changing decision semantics after guardian timeout (#17486)

**Summary**

This PR treats Guardian timeouts as distinct from explicit denials in
the core approval paths.
Timeouts now return timeout-specific guidance instead of Guardian
policy-rejection messaging.
It updates the command, shell, network, and MCP approval flows and adds
focused test coverage.

.devcontainer/Dockerfile.secure

@@ -0,0 +1,71 @@
+FROM mcr.microsoft.com/devcontainers/base:ubuntu-24.04
+
+ARG TZ
+ARG DEBIAN_FRONTEND=noninteractive
+ARG NODE_MAJOR=22
+ARG RUST_TOOLCHAIN=1.92.0
+ARG CODEX_NPM_VERSION=latest
+
+ENV TZ="$TZ"
+
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+        build-essential \
+        curl \
+        git \
+        ca-certificates \
+        pkg-config \
+        clang \
+        musl-tools \
+        libssl-dev \
+        libsqlite3-dev \
+        just \
+        python3 \
+        python3-pip \
+        jq \
+        less \
+        man-db \
+        unzip \
+        ripgrep \
+        fzf \
+        fd-find \
+        zsh \
+        dnsutils \
+        iproute2 \
+        ipset \
+        iptables \
+        aggregate \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN curl -fsSL "https://deb.nodesource.com/setup_${NODE_MAJOR}.x" | bash - \
+    && apt-get update \
+    && apt-get install -y --no-install-recommends nodejs \
+    && npm install -g corepack@latest "@openai/codex@${CODEX_NPM_VERSION}" \
+    && corepack enable \
+    && corepack prepare pnpm@10.28.2 --activate \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+COPY .devcontainer/init-firewall.sh /usr/local/bin/init-firewall.sh
+COPY .devcontainer/post_install.py /opt/post_install.py
+COPY .devcontainer/post-start.sh /opt/post_start.sh
+
+RUN chmod 500 /usr/local/bin/init-firewall.sh \
+    && chmod 755 /opt/post_start.sh \
+    && chmod 644 /opt/post_install.py \
+    && chown vscode:vscode /opt/post_install.py
+
+RUN install -d -m 0775 -o vscode -g vscode /commandhistory /workspace \
+    && touch /commandhistory/.bash_history /commandhistory/.zsh_history \
+    && chown vscode:vscode /commandhistory/.bash_history /commandhistory/.zsh_history
+
+USER vscode
+ENV PATH="/home/vscode/.cargo/bin:${PATH}"
+WORKDIR /workspace
+
+RUN curl -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal --default-toolchain "${RUST_TOOLCHAIN}" \
+    && rustup component add clippy rustfmt rust-src \
+    && rustup target add x86_64-unknown-linux-musl aarch64-unknown-linux-musl

.devcontainer/README.md

@@ -1,10 +1,36 @@
 # Containerized Development
 
-We provide the following options to facilitate Codex development in a container. This is particularly useful for verifying the Linux build when working on a macOS host.
+We provide two container paths:
+
+- `devcontainer.json` keeps the existing Codex contributor setup for working on this repository.
+- `devcontainer.secure.json` adds a customer-oriented profile with stricter outbound network controls.
+
+## Codex contributor profile
+
+Use `devcontainer.json` when you are developing Codex itself. This is the same lightweight arm64 container that already exists in the repo.
+
+## Secure customer profile
+
+Use `devcontainer.secure.json` when you want a stricter runtime profile for running Codex inside a project container:
+
+- installs the Codex CLI plus common build tools
+- enables firewall startup with an allowlist-driven outbound policy
+- blocks IPv6 by default so the allowlist cannot be bypassed over AAAA routes
+- requires `NET_ADMIN` and `NET_RAW` so the firewall can be installed at startup
+
+This profile keeps the stricter networking isolated to the customer path instead of changing the default Codex contributor container.
+
+Start it from the CLI with:
+
+```bash
+devcontainer up --workspace-folder . --config .devcontainer/devcontainer.secure.json
+```
+
+In VS Code, choose **Dev Containers: Open Folder in Container...** and select `.devcontainer/devcontainer.secure.json`.
 
 ## Docker
 
-To build the Docker image locally for x64 and then run it with the repo mounted under `/workspace`:
+To build the contributor image locally for x64 and then run it with the repo mounted under `/workspace`:
 
 ```shell
 CODEX_DOCKER_IMAGE_NAME=codex-linux-dev
@@ -14,17 +40,6 @@ docker run --platform=linux/amd64 --rm -it -e CARGO_TARGET_DIR=/workspace/codex-
 
 Note that `/workspace/target` will contain the binaries built for your host platform, so we include `-e CARGO_TARGET_DIR=/workspace/codex-rs/target-amd64` in the `docker run` command so that the binaries built inside your container are written to a separate directory.
 
-For arm64, specify `--platform=linux/amd64` instead for both `docker build` and `docker run`.
+For arm64, specify `--platform=linux/arm64` instead for both `docker build` and `docker run`.
 
-Currently, the `Dockerfile` works for both x64 and arm64 Linux, though you need to run `rustup target add x86_64-unknown-linux-musl` yourself to install the musl toolchain for x64.
-
-## VS Code
-
-VS Code recognizes the `devcontainer.json` file and gives you the option to develop Codex in a container. Currently, `devcontainer.json` builds and runs the `arm64` flavor of the container.
-
-From the integrated terminal in VS Code, you can build either flavor of the `arm64` build (GNU or musl):
-
-```shell
-cargo build --target aarch64-unknown-linux-musl
-cargo build --target aarch64-unknown-linux-gnu
-```
+Currently, the contributor `Dockerfile` works for both x64 and arm64 Linux, though you need to run `rustup target add x86_64-unknown-linux-musl` yourself to install the musl toolchain for x64.

.devcontainer/devcontainer.secure.json

@@ -0,0 +1,76 @@
+{
+  "$schema": "https://raw.githubusercontent.com/devcontainers/spec/main/schemas/devContainer.schema.json",
+  "name": "Codex (Secure)",
+  "build": {
+    "dockerfile": "Dockerfile.secure",
+    "context": "..",
+    "args": {
+      "TZ": "${localEnv:TZ:UTC}",
+      "NODE_MAJOR": "22",
+      "RUST_TOOLCHAIN": "1.92.0",
+      "CODEX_NPM_VERSION": "latest"
+    }
+  },
+  "runArgs": [
+    "--cap-add=NET_ADMIN",
+    "--cap-add=NET_RAW"
+  ],
+  "init": true,
+  "updateRemoteUserUID": true,
+  "remoteUser": "vscode",
+  "workspaceMount": "source=${localWorkspaceFolder},target=/workspace,type=bind,consistency=delegated",
+  "workspaceFolder": "/workspace",
+  "mounts": [
+    "source=codex-commandhistory-${devcontainerId},target=/commandhistory,type=volume",
+    "source=codex-home-${devcontainerId},target=/home/vscode/.codex,type=volume",
+    "source=codex-gh-${devcontainerId},target=/home/vscode/.config/gh,type=volume",
+    "source=codex-cargo-registry-${devcontainerId},target=/home/vscode/.cargo/registry,type=volume",
+    "source=codex-cargo-git-${devcontainerId},target=/home/vscode/.cargo/git,type=volume",
+    "source=codex-rustup-${devcontainerId},target=/home/vscode/.rustup,type=volume",
+    "source=${localEnv:HOME}/.gitconfig,target=/home/vscode/.gitconfig,type=bind,readonly"
+  ],
+  "containerEnv": {
+    "RUST_BACKTRACE": "1",
+    "CODEX_UNSAFE_ALLOW_NO_SANDBOX": "1",
+    "CODEX_ENABLE_FIREWALL": "1",
+    "CODEX_INCLUDE_GITHUB_META_RANGES": "1",
+    "OPENAI_ALLOWED_DOMAINS": "api.openai.com auth.openai.com github.com api.github.com codeload.github.com raw.githubusercontent.com objects.githubusercontent.com crates.io index.crates.io static.crates.io static.rust-lang.org registry.npmjs.org pypi.org files.pythonhosted.org",
+    "CARGO_TARGET_DIR": "/workspace/.cache/cargo-target",
+    "GIT_CONFIG_GLOBAL": "/home/vscode/.gitconfig.local",
+    "COREPACK_ENABLE_DOWNLOAD_PROMPT": "0",
+    "PYTHONDONTWRITEBYTECODE": "1",
+    "PIP_DISABLE_PIP_VERSION_CHECK": "1"
+  },
+  "remoteEnv": {
+    "OPENAI_API_KEY": "${localEnv:OPENAI_API_KEY}"
+  },
+  "postCreateCommand": "python3 /opt/post_install.py",
+  "postStartCommand": "bash /opt/post_start.sh",
+  "waitFor": "postStartCommand",
+  "customizations": {
+    "vscode": {
+      "settings": {
+        "terminal.integrated.defaultProfile.linux": "zsh",
+        "terminal.integrated.profiles.linux": {
+          "bash": {
+            "path": "bash",
+            "icon": "terminal-bash"
+          },
+          "zsh": {
+            "path": "zsh"
+          }
+        },
+        "files.trimTrailingWhitespace": true,
+        "files.insertFinalNewline": true,
+        "files.trimFinalNewlines": true
+      },
+      "extensions": [
+        "openai.chatgpt",
+        "rust-lang.rust-analyzer",
+        "tamasfe.even-better-toml",
+        "vadimcn.vscode-lldb",
+        "ms-azuretools.vscode-docker"
+      ]
+    }
+  }
+}

.devcontainer/init-firewall.sh

@@ -0,0 +1,170 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+
+allowed_domains_file="/etc/codex/allowed_domains.txt"
+include_github_meta_ranges="${CODEX_INCLUDE_GITHUB_META_RANGES:-1}"
+
+if [ -f "$allowed_domains_file" ]; then
+  mapfile -t allowed_domains < <(sed '/^\s*#/d;/^\s*$/d' "$allowed_domains_file")
+else
+  allowed_domains=("api.openai.com")
+fi
+
+if [ "${#allowed_domains[@]}" -eq 0 ]; then
+  echo "ERROR: No allowed domains configured"
+  exit 1
+fi
+
+add_ipv4_cidr_to_allowlist() {
+  local source="$1"
+  local cidr="$2"
+
+  if [[ ! "$cidr" =~ ^[0-9]{1,3}(\.[0-9]{1,3}){3}/[0-9]{1,2}$ ]]; then
+    echo "ERROR: Invalid ${source} CIDR range: $cidr"
+    exit 1
+  fi
+
+  ipset add allowed-domains "$cidr" -exist
+}
+
+configure_ipv6_default_deny() {
+  if ! command -v ip6tables >/dev/null 2>&1; then
+    echo "ERROR: ip6tables is required to enforce IPv6 default-deny policy"
+    exit 1
+  fi
+
+  ip6tables -F
+  ip6tables -X
+  ip6tables -t mangle -F
+  ip6tables -t mangle -X
+  ip6tables -t nat -F 2>/dev/null || true
+  ip6tables -t nat -X 2>/dev/null || true
+
+  ip6tables -A INPUT -i lo -j ACCEPT
+  ip6tables -A OUTPUT -o lo -j ACCEPT
+  ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+  ip6tables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+  ip6tables -P INPUT DROP
+  ip6tables -P FORWARD DROP
+  ip6tables -P OUTPUT DROP
+
+  echo "IPv6 firewall policy configured (default-deny)"
+}
+
+# Preserve docker-managed DNS NAT rules before clearing tables.
+docker_dns_rules="$(iptables-save -t nat | grep "127\\.0\\.0\\.11" || true)"
+
+iptables -F
+iptables -X
+iptables -t nat -F
+iptables -t nat -X
+iptables -t mangle -F
+iptables -t mangle -X
+ipset destroy allowed-domains 2>/dev/null || true
+
+if [ -n "$docker_dns_rules" ]; then
+  echo "Restoring Docker DNS NAT rules"
+  iptables -t nat -N DOCKER_OUTPUT 2>/dev/null || true
+  iptables -t nat -N DOCKER_POSTROUTING 2>/dev/null || true
+  while IFS= read -r rule; do
+    [ -z "$rule" ] && continue
+    iptables -t nat $rule
+  done <<< "$docker_dns_rules"
+fi
+
+# Allow DNS resolution and localhost communication.
+iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
+iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
+iptables -A INPUT -p udp --sport 53 -j ACCEPT
+iptables -A INPUT -p tcp --sport 53 -j ACCEPT
+iptables -A INPUT -i lo -j ACCEPT
+iptables -A OUTPUT -o lo -j ACCEPT
+
+ipset create allowed-domains hash:net
+
+for domain in "${allowed_domains[@]}"; do
+  echo "Resolving $domain"
+  ips="$(dig +short A "$domain" | sed '/^\s*$/d')"
+  if [ -z "$ips" ]; then
+    echo "ERROR: Failed to resolve $domain"
+    exit 1
+  fi
+
+  while IFS= read -r ip; do
+    if [[ ! "$ip" =~ ^[0-9]{1,3}(\.[0-9]{1,3}){3}$ ]]; then
+      echo "ERROR: Invalid IPv4 address from DNS for $domain: $ip"
+      exit 1
+    fi
+    ipset add allowed-domains "$ip" -exist
+  done <<< "$ips"
+done
+
+if [ "$include_github_meta_ranges" = "1" ]; then
+  echo "Fetching GitHub meta ranges"
+  github_meta="$(curl -fsSL --connect-timeout 10 https://api.github.com/meta)"
+
+  if ! echo "$github_meta" | jq -e '.web and .api and .git' >/dev/null; then
+    echo "ERROR: GitHub meta response missing expected fields"
+    exit 1
+  fi
+
+  while IFS= read -r cidr; do
+    [ -z "$cidr" ] && continue
+    if [[ "$cidr" == *:* ]]; then
+      # Current policy enforces IPv4-only ipset entries.
+      continue
+    fi
+    add_ipv4_cidr_to_allowlist "GitHub" "$cidr"
+  done < <(echo "$github_meta" | jq -r '((.web // []) + (.api // []) + (.git // []))[]' | sort -u)
+fi
+
+host_ip="$(ip route | awk '/default/ {print $3; exit}')"
+if [ -z "$host_ip" ]; then
+  echo "ERROR: Failed to detect host IP"
+  exit 1
+fi
+
+host_network="$(echo "$host_ip" | sed 's/\.[0-9]*$/.0\/24/')"
+iptables -A INPUT -s "$host_network" -j ACCEPT
+iptables -A OUTPUT -d "$host_network" -j ACCEPT
+
+iptables -P INPUT DROP
+iptables -P FORWARD DROP
+iptables -P OUTPUT DROP
+
+iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+iptables -A OUTPUT -m set --match-set allowed-domains dst -j ACCEPT
+
+# Reject rather than silently drop to make policy failures obvious.
+iptables -A INPUT -j REJECT --reject-with icmp-admin-prohibited
+iptables -A OUTPUT -j REJECT --reject-with icmp-admin-prohibited
+iptables -A FORWARD -j REJECT --reject-with icmp-admin-prohibited
+
+configure_ipv6_default_deny
+
+echo "Firewall configuration complete"
+
+if curl --connect-timeout 5 https://example.com >/dev/null 2>&1; then
+  echo "ERROR: Firewall verification failed - was able to reach https://example.com"
+  exit 1
+fi
+
+if ! curl --connect-timeout 5 https://api.openai.com >/dev/null 2>&1; then
+  echo "ERROR: Firewall verification failed - unable to reach https://api.openai.com"
+  exit 1
+fi
+
+if [ "$include_github_meta_ranges" = "1" ] && ! curl --connect-timeout 5 https://api.github.com/zen >/dev/null 2>&1; then
+  echo "ERROR: Firewall verification failed - unable to reach https://api.github.com"
+  exit 1
+fi
+
+if curl --connect-timeout 5 -6 https://example.com >/dev/null 2>&1; then
+  echo "ERROR: Firewall verification failed - was able to reach https://example.com over IPv6"
+  exit 1
+fi
+
+echo "Firewall verification passed"

.devcontainer/post-start.sh

@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+if [ "${CODEX_ENABLE_FIREWALL:-1}" != "1" ]; then
+  echo "[devcontainer] Firewall mode: permissive (CODEX_ENABLE_FIREWALL=${CODEX_ENABLE_FIREWALL:-unset})."
+  exit 0
+fi
+
+echo "[devcontainer] Firewall mode: strict"
+
+domains_raw="${OPENAI_ALLOWED_DOMAINS:-api.openai.com}"
+mapfile -t domains < <(printf '%s\n' "$domains_raw" | tr ', ' '\n\n' | sed '/^$/d' | sort -u)
+
+if [ "${#domains[@]}" -eq 0 ]; then
+  echo "[devcontainer] No allowed domains configured."
+  exit 1
+fi
+
+tmp_file="$(mktemp)"
+for domain in "${domains[@]}"; do
+  if [[ ! "$domain" =~ ^[a-zA-Z0-9][a-zA-Z0-9.-]*\.[a-zA-Z]{2,}$ ]]; then
+    echo "[devcontainer] Invalid domain in OPENAI_ALLOWED_DOMAINS: $domain"
+    rm -f "$tmp_file"
+    exit 1
+  fi
+  printf '%s\n' "$domain" >> "$tmp_file"
+done
+
+sudo install -d -m 0755 /etc/codex
+sudo cp "$tmp_file" /etc/codex/allowed_domains.txt
+sudo chown root:root /etc/codex/allowed_domains.txt
+sudo chmod 0444 /etc/codex/allowed_domains.txt
+rm -f "$tmp_file"
+
+echo "[devcontainer] Applying firewall policy for domains: ${domains[*]}"
+sudo --preserve-env=CODEX_INCLUDE_GITHUB_META_RANGES /usr/local/bin/init-firewall.sh

.devcontainer/post_install.py

@@ -0,0 +1,113 @@
+#!/usr/bin/env python3
+"""Post-install configuration for the Codex devcontainer."""
+
+from __future__ import annotations
+
+import os
+import subprocess
+import sys
+from pathlib import Path
+
+
+def ensure_history_files() -> None:
+    command_history_dir = Path("/commandhistory")
+    command_history_dir.mkdir(parents=True, exist_ok=True)
+
+    for filename in (".bash_history", ".zsh_history"):
+        (command_history_dir / filename).touch(exist_ok=True)
+
+
+def fix_directory_ownership() -> None:
+    uid = os.getuid()
+    gid = os.getgid()
+
+    paths = [
+        Path.home() / ".codex",
+        Path.home() / ".config" / "gh",
+        Path.home() / ".cargo",
+        Path.home() / ".rustup",
+        Path("/commandhistory"),
+    ]
+
+    for path in paths:
+        if not path.exists():
+            continue
+
+        stat_info = path.stat()
+        if stat_info.st_uid == uid and stat_info.st_gid == gid:
+            continue
+
+        try:
+            subprocess.run(
+                ["sudo", "chown", "-R", f"{uid}:{gid}", str(path)],
+                check=True,
+                capture_output=True,
+                text=True,
+            )
+            print(f"[post_install] fixed ownership: {path}", file=sys.stderr)
+        except subprocess.CalledProcessError as err:
+            print(
+                f"[post_install] warning: could not fix ownership of {path}: {err.stderr.strip()}",
+                file=sys.stderr,
+            )
+
+
+def setup_git_config() -> None:
+    home = Path.home()
+    host_gitconfig = home / ".gitconfig"
+    local_gitconfig = home / ".gitconfig.local"
+    gitignore_global = home / ".gitignore_global"
+
+    gitignore_global.write_text(
+        """# Codex
+.codex/
+
+# Rust
+/target/
+
+# Node
+node_modules/
+
+# Python
+__pycache__/
+*.pyc
+
+# Editors
+.vscode/
+.idea/
+
+# macOS
+.DS_Store
+""",
+        encoding="utf-8",
+    )
+
+    include_line = (
+        f"[include]\n    path = {host_gitconfig}\n\n" if host_gitconfig.exists() else ""
+    )
+
+    local_gitconfig.write_text(
+        f"""# Container-local git configuration
+{include_line}[core]
+    excludesfile = {gitignore_global}
+
+[merge]
+    conflictstyle = diff3
+
+[diff]
+    colorMoved = default
+""",
+        encoding="utf-8",
+    )
+
+
+def main() -> None:
+    print("[post_install] configuring devcontainer...", file=sys.stderr)
+    ensure_history_files()
+    fix_directory_ownership()
+    setup_git_config()
+    print("[post_install] complete", file=sys.stderr)
+
+
+if __name__ == "__main__":
+    main()

.github/scripts/verify_tui_core_boundary.py

@@ -0,0 +1,89 @@
+#!/usr/bin/env python3
+
+"""Verify codex-tui does not depend on or import codex-core directly."""
+
+from __future__ import annotations
+
+import re
+import sys
+import tomllib
+from pathlib import Path
+
+
+ROOT = Path(__file__).resolve().parents[2]
+TUI_ROOT = ROOT / "codex-rs" / "tui"
+TUI_MANIFEST = TUI_ROOT / "Cargo.toml"
+FORBIDDEN_PACKAGE = "codex-core"
+FORBIDDEN_SOURCE_PATTERNS = (
+    re.compile(r"\bcodex_core::"),
+    re.compile(r"\buse\s+codex_core\b"),
+    re.compile(r"\bextern\s+crate\s+codex_core\b"),
+)
+
+
+def main() -> int:
+    failures = []
+    failures.extend(manifest_failures())
+    failures.extend(source_failures())
+
+    if not failures:
+        return 0
+
+    print("codex-tui must not depend on or import codex-core directly.")
+    print(
+        "Use the app-server protocol/client boundary instead; temporary embedded "
+        "startup gaps belong behind codex_app_server_client::legacy_core."
+    )
+    print()
+    for failure in failures:
+        print(f"- {failure}")
+
+    return 1
+
+
+def manifest_failures() -> list[str]:
+    manifest = tomllib.loads(TUI_MANIFEST.read_text())
+    failures = []
+    for section_name, dependencies in dependency_sections(manifest):
+        if FORBIDDEN_PACKAGE in dependencies:
+            failures.append(
+                f"{relative_path(TUI_MANIFEST)} declares `{FORBIDDEN_PACKAGE}` "
+                f"in `[{section_name}]`"
+            )
+    return failures
+
+
+def dependency_sections(manifest: dict) -> list[tuple[str, dict]]:
+    sections: list[tuple[str, dict]] = []
+    for section_name in ("dependencies", "dev-dependencies", "build-dependencies"):
+        dependencies = manifest.get(section_name)
+        if isinstance(dependencies, dict):
+            sections.append((section_name, dependencies))
+
+    for target_name, target in manifest.get("target", {}).items():
+        if not isinstance(target, dict):
+            continue
+        for section_name in ("dependencies", "dev-dependencies", "build-dependencies"):
+            dependencies = target.get(section_name)
+            if isinstance(dependencies, dict):
+                sections.append((f'target.{target_name}.{section_name}', dependencies))
+
+    return sections
+
+
+def source_failures() -> list[str]:
+    failures = []
+    for path in sorted(TUI_ROOT.glob("**/*.rs")):
+        text = path.read_text()
+        for line_number, line in enumerate(text.splitlines(), start=1):
+            if any(pattern.search(line) for pattern in FORBIDDEN_SOURCE_PATTERNS):
+                failures.append(f"{relative_path(path)}:{line_number} imports `codex_core`")
+    return failures
+
+
+def relative_path(path: Path) -> str:
+    return str(path.relative_to(ROOT))
+
+
+if __name__ == "__main__":
+    sys.exit(main())

.github/workflows/ci.yml

@@ -17,6 +17,9 @@ jobs:
       - name: Verify codex-rs Cargo manifests inherit workspace settings
         run: python3 .github/scripts/verify_cargo_workspace_manifests.py
 
+      - name: Verify codex-tui does not import codex-core directly
+        run: python3 .github/scripts/verify_tui_core_boundary.py
+
       - name: Verify Bazel clippy flags match Cargo workspace lints
         run: python3 .github/scripts/verify_bazel_clippy_lints.py
 

.github/workflows/issue-labeler.yml

@@ -44,6 +44,7 @@ jobs:
             6. iOS — Issues with the Codex iOS app.
 
             - Additionally add zero or more of the following labels that are relevant to the issue content. Prefer a small set of precise labels over many broad ones.
