": {
      "enum": [
        "disabled",
@@ -10231,7 +9904,7 @@
    },
    "RemoteControlStatusChangedNotification": {
      "$schema": "http://json-schema.org/draft-07/schema#",
-      "description": "Current remote-control connection status and environment id exposed to clients.",
+      "description": "Current remote-control connection status and remote identity exposed to clients.",
      "properties": {
        "environmentId": {
          "type": [
@@ -10239,11 +9912,15 @@
            "null"
          ]
        },
+        "installationId": {
+          "type": "string"
+        },
        "status": {
          "$ref": "#/definitions/RemoteControlConnectionStatus"
        }
      },
      "required": [
+        "installationId",
        "status"
      ],
      "title": "RemoteControlStatusChangedNotification",
@@ -12981,24 +12658,6 @@
      ],
      "type": "object"
    },
-    "SkillsListExtraRootsForCwd": {
-      "properties": {
-        "cwd": {
-          "type": "string"
-        },
-        "extraUserRoots": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "required": [
-        "cwd",
-        "extraUserRoots"
-      ],
-      "type": "object"
-    },
    "SkillsListParams": {
      "$schema": "http://json-schema.org/draft-07/schema#",
      "properties": {
@@ -13012,17 +12671,6 @@
        "forceReload": {
          "description": "When true, bypass the skills cache and re-scan skills from disk.",
          "type": "boolean"
-        },
-        "perCwdExtraUserRoots": {
-          "default": null,
-          "description": "Optional per-cwd extra roots to scan as user-scoped skills.",
-          "items": {
-            "$ref": "#/definitions/SkillsListExtraRootsForCwd"
-          },
-          "type": [
-            "array",
-            "null"
-          ]
        }
      },
      "title": "SkillsListParams",
--- a/codex-rs/app-server-protocol/schema/json/v1/InitializeParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/InitializeParams.json
@@ -39,6 +39,11 @@
            "array",
            "null"
          ]
+        },
+        "requestAttestation": {
+          "default": false,
+          "description": "Opt into `attestation/generate` requests for upstream `x-oai-attestation`.",
+          "type": "boolean"
        }
      },
      "type": "object"
--- a/codex-rs/app-server-protocol/schema/json/v2/DeviceKeyCreateParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/DeviceKeyCreateParams.json
@@ -1,39 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "DeviceKeyProtectionPolicy": {
-      "description": "Protection policy for creating or loading a controller-local device key.",
-      "enum": [
-        "hardware_only",
-        "allow_os_protected_nonextractable"
-      ],
-      "type": "string"
-    }
-  },
-  "description": "Create a controller-local device key with a random key id.",
-  "properties": {
-    "accountUserId": {
-      "type": "string"
-    },
-    "clientId": {
-      "type": "string"
-    },
-    "protectionPolicy": {
-      "anyOf": [
-        {
-          "$ref": "#/definitions/DeviceKeyProtectionPolicy"
-        },
-        {
-          "type": "null"
-        }
-      ],
-      "description": "Defaults to `hardware_only` when omitted."
-    }
-  },
-  "required": [
-    "accountUserId",
-    "clientId"
-  ],
-  "title": "DeviceKeyCreateParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/DeviceKeyCreateResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/DeviceKeyCreateResponse.json
@@ -1,45 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "DeviceKeyAlgorithm": {
-      "description": "Device-key algorithm reported at enrollment and signing boundaries.",
-      "enum": [
-        "ecdsa_p256_sha256"
-      ],
-      "type": "string"
-    },
-    "DeviceKeyProtectionClass": {
-      "description": "Platform protection class for a controller-local device key.",
-      "enum": [
-        "hardware_secure_enclave",
-        "hardware_tpm",
-        "os_protected_nonextractable"
-      ],
-      "type": "string"
-    }
-  },
-  "description": "Device-key metadata and public key returned by create/public APIs.",
-  "properties": {
-    "algorithm": {
-      "$ref": "#/definitions/DeviceKeyAlgorithm"
-    },
-    "keyId": {
-      "type": "string"
-    },
-    "protectionClass": {
-      "$ref": "#/definitions/DeviceKeyProtectionClass"
-    },
-    "publicKeySpkiDerBase64": {
-      "description": "SubjectPublicKeyInfo DER encoded as base64.",
-      "type": "string"
-    }
-  },
-  "required": [
-    "algorithm",
-    "keyId",
-    "protectionClass",
-    "publicKeySpkiDerBase64"
-  ],
-  "title": "DeviceKeyCreateResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/DeviceKeyPublicResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/DeviceKeyPublicResponse.json
@@ -1,45 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "DeviceKeyAlgorithm": {
-      "description": "Device-key algorithm reported at enrollment and signing boundaries.",
-      "enum": [
-        "ecdsa_p256_sha256"
-      ],
-      "type": "string"
-    },
-    "DeviceKeyProtectionClass": {
-      "description": "Platform protection class for a controller-local device key.",
-      "enum": [
-        "hardware_secure_enclave",
-        "hardware_tpm",
-        "os_protected_nonextractable"
-      ],
-      "type": "string"
-    }
-  },
-  "description": "Device-key public metadata returned by `device/key/public`.",
-  "properties": {
-    "algorithm": {
-      "$ref": "#/definitions/DeviceKeyAlgorithm"
-    },
-    "keyId": {
-      "type": "string"
-    },
-    "protectionClass": {
-      "$ref": "#/definitions/DeviceKeyProtectionClass"
-    },
-    "publicKeySpkiDerBase64": {
-      "description": "SubjectPublicKeyInfo DER encoded as base64.",
-      "type": "string"
-    }
-  },
-  "required": [
-    "algorithm",
-    "keyId",
-    "protectionClass",
-    "publicKeySpkiDerBase64"
-  ],
-  "title": "DeviceKeyPublicResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/DeviceKeySignParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/DeviceKeySignParams.json
@@ -1,165 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "DeviceKeySignPayload": {
-      "description": "Structured payloads accepted by `device/key/sign`.",
-      "oneOf": [
-        {
-          "description": "Payload bound to one remote-control controller websocket `/client` connection challenge.",
-          "properties": {
-            "accountUserId": {
-              "type": "string"
-            },
-            "audience": {
-              "$ref": "#/definitions/RemoteControlClientConnectionAudience"
-            },
-            "clientId": {
-              "type": "string"
-            },
-            "nonce": {
-              "type": "string"
-            },
-            "scopes": {
-              "description": "Must contain exactly `remote_control_controller_websocket`.",
-              "items": {
-                "type": "string"
-              },
-              "type": "array"
-            },
-            "sessionId": {
-              "description": "Backend-issued websocket session id that this proof authorizes.",
-              "type": "string"
-            },
-            "targetOrigin": {
-              "description": "Origin of the backend endpoint that issued the challenge and will verify this proof.",
-              "type": "string"
-            },
-            "targetPath": {
-              "description": "Websocket route path that this proof authorizes.",
-              "type": "string"
-            },
-            "tokenExpiresAt": {
-              "description": "Remote-control token expiration as Unix seconds.",
-              "format": "int64",
-              "type": "integer"
-            },
-            "tokenSha256Base64url": {
-              "description": "SHA-256 of the controller-scoped remote-control token, encoded as unpadded base64url.",
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "remoteControlClientConnection"
-              ],
-              "title": "RemoteControlClientConnectionDeviceKeySignPayloadType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "accountUserId",
-            "audience",
-            "clientId",
-            "nonce",
-            "scopes",
-            "sessionId",
-            "targetOrigin",
-            "targetPath",
-            "tokenExpiresAt",
-            "tokenSha256Base64url",
-            "type"
-          ],
-          "title": "RemoteControlClientConnectionDeviceKeySignPayload",
-          "type": "object"
-        },
-        {
-          "description": "Payload bound to a remote-control client `/client/enroll` ownership challenge.",
-          "properties": {
-            "accountUserId": {
-              "type": "string"
-            },
