diff --git a/codex-rs/core/src/tools/runtimes/unified_exec.rs b/codex-rs/core/src/tools/runtimes/unified_exec.rs
index 0ed832be20..e623fc2a39 100644
--- a/codex-rs/core/src/tools/runtimes/unified_exec.rs
+++ b/codex-rs/core/src/tools/runtimes/unified_exec.rs
@@ -84,13 +84,13 @@ pub struct UnifiedExecRuntime<'a> {
     shell_mode: UnifiedExecShellMode,
 }
 
-fn build_remote_exec_sandbox_config(attempt: &SandboxAttempt<'_>) -> SandboxLaunchConfig {
-    SandboxLaunchConfig {
-        mode: if matches!(attempt.sandbox, codex_sandboxing::SandboxType::None) {
-            SandboxLaunchMode::Disabled
-        } else {
-            SandboxLaunchMode::Auto
-        },
+fn build_remote_exec_sandbox_config(attempt: &SandboxAttempt<'_>) -> Option<SandboxLaunchConfig> {
+    if matches!(attempt.sandbox, codex_sandboxing::SandboxType::None) {
+        return None;
+    }
+
+    Some(SandboxLaunchConfig {
+        mode: SandboxLaunchMode::Auto,
         policy: attempt.policy.clone(),
         file_system_policy: attempt.file_system_policy.clone(),
         network_policy: attempt.network_policy,
@@ -99,7 +99,7 @@ fn build_remote_exec_sandbox_config(attempt: &SandboxAttempt<'_>) -> SandboxLaun
         windows_sandbox_level: attempt.windows_sandbox_level,
         windows_sandbox_private_desktop: attempt.windows_sandbox_private_desktop,
         use_legacy_landlock: attempt.use_legacy_landlock,
-    }
+    })
 }
 
 impl<'a> UnifiedExecRuntime<'a> {
@@ -241,17 +241,18 @@ impl<'a> ToolRuntime<UnifiedExecRequest, UnifiedExecProcess> for UnifiedExecRunt
         // Remote exec-server now owns sandbox argv construction, so this branch
         // keeps sending raw command data until we collapse the launch APIs.
         if ctx.turn.environment.exec_server_url().is_some() {
+            let exec_params = codex_exec_server::ExecParams {
+                process_id: req.process_id.to_string().into(),
+                argv: command,
+                cwd: req.cwd.clone(),
+                env,
+                tty: req.tty,
+                arg0: None,
+                sandbox: build_remote_exec_sandbox_config(attempt),
+            };
             return self
                 .manager
-                .open_session_with_remote_exec(
-                    req.process_id,
-                    command,
-                    req.cwd.clone(),
-                    env,
-                    req.tty,
-                    Some(build_remote_exec_sandbox_config(attempt)),
-                    ctx.turn.environment.as_ref(),
-                )
+                .open_session_with_remote_exec(exec_params, ctx.turn.environment.as_ref())
                 .await
                 .map_err(|err| match err {
                     UnifiedExecError::SandboxDenied { output, .. } => {
diff --git a/codex-rs/core/src/unified_exec/process_manager.rs b/codex-rs/core/src/unified_exec/process_manager.rs
index 110711385f..459dac6e34 100644
--- a/codex-rs/core/src/unified_exec/process_manager.rs
+++ b/codex-rs/core/src/unified_exec/process_manager.rs
@@ -647,25 +647,12 @@ impl UnifiedExecProcessManager {
 
     pub(crate) async fn open_session_with_remote_exec(
         &self,
-        process_id: i32,
-        command: Vec<String>,
-        cwd: PathBuf,
-        env: HashMap<String, String>,
-        tty: bool,
-        sandbox: Option<codex_sandboxing::SandboxLaunchConfig>,
+        params: codex_exec_server::ExecParams,
         environment: &codex_exec_server::Environment,
     ) -> Result<UnifiedExecProcess, UnifiedExecError> {
         let started = environment
             .get_exec_backend()
-            .start(codex_exec_server::ExecParams {
-                process_id: exec_server_process_id(process_id).into(),
-                argv: command,
-                cwd,
-                env,
-                tty,
-                arg0: None,
-                sandbox,
-            })
+            .start(params)
             .await
             .map_err(|err| UnifiedExecError::create_process(err.to_string()))?;
         let sandbox_type = started.sandbox_type;