+            - For agent-area issues, prefer the most specific applicable label. Use "agent" only as a fallback for agent-related issues that do not fit a more specific agent-area label. Prefer "app-server" over "session" or "config" when the issue is about app-server protocol, API, RPC, schema, launch, or bridge behavior.
             1. windows-os — Bugs or friction specific to Windows environments (always when PowerShell is mentioned, path handling, copy/paste, OS-specific auth or tooling failures).
             2. mcp — Topics involving Model Context Protocol servers/clients.
             3. mcp-server — Problems related to the codex mcp-server command, where codex runs as an MCP server.
@@ -61,6 +62,13 @@ jobs:
             15. sandbox - Issues related to local sandbox environments or tool call approvals to override sandbox restrictions.
             16. tool-calls - Problems related to specific tool call invocations including unexpected errors, failures, or hangs.
             17. TUI - Problems with the terminal user interface (TUI) including keyboard shortcuts, copy & pasting, menus, or screen update issues.
+            18. app-server - Issues involving the app-server protocol or interfaces, including SDK/API payloads, thread/* and turn/* RPCs, app-server launch behavior, external app/controller bridges, and app-server protocol/schema behavior.
+            19. connectivity - Network connectivity or endpoint issues, including reconnecting messages, stream dropped/disconnected errors, websocket/SSE/transport failures, timeout/network/VPN/proxy/API endpoint failures, and related retry behavior.
+            20. subagent - Issues involving subagents, sub-agents, or multi-agent behavior, including spawn_agent, wait_agent, close_agent, worker/explorer roles, delegation, agent teams, lifecycle, model/config inheritance, quotas, and orchestration.
+            21. session - Issues involving session or thread management, including resume, fork, archive, rename/title, thread history, rollout persistence, compaction, checkpoints, retention, and cross-session state.
+            22. config - Issues involving config.toml, config keys, config key merging, config updates, profiles, hooks config, project config, agent role TOMLs, instruction/personality config, and config schema behavior.
+            23. plan - Issues involving plan mode, planning workflows, or plan-specific tools/behavior.
+            24. agent - Fallback only for core agent loop or agent-related issues that do not fit app-server, connectivity, subagent, session, config, or plan.
 
             Issue number: ${{ github.event.issue.number }}
 

codex-rs/Cargo.lock

@@ -1366,16 +1366,6 @@ dependencies = [
  "unicode-width 0.1.14",
 ]
 
-[[package]]
-name = "codex-account"
-version = "0.0.0"
-dependencies = [
- "anyhow",
- "codex-backend-client",
- "codex-login",
- "thiserror 2.0.18",
-]
-
 [[package]]
 name = "codex-analytics"
 version = "0.0.0"
@@ -1908,7 +1898,6 @@ dependencies = [
  "bm25",
  "chrono",
  "clap",
- "codex-account",
  "codex-analytics",
  "codex-api",
  "codex-app-server-protocol",
@@ -2856,7 +2845,6 @@ dependencies = [
  "codex-cli",
  "codex-cloud-requirements",
  "codex-config",
- "codex-core",
  "codex-exec-server",
  "codex-features",
  "codex-feedback",
@@ -2942,6 +2930,7 @@ name = "codex-utils-absolute-path"
 version = "0.0.0"
 dependencies = [
  "dirs",
+ "dunce",
  "pretty_assertions",
  "schemars 0.8.22",
  "serde",

codex-rs/Cargo.toml

@@ -1,6 +1,5 @@
 [workspace]
 members = [
-    "account",
     "analytics",
     "backend-client",
     "ansi-escape",
@@ -105,7 +104,6 @@ license = "Apache-2.0"
 # Internal
 app_test_support = { path = "app-server/tests/common" }
 codex-analytics = { path = "analytics" }
-codex-account = { path = "account" }
 codex-ansi-escape = { path = "ansi-escape" }
 codex-api = { path = "codex-api" }
 codex-app-server = { path = "app-server" }

codex-rs/account/BUILD.bazel

@@ -1,6 +0,0 @@
-load("//:defs.bzl", "codex_rust_crate")
-
-codex_rust_crate(
-    name = "account",
-    crate_name = "codex_account",
-)

codex-rs/account/Cargo.toml

@@ -1,19 +0,0 @@
-[package]
-name = "codex-account"
-version.workspace = true
-edition.workspace = true
-license.workspace = true
-publish = false
-
-[lib]
-name = "codex_account"
-path = "src/lib.rs"
-
-[lints]
-workspace = true
-
-[dependencies]
-anyhow = { workspace = true }
-codex-backend-client = { workspace = true }
-codex-login = { workspace = true }
-thiserror = { workspace = true }

codex-rs/account/src/lib.rs

@@ -1,121 +0,0 @@
-use codex_backend_client::Client as BackendClient;
-use codex_backend_client::RequestError;
-use codex_backend_client::WorkspaceRole as BackendWorkspaceRole;
-use codex_login::AuthManager;
-use codex_login::CodexAuth;
-use thiserror::Error;
-
-#[derive(Debug, Clone, Copy, PartialEq, Eq)]
-pub enum WorkspaceRole {
-    AccountOwner,
-    AccountAdmin,
-    StandardUser,
-}
-
-impl WorkspaceRole {
-    fn is_workspace_owner(self) -> bool {
-        matches!(self, Self::AccountOwner | Self::AccountAdmin)
-    }
-}
-
-impl From<BackendWorkspaceRole> for WorkspaceRole {
-    fn from(value: BackendWorkspaceRole) -> Self {
-        match value {
-            BackendWorkspaceRole::AccountOwner => Self::AccountOwner,
-            BackendWorkspaceRole::AccountAdmin => Self::AccountAdmin,
-            BackendWorkspaceRole::StandardUser => Self::StandardUser,
-        }
-    }
-}
-
-#[derive(Debug, Clone, Copy, Default, PartialEq, Eq)]
-pub struct WorkspaceOwnership {
-    pub workspace_role: Option<WorkspaceRole>,
-    pub is_workspace_owner: Option<bool>,
-}
-
-#[derive(Debug, Clone, Copy, PartialEq, Eq)]
-pub enum AddCreditsNudgeEmailStatus {
-    Sent,
-    CooldownActive,
-}
-
-#[derive(Debug, Error)]
-pub enum SendAddCreditsNudgeEmailError {
-    #[error("codex account authentication required to notify workspace owner")]
-    AuthRequired,
-
-    #[error("chatgpt authentication required to notify workspace owner")]
-    ChatGptAuthRequired,
-
-    #[error("failed to construct backend client: {0}")]
-    CreateClient(#[from] anyhow::Error),
-
-    #[error("failed to notify workspace owner: {0}")]
-    Request(#[from] RequestError),
-}
-
-pub async fn send_add_credits_nudge_email(
-    chatgpt_base_url: impl Into<String>,
-    auth_manager: &AuthManager,
-) -> Result<AddCreditsNudgeEmailStatus, SendAddCreditsNudgeEmailError> {
-    let auth = auth_manager
-        .auth()
-        .await
-        .ok_or(SendAddCreditsNudgeEmailError::AuthRequired)?;
-    send_add_credits_nudge_email_for_auth(chatgpt_base_url, &auth).await
-}
-
-pub async fn send_add_credits_nudge_email_for_auth(
-    chatgpt_base_url: impl Into<String>,
-    auth: &CodexAuth,
-) -> Result<AddCreditsNudgeEmailStatus, SendAddCreditsNudgeEmailError> {
-    if !auth.is_chatgpt_auth() {
-        return Err(SendAddCreditsNudgeEmailError::ChatGptAuthRequired);
-    }
-
-    let client = BackendClient::from_auth(chatgpt_base_url, auth)?;
-    match client.send_add_credits_nudge_email().await {
-        Ok(()) => Ok(AddCreditsNudgeEmailStatus::Sent),
-        Err(err) if err.status().is_some_and(|status| status.as_u16() == 429) => {
-            Ok(AddCreditsNudgeEmailStatus::CooldownActive)
-        }
-        Err(err) => Err(err.into()),
-    }
-}
-
-pub async fn resolve_workspace_role_and_owner_for_auth(
-    chatgpt_base_url: &str,
-    auth: Option<&CodexAuth>,
-) -> WorkspaceOwnership {
-    let token_is_workspace_owner = auth.and_then(CodexAuth::is_workspace_owner);
-    let Some(auth) = auth else {
-        return WorkspaceOwnership::default();
-    };
-
-    let workspace_role = fetch_current_workspace_role_for_auth(chatgpt_base_url, auth).await;
-    let is_workspace_owner = workspace_role
-        .map(WorkspaceRole::is_workspace_owner)
-        .or(token_is_workspace_owner);
-    WorkspaceOwnership {
-        workspace_role,
-        is_workspace_owner,
-    }
-}
-
-async fn fetch_current_workspace_role_for_auth(
-    chatgpt_base_url: &str,
-    auth: &CodexAuth,
-) -> Option<WorkspaceRole> {
-    if !auth.is_chatgpt_auth() {
-        return None;
-    }
-
-    let client = BackendClient::from_auth(chatgpt_base_url.to_string(), auth).ok()?;
-    client
-        .get_current_workspace_role()
-        .await
-        .ok()
-        .flatten()
-        .map(WorkspaceRole::from)
-}

codex-rs/analytics/Cargo.toml

@@ -20,6 +20,7 @@ codex-plugin = { workspace = true }
 codex-protocol = { workspace = true }
 os_info = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
+serde_json = { workspace = true }
 sha1 = { workspace = true }
 tokio = { workspace = true, features = [
     "macros",
@@ -29,4 +30,3 @@ tracing = { workspace = true, features = ["log"] }
 
 [dev-dependencies]
 pretty_assertions = { workspace = true }
-serde_json = { workspace = true }

codex-rs/analytics/src/analytics_client_tests.rs

@@ -3,6 +3,7 @@ use crate::events::AppServerRpcTransport;
 use crate::events::CodexAppMentionedEventRequest;
 use crate::events::CodexAppServerClientMetadata;
 use crate::events::CodexAppUsedEventRequest;
+use crate::events::CodexCompactionEventRequest;
 use crate::events::CodexPluginEventRequest;
 use crate::events::CodexPluginUsedEventRequest;
 use crate::events::CodexRuntimeMetadata;
@@ -18,6 +19,13 @@ use crate::facts::AnalyticsFact;
 use crate::facts::AppInvocation;
 use crate::facts::AppMentionedInput;
 use crate::facts::AppUsedInput;
+use crate::facts::CodexCompactionEvent;
+use crate::facts::CompactionImplementation;
+use crate::facts::CompactionPhase;
+use crate::facts::CompactionReason;
+use crate::facts::CompactionStatus;
+use crate::facts::CompactionStrategy;
+use crate::facts::CompactionTrigger;
 use crate::facts::CustomAnalyticsFact;
 use crate::facts::InvocationType;
 use crate::facts::PluginState;
@@ -59,6 +67,14 @@ use std::sync::Mutex;
 use tokio::sync::mpsc;
 
 fn sample_thread(thread_id: &str, ephemeral: bool) -> Thread {
+    sample_thread_with_source(thread_id, ephemeral, AppServerSessionSource::Exec)
+}
+
+fn sample_thread_with_source(
+    thread_id: &str,
+    ephemeral: bool,
+    source: AppServerSessionSource,
+) -> Thread {
     Thread {
         id: thread_id.to_string(),
         forked_from_id: None,
@@ -71,7 +87,7 @@ fn sample_thread(thread_id: &str, ephemeral: bool) -> Thread {
         path: None,
         cwd: PathBuf::from("/tmp"),
         cli_version: "0.0.0".to_string(),
-        source: AppServerSessionSource::Exec,
+        source,
         agent_nickname: None,
         agent_role: None,
         git_info: None,
@@ -97,11 +113,44 @@ fn sample_thread_start_response(thread_id: &str, ephemeral: bool, model: &str) -
     }
 }
 
+fn sample_app_server_client_metadata() -> CodexAppServerClientMetadata {
+    CodexAppServerClientMetadata {
+        product_client_id: DEFAULT_ORIGINATOR.to_string(),
+        client_name: Some("codex-tui".to_string()),
+        client_version: Some("1.0.0".to_string()),
+        rpc_transport: AppServerRpcTransport::Stdio,
+        experimental_api_enabled: Some(true),
+    }
+}
+
+fn sample_runtime_metadata() -> CodexRuntimeMetadata {
+    CodexRuntimeMetadata {
+        codex_rs_version: "0.1.0".to_string(),
+        runtime_os: "macos".to_string(),
+        runtime_os_version: "15.3.1".to_string(),
+        runtime_arch: "aarch64".to_string(),
+    }
+}
+
 fn sample_thread_resume_response(thread_id: &str, ephemeral: bool, model: &str) -> ClientResponse {
+    sample_thread_resume_response_with_source(
+        thread_id,
+        ephemeral,
+        model,
+        AppServerSessionSource::Exec,
+    )
+}
+
+fn sample_thread_resume_response_with_source(
+    thread_id: &str,
+    ephemeral: bool,
+    model: &str,
+    source: AppServerSessionSource,
+) -> ClientResponse {
     ClientResponse::ThreadResume {
         request_id: RequestId::Integer(2),
         response: ThreadResumeResponse {
-            thread: sample_thread(thread_id, ephemeral),
+            thread: sample_thread_with_source(thread_id, ephemeral, source),