-            "audience": {
-              "$ref": "#/definitions/RemoteControlClientEnrollmentAudience"
-            },
-            "challengeExpiresAt": {
-              "description": "Enrollment challenge expiration as Unix seconds.",
-              "format": "int64",
-              "type": "integer"
-            },
-            "challengeId": {
-              "description": "Backend-issued enrollment challenge id that this proof authorizes.",
-              "type": "string"
-            },
-            "clientId": {
-              "type": "string"
-            },
-            "deviceIdentitySha256Base64url": {
-              "description": "SHA-256 of the requested device identity operation, encoded as unpadded base64url.",
-              "type": "string"
-            },
-            "nonce": {
-              "type": "string"
-            },
-            "targetOrigin": {
-              "description": "Origin of the backend endpoint that issued the challenge and will verify this proof.",
-              "type": "string"
-            },
-            "targetPath": {
-              "description": "HTTP route path that this proof authorizes.",
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "remoteControlClientEnrollment"
-              ],
-              "title": "RemoteControlClientEnrollmentDeviceKeySignPayloadType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "accountUserId",
-            "audience",
-            "challengeExpiresAt",
-            "challengeId",
-            "clientId",
-            "deviceIdentitySha256Base64url",
-            "nonce",
-            "targetOrigin",
-            "targetPath",
-            "type"
-          ],
-          "title": "RemoteControlClientEnrollmentDeviceKeySignPayload",
-          "type": "object"
-        }
-      ]
-    },
-    "RemoteControlClientConnectionAudience": {
-      "description": "Audience for a remote-control client connection device-key proof.",
-      "enum": [
-        "remote_control_client_websocket"
-      ],
-      "type": "string"
-    },
-    "RemoteControlClientEnrollmentAudience": {
-      "description": "Audience for a remote-control client enrollment device-key proof.",
-      "enum": [
-        "remote_control_client_enrollment"
-      ],
-      "type": "string"
-    }
-  },
-  "description": "Sign an accepted structured payload with a controller-local device key.",
-  "properties": {
-    "keyId": {
-      "type": "string"
-    },
-    "payload": {
-      "$ref": "#/definitions/DeviceKeySignPayload"
-    }
-  },
-  "required": [
-    "keyId",
-    "payload"
-  ],
-  "title": "DeviceKeySignParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/DeviceKeySignResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/DeviceKeySignResponse.json
@@ -1,33 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "DeviceKeyAlgorithm": {
-      "description": "Device-key algorithm reported at enrollment and signing boundaries.",
-      "enum": [
-        "ecdsa_p256_sha256"
-      ],
-      "type": "string"
-    }
-  },
-  "description": "ASN.1 DER signature returned by `device/key/sign`.",
-  "properties": {
-    "algorithm": {
-      "$ref": "#/definitions/DeviceKeyAlgorithm"
-    },
-    "signatureDerBase64": {
-      "description": "ECDSA signature DER encoded as base64.",
-      "type": "string"
-    },
-    "signedPayloadBase64": {
-      "description": "Exact bytes signed by the device key, encoded as base64. Verifiers must verify this byte string directly and must not reserialize `payload`.",
-      "type": "string"
-    }
-  },
-  "required": [
-    "algorithm",
-    "signatureDerBase64",
-    "signedPayloadBase64"
-  ],
-  "title": "DeviceKeySignResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v2/ItemGuardianApprovalReviewCompletedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ItemGuardianApprovalReviewCompletedNotification.json
@@ -574,6 +574,11 @@
    "action": {
      "$ref": "#/definitions/GuardianApprovalReviewAction"
    },
+    "completedAtMs": {
+      "description": "Unix timestamp (in milliseconds) when this review completed.",
+      "format": "int64",
+      "type": "integer"
+    },
    "decisionSource": {
      "$ref": "#/definitions/AutoReviewDecisionSource"
    },
@@ -584,6 +589,11 @@
      "description": "Stable identifier for this review.",
      "type": "string"
    },
+    "startedAtMs": {
+      "description": "Unix timestamp (in milliseconds) when this review started.",
+      "format": "int64",
+      "type": "integer"
+    },
    "targetItemId": {
      "description": "Identifier for the reviewed item or tool call when one exists.\n\nIn most cases, one review maps to one target item. The exceptions are - execve reviews, where a single command may contain multiple execve calls to review (only possible when using the shell_zsh_fork feature) - network policy reviews, where there is no target item\n\nA network call is triggered by a CommandExecution item, so having a target_item_id set to the CommandExecution item would be misleading because the review is about the network call, not the command execution. Therefore, target_item_id is set to None for network policy reviews.",
      "type": [
@@ -600,9 +610,11 @@
  },
  "required": [
    "action",
+    "completedAtMs",
    "decisionSource",
    "review",
    "reviewId",
+    "startedAtMs",
    "threadId",
    "turnId"
  ],
--- a/codex-rs/app-server-protocol/schema/json/v2/ItemGuardianApprovalReviewStartedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/ItemGuardianApprovalReviewStartedNotification.json
@@ -574,6 +574,11 @@
      "description": "Stable identifier for this review.",
      "type": "string"
    },
+    "startedAtMs": {
+      "description": "Unix timestamp (in milliseconds) when this review started.",
+      "format": "int64",
+      "type": "integer"
+    },
    "targetItemId": {
      "description": "Identifier for the reviewed item or tool call when one exists.\n\nIn most cases, one review maps to one target item. The exceptions are - execve reviews, where a single command may contain multiple execve calls to review (only possible when using the shell_zsh_fork feature) - network policy reviews, where there is no target item\n\nA network call is triggered by a CommandExecution item, so having a target_item_id set to the CommandExecution item would be misleading because the review is about the network call, not the command execution. Therefore, target_item_id is set to None for network policy reviews.",
      "type": [
@@ -592,6 +597,7 @@
    "action",
    "review",
    "reviewId",
+    "startedAtMs",
    "threadId",
    "turnId"
  ],
--- a/codex-rs/app-server-protocol/schema/json/v2/PluginListResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/PluginListResponse.json
@@ -248,6 +248,21 @@
        },
        "remotePluginId": {
          "type": "string"
+        },
+        "shareTargets": {
+          "items": {
+            "$ref": "#/definitions/PluginSharePrincipal"
+          },
+          "type": [
+            "array",
+            "null"
+          ]
+        },
+        "shareUrl": {
+          "type": [
+            "string",
+            "null"
+          ]
        }
      },
      "required": [
@@ -255,6 +270,33 @@
      ],
      "type": "object"
    },
+    "PluginSharePrincipal": {
+      "properties": {
+        "name": {
+          "type": "string"
+        },
+        "principalId": {
+          "type": "string"
+        },
+        "principalType": {
+          "$ref": "#/definitions/PluginSharePrincipalType"
+        }
+      },
+      "required": [
+        "name",
+        "principalId",
+        "principalType"
+      ],
+      "type": "object"
+    },
+    "PluginSharePrincipalType": {
+      "enum": [
+        "user",
+        "group",
+        "workspace"
+      ],
+      "type": "string"
+    },
    "PluginSource": {
      "oneOf": [
        {
--- a/codex-rs/app-server-protocol/schema/json/v2/PluginReadResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/PluginReadResponse.json
@@ -302,6 +302,21 @@
        },
        "remotePluginId": {
          "type": "string"
+        },
+        "shareTargets": {
+          "items": {
+            "$ref": "#/definitions/PluginSharePrincipal"
+          },
+          "type": [
+            "array",
+            "null"
+          ]
+        },
+        "shareUrl": {
+          "type": [
+            "string",
+            "null"
+          ]
        }
      },
      "required": [
@@ -309,6 +324,33 @@
      ],
      "type": "object"
    },
+    "PluginSharePrincipal": {
+      "properties": {
+        "name": {
+          "type": "string"
+        },
+        "principalId": {
+          "type": "string"
+        },
+        "principalType": {
+          "$ref": "#/definitions/PluginSharePrincipalType"
+        }
+      },
+      "required": [
+        "name",
+        "principalId",
+        "principalType"
+      ],
+      "type": "object"
+    },
+    "PluginSharePrincipalType": {
+      "enum": [
+        "user",
+        "group",
+        "workspace"
+      ],
+      "type": "string"
+    },
    "PluginSource": {
      "oneOf": [
        {
--- a/codex-rs/app-server-protocol/schema/json/v2/PluginShareListResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/PluginShareListResponse.json
@@ -183,6 +183,21 @@
        },
        "remotePluginId": {
          "type": "string"
+        },
+        "shareTargets": {
+          "items": {
+            "$ref": "#/definitions/PluginSharePrincipal"
+          },
+          "type": [
+            "array",
+            "null"
+          ]
+        },
+        "shareUrl": {
+          "type": [
+            "string",
+            "null"
+          ]
        }
      },
      "required": [
@@ -215,6 +230,33 @@
      ],
      "type": "object"
    },
+    "PluginSharePrincipal": {
+      "properties": {
+        "name": {
+          "type": "string"
+        },
+        "principalId": {
+          "type": "string"
+        },
+        "principalType": {
+          "$ref": "#/definitions/PluginSharePrincipalType"
+        }
+      },
+      "required": [
+        "name",
+        "principalId",
+        "principalType"
+      ],
+      "type": "object"
+    },
+    "PluginSharePrincipalType": {
+      "enum": [
+        "user",
+        "group",
+        "workspace"
+      ],
+      "type": "string"
+    },
    "PluginSource": {
      "oneOf": [
        {
--- a/codex-rs/app-server-protocol/schema/json/v2/PluginShareUpdateTargetsParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/PluginShareUpdateTargetsParams.json
@@ -23,9 +23,19 @@
        "principalType"
      ],
      "type": "object"
+    },
+    "PluginShareUpdateDiscoverability": {
+      "enum": [
+        "UNLISTED",
+        "PRIVATE"
+      ],
+      "type": "string"
    }
  },
  "properties": {
+    "discoverability": {
+      "$ref": "#/definitions/PluginShareUpdateDiscoverability"
+    },
    "remotePluginId": {
      "type": "string"
    },
@@ -37,6 +47,7 @@
    }
  },
  "required": [
+    "discoverability",
    "remotePluginId",
    "shareTargets"
  ],
--- a/codex-rs/app-server-protocol/schema/json/v2/PluginShareUpdateTargetsResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/PluginShareUpdateTargetsResponse.json
@@ -1,6 +1,14 @@
 {
  "$schema": "http://json-schema.org/draft-07/schema#",
  "definitions": {
+    "PluginShareDiscoverability": {
+      "enum": [
+        "LISTED",
+        "UNLISTED",
+        "PRIVATE"
+      ],
+      "type": "string"
+    },
    "PluginSharePrincipal": {
      "properties": {
        "name": {
@@ -30,6 +38,9 @@
    }
  },
  "properties": {
+    "discoverability": {
+      "$ref": "#/definitions/PluginShareDiscoverability"
+    },
    "principals": {
      "items": {
        "$ref": "#/definitions/PluginSharePrincipal"
@@ -38,6 +49,7 @@
    }
  },
  "required": [
+    "discoverability",
    "principals"
  ],
  "title": "PluginShareUpdateTargetsResponse",
--- a/codex-rs/app-server-protocol/schema/json/v2/RemoteControlStatusChangedNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/RemoteControlStatusChangedNotification.json
@@ -11,7 +11,7 @@
      "type": "string"
    }
  },
-  "description": "Current remote-control connection status and environment id exposed to clients.",
+  "description": "Current remote-control connection status and remote identity exposed to clients.",
  "properties": {
    "environmentId": {
      "type": [
@@ -19,11 +19,15 @@
        "null"
      ]
    },
+    "installationId": {
+      "type": "string"
+    },
    "status": {
      "$ref": "#/definitions/RemoteControlConnectionStatus"
    }
  },
  "required": [
+    "installationId",
    "status"
  ],
  "title": "RemoteControlStatusChangedNotification",
--- a/codex-rs/app-server-protocol/schema/json/v2/SkillsListParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v2/SkillsListParams.json
@@ -1,25 +1,5 @@
 {
  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "SkillsListExtraRootsForCwd": {
-      "properties": {
-        "cwd": {
-          "type": "string"
-        },
-        "extraUserRoots": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "required": [
-        "cwd",
-        "extraUserRoots"
-      ],
-      "type": "object"
-    }
-  },
  "properties": {
    "cwds": {
      "description": "When empty, defaults to the current session working directory.",
@@ -31,17 +11,6 @@
    "forceReload": {
      "description": "When true, bypass the skills cache and re-scan skills from disk.",
      "type": "boolean"
-    },
-    "perCwdExtraUserRoots": {
-      "default": null,
-      "description": "Optional per-cwd extra roots to scan as user-scoped skills.",
-      "items": {
-        "$ref": "#/definitions/SkillsListExtraRootsForCwd"
-      },
-      "type": [
-        "array",
-        "null"
-      ]
    }
  },
  "title": "SkillsListParams",
--- a/codex-rs/app-server-protocol/schema/typescript/ClientRequest.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/ClientRequest.ts
--- a/codex-rs/app-server-protocol/schema/typescript/InitializeCapabilities.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/InitializeCapabilities.ts
@@ -10,6 +10,10 @@ export type InitializeCapabilities = {
 * Opt into receiving experimental API methods and fields.
 */
 experimentalApi: boolean,
+/**
+ * Opt into `attestation/generate` requests for upstream `x-oai-attestation`.
+ */
+requestAttestation: boolean,
 /**
 * Exact notification method names that should be suppressed for this
 * connection (for example `thread/started`).
--- a/codex-rs/app-server-protocol/schema/typescript/ServerRequest.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/ServerRequest.ts
@@ -4,6 +4,7 @@
 import type { ApplyPatchApprovalParams } from "./ApplyPatchApprovalParams";
 import type { ExecCommandApprovalParams } from "./ExecCommandApprovalParams";
 import type { RequestId } from "./RequestId";
+import type { AttestationGenerateParams } from "./v2/AttestationGenerateParams";
 import type { ChatgptAuthTokensRefreshParams } from "./v2/ChatgptAuthTokensRefreshParams";
 import type { CommandExecutionRequestApprovalParams } from "./v2/CommandExecutionRequestApprovalParams";
 import type { DynamicToolCallParams } from "./v2/DynamicToolCallParams";
@@ -15,4 +16,4 @@ import type { ToolRequestUserInputParams } from "./v2/ToolRequestUserInputParams
 /**
 * Request initiated from the server and sent to the client.
 */
-export type ServerRequest = { "method": "item/commandExecution/requestApproval", id: RequestId, params: CommandExecutionRequestApprovalParams, } | { "method": "item/fileChange/requestApproval", id: RequestId, params: FileChangeRequestApprovalParams, } | { "method": "item/tool/requestUserInput", id: RequestId, params: ToolRequestUserInputParams, } | { "method": "mcpServer/elicitation/request", id: RequestId, params: McpServerElicitationRequestParams, } | { "method": "item/permissions/requestApproval", id: RequestId, params: PermissionsRequestApprovalParams, } | { "method": "item/tool/call", id: RequestId, params: DynamicToolCallParams, } | { "method": "account/chatgptAuthTokens/refresh", id: RequestId, params: ChatgptAuthTokensRefreshParams, } | { "method": "applyPatchApproval", id: RequestId, params: ApplyPatchApprovalParams, } | { "method": "execCommandApproval", id: RequestId, params: ExecCommandApprovalParams, };
+export type ServerRequest = { "method": "item/commandExecution/requestApproval", id: RequestId, params: CommandExecutionRequestApprovalParams, } | { "method": "item/fileChange/requestApproval", id: RequestId, params: FileChangeRequestApprovalParams, } | { "method": "item/tool/requestUserInput", id: RequestId, params: ToolRequestUserInputParams, } | { "method": "mcpServer/elicitation/request", id: RequestId, params: McpServerElicitationRequestParams, } | { "method": "item/permissions/requestApproval", id: RequestId, params: PermissionsRequestApprovalParams, } | { "method": "item/tool/call", id: RequestId, params: DynamicToolCallParams, } | { "method": "account/chatgptAuthTokens/refresh", id: RequestId, params: ChatgptAuthTokensRefreshParams, } | { "method": "attestation/generate", id: RequestId, params: AttestationGenerateParams, } | { "method": "applyPatchApproval", id: RequestId, params: ApplyPatchApprovalParams, } | { "method": "execCommandApproval", id: RequestId, params: ExecCommandApprovalParams, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/SkillsListExtraRootsForCwd.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/SkillsListExtraRootsForCwd.ts
@@ -2,4 +2,4 @@