             model: model.to_string(),
             model_provider: "openai".to_string(),
             service_tier: None,
@@ -254,6 +303,77 @@ fn app_used_event_serializes_expected_shape() {
     );
 }
 
+#[test]
+fn compaction_event_serializes_expected_shape() {
+    let event = TrackEventRequest::Compaction(Box::new(CodexCompactionEventRequest {
+        event_type: "codex_compaction_event",
+        event_params: crate::events::codex_compaction_event_params(
+            CodexCompactionEvent {
+                thread_id: "thread-1".to_string(),
+                turn_id: "turn-1".to_string(),
+                trigger: CompactionTrigger::Auto,
+                reason: CompactionReason::ContextLimit,
+                implementation: CompactionImplementation::ResponsesCompact,
+                phase: CompactionPhase::MidTurn,
+                strategy: CompactionStrategy::Memento,
+                status: CompactionStatus::Completed,
+                error: None,
+                active_context_tokens_before: 120_000,
+                active_context_tokens_after: 18_000,
+                started_at: 100,
+                completed_at: 106,
+                duration_ms: Some(6543),
+            },
+            sample_app_server_client_metadata(),
+            sample_runtime_metadata(),
+            Some("user"),
+            /*subagent_source*/ None,
+            /*parent_thread_id*/ None,
+        ),
+    }));
+
+    let payload = serde_json::to_value(&event).expect("serialize compaction event");
+
+    assert_eq!(
+        payload,
+        json!({
+            "event_type": "codex_compaction_event",
+            "event_params": {
+                "thread_id": "thread-1",
+                "turn_id": "turn-1",
+                "app_server_client": {
+                    "product_client_id": DEFAULT_ORIGINATOR,
+                    "client_name": "codex-tui",
+                    "client_version": "1.0.0",
+                    "rpc_transport": "stdio",
+                    "experimental_api_enabled": true
+                },
+                "runtime": {
+                    "codex_rs_version": "0.1.0",
+                    "runtime_os": "macos",
+                    "runtime_os_version": "15.3.1",
+                    "runtime_arch": "aarch64"
+                },
+                "thread_source": "user",
+                "subagent_source": null,
+                "parent_thread_id": null,
+                "trigger": "auto",
+                "reason": "context_limit",
+                "implementation": "responses_compact",
+                "phase": "mid_turn",
+                "strategy": "memento",
+                "status": "completed",
+                "error": null,
+                "active_context_tokens_before": 120000,
+                "active_context_tokens_after": 18000,
+                "started_at": 100,
+                "completed_at": 106,
+                "duration_ms": 6543
+            }
+        })
+    );
+}
+
 #[test]
 fn app_used_dedupe_is_keyed_by_turn_and_connector() {
     let (sender, _receiver) = mpsc::channel(1);
@@ -449,6 +569,120 @@ async fn initialize_caches_client_and_thread_lifecycle_publishes_once_initialize
     assert_eq!(payload[0]["event_params"]["parent_thread_id"], json!(null));
 }
 
+#[tokio::test]
+async fn compaction_event_ingests_custom_fact() {
+    let mut reducer = AnalyticsReducer::default();
+    let mut events = Vec::new();
+    let parent_thread_id =
+        codex_protocol::ThreadId::from_string("22222222-2222-2222-2222-222222222222")
+            .expect("valid parent thread id");
+
+    reducer
+        .ingest(
+            AnalyticsFact::Initialize {
+                connection_id: 7,
+                params: InitializeParams {
+                    client_info: ClientInfo {
+                        name: "codex-tui".to_string(),
+                        title: None,
+                        version: "1.0.0".to_string(),
+                    },
+                    capabilities: Some(InitializeCapabilities {
+                        experimental_api: false,
+                        opt_out_notification_methods: None,
+                    }),
+                },
+                product_client_id: DEFAULT_ORIGINATOR.to_string(),
+                runtime: sample_runtime_metadata(),
+                rpc_transport: AppServerRpcTransport::Websocket,
+            },
+            &mut events,
+        )
+        .await;
+    reducer
+        .ingest(
+            AnalyticsFact::Response {
+                connection_id: 7,
+                response: Box::new(sample_thread_resume_response_with_source(
+                    "thread-1",
+                    /*ephemeral*/ false,
+                    "gpt-5",
+                    AppServerSessionSource::SubAgent(SubAgentSource::ThreadSpawn {
+                        parent_thread_id,
+                        depth: 1,
+                        agent_path: None,
+                        agent_nickname: None,
+                        agent_role: None,
+                    }),
+                )),
+            },
+            &mut events,
+        )
+        .await;
+    events.clear();
+
+    reducer
+        .ingest(
+            AnalyticsFact::Custom(CustomAnalyticsFact::Compaction(Box::new(
+                CodexCompactionEvent {
+                    thread_id: "thread-1".to_string(),
+                    turn_id: "turn-compact".to_string(),
+                    trigger: CompactionTrigger::Manual,
+                    reason: CompactionReason::UserRequested,
+                    implementation: CompactionImplementation::Responses,
+                    phase: CompactionPhase::StandaloneTurn,
+                    strategy: CompactionStrategy::Memento,
+                    status: CompactionStatus::Failed,
+                    error: Some("context limit exceeded".to_string()),
+                    active_context_tokens_before: 131_000,
+                    active_context_tokens_after: 131_000,
+                    started_at: 100,
+                    completed_at: 101,
+                    duration_ms: Some(1200),
+                },
+            ))),
+            &mut events,
+        )
+        .await;
+
+    let payload = serde_json::to_value(&events).expect("serialize events");
+    assert_eq!(payload.as_array().expect("events array").len(), 1);
+    assert_eq!(payload[0]["event_type"], "codex_compaction_event");
+    assert_eq!(payload[0]["event_params"]["thread_id"], "thread-1");
+    assert_eq!(payload[0]["event_params"]["turn_id"], "turn-compact");
+    assert_eq!(
+        payload[0]["event_params"]["app_server_client"]["product_client_id"],
+        DEFAULT_ORIGINATOR
+    );
+    assert_eq!(
+        payload[0]["event_params"]["app_server_client"]["client_name"],
+        "codex-tui"
+    );
+    assert_eq!(
+        payload[0]["event_params"]["app_server_client"]["rpc_transport"],
+        "websocket"
+    );
+    assert_eq!(
+        payload[0]["event_params"]["runtime"]["codex_rs_version"],
+        "0.1.0"
+    );
+    assert_eq!(payload[0]["event_params"]["thread_source"], "subagent");
+    assert_eq!(
+        payload[0]["event_params"]["subagent_source"],
+        "thread_spawn"
+    );
+    assert_eq!(
+        payload[0]["event_params"]["parent_thread_id"],
+        "22222222-2222-2222-2222-222222222222"
+    );
+    assert_eq!(payload[0]["event_params"]["trigger"], "manual");
+    assert_eq!(payload[0]["event_params"]["reason"], "user_requested");
+    assert_eq!(payload[0]["event_params"]["implementation"], "responses");
+    assert_eq!(payload[0]["event_params"]["phase"], "standalone_turn");
+    assert_eq!(payload[0]["event_params"]["strategy"], "memento");
+    assert_eq!(payload[0]["event_params"]["status"], "failed");
+}
+
 #[test]
 fn subagent_thread_started_review_serializes_expected_shape() {
     let event = TrackEventRequest::ThreadInitialized(subagent_thread_started_event_request(

codex-rs/analytics/src/client.rs

@@ -1,4 +1,5 @@
 use crate::events::AppServerRpcTransport;
+use crate::events::GuardianReviewEventParams;
 use crate::events::TrackEventRequest;
 use crate::events::TrackEventsRequest;
 use crate::events::current_runtime_metadata;
@@ -151,6 +152,12 @@ impl AnalyticsEventsClient {
         ));
     }
 
+    pub fn track_guardian_review(&self, input: GuardianReviewEventParams) {
+        self.record_fact(AnalyticsFact::Custom(CustomAnalyticsFact::GuardianReview(
+            Box::new(input),
+        )));
+    }
+
     pub fn track_app_mentioned(&self, tracking: TrackEventsContext, mentions: Vec<AppInvocation>) {
         if mentions.is_empty() {
             return;
@@ -178,6 +185,12 @@ impl AnalyticsEventsClient {
         )));
     }
 
+    pub fn track_compaction(&self, event: crate::facts::CodexCompactionEvent) {
+        self.record_fact(AnalyticsFact::Custom(CustomAnalyticsFact::Compaction(
+            Box::new(event),
+        )));
+    }
+
     pub fn track_plugin_installed(&self, plugin: PluginTelemetryMetadata) {
         self.record_fact(AnalyticsFact::Custom(
             CustomAnalyticsFact::PluginStateChanged(PluginStateChangedInput {

codex-rs/analytics/src/events.rs

@@ -1,10 +1,14 @@
 use crate::facts::AppInvocation;
+use crate::facts::CodexCompactionEvent;
 use crate::facts::InvocationType;
 use crate::facts::PluginState;
 use crate::facts::SubAgentThreadStartedInput;
 use crate::facts::TrackEventsContext;
 use codex_login::default_client::originator;
 use codex_plugin::PluginTelemetryMetadata;
+use codex_protocol::approvals::NetworkApprovalProtocol;
+use codex_protocol::models::PermissionProfile;
+use codex_protocol::models::SandboxPermissions;
 use codex_protocol::protocol::SessionSource;
 use codex_protocol::protocol::SubAgentSource;
 use serde::Serialize;
@@ -35,8 +39,10 @@ pub(crate) struct TrackEventsRequest {
 pub(crate) enum TrackEventRequest {
     SkillInvocation(SkillInvocationEventRequest),
     ThreadInitialized(ThreadInitializedEvent),
+    GuardianReview(Box<GuardianReviewEventRequest>),
     AppMentioned(CodexAppMentionedEventRequest),
     AppUsed(CodexAppUsedEventRequest),
+    Compaction(Box<CodexCompactionEventRequest>),
     PluginUsed(CodexPluginUsedEventRequest),
     PluginInstalled(CodexPluginEventRequest),
     PluginUninstalled(CodexPluginEventRequest),
@@ -99,6 +105,179 @@ pub(crate) struct ThreadInitializedEvent {
     pub(crate) event_params: ThreadInitializedEventParams,
 }
 
+#[derive(Serialize)]
+pub(crate) struct GuardianReviewEventRequest {
+    pub(crate) event_type: &'static str,
+    pub(crate) event_params: GuardianReviewEventPayload,
+}
+
+#[derive(Clone, Copy, Debug, Serialize)]
+#[serde(rename_all = "snake_case")]
+pub enum GuardianReviewDecision {
+    Approved,
+    Denied,
+    Aborted,
+}
+
+#[derive(Clone, Copy, Debug, Serialize)]
+#[serde(rename_all = "snake_case")]
+pub enum GuardianReviewTerminalStatus {
+    Approved,
+    Denied,
+    Aborted,
+    TimedOut,
+    FailedClosed,
+}
+
+#[derive(Clone, Copy, Debug, Serialize)]
+#[serde(rename_all = "snake_case")]
+pub enum GuardianReviewFailureReason {
+    Timeout,
+    Cancelled,
+    PromptBuildError,
+    SessionError,
+    ParseError,
+}
+
+#[derive(Clone, Copy, Debug, Serialize)]
+#[serde(rename_all = "snake_case")]
+pub enum GuardianReviewSessionKind {
+    TrunkNew,
+    TrunkReused,
+    EphemeralForked,
+}
+
+#[derive(Clone, Copy, Debug, Serialize)]
+#[serde(rename_all = "lowercase")]
+pub enum GuardianReviewRiskLevel {
+    Low,
+    Medium,
+    High,
+    Critical,
+}
+
+#[derive(Clone, Copy, Debug, Serialize)]
+#[serde(rename_all = "lowercase")]
+pub enum GuardianReviewUserAuthorization {
+    Unknown,
+    Low,
+    Medium,
+    High,
+}
+
+#[derive(Clone, Copy, Debug, Serialize)]
+#[serde(rename_all = "lowercase")]
+pub enum GuardianReviewOutcome {
+    Allow,
+    Deny,
+}
+
+#[derive(Clone, Copy, Debug, Serialize)]
+#[serde(rename_all = "snake_case")]
+pub enum GuardianApprovalRequestSource {
+    /// Approval requested directly by the main Codex turn.
+    MainTurn,
+    /// Approval requested by a delegated subagent and routed through the parent
+    /// session for guardian review.
+    DelegatedSubagent,
+}
+
+#[derive(Clone, Debug, Serialize)]
+#[serde(tag = "type", rename_all = "snake_case")]
+pub enum GuardianReviewedAction {
+    Shell {
+        command: Vec<String>,
+        command_display: String,
+        cwd: String,
+        sandbox_permissions: SandboxPermissions,
+        additional_permissions: Option<PermissionProfile>,
+        justification: Option<String>,
+    },
+    UnifiedExec {
+        command: Vec<String>,
+        command_display: String,
+        cwd: String,
+        sandbox_permissions: SandboxPermissions,
+        additional_permissions: Option<PermissionProfile>,
+        justification: Option<String>,
+        tty: bool,
+    },
+    Execve {
+        source: GuardianCommandSource,
+        program: String,
+        argv: Vec<String>,
+        cwd: String,
+        additional_permissions: Option<PermissionProfile>,
+    },
+    ApplyPatch {
+        cwd: String,
+        files: Vec<String>,
+    },
+    NetworkAccess {
+        target: String,
+        host: String,
+        protocol: NetworkApprovalProtocol,
+        port: u16,
+    },
+    McpToolCall {
+        server: String,
+        tool_name: String,
+        connector_id: Option<String>,
+        connector_name: Option<String>,
+        tool_title: Option<String>,
+    },
+}
+
+#[derive(Clone, Copy, Debug, Serialize)]
+#[serde(rename_all = "snake_case")]
+pub enum GuardianCommandSource {
+    Shell,
+    UnifiedExec,
+}
+
+#[derive(Clone, Serialize)]
+pub struct GuardianReviewEventParams {
+    pub thread_id: String,
+    pub turn_id: String,
+    pub review_id: String,
+    pub target_item_id: String,
+    pub retry_reason: Option<String>,
+    pub approval_request_source: GuardianApprovalRequestSource,
+    pub reviewed_action: GuardianReviewedAction,
+    pub reviewed_action_truncated: bool,
+    pub decision: GuardianReviewDecision,
+    pub terminal_status: GuardianReviewTerminalStatus,
+    pub failure_reason: Option<GuardianReviewFailureReason>,
+    pub risk_level: Option<GuardianReviewRiskLevel>,
+    pub user_authorization: Option<GuardianReviewUserAuthorization>,
+    pub outcome: Option<GuardianReviewOutcome>,
+    pub rationale: Option<String>,
+    pub guardian_thread_id: Option<String>,
+    pub guardian_session_kind: Option<GuardianReviewSessionKind>,
+    pub guardian_model: Option<String>,
+    pub guardian_reasoning_effort: Option<String>,
+    pub had_prior_review_context: Option<bool>,
+    pub review_timeout_ms: u64,
+    pub tool_call_count: u64,
+    pub time_to_first_token_ms: Option<u64>,
+    pub completion_latency_ms: Option<u64>,
+    pub started_at: u64,
+    pub completed_at: Option<u64>,
+    pub input_tokens: Option<i64>,
+    pub cached_input_tokens: Option<i64>,
+    pub output_tokens: Option<i64>,
+    pub reasoning_output_tokens: Option<i64>,
+    pub total_tokens: Option<i64>,
+}
+
+#[derive(Serialize)]
+pub(crate) struct GuardianReviewEventPayload {
+    pub(crate) app_server_client: CodexAppServerClientMetadata,
+    pub(crate) runtime: CodexRuntimeMetadata,
+    #[serde(flatten)]
+    pub(crate) guardian_review: GuardianReviewEventParams,
+}
+
 #[derive(Serialize)]
 pub(crate) struct CodexAppMetadata {
     pub(crate) connector_id: Option<String>,
@@ -122,6 +301,35 @@ pub(crate) struct CodexAppUsedEventRequest {
     pub(crate) event_params: CodexAppMetadata,
 }
 
+#[derive(Serialize)]
+pub(crate) struct CodexCompactionEventParams {
+    pub(crate) thread_id: String,
+    pub(crate) turn_id: String,
+    pub(crate) app_server_client: CodexAppServerClientMetadata,
+    pub(crate) runtime: CodexRuntimeMetadata,
+    pub(crate) thread_source: Option<&'static str>,
+    pub(crate) subagent_source: Option<String>,
+    pub(crate) parent_thread_id: Option<String>,
+    pub(crate) trigger: crate::facts::CompactionTrigger,
+    pub(crate) reason: crate::facts::CompactionReason,
+    pub(crate) implementation: crate::facts::CompactionImplementation,
+    pub(crate) phase: crate::facts::CompactionPhase,
+    pub(crate) strategy: crate::facts::CompactionStrategy,
+    pub(crate) status: crate::facts::CompactionStatus,
+    pub(crate) error: Option<String>,
+    pub(crate) active_context_tokens_before: i64,
+    pub(crate) active_context_tokens_after: i64,
+    pub(crate) started_at: u64,
+    pub(crate) completed_at: u64,
+    pub(crate) duration_ms: Option<u64>,
+}
+
+#[derive(Serialize)]
+pub(crate) struct CodexCompactionEventRequest {
+    pub(crate) event_type: &'static str,
+    pub(crate) event_params: CodexCompactionEventParams,
+}
+
 #[derive(Serialize)]
 pub(crate) struct CodexPluginMetadata {
     pub(crate) plugin_id: Option<String>,
@@ -201,6 +409,37 @@ pub(crate) fn codex_plugin_metadata(plugin: PluginTelemetryMetadata) -> CodexPlu
     }
 }
 
+pub(crate) fn codex_compaction_event_params(
+    input: CodexCompactionEvent,
+    app_server_client: CodexAppServerClientMetadata,
+    runtime: CodexRuntimeMetadata,
+    thread_source: Option<&'static str>,
+    subagent_source: Option<String>,
+    parent_thread_id: Option<String>,
+) -> CodexCompactionEventParams {
+    CodexCompactionEventParams {
+        thread_id: input.thread_id,
+        turn_id: input.turn_id,
+        app_server_client,
+        runtime,
+        thread_source,
+        subagent_source,
+        parent_thread_id,
+        trigger: input.trigger,
+        reason: input.reason,
+        implementation: input.implementation,
+        phase: input.phase,
+        strategy: input.strategy,
+        status: input.status,
+        error: input.error,
+        active_context_tokens_before: input.active_context_tokens_before,
+        active_context_tokens_after: input.active_context_tokens_after,
+        started_at: input.started_at,
+        completed_at: input.completed_at,
+        duration_ms: input.duration_ms,
+    }
+}
+
 pub(crate) fn codex_plugin_used_metadata(
     tracking: &TrackEventsContext,
     plugin: PluginTelemetryMetadata,
@@ -260,7 +499,7 @@ pub(crate) fn subagent_thread_started_event_request(
     }
 }
 
-fn subagent_source_name(subagent_source: &SubAgentSource) -> String {
+pub(crate) fn subagent_source_name(subagent_source: &SubAgentSource) -> String {
     match subagent_source {
         SubAgentSource::Review => "review".to_string(),
         SubAgentSource::Compact => "compact".to_string(),
@@ -270,7 +509,7 @@ fn subagent_source_name(subagent_source: &SubAgentSource) -> String {
     }
 }
 
-fn subagent_parent_thread_id(subagent_source: &SubAgentSource) -> Option<String> {
+pub(crate) fn subagent_parent_thread_id(subagent_source: &SubAgentSource) -> Option<String> {
     match subagent_source {
         SubAgentSource::ThreadSpawn {
             parent_thread_id, ..