 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.

-export type SkillsListExtraRootsForCwd = { cwd: string, extraUserRoots: Array<string>, };
+export type AttestationGenerateParams = Record<string, never>;
--- a/codex-rs/app-server-protocol/schema/typescript/v2/AttestationGenerateResponse.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/AttestationGenerateResponse.ts
@@ -2,7 +2,8 @@

 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.

+export type AttestationGenerateResponse = {
 /**
- * Fetch a controller-local device key public key by id.
+ * Opaque client attestation token.
 */
-export type DeviceKeyPublicParams = { keyId: string, };
+token: string, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/CommandExecutionRequestApprovalParams.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/CommandExecutionRequestApprovalParams.ts
@@ -8,6 +8,9 @@ import type { NetworkApprovalContext } from "./NetworkApprovalContext";
 import type { NetworkPolicyAmendment } from "./NetworkPolicyAmendment";

 export type CommandExecutionRequestApprovalParams = {threadId: string, turnId: string, itemId: string, /**
+ * Unix timestamp (in milliseconds) when this approval request started.
+ */
+startedAtMs: number, /**
 * Unique identifier for this specific approval callback.
 *
 * For regular shell/unified_exec approvals, this is null.
--- a/codex-rs/app-server-protocol/schema/typescript/v2/DeviceKeyCreateParams.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/DeviceKeyCreateParams.ts
@@ -1,13 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { DeviceKeyProtectionPolicy } from "./DeviceKeyProtectionPolicy";
-
-/**
- * Create a controller-local device key with a random key id.
- */
-export type DeviceKeyCreateParams = {
-/**
- * Defaults to `hardware_only` when omitted.
- */
-protectionPolicy?: DeviceKeyProtectionPolicy | null, accountUserId: string, clientId: string, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/DeviceKeyCreateResponse.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/DeviceKeyCreateResponse.ts
@@ -1,14 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { DeviceKeyAlgorithm } from "./DeviceKeyAlgorithm";
-import type { DeviceKeyProtectionClass } from "./DeviceKeyProtectionClass";
-
-/**
- * Device-key metadata and public key returned by create/public APIs.
- */
-export type DeviceKeyCreateResponse = { keyId: string,
-/**
- * SubjectPublicKeyInfo DER encoded as base64.
- */
-publicKeySpkiDerBase64: string, algorithm: DeviceKeyAlgorithm, protectionClass: DeviceKeyProtectionClass, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/DeviceKeyProtectionClass.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/DeviceKeyProtectionClass.ts
@@ -1,8 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-
-/**
- * Platform protection class for a controller-local device key.
- */
-export type DeviceKeyProtectionClass = "hardware_secure_enclave" | "hardware_tpm" | "os_protected_nonextractable";
--- a/codex-rs/app-server-protocol/schema/typescript/v2/DeviceKeyProtectionPolicy.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/DeviceKeyProtectionPolicy.ts
@@ -1,8 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-
-/**
- * Protection policy for creating or loading a controller-local device key.
- */
-export type DeviceKeyProtectionPolicy = "hardware_only" | "allow_os_protected_nonextractable";
--- a/codex-rs/app-server-protocol/schema/typescript/v2/DeviceKeyPublicResponse.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/DeviceKeyPublicResponse.ts
@@ -1,14 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { DeviceKeyAlgorithm } from "./DeviceKeyAlgorithm";
-import type { DeviceKeyProtectionClass } from "./DeviceKeyProtectionClass";
-
-/**
- * Device-key public metadata returned by `device/key/public`.
- */
-export type DeviceKeyPublicResponse = { keyId: string,
-/**
- * SubjectPublicKeyInfo DER encoded as base64.
- */
-publicKeySpkiDerBase64: string, algorithm: DeviceKeyAlgorithm, protectionClass: DeviceKeyProtectionClass, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/DeviceKeySignParams.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/DeviceKeySignParams.ts
@@ -1,9 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { DeviceKeySignPayload } from "./DeviceKeySignPayload";
-
-/**
- * Sign an accepted structured payload with a controller-local device key.
- */
-export type DeviceKeySignParams = { keyId: string, payload: DeviceKeySignPayload, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/DeviceKeySignPayload.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/DeviceKeySignPayload.ts
@@ -1,54 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { RemoteControlClientConnectionAudience } from "./RemoteControlClientConnectionAudience";
-import type { RemoteControlClientEnrollmentAudience } from "./RemoteControlClientEnrollmentAudience";
-
-/**
- * Structured payloads accepted by `device/key/sign`.
- */
-export type DeviceKeySignPayload = { "type": "remoteControlClientConnection", nonce: string, audience: RemoteControlClientConnectionAudience,
-/**
- * Backend-issued websocket session id that this proof authorizes.
- */
-sessionId: string,
-/**
- * Origin of the backend endpoint that issued the challenge and will verify this proof.
- */
-targetOrigin: string,
-/**
- * Websocket route path that this proof authorizes.
- */
-targetPath: string, accountUserId: string, clientId: string,
-/**
- * Remote-control token expiration as Unix seconds.
- */
-tokenExpiresAt: number,
-/**
- * SHA-256 of the controller-scoped remote-control token, encoded as unpadded base64url.
- */
-tokenSha256Base64url: string,
-/**
- * Must contain exactly `remote_control_controller_websocket`.
- */
-scopes: Array<string>, } | { "type": "remoteControlClientEnrollment", nonce: string, audience: RemoteControlClientEnrollmentAudience,
-/**
- * Backend-issued enrollment challenge id that this proof authorizes.
- */
-challengeId: string,
-/**
- * Origin of the backend endpoint that issued the challenge and will verify this proof.
- */
-targetOrigin: string,
-/**
- * HTTP route path that this proof authorizes.
- */
-targetPath: string, accountUserId: string, clientId: string,
-/**
- * SHA-256 of the requested device identity operation, encoded as unpadded base64url.
- */
-deviceIdentitySha256Base64url: string,
-/**
- * Enrollment challenge expiration as Unix seconds.
- */
-challengeExpiresAt: number, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/DeviceKeySignResponse.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/DeviceKeySignResponse.ts
@@ -1,18 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { DeviceKeyAlgorithm } from "./DeviceKeyAlgorithm";
-
-/**
- * ASN.1 DER signature returned by `device/key/sign`.
- */
-export type DeviceKeySignResponse = {
-/**
- * ECDSA signature DER encoded as base64.
- */
-signatureDerBase64: string,
-/**
- * Exact bytes signed by the device key, encoded as base64. Verifiers must verify this byte
- * string directly and must not reserialize `payload`.
- */
-signedPayloadBase64: string, algorithm: DeviceKeyAlgorithm, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/FileChangeRequestApprovalParams.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/FileChangeRequestApprovalParams.ts
@@ -3,6 +3,10 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.

 export type FileChangeRequestApprovalParams = { threadId: string, turnId: string, itemId: string,
+/**
+ * Unix timestamp (in milliseconds) when this approval request started.
+ */
+startedAtMs: number,
 /**
 * Optional explanatory reason (e.g. request for extra write access).
 */
--- a/codex-rs/app-server-protocol/schema/typescript/v2/ItemGuardianApprovalReviewCompletedNotification.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/ItemGuardianApprovalReviewCompletedNotification.ts
@@ -10,6 +10,14 @@ import type { GuardianApprovalReviewAction } from "./GuardianApprovalReviewActio
 * shape is expected to change soon.
 */
 export type ItemGuardianApprovalReviewCompletedNotification = { threadId: string, turnId: string,
+/**
+ * Unix timestamp (in milliseconds) when this review started.
+ */
+startedAtMs: number,
+/**
+ * Unix timestamp (in milliseconds) when this review completed.
+ */
+completedAtMs: number,
 /**
 * Stable identifier for this review.
 */
--- a/codex-rs/app-server-protocol/schema/typescript/v2/ItemGuardianApprovalReviewStartedNotification.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/ItemGuardianApprovalReviewStartedNotification.ts
@@ -9,6 +9,10 @@ import type { GuardianApprovalReviewAction } from "./GuardianApprovalReviewActio
 * shape is expected to change soon.
 */
 export type ItemGuardianApprovalReviewStartedNotification = { threadId: string, turnId: string,
+/**
+ * Unix timestamp (in milliseconds) when this review started.
+ */
+startedAtMs: number,
 /**
 * Stable identifier for this review.
 */
--- a/codex-rs/app-server-protocol/schema/typescript/v2/PermissionsRequestApprovalParams.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/PermissionsRequestApprovalParams.ts
@@ -4,4 +4,8 @@
 import type { AbsolutePathBuf } from "../AbsolutePathBuf";
 import type { RequestPermissionProfile } from "./RequestPermissionProfile";

-export type PermissionsRequestApprovalParams = { threadId: string, turnId: string, itemId: string, cwd: AbsolutePathBuf, reason: string | null, permissions: RequestPermissionProfile, };
+export type PermissionsRequestApprovalParams = { threadId: string, turnId: string, itemId: string,
+/**
+ * Unix timestamp (in milliseconds) when this approval request started.
+ */
+startedAtMs: number, cwd: AbsolutePathBuf, reason: string | null, permissions: RequestPermissionProfile, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/PluginShareContext.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/PluginShareContext.ts
@@ -1,5 +1,6 @@
 // GENERATED CODE! DO NOT MODIFY BY HAND!

 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { PluginSharePrincipal } from "./PluginSharePrincipal";

-export type PluginShareContext = { remotePluginId: string, creatorAccountUserId: string | null, creatorName: string | null, };
+export type PluginShareContext = { remotePluginId: string, shareUrl: string | null, creatorAccountUserId: string | null, creatorName: string | null, shareTargets: Array<PluginSharePrincipal> | null, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/PluginShareUpdateDiscoverability.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/PluginShareUpdateDiscoverability.ts
@@ -2,7 +2,4 @@

 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.

-/**
- * Device-key algorithm reported at enrollment and signing boundaries.
- */
-export type DeviceKeyAlgorithm = "ecdsa_p256_sha256";
+export type PluginShareUpdateDiscoverability = "UNLISTED" | "PRIVATE";
--- a/codex-rs/app-server-protocol/schema/typescript/v2/PluginShareUpdateTargetsParams.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/PluginShareUpdateTargetsParams.ts
@@ -2,5 +2,6 @@

 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { PluginShareTarget } from "./PluginShareTarget";
+import type { PluginShareUpdateDiscoverability } from "./PluginShareUpdateDiscoverability";

-export type PluginShareUpdateTargetsParams = { remotePluginId: string, shareTargets: Array<PluginShareTarget>, };
+export type PluginShareUpdateTargetsParams = { remotePluginId: string, discoverability: PluginShareUpdateDiscoverability, shareTargets: Array<PluginShareTarget>, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/PluginShareUpdateTargetsResponse.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/PluginShareUpdateTargetsResponse.ts
@@ -1,6 +1,7 @@
 // GENERATED CODE! DO NOT MODIFY BY HAND!

 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { PluginShareDiscoverability } from "./PluginShareDiscoverability";
 import type { PluginSharePrincipal } from "./PluginSharePrincipal";

-export type PluginShareUpdateTargetsResponse = { principals: Array<PluginSharePrincipal>, };
+export type PluginShareUpdateTargetsResponse = { principals: Array<PluginSharePrincipal>, discoverability: PluginShareDiscoverability, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/RemoteControlClientConnectionAudience.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/RemoteControlClientConnectionAudience.ts
@@ -1,8 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-
-/**
- * Audience for a remote-control client connection device-key proof.
- */
-export type RemoteControlClientConnectionAudience = "remote_control_client_websocket";
--- a/codex-rs/app-server-protocol/schema/typescript/v2/RemoteControlClientEnrollmentAudience.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/RemoteControlClientEnrollmentAudience.ts
@@ -1,8 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-
-/**
- * Audience for a remote-control client enrollment device-key proof.
- */
-export type RemoteControlClientEnrollmentAudience = "remote_control_client_enrollment";
--- a/codex-rs/app-server-protocol/schema/typescript/v2/RemoteControlStatusChangedNotification.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/RemoteControlStatusChangedNotification.ts
@@ -4,6 +4,6 @@
 import type { RemoteControlConnectionStatus } from "./RemoteControlConnectionStatus";

 /**
- * Current remote-control connection status and environment id exposed to clients.
+ * Current remote-control connection status and remote identity exposed to clients.
 */
-export type RemoteControlStatusChangedNotification = { status: RemoteControlConnectionStatus, environmentId: string | null, };
+export type RemoteControlStatusChangedNotification = { status: RemoteControlConnectionStatus, installationId: string, environmentId: string | null, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/SkillsListParams.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/SkillsListParams.ts
@@ -1,7 +1,6 @@
 // GENERATED CODE! DO NOT MODIFY BY HAND!