codex-rs/analytics/src/facts.rs

@@ -1,5 +1,6 @@
 use crate::events::AppServerRpcTransport;
 use crate::events::CodexRuntimeMetadata;
+use crate::events::GuardianReviewEventParams;
 use codex_app_server_protocol::ClientRequest;
 use codex_app_server_protocol::ClientResponse;
 use codex_app_server_protocol::InitializeParams;
@@ -64,6 +65,69 @@ pub struct SubAgentThreadStartedInput {
     pub created_at: u64,
 }
 
+#[derive(Clone, Copy, Debug, Serialize)]
+#[serde(rename_all = "snake_case")]
+pub enum CompactionTrigger {
+    Manual,
+    Auto,
+}
+
+#[derive(Clone, Copy, Debug, Serialize)]
+#[serde(rename_all = "snake_case")]
+pub enum CompactionReason {
+    UserRequested,
+    ContextLimit,
+    ModelDownshift,
+}
+
+#[derive(Clone, Copy, Debug, Serialize)]
+#[serde(rename_all = "snake_case")]
+pub enum CompactionImplementation {
+    Responses,
+    ResponsesCompact,
+}
+
+#[derive(Clone, Copy, Debug, Serialize)]
+#[serde(rename_all = "snake_case")]
+pub enum CompactionPhase {
+    StandaloneTurn,
+    PreTurn,
+    MidTurn,
+}
+
+#[derive(Clone, Copy, Debug, Serialize)]
+#[serde(rename_all = "snake_case")]
+pub enum CompactionStrategy {
+    Memento,
+    PrefixCompaction,
+}
+
+#[derive(Clone, Copy, Debug, Serialize)]
+#[serde(rename_all = "snake_case")]
+pub enum CompactionStatus {
+    Completed,
+    Failed,
+    Interrupted,
+}
+
+#[derive(Clone)]
+pub struct CodexCompactionEvent {
+    pub thread_id: String,
+    pub turn_id: String,
+    pub trigger: CompactionTrigger,
+    pub reason: CompactionReason,
+    pub implementation: CompactionImplementation,
+    pub phase: CompactionPhase,
+    pub strategy: CompactionStrategy,
+    pub status: CompactionStatus,
+    pub error: Option<String>,
+    pub active_context_tokens_before: i64,
+    pub active_context_tokens_after: i64,
+    pub started_at: u64,
+    pub completed_at: u64,
+    pub duration_ms: Option<u64>,
+}
+
 #[allow(dead_code)]
 pub(crate) enum AnalyticsFact {
     Initialize {
@@ -90,6 +154,8 @@ pub(crate) enum AnalyticsFact {
 
 pub(crate) enum CustomAnalyticsFact {
     SubAgentThreadStarted(SubAgentThreadStartedInput),
+    Compaction(Box<CodexCompactionEvent>),
+    GuardianReview(Box<GuardianReviewEventParams>),
     SkillInvoked(SkillInvokedInput),
     AppMentioned(AppMentionedInput),
     AppUsed(AppUsedInput),

codex-rs/analytics/src/lib.rs

@@ -5,7 +5,25 @@ mod reducer;
 
 pub use client::AnalyticsEventsClient;
 pub use events::AppServerRpcTransport;
+pub use events::GuardianApprovalRequestSource;
+pub use events::GuardianCommandSource;
+pub use events::GuardianReviewDecision;
+pub use events::GuardianReviewEventParams;
+pub use events::GuardianReviewFailureReason;
+pub use events::GuardianReviewOutcome;
+pub use events::GuardianReviewRiskLevel;
+pub use events::GuardianReviewSessionKind;
+pub use events::GuardianReviewTerminalStatus;
+pub use events::GuardianReviewUserAuthorization;
+pub use events::GuardianReviewedAction;
 pub use facts::AppInvocation;
+pub use facts::CodexCompactionEvent;
+pub use facts::CompactionImplementation;
+pub use facts::CompactionPhase;
+pub use facts::CompactionReason;
+pub use facts::CompactionStatus;
+pub use facts::CompactionStrategy;
+pub use facts::CompactionTrigger;
 pub use facts::InvocationType;
 pub use facts::SkillInvocation;
 pub use facts::SubAgentThreadStartedInput;

codex-rs/analytics/src/reducer.rs

@@ -2,9 +2,13 @@ use crate::events::AppServerRpcTransport;
 use crate::events::CodexAppMentionedEventRequest;
 use crate::events::CodexAppServerClientMetadata;
 use crate::events::CodexAppUsedEventRequest;
+use crate::events::CodexCompactionEventRequest;
 use crate::events::CodexPluginEventRequest;
 use crate::events::CodexPluginUsedEventRequest;
 use crate::events::CodexRuntimeMetadata;
+use crate::events::GuardianReviewEventParams;
+use crate::events::GuardianReviewEventPayload;
+use crate::events::GuardianReviewEventRequest;
 use crate::events::SkillInvocationEventParams;
 use crate::events::SkillInvocationEventRequest;
 use crate::events::ThreadInitializationMode;
@@ -12,14 +16,18 @@ use crate::events::ThreadInitializedEvent;
 use crate::events::ThreadInitializedEventParams;
 use crate::events::TrackEventRequest;
 use crate::events::codex_app_metadata;
+use crate::events::codex_compaction_event_params;
 use crate::events::codex_plugin_metadata;
 use crate::events::codex_plugin_used_metadata;
 use crate::events::plugin_state_event_type;
+use crate::events::subagent_parent_thread_id;
+use crate::events::subagent_source_name;
 use crate::events::subagent_thread_started_event_request;
 use crate::events::thread_source_name;
 use crate::facts::AnalyticsFact;
 use crate::facts::AppMentionedInput;
 use crate::facts::AppUsedInput;
+use crate::facts::CodexCompactionEvent;
 use crate::facts::CustomAnalyticsFact;
 use crate::facts::PluginState;
 use crate::facts::PluginStateChangedInput;
@@ -40,6 +48,8 @@ use std::path::Path;
 #[derive(Default)]
 pub(crate) struct AnalyticsReducer {
     connections: HashMap<u64, ConnectionState>,
+    thread_connections: HashMap<String, u64>,
+    thread_metadata: HashMap<String, ThreadMetadataState>,
 }
 
 struct ConnectionState {
@@ -47,6 +57,35 @@ struct ConnectionState {
     runtime: CodexRuntimeMetadata,
 }
 
+#[derive(Clone)]
+struct ThreadMetadataState {
+    thread_source: Option<&'static str>,
+    subagent_source: Option<String>,
+    parent_thread_id: Option<String>,
+}
+
+impl ThreadMetadataState {
+    fn from_session_source(session_source: &SessionSource) -> Self {
+        let (subagent_source, parent_thread_id) = match session_source {
+            SessionSource::SubAgent(subagent_source) => (
+                Some(subagent_source_name(subagent_source)),
+                subagent_parent_thread_id(subagent_source),
+            ),
+            SessionSource::Cli
+            | SessionSource::VSCode
+            | SessionSource::Exec
+            | SessionSource::Mcp
+            | SessionSource::Custom(_)
+            | SessionSource::Unknown => (None, None),
+        };
+        Self {
+            thread_source: thread_source_name(session_source),
+            subagent_source,
+            parent_thread_id,
+        }
+    }
+}
+
 impl AnalyticsReducer {
     pub(crate) async fn ingest(&mut self, input: AnalyticsFact, out: &mut Vec<TrackEventRequest>) {
         match input {
@@ -81,6 +120,12 @@ impl AnalyticsReducer {
                 CustomAnalyticsFact::SubAgentThreadStarted(input) => {
                     self.ingest_subagent_thread_started(input, out);
                 }
+                CustomAnalyticsFact::Compaction(input) => {
+                    self.ingest_compaction(*input, out);
+                }
+                CustomAnalyticsFact::GuardianReview(input) => {
+                    self.ingest_guardian_review(*input, out);
+                }
                 CustomAnalyticsFact::SkillInvoked(input) => {
                     self.ingest_skill_invoked(input, out).await;
                 }
@@ -135,6 +180,42 @@ impl AnalyticsReducer {
         ));
     }
 
+    fn ingest_guardian_review(
+        &mut self,
+        input: GuardianReviewEventParams,
+        out: &mut Vec<TrackEventRequest>,
+    ) {
+        let Some(connection_id) = self.thread_connections.get(&input.thread_id) else {
+            tracing::warn!(
+                thread_id = %input.thread_id,
+                turn_id = %input.turn_id,
+                review_id = %input.review_id,
+                "dropping guardian analytics event: missing thread connection metadata"
+            );
+            return;
+        };
+        let Some(connection_state) = self.connections.get(connection_id) else {
+            tracing::warn!(
+                thread_id = %input.thread_id,
+                turn_id = %input.turn_id,
+                review_id = %input.review_id,
+                connection_id,
+                "dropping guardian analytics event: missing connection metadata"
+            );
+            return;
+        };
+        out.push(TrackEventRequest::GuardianReview(Box::new(
+            GuardianReviewEventRequest {
+                event_type: "codex_guardian_review",
+                event_params: GuardianReviewEventPayload {
+                    app_server_client: connection_state.app_server_client.clone(),
+                    runtime: connection_state.runtime.clone(),
+                    guardian_review: input,
+                },
+            },
+        )));
+    }
+
     async fn ingest_skill_invoked(
         &mut self,
         input: SkillInvokedInput,
@@ -254,27 +335,74 @@ impl AnalyticsReducer {
             _ => return,
         };
         let thread_source: SessionSource = thread.source.into();
+        let thread_id = thread.id;
         let Some(connection_state) = self.connections.get(&connection_id) else {
             return;
         };
+        let thread_metadata = ThreadMetadataState::from_session_source(&thread_source);
+        self.thread_connections
+            .insert(thread_id.clone(), connection_id);
+        self.thread_metadata
+            .insert(thread_id.clone(), thread_metadata.clone());
         out.push(TrackEventRequest::ThreadInitialized(
             ThreadInitializedEvent {
                 event_type: "codex_thread_initialized",
                 event_params: ThreadInitializedEventParams {
-                    thread_id: thread.id,
+                    thread_id,
                     app_server_client: connection_state.app_server_client.clone(),
                     runtime: connection_state.runtime.clone(),
                     model,
                     ephemeral: thread.ephemeral,
-                    thread_source: thread_source_name(&thread_source),
+                    thread_source: thread_metadata.thread_source,
                     initialization_mode,
-                    subagent_source: None,
-                    parent_thread_id: None,
+                    subagent_source: thread_metadata.subagent_source,
+                    parent_thread_id: thread_metadata.parent_thread_id,
                     created_at: u64::try_from(thread.created_at).unwrap_or_default(),
                 },
             },
         ));
     }
+
+    fn ingest_compaction(&mut self, input: CodexCompactionEvent, out: &mut Vec<TrackEventRequest>) {
+        let Some(connection_id) = self.thread_connections.get(&input.thread_id) else {
+            tracing::warn!(
+                thread_id = %input.thread_id,
+                turn_id = %input.turn_id,
+                "dropping compaction analytics event: missing thread connection metadata"
+            );
+            return;
+        };
+        let Some(connection_state) = self.connections.get(connection_id) else {
+            tracing::warn!(
+                thread_id = %input.thread_id,
+                turn_id = %input.turn_id,
+                connection_id,
+                "dropping compaction analytics event: missing connection metadata"
+            );
+            return;
+        };
+        let Some(thread_metadata) = self.thread_metadata.get(&input.thread_id) else {
+            tracing::warn!(
+                thread_id = %input.thread_id,
+                turn_id = %input.turn_id,
+                "dropping compaction analytics event: missing thread lifecycle metadata"
+            );
+            return;
+        };
+        out.push(TrackEventRequest::Compaction(Box::new(
+            CodexCompactionEventRequest {
+                event_type: "codex_compaction_event",
+                event_params: codex_compaction_event_params(
+                    input,
+                    connection_state.app_server_client.clone(),
+                    connection_state.runtime.clone(),
+                    thread_metadata.thread_source,
+                    thread_metadata.subagent_source.clone(),
+                    thread_metadata.parent_thread_id.clone(),
+                ),
+            },
+        )));
+    }
 }
 
 pub(crate) fn skill_id_for_local_skill(

codex-rs/app-server-client/src/lib.rs

@@ -56,6 +56,90 @@ use tracing::warn;
 pub use crate::remote::RemoteAppServerClient;
 pub use crate::remote::RemoteAppServerConnectArgs;
 
+/// Transitional access to core-only embedded app-server types.
+///
+/// New TUI behavior should prefer the app-server protocol methods. This
+/// module exists so clients can remove a direct `codex-core` dependency
+/// while legacy startup/config paths are migrated to RPCs.
+pub mod legacy_core {
+    pub use codex_core::Cursor;
+    pub use codex_core::DEFAULT_PROJECT_DOC_FILENAME;
+    pub use codex_core::INTERACTIVE_SESSION_SOURCES;
+    pub use codex_core::LOCAL_PROJECT_DOC_FILENAME;
+    pub use codex_core::McpManager;
+    pub use codex_core::PLUGIN_TEXT_MENTION_SIGIL;
+    pub use codex_core::RolloutRecorder;
+    pub use codex_core::TOOL_MENTION_SIGIL;
+    pub use codex_core::ThreadItem;
+    pub use codex_core::ThreadSortKey;
+    pub use codex_core::ThreadsPage;
+    pub use codex_core::append_message_history_entry;
+    pub use codex_core::check_execpolicy_for_warnings;
+    pub use codex_core::discover_project_doc_paths;
+    pub use codex_core::find_thread_meta_by_name_str;
+    pub use codex_core::find_thread_name_by_id;
+    pub use codex_core::find_thread_names_by_ids;
+    pub use codex_core::format_exec_policy_error_with_source;
+    pub use codex_core::grant_read_root_non_elevated;
+    pub use codex_core::lookup_message_history_entry;
+    pub use codex_core::message_history_metadata;
+    pub use codex_core::path_utils;
+    pub use codex_core::read_session_meta_line;
+    pub use codex_core::web_search_detail;
+
+    pub mod config {
+        pub use codex_core::config::*;
+
+        pub mod edit {
+            pub use codex_core::config::edit::*;
+        }
+    }
+
+    pub mod config_loader {
+        pub use codex_core::config_loader::*;
+    }
+
+    pub mod connectors {
+        pub use codex_core::connectors::*;
+    }
+
+    pub mod otel_init {
+        pub use codex_core::otel_init::*;
+    }
+
+    pub mod personality_migration {
+        pub use codex_core::personality_migration::*;
+    }
+
+    pub mod plugins {
+        pub use codex_core::plugins::*;
+    }
+
+    pub mod review_format {
+        pub use codex_core::review_format::*;
+    }
+
+    pub mod review_prompts {
+        pub use codex_core::review_prompts::*;
+    }
+
+    pub mod skills {
+        pub use codex_core::skills::*;
+    }
+
+    pub mod test_support {
+        pub use codex_core::test_support::*;
+    }
+
+    pub mod util {
+        pub use codex_core::util::*;
+    }
+
+    pub mod windows_sandbox {
+        pub use codex_core::windows_sandbox::*;
+    }
+}
+
 const SHUTDOWN_TIMEOUT: Duration = Duration::from_secs(5);
 
 /// Raw app-server request result for typed in-process requests.