 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { SkillsListExtraRootsForCwd } from "./SkillsListExtraRootsForCwd";

 export type SkillsListParams = {
 /**
@@ -11,8 +10,4 @@ cwds?: Array<string>,
 /**
 * When true, bypass the skills cache and re-scan skills from disk.
 */
-forceReload?: boolean,
-/**
- * Optional per-cwd extra roots to scan as user-scoped skills.
- */
-perCwdExtraUserRoots?: Array<SkillsListExtraRootsForCwd> | null, };
+forceReload?: boolean, };
--- a/codex-rs/app-server-protocol/schema/typescript/v2/index.ts
+++ b/codex-rs/app-server-protocol/schema/typescript/v2/index.ts
@@ -28,6 +28,8 @@ export type { AppsDefaultConfig } from "./AppsDefaultConfig";
 export type { AppsListParams } from "./AppsListParams";
 export type { AppsListResponse } from "./AppsListResponse";
 export type { AskForApproval } from "./AskForApproval";
+export type { AttestationGenerateParams } from "./AttestationGenerateParams";
+export type { AttestationGenerateResponse } from "./AttestationGenerateResponse";
 export type { AutoReviewDecisionSource } from "./AutoReviewDecisionSource";
 export type { ByteRange } from "./ByteRange";
 export type { CancelLoginAccountParams } from "./CancelLoginAccountParams";
@@ -79,16 +81,6 @@ export type { ConfiguredHookMatcherGroup } from "./ConfiguredHookMatcherGroup";
 export type { ContextCompactedNotification } from "./ContextCompactedNotification";
 export type { CreditsSnapshot } from "./CreditsSnapshot";
 export type { DeprecationNoticeNotification } from "./DeprecationNoticeNotification";
-export type { DeviceKeyAlgorithm } from "./DeviceKeyAlgorithm";
-export type { DeviceKeyCreateParams } from "./DeviceKeyCreateParams";
-export type { DeviceKeyCreateResponse } from "./DeviceKeyCreateResponse";
-export type { DeviceKeyProtectionClass } from "./DeviceKeyProtectionClass";
-export type { DeviceKeyProtectionPolicy } from "./DeviceKeyProtectionPolicy";
-export type { DeviceKeyPublicParams } from "./DeviceKeyPublicParams";
-export type { DeviceKeyPublicResponse } from "./DeviceKeyPublicResponse";
-export type { DeviceKeySignParams } from "./DeviceKeySignParams";
-export type { DeviceKeySignPayload } from "./DeviceKeySignPayload";
-export type { DeviceKeySignResponse } from "./DeviceKeySignResponse";
 export type { DynamicToolCallOutputContentItem } from "./DynamicToolCallOutputContentItem";
 export type { DynamicToolCallParams } from "./DynamicToolCallParams";
 export type { DynamicToolCallResponse } from "./DynamicToolCallResponse";
@@ -297,6 +289,7 @@ export type { PluginSharePrincipalType } from "./PluginSharePrincipalType";
 export type { PluginShareSaveParams } from "./PluginShareSaveParams";
 export type { PluginShareSaveResponse } from "./PluginShareSaveResponse";
 export type { PluginShareTarget } from "./PluginShareTarget";
+export type { PluginShareUpdateDiscoverability } from "./PluginShareUpdateDiscoverability";
 export type { PluginShareUpdateTargetsParams } from "./PluginShareUpdateTargetsParams";
 export type { PluginShareUpdateTargetsResponse } from "./PluginShareUpdateTargetsResponse";
 export type { PluginSkillReadParams } from "./PluginSkillReadParams";
@@ -319,8 +312,6 @@ export type { ReasoningEffortOption } from "./ReasoningEffortOption";
 export type { ReasoningSummaryPartAddedNotification } from "./ReasoningSummaryPartAddedNotification";
 export type { ReasoningSummaryTextDeltaNotification } from "./ReasoningSummaryTextDeltaNotification";
 export type { ReasoningTextDeltaNotification } from "./ReasoningTextDeltaNotification";
-export type { RemoteControlClientConnectionAudience } from "./RemoteControlClientConnectionAudience";
-export type { RemoteControlClientEnrollmentAudience } from "./RemoteControlClientEnrollmentAudience";
 export type { RemoteControlConnectionStatus } from "./RemoteControlConnectionStatus";
 export type { RemoteControlStatusChangedNotification } from "./RemoteControlStatusChangedNotification";
 export type { RequestPermissionProfile } from "./RequestPermissionProfile";
@@ -348,7 +339,6 @@ export type { SkillsChangedNotification } from "./SkillsChangedNotification";
 export type { SkillsConfigWriteParams } from "./SkillsConfigWriteParams";
 export type { SkillsConfigWriteResponse } from "./SkillsConfigWriteResponse";
 export type { SkillsListEntry } from "./SkillsListEntry";
-export type { SkillsListExtraRootsForCwd } from "./SkillsListExtraRootsForCwd";
 export type { SkillsListParams } from "./SkillsListParams";
 export type { SkillsListResponse } from "./SkillsListResponse";
 export type { SortDirection } from "./SortDirection";
--- a/codex-rs/app-server-protocol/src/protocol/common.rs
+++ b/codex-rs/app-server-protocol/src/protocol/common.rs
@@ -581,6 +581,13 @@ client_request_definitions! {
        serialization: None,
        response: v2::ThreadTurnsListResponse,
    },
+    #[experimental("thread/turns/items/list")]
+    ThreadTurnsItemsList => "thread/turns/items/list" {
+        params: v2::ThreadTurnsItemsListParams,
+        // Explicitly concurrent: this primarily reads append-only rollout storage.
+        serialization: None,
+        response: v2::ThreadTurnsItemsListResponse,
+    },
    /// Append raw Responses API items to the thread history without starting a user turn.
    ThreadInjectItems => "thread/inject_items" {
        params: v2::ThreadInjectItemsParams,
@@ -652,21 +659,6 @@ client_request_definitions! {
        serialization: None,
        response: v2::AppsListResponse,
    },
-    DeviceKeyCreate => "device/key/create" {
-        params: v2::DeviceKeyCreateParams,
-        serialization: global("device-key"),
-        response: v2::DeviceKeyCreateResponse,
-    },
-    DeviceKeyPublic => "device/key/public" {
-        params: v2::DeviceKeyPublicParams,
-        serialization: global("device-key"),
-        response: v2::DeviceKeyPublicResponse,
-    },
-    DeviceKeySign => "device/key/sign" {
-        params: v2::DeviceKeySignParams,
-        serialization: global("device-key"),
-        response: v2::DeviceKeySignResponse,
-    },
    // File system requests are intentionally concurrent. Desktop already treats local
    // file system operations as concurrent, and app-server remote fs mirrors that model.
    FsReadFile => "fs/readFile" {
@@ -1320,6 +1312,12 @@ server_request_definitions! {
        response: v2::ChatgptAuthTokensRefreshResponse,
    },

+    /// Generate a fresh upstream attestation result on demand.
+    AttestationGenerate => "attestation/generate" {
+        params: v2::AttestationGenerateParams,
+        response: v2::AttestationGenerateResponse,
+    },
+
    /// DEPRECATED APIs below
    /// Request to approve a patch.
    /// This request is used for Turns started via the legacy APIs (i.e. SendUserTurn, SendUserMessage).
@@ -1664,7 +1662,6 @@ mod tests {
            params: v2::SkillsListParams {
                cwds: Vec::new(),
                force_reload: false,
-                per_cwd_extra_user_roots: None,
            },
        };
        assert_eq!(
@@ -1789,19 +1786,6 @@ mod tests {
            Some(ClientRequestSerializationScope::Global("config"))
        );

-        let device_key_create = ClientRequest::DeviceKeyCreate {
-            request_id: request_id(),
-            params: v2::DeviceKeyCreateParams {
-                protection_policy: None,
-                account_user_id: "user".to_string(),
-                client_id: "client".to_string(),
-            },
-        };
-        assert_eq!(
-            device_key_create.serialization_scope(),
-            Some(ClientRequestSerializationScope::Global("device-key"))
-        );
-
        let add_credits_nudge = ClientRequest::SendAddCreditsNudgeEmail {
            request_id: request_id(),
            params: v2::SendAddCreditsNudgeEmailParams {
@@ -1871,10 +1855,23 @@ mod tests {
                cursor: None,
                limit: None,
                sort_direction: None,
+                items_view: None,
            },
        };
        assert_eq!(thread_turns_list.serialization_scope(), None);

+        let thread_turns_items_list = ClientRequest::ThreadTurnsItemsList {
+            request_id: request_id(),
+            params: v2::ThreadTurnsItemsListParams {
+                thread_id: "thread-1".to_string(),
+                turn_id: "turn-1".to_string(),
+                cursor: None,
+                limit: None,
+                sort_direction: None,
+            },
+        };
+        assert_eq!(thread_turns_items_list.serialization_scope(), None);
+
        let mcp_resource_read = ClientRequest::McpResourceRead {
            request_id: request_id(),
            params: v2::McpResourceReadParams {
@@ -1919,6 +1916,7 @@ mod tests {
                },
                capabilities: Some(v1::InitializeCapabilities {
                    experimental_api: true,
+                    request_attestation: true,
                    opt_out_notification_methods: Some(vec![
                        "thread/started".to_string(),
                        "item/agentMessage/delta".to_string(),
@@ -1939,6 +1937,7 @@ mod tests {
                    },
                    "capabilities": {
                        "experimentalApi": true,
+                        "requestAttestation": true,
                        "optOutNotificationMethods": [
                            "thread/started",
                            "item/agentMessage/delta"
@@ -1964,6 +1963,7 @@ mod tests {
                },
                "capabilities": {
                    "experimentalApi": true,
+                    "requestAttestation": true,
                    "optOutNotificationMethods": [
                        "thread/started",
                        "item/agentMessage/delta"
@@ -1984,6 +1984,7 @@ mod tests {
                    },
                    capabilities: Some(v1::InitializeCapabilities {
                        experimental_api: true,
+                        request_attestation: true,
                        opt_out_notification_methods: Some(vec![
                            "thread/started".to_string(),
                            "item/agentMessage/delta".to_string(),
@@ -2100,6 +2101,28 @@ mod tests {
        Ok(())
    }