@@ -1287,8 +1371,6 @@ mod tests {
                     id: request.id,
                     result: serde_json::to_value(GetAccountResponse {
                         account: None,
-                        workspace_role: None,
-                        is_workspace_owner: None,
                         requires_openai_auth: false,
                     })
                     .expect("response should serialize"),
@@ -1397,8 +1479,6 @@ mod tests {
                     id: request.id,
                     result: serde_json::to_value(GetAccountResponse {
                         account: None,
-                        workspace_role: None,
-                        is_workspace_owner: None,
                         requires_openai_auth: false,
                     })
                     .expect("response should serialize"),
@@ -1452,8 +1532,6 @@ mod tests {
             first_response,
             GetAccountResponse {
                 account: None,
-                workspace_role: None,
-                is_workspace_owner: None,
                 requires_openai_auth: false,
             }
         );
@@ -1473,8 +1551,6 @@ mod tests {
                             AccountUpdatedNotification {
                                 auth_mode: None,
                                 plan_type: None,
-                                workspace_role: None,
-                                is_workspace_owner: None,
                             },
                         ))
                         .expect("notification should serialize"),

codex-rs/app-server-protocol/schema/json/ApplyPatchApprovalResponse.json

@@ -94,6 +94,13 @@
           ],
           "type": "string"
         },
+        {
+          "description": "Automatic approval review timed out before reaching a decision.",
+          "enum": [
+            "timed_out"
+          ],
+          "type": "string"
+        },
         {
           "description": "User has denied this command and the agent should not do anything until the user's next command.",
           "enum": [

codex-rs/app-server-protocol/schema/json/ClientRequest.json

@@ -647,6 +647,15 @@
             "null"
           ]
         },
+        "tags": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "type": [
+            "object",
+            "null"
+          ]
+        },
         "threadId": {
           "type": [
             "string",
@@ -1277,6 +1286,27 @@
       ],
       "type": "string"
     },
+    "McpServerToolCallParams": {
+      "properties": {
+        "_meta": true,
+        "arguments": true,
+        "server": {
+          "type": "string"
+        },
+        "threadId": {
+          "type": "string"
+        },
+        "tool": {
+          "type": "string"
+        }
+      },
+      "required": [
+        "server",
+        "threadId",
+        "tool"
+      ],
+      "type": "object"
+    },
     "MergeStrategy": {
       "enum": [
         "replace",
@@ -2562,17 +2592,6 @@
       ],
       "type": "object"
     },
-    "ThreadAddCreditsNudgeEmailParams": {
-      "properties": {
-        "threadId": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "threadId"
-      ],
-      "type": "object"
-    },
     "ThreadArchiveParams": {
       "properties": {
         "threadId": {
@@ -3221,10 +3240,27 @@
               "type": "null"
             }
           ]
+        },
+        "sessionStartSource": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/ThreadStartSource"
+            },
+            {
+              "type": "null"
+            }
+          ]
         }
       },
       "type": "object"
     },
+    "ThreadStartSource": {
+      "enum": [
+        "startup",
+        "clear"
+      ],
+      "type": "string"
+    },
     "ThreadUnarchiveParams": {
       "properties": {
         "threadId": {
@@ -3820,30 +3856,6 @@
       "title": "Thread/shellCommandRequest",
       "type": "object"
     },
-    {
-      "properties": {
-        "id": {
-          "$ref": "#/definitions/RequestId"
-        },
-        "method": {
-          "enum": [
-            "thread/addCreditsNudgeEmail"
-          ],
-          "title": "Thread/addCreditsNudgeEmailRequestMethod",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "#/definitions/ThreadAddCreditsNudgeEmailParams"
-        }
-      },
-      "required": [
-        "id",
-        "method",
-        "params"
-      ],
-      "title": "Thread/addCreditsNudgeEmailRequest",
-      "type": "object"
-    },
     {
       "properties": {
         "id": {
@@ -4587,6 +4599,30 @@
       "title": "McpServer/resource/readRequest",
       "type": "object"
     },
+    {
+      "properties": {
+        "id": {
+          "$ref": "#/definitions/RequestId"
+        },
+        "method": {
+          "enum": [
+            "mcpServer/tool/call"
+          ],
+          "title": "McpServer/tool/callRequestMethod",
+          "type": "string"
+        },
+        "params": {
+          "$ref": "#/definitions/McpServerToolCallParams"
+        }
+      },
+      "required": [
+        "id",
+        "method",
+        "params"
+      ],
+      "title": "McpServer/tool/callRequest",
+      "type": "object"
+    },
     {
       "properties": {
         "id": {

codex-rs/app-server-protocol/schema/json/ExecCommandApprovalResponse.json

@@ -94,6 +94,13 @@
           ],
           "type": "string"
         },
+        {
+          "description": "Automatic approval review timed out before reaching a decision.",
+          "enum": [
+            "timed_out"
+          ],
+          "type": "string"
+        },
         {
           "description": "User has denied this command and the agent should not do anything until the user's next command.",
           "enum": [

codex-rs/app-server-protocol/schema/json/ServerNotification.json

@@ -51,12 +51,6 @@
             }
           ]
         },
-        "isWorkspaceOwner": {
-          "type": [
-            "boolean",
-            "null"
-          ]
-        },
         "planType": {
           "anyOf": [
             {
@@ -66,89 +60,10 @@
               "type": "null"
             }
           ]
-        },
-        "workspaceRole": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/WorkspaceRole"
-            },
-            {
-              "type": "null"
-            }
-          ]
         }
       },
       "type": "object"
     },
-    "AddCreditsNudgeEmailNotification": {
-      "properties": {
-        "result": {
-          "$ref": "#/definitions/AddCreditsNudgeEmailResult"
-        },
-        "threadId": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "result",
-        "threadId"
-      ],
-      "type": "object"
-    },
-    "AddCreditsNudgeEmailResult": {
-      "oneOf": [
-        {
-          "properties": {
-            "status": {
-              "enum": [
-                "sent"
-              ],
-              "title": "SentAddCreditsNudgeEmailResultStatus",
-              "type": "string"
-            }
-          },
-          "required": [
-            "status"
-          ],
-          "title": "SentAddCreditsNudgeEmailResult",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "status": {
-              "enum": [
-                "cooldownActive"
-              ],
-              "title": "CooldownActiveAddCreditsNudgeEmailResultStatus",
-              "type": "string"
-            }
-          },
-          "required": [
-            "status"
-          ],
-          "title": "CooldownActiveAddCreditsNudgeEmailResult",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "message": {
-              "type": "string"
-            },
-            "status": {
-              "enum": [
-                "failed"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "message",
-            "status"
-          ],
-          "type": "object"
-        }
-      ]
-    },
     "AgentMessageDeltaNotification": {
       "properties": {
         "delta": {
@@ -473,6 +388,13 @@
         }
       ]
     },
+    "AutoReviewDecisionSource": {
+      "description": "[UNSTABLE] Source that produced a terminal guardian approval review decision.",
+      "enum": [
+        "agent"
+      ],
+      "type": "string"
+    },
     "ByteRange": {
       "properties": {
         "end": {
@@ -1426,6 +1348,7 @@
         "inProgress",
         "approved",
         "denied",
+        "timedOut",
         "aborted"
       ],
       "type": "string"
@@ -1673,17 +1596,28 @@
       "type": "object"
     },
     "ItemGuardianApprovalReviewCompletedNotification": {
-      "description": "[UNSTABLE] Temporary notification payload for guardian automatic approval review. This shape is expected to change soon.\n\nTODO(ccunningham): Attach guardian review state to the reviewed tool item's lifecycle instead of sending separate standalone review notifications so the app-server API can persist and replay review state via `thread/read`.",
+      "description": "[UNSTABLE] Temporary notification payload for guardian automatic approval review. This shape is expected to change soon.",
       "properties": {
         "action": {
           "$ref": "#/definitions/GuardianApprovalReviewAction"
         },
+        "decisionSource": {
+          "$ref": "#/definitions/AutoReviewDecisionSource"
+        },
         "review": {
           "$ref": "#/definitions/GuardianApprovalReview"
         },
-        "targetItemId": {
+        "reviewId": {
+          "description": "Stable identifier for this review.",
           "type": "string"
         },
+        "targetItemId": {
+          "description": "Identifier for the reviewed item or tool call when one exists.\n\nIn most cases, one review maps to one target item. The exceptions are - execve reviews, where a single command may contain multiple execve calls to review (only possible when using the shell_zsh_fork feature) - network policy reviews, where there is no target item\n\nA network call is triggered by a CommandExecution item, so having a target_item_id set to the CommandExecution item would be misleading because the review is about the network call, not the command execution. Therefore, target_item_id is set to None for network policy reviews.",
+          "type": [
+            "string",
+            "null"
+          ]
+        },
         "threadId": {
           "type": "string"
         },
@@ -1693,15 +1627,16 @@
       },
       "required": [
         "action",
+        "decisionSource",
         "review",
-        "targetItemId",
+        "reviewId",
         "threadId",
         "turnId"
       ],
       "type": "object"
     },
     "ItemGuardianApprovalReviewStartedNotification": {
-      "description": "[UNSTABLE] Temporary notification payload for guardian automatic approval review. This shape is expected to change soon.\n\nTODO(ccunningham): Attach guardian review state to the reviewed tool item's lifecycle instead of sending separate standalone review notifications so the app-server API can persist and replay review state via `thread/read`.",
+      "description": "[UNSTABLE] Temporary notification payload for guardian automatic approval review. This shape is expected to change soon.",
       "properties": {
         "action": {
           "$ref": "#/definitions/GuardianApprovalReviewAction"
@@ -1709,9 +1644,17 @@
         "review": {
           "$ref": "#/definitions/GuardianApprovalReview"
         },
-        "targetItemId": {
+        "reviewId": {
+          "description": "Stable identifier for this review.",
           "type": "string"
         },
+        "targetItemId": {
+          "description": "Identifier for the reviewed item or tool call when one exists.\n\nIn most cases, one review maps to one target item. The exceptions are - execve reviews, where a single command may contain multiple execve calls to review (only possible when using the shell_zsh_fork feature) - network policy reviews, where there is no target item\n\nA network call is triggered by a CommandExecution item, so having a target_item_id set to the CommandExecution item would be misleading because the review is about the network call, not the command execution. Therefore, target_item_id is set to None for network policy reviews.",
+          "type": [
+            "string",
+            "null"
+          ]
+        },
         "threadId": {
           "type": "string"
         },
@@ -1722,7 +1665,7 @@
       "required": [
         "action",
         "review",
-        "targetItemId",
+        "reviewId",
         "threadId",
         "turnId"
       ],
@@ -2067,6 +2010,7 @@
         "go",
         "plus",
         "pro",
+        "prolite",
         "team",
         "self_serve_business_usage_based",
         "business",
@@ -2130,16 +2074,6 @@
               "type": "null"
             }
           ]
-        },
-        "spendControl": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/SpendControlSnapshot"
-            },
-            {
-              "type": "null"
-            }
-          ]
         }
       },
       "type": "object"
@@ -2339,17 +2273,6 @@
       "description": "Notification emitted when watched local skill files change.\n\nTreat this as an invalidation signal and re-run `skills/list` with the client's current parameters when refreshed skill metadata is needed.",
       "type": "object"
     },
-    "SpendControlSnapshot": {
-      "properties": {
-        "reached": {
-          "type": "boolean"
-        }
-      },
-      "required": [
-        "reached"
-      ],
-      "type": "object"
-    },
     "SubAgentSource": {
       "oneOf": [
         {
@@ -4134,14 +4057,6 @@
         "samplePaths"
       ],
       "type": "object"
-    },
-    "WorkspaceRole": {
-      "enum": [
-        "account-owner",
-        "account-admin",
-        "standard-user"
-      ],
-      "type": "string"
     }
   },
   "description": "Notification sent from the server to the client.",
@@ -4769,26 +4684,6 @@
       "title": "Account/rateLimits/updatedNotification",
       "type": "object"
     },
-    {
-      "properties": {
-        "method": {
-          "enum": [
-            "account/addCreditsNudgeEmail/completed"
-          ],
-          "title": "Account/addCreditsNudgeEmail/completedNotificationMethod",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "#/definitions/AddCreditsNudgeEmailNotification"
-        }
-      },
-      "required": [
-        "method",
-        "params"
-      ],
-      "title": "Account/addCreditsNudgeEmail/completedNotification",
-      "type": "object"
-    },
     {
       "properties": {
         "method": {

codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.schemas.json

@@ -482,30 +482,6 @@
           "title": "Thread/shellCommandRequest",