+    #[test]
+    fn serialize_attestation_generate_request() -> Result<()> {
+        let params = v2::AttestationGenerateParams {};
+        let request = ServerRequest::AttestationGenerate {
+            request_id: RequestId::Integer(9),
+            params: params.clone(),
+        };
+        assert_eq!(
+            json!({
+                "method": "attestation/generate",
+                "id": 9,
+                "params": {}
+            }),
+            serde_json::to_value(&request)?,
+        );
+
+        let payload = ServerRequestPayload::AttestationGenerate(params);
+        assert_eq!(request.id(), &RequestId::Integer(9));
+        assert_eq!(payload.request_with_id(RequestId::Integer(9)), request);
+        Ok(())
+    }
+
    #[test]
    fn serialize_server_response() -> Result<()> {
        let response = ServerResponse::CommandExecutionRequestApproval {
@@ -2975,6 +2998,7 @@ mod tests {
            thread_id: "thr_123".to_string(),
            turn_id: "turn_123".to_string(),
            item_id: "call_123".to_string(),
+            started_at_ms: 0,
            approval_id: None,
            reason: None,
            network_approval_context: None,
--- a/codex-rs/app-server-protocol/src/protocol/item_builders.rs
+++ b/codex-rs/app-server-protocol/src/protocol/item_builders.rs
@@ -243,6 +243,7 @@ pub fn guardian_auto_approval_review_notification(
                    thread_id: conversation_id.to_string(),
                    turn_id,
                    review_id: assessment.id.clone(),
+                    started_at_ms: assessment.started_at_ms,
                    target_item_id: assessment.target_item_id.clone(),
                    review,
                    action,
@@ -258,6 +259,10 @@ pub fn guardian_auto_approval_review_notification(
                    thread_id: conversation_id.to_string(),
                    turn_id,
                    review_id: assessment.id.clone(),
+                    started_at_ms: assessment.started_at_ms,
+                    completed_at_ms: assessment
+                        .completed_at_ms
+                        .unwrap_or(assessment.started_at_ms),
                    target_item_id: assessment.target_item_id.clone(),
                    decision_source: assessment
                        .decision_source
--- a/codex-rs/app-server-protocol/src/protocol/thread_history.rs
+++ b/codex-rs/app-server-protocol/src/protocol/thread_history.rs
@@ -2143,6 +2143,8 @@ mod tests {
                id: "review-guardian-exec".into(),
                target_item_id: Some("guardian-exec".into()),
                turn_id: "turn-1".into(),
+                started_at_ms: 1_000,
+                completed_at_ms: None,
                status: GuardianAssessmentStatus::InProgress,
                risk_level: None,
                user_authorization: None,
@@ -2160,6 +2162,8 @@ mod tests {
                id: "review-guardian-exec".into(),
                target_item_id: Some("guardian-exec".into()),
                turn_id: "turn-1".into(),
+                started_at_ms: 1_000,
+                completed_at_ms: Some(1_042),
                status: GuardianAssessmentStatus::Denied,
                risk_level: Some(codex_protocol::protocol::GuardianRiskLevel::High),
                user_authorization: Some(codex_protocol::protocol::GuardianUserAuthorization::Low),
@@ -2222,6 +2226,8 @@ mod tests {
                id: "review-guardian-execve".into(),
                target_item_id: Some("guardian-execve".into()),
                turn_id: "turn-1".into(),
+                started_at_ms: 2_000,
+                completed_at_ms: None,
                status: GuardianAssessmentStatus::InProgress,
                risk_level: None,
                user_authorization: None,
@@ -2525,6 +2531,7 @@ mod tests {
            EventMsg::ApplyPatchApprovalRequest(ApplyPatchApprovalRequestEvent {
                call_id: "patch-call".into(),
                turn_id: turn_id.to_string(),
+                started_at_ms: 0,
                changes: [(
                    PathBuf::from("README.md"),
                    codex_protocol::protocol::FileChange::Add {
--- a/codex-rs/app-server-protocol/src/protocol/v1.rs
+++ b/codex-rs/app-server-protocol/src/protocol/v1.rs
@@ -46,6 +46,9 @@ pub struct InitializeCapabilities {
    /// Opt into receiving experimental API methods and fields.
    #[serde(default)]
    pub experimental_api: bool,
+    /// Opt into `attestation/generate` requests for upstream `x-oai-attestation`.
+    #[serde(default)]
+    pub request_attestation: bool,
    /// Exact notification method names that should be suppressed for this
    /// connection (for example `thread/started`).
    #[ts(optional = nullable)]
--- a/codex-rs/app-server-protocol/src/protocol/v2/attestation.rs
+++ b/codex-rs/app-server-protocol/src/protocol/v2/attestation.rs
@@ -0,0 +1,17 @@
+use schemars::JsonSchema;
+use serde::Deserialize;
+use serde::Serialize;
+use ts_rs::TS;
+
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS, Default)]
+#[serde(rename_all = "camelCase")]
+#[ts(export_to = "v2/")]
+pub struct AttestationGenerateParams {}
+
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
+#[serde(rename_all = "camelCase")]
+#[ts(export_to = "v2/")]
+pub struct AttestationGenerateResponse {
+    /// Opaque client attestation token.
+    pub token: String,
+}
--- a/codex-rs/app-server-protocol/src/protocol/v2/device_key.rs
+++ b/codex-rs/app-server-protocol/src/protocol/v2/device_key.rs
@@ -1,181 +0,0 @@
-use schemars::JsonSchema;
-use serde::Deserialize;
-use serde::Serialize;
-use ts_rs::TS;
-
-/// Device-key algorithm reported at enrollment and signing boundaries.
-#[derive(Serialize, Deserialize, Debug, Clone, Copy, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "snake_case")]
-#[ts(rename_all = "snake_case", export_to = "v2/")]
-pub enum DeviceKeyAlgorithm {
-    EcdsaP256Sha256,
-}
-
-/// Platform protection class for a controller-local device key.
-#[derive(Serialize, Deserialize, Debug, Clone, Copy, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "snake_case")]
-#[ts(rename_all = "snake_case", export_to = "v2/")]
-pub enum DeviceKeyProtectionClass {
-    HardwareSecureEnclave,
-    HardwareTpm,
-    OsProtectedNonextractable,
-}
-
-/// Protection policy for creating or loading a controller-local device key.
-#[derive(Serialize, Deserialize, Debug, Clone, Copy, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "snake_case")]
-#[ts(rename_all = "snake_case", export_to = "v2/")]
-pub enum DeviceKeyProtectionPolicy {
-    HardwareOnly,
-    AllowOsProtectedNonextractable,
-}
-
-/// Create a controller-local device key with a random key id.
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct DeviceKeyCreateParams {
-    /// Defaults to `hardware_only` when omitted.
-    #[ts(optional = nullable)]
-    pub protection_policy: Option<DeviceKeyProtectionPolicy>,
-    pub account_user_id: String,
-    pub client_id: String,
-}
-
-/// Device-key metadata and public key returned by create/public APIs.
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct DeviceKeyCreateResponse {
-    pub key_id: String,
-    /// SubjectPublicKeyInfo DER encoded as base64.
-    pub public_key_spki_der_base64: String,
-    pub algorithm: DeviceKeyAlgorithm,
-    pub protection_class: DeviceKeyProtectionClass,
-}
-
-/// Fetch a controller-local device key public key by id.
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct DeviceKeyPublicParams {
-    pub key_id: String,
-}
-
-/// Device-key public metadata returned by `device/key/public`.
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct DeviceKeyPublicResponse {
-    pub key_id: String,
-    /// SubjectPublicKeyInfo DER encoded as base64.
-    pub public_key_spki_der_base64: String,
-    pub algorithm: DeviceKeyAlgorithm,
-    pub protection_class: DeviceKeyProtectionClass,
-}
-
-/// Current remote-control connection status and environment id exposed to clients.
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct RemoteControlStatusChangedNotification {
-    pub status: RemoteControlConnectionStatus,
-    pub environment_id: Option<String>,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, Copy, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(rename_all = "camelCase", export_to = "v2/")]
-pub enum RemoteControlConnectionStatus {
-    Disabled,
-    Connecting,
-    Connected,
-    Errored,
-}
-
-/// Audience for a remote-control client connection device-key proof.
-#[derive(Serialize, Deserialize, Debug, Clone, Copy, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "snake_case")]
-#[ts(rename_all = "snake_case", export_to = "v2/")]
-pub enum RemoteControlClientConnectionAudience {
-    RemoteControlClientWebsocket,
-}
-
-/// Audience for a remote-control client enrollment device-key proof.
-#[derive(Serialize, Deserialize, Debug, Clone, Copy, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "snake_case")]
-#[ts(rename_all = "snake_case", export_to = "v2/")]
-pub enum RemoteControlClientEnrollmentAudience {
-    RemoteControlClientEnrollment,
-}
-
-/// Structured payloads accepted by `device/key/sign`.
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
-#[serde(tag = "type", rename_all = "camelCase")]
-#[ts(tag = "type", export_to = "v2/")]
-pub enum DeviceKeySignPayload {
-    /// Payload bound to one remote-control controller websocket `/client` connection challenge.
-    #[serde(rename_all = "camelCase")]
-    #[ts(rename_all = "camelCase")]
-    RemoteControlClientConnection {
-        nonce: String,
-        audience: RemoteControlClientConnectionAudience,
-        /// Backend-issued websocket session id that this proof authorizes.
-        session_id: String,
-        /// Origin of the backend endpoint that issued the challenge and will verify this proof.
-        target_origin: String,
-        /// Websocket route path that this proof authorizes.
-        target_path: String,
-        account_user_id: String,
-        client_id: String,
-        /// Remote-control token expiration as Unix seconds.
-        #[ts(type = "number")]
-        token_expires_at: i64,
-        /// SHA-256 of the controller-scoped remote-control token, encoded as unpadded base64url.
-        token_sha256_base64url: String,
-        /// Must contain exactly `remote_control_controller_websocket`.
-        scopes: Vec<String>,
-    },
-    /// Payload bound to a remote-control client `/client/enroll` ownership challenge.
-    #[serde(rename_all = "camelCase")]
-    #[ts(rename_all = "camelCase")]
-    RemoteControlClientEnrollment {
-        nonce: String,
-        audience: RemoteControlClientEnrollmentAudience,
-        /// Backend-issued enrollment challenge id that this proof authorizes.
-        challenge_id: String,
-        /// Origin of the backend endpoint that issued the challenge and will verify this proof.
-        target_origin: String,
-        /// HTTP route path that this proof authorizes.
-        target_path: String,
-        account_user_id: String,
-        client_id: String,
-        /// SHA-256 of the requested device identity operation, encoded as unpadded base64url.
-        device_identity_sha256_base64url: String,
-        /// Enrollment challenge expiration as Unix seconds.
-        #[ts(type = "number")]
-        challenge_expires_at: i64,
-    },
-}
-
-/// Sign an accepted structured payload with a controller-local device key.
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct DeviceKeySignParams {
-    pub key_id: String,
-    pub payload: DeviceKeySignPayload,
-}
-
-/// ASN.1 DER signature returned by `device/key/sign`.
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct DeviceKeySignResponse {
-    /// ECDSA signature DER encoded as base64.
-    pub signature_der_base64: String,
-    /// Exact bytes signed by the device key, encoded as base64. Verifiers must verify this byte
-    /// string directly and must not reserialize `payload`.
-    pub signed_payload_base64: String,
-    pub algorithm: DeviceKeyAlgorithm,
-}
--- a/Show More
+++ b/Show More