           "type": "object"
         },
-        {
-          "properties": {
-            "id": {
-              "$ref": "#/definitions/v2/RequestId"
-            },
-            "method": {
-              "enum": [
-                "thread/addCreditsNudgeEmail"
-              ],
-              "title": "Thread/addCreditsNudgeEmailRequestMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/v2/ThreadAddCreditsNudgeEmailParams"
-            }
-          },
-          "required": [
-            "id",
-            "method",
-            "params"
-          ],
-          "title": "Thread/addCreditsNudgeEmailRequest",
-          "type": "object"
-        },
         {
           "properties": {
             "id": {
@@ -1249,6 +1225,30 @@
           "title": "McpServer/resource/readRequest",
           "type": "object"
         },
+        {
+          "properties": {
+            "id": {
+              "$ref": "#/definitions/v2/RequestId"
+            },
+            "method": {
+              "enum": [
+                "mcpServer/tool/call"
+              ],
+              "title": "McpServer/tool/callRequestMethod",
+              "type": "string"
+            },
+            "params": {
+              "$ref": "#/definitions/v2/McpServerToolCallParams"
+            }
+          },
+          "required": [
+            "id",
+            "method",
+            "params"
+          ],
+          "title": "McpServer/tool/callRequest",
+          "type": "object"
+        },
         {
           "properties": {
             "id": {
@@ -3422,6 +3422,13 @@
           ],
           "type": "string"
         },
+        {
+          "description": "Automatic approval review timed out before reaching a decision.",
+          "enum": [
+            "timed_out"
+          ],
+          "type": "string"
+        },
         {
           "description": "User has denied this command and the agent should not do anything until the user's next command.",
           "enum": [
@@ -4058,26 +4065,6 @@
           "title": "Account/rateLimits/updatedNotification",
           "type": "object"
         },
-        {
-          "properties": {
-            "method": {
-              "enum": [
-                "account/addCreditsNudgeEmail/completed"
-              ],
-              "title": "Account/addCreditsNudgeEmail/completedNotificationMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/v2/AddCreditsNudgeEmailNotification"
-            }
-          },
-          "required": [
-            "method",
-            "params"
-          ],
-          "title": "Account/addCreditsNudgeEmail/completedNotification",
-          "type": "object"
-        },
         {
           "properties": {
             "method": {
@@ -4965,12 +4952,6 @@
               }
             ]
           },
-          "isWorkspaceOwner": {
-            "type": [
-              "boolean",
-              "null"
-            ]
-          },
           "planType": {
             "anyOf": [
               {
@@ -4980,92 +4961,11 @@
                 "type": "null"
               }
             ]
-          },
-          "workspaceRole": {
-            "anyOf": [
-              {
-                "$ref": "#/definitions/v2/WorkspaceRole"
-              },
-              {
-                "type": "null"
-              }
-            ]
           }
         },
         "title": "AccountUpdatedNotification",
         "type": "object"
       },
-      "AddCreditsNudgeEmailNotification": {
-        "$schema": "http://json-schema.org/draft-07/schema#",
-        "properties": {
-          "result": {
-            "$ref": "#/definitions/v2/AddCreditsNudgeEmailResult"
-          },
-          "threadId": {
-            "type": "string"
-          }
-        },
-        "required": [
-          "result",
-          "threadId"
-        ],
-        "title": "AddCreditsNudgeEmailNotification",
-        "type": "object"
-      },
-      "AddCreditsNudgeEmailResult": {
-        "oneOf": [
-          {
-            "properties": {
-              "status": {
-                "enum": [
-                  "sent"
-                ],
-                "title": "SentAddCreditsNudgeEmailResultStatus",
-                "type": "string"
-              }
-            },
-            "required": [
-              "status"
-            ],
-            "title": "SentAddCreditsNudgeEmailResult",
-            "type": "object"
-          },
-          {
-            "properties": {
-              "status": {
-                "enum": [
-                  "cooldownActive"
-                ],
-                "title": "CooldownActiveAddCreditsNudgeEmailResultStatus",
-                "type": "string"
-              }
-            },
-            "required": [
-              "status"
-            ],
-            "title": "CooldownActiveAddCreditsNudgeEmailResult",
-            "type": "object"
-          },
-          {
-            "properties": {
-              "message": {
-                "type": "string"
-              },
-              "status": {
-                "enum": [
-                  "failed"
-                ],
-                "type": "string"
-              }
-            },
-            "required": [
-              "message",
-              "status"
-            ],
-            "type": "object"
-          }
-        ]
-      },
       "AgentMessageDeltaNotification": {
         "$schema": "http://json-schema.org/draft-07/schema#",
         "properties": {
@@ -5667,6 +5567,13 @@
           }
         ]
       },
+      "AutoReviewDecisionSource": {
+        "description": "[UNSTABLE] Source that produced a terminal guardian approval review decision.",
+        "enum": [
+          "agent"
+        ],
+        "type": "string"
+      },
       "ByteRange": {
         "properties": {
           "end": {
@@ -7572,6 +7479,15 @@
               "null"
             ]
           },
+          "tags": {
+            "additionalProperties": {
+              "type": "string"
+            },
+            "type": [
+              "object",
+              "null"
+            ]
+          },
           "threadId": {
             "type": [
               "string",
@@ -8142,24 +8058,8 @@
               }
             ]
           },
-          "isWorkspaceOwner": {
-            "type": [
-              "boolean",
-              "null"
-            ]
-          },
           "requiresOpenaiAuth": {
             "type": "boolean"
-          },
-          "workspaceRole": {
-            "anyOf": [
-              {
-                "$ref": "#/definitions/v2/WorkspaceRole"
-              },
-              {
-                "type": "null"
-              }
-            ]
           }
         },
         "required": [
@@ -8437,6 +8337,7 @@
           "inProgress",
           "approved",
           "denied",
+          "timedOut",
           "aborted"
         ],
         "type": "string"
@@ -8719,17 +8620,28 @@
       },
       "ItemGuardianApprovalReviewCompletedNotification": {
         "$schema": "http://json-schema.org/draft-07/schema#",
-        "description": "[UNSTABLE] Temporary notification payload for guardian automatic approval review. This shape is expected to change soon.\n\nTODO(ccunningham): Attach guardian review state to the reviewed tool item's lifecycle instead of sending separate standalone review notifications so the app-server API can persist and replay review state via `thread/read`.",
+        "description": "[UNSTABLE] Temporary notification payload for guardian automatic approval review. This shape is expected to change soon.",
         "properties": {
           "action": {
             "$ref": "#/definitions/v2/GuardianApprovalReviewAction"
           },
+          "decisionSource": {
+            "$ref": "#/definitions/v2/AutoReviewDecisionSource"
+          },
           "review": {
             "$ref": "#/definitions/v2/GuardianApprovalReview"
           },
-          "targetItemId": {
+          "reviewId": {
+            "description": "Stable identifier for this review.",
             "type": "string"
           },
+          "targetItemId": {
+            "description": "Identifier for the reviewed item or tool call when one exists.\n\nIn most cases, one review maps to one target item. The exceptions are - execve reviews, where a single command may contain multiple execve calls to review (only possible when using the shell_zsh_fork feature) - network policy reviews, where there is no target item\n\nA network call is triggered by a CommandExecution item, so having a target_item_id set to the CommandExecution item would be misleading because the review is about the network call, not the command execution. Therefore, target_item_id is set to None for network policy reviews.",
+            "type": [
+              "string",
+              "null"
+            ]
+          },
           "threadId": {
             "type": "string"
           },
@@ -8739,8 +8651,9 @@
         },
         "required": [
           "action",
+          "decisionSource",
           "review",
-          "targetItemId",
+          "reviewId",
           "threadId",
           "turnId"
         ],
@@ -8749,7 +8662,7 @@
       },
       "ItemGuardianApprovalReviewStartedNotification": {
         "$schema": "http://json-schema.org/draft-07/schema#",
-        "description": "[UNSTABLE] Temporary notification payload for guardian automatic approval review. This shape is expected to change soon.\n\nTODO(ccunningham): Attach guardian review state to the reviewed tool item's lifecycle instead of sending separate standalone review notifications so the app-server API can persist and replay review state via `thread/read`.",
+        "description": "[UNSTABLE] Temporary notification payload for guardian automatic approval review. This shape is expected to change soon.",
         "properties": {
           "action": {
             "$ref": "#/definitions/v2/GuardianApprovalReviewAction"
@@ -8757,9 +8670,17 @@
           "review": {
             "$ref": "#/definitions/v2/GuardianApprovalReview"
           },
-          "targetItemId": {
+          "reviewId": {
+            "description": "Stable identifier for this review.",
             "type": "string"
           },
+          "targetItemId": {
+            "description": "Identifier for the reviewed item or tool call when one exists.\n\nIn most cases, one review maps to one target item. The exceptions are - execve reviews, where a single command may contain multiple execve calls to review (only possible when using the shell_zsh_fork feature) - network policy reviews, where there is no target item\n\nA network call is triggered by a CommandExecution item, so having a target_item_id set to the CommandExecution item would be misleading because the review is about the network call, not the command execution. Therefore, target_item_id is set to None for network policy reviews.",
+            "type": [
+              "string",
+              "null"
+            ]
+          },
           "threadId": {
             "type": "string"
           },
@@ -8770,7 +8691,7 @@
         "required": [
           "action",
           "review",
-          "targetItemId",
+          "reviewId",
           "threadId",
           "turnId"
         ],
@@ -9326,6 +9247,51 @@
         "title": "McpServerStatusUpdatedNotification",
         "type": "object"
       },
+      "McpServerToolCallParams": {
+        "$schema": "http://json-schema.org/draft-07/schema#",
+        "properties": {
+          "_meta": true,
+          "arguments": true,
+          "server": {
+            "type": "string"
+          },
+          "threadId": {
+            "type": "string"
+          },
+          "tool": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "server",
+          "threadId",
+          "tool"
+        ],
+        "title": "McpServerToolCallParams",
+        "type": "object"
+      },
+      "McpServerToolCallResponse": {
+        "$schema": "http://json-schema.org/draft-07/schema#",
+        "properties": {
+          "_meta": true,
+          "content": {
+            "items": true,
+            "type": "array"
+          },
+          "isError": {
+            "type": [
+              "boolean",
+              "null"
+            ]
+          },
+          "structuredContent": true
+        },
+        "required": [
+          "content"
+        ],
+        "title": "McpServerToolCallResponse",
+        "type": "object"
+      },
       "McpToolCallError": {
         "properties": {
           "message": {
@@ -9958,6 +9924,7 @@
           "go",
           "plus",
           "pro",
+          "prolite",
           "team",
           "self_serve_business_usage_based",
           "business",
@@ -10543,16 +10510,6 @@
                 "type": "null"
               }
             ]
-          },
-          "spendControl": {
-            "anyOf": [
-              {
-                "$ref": "#/definitions/v2/SpendControlSnapshot"
-              },
-              {
-                "type": "null"
-              }
-            ]
           }
         },
         "type": "object"
@@ -12376,17 +12333,6 @@
         "title": "SkillsListResponse",
         "type": "object"
       },
-      "SpendControlSnapshot": {
-        "properties": {
-          "reached": {
-            "type": "boolean"
-          }
-        },
-        "required": [
-          "reached"
-        ],
-        "type": "object"
-      },
       "SubAgentSource": {
         "oneOf": [
           {
@@ -12678,24 +12624,6 @@
         ],
         "type": "string"
       },
-      "ThreadAddCreditsNudgeEmailParams": {
-        "$schema": "http://json-schema.org/draft-07/schema#",
-        "properties": {
-          "threadId": {
-            "type": "string"
-          }
-        },
-        "required": [
-          "threadId"
-        ],
-        "title": "ThreadAddCreditsNudgeEmailParams",
-        "type": "object"
-      },
-      "ThreadAddCreditsNudgeEmailResponse": {
-        "$schema": "http://json-schema.org/draft-07/schema#",
-        "title": "ThreadAddCreditsNudgeEmailResponse",
-        "type": "object"
-      },
       "ThreadArchiveParams": {
         "$schema": "http://json-schema.org/draft-07/schema#",
         "properties": {
@@ -14426,6 +14354,16 @@
                 "type": "null"
               }
             ]
+          },
+          "sessionStartSource": {
+            "anyOf": [
+              {
+                "$ref": "#/definitions/v2/ThreadStartSource"
+              },
+              {
+                "type": "null"
+              }
+            ]
           }
         },
         "title": "ThreadStartParams",
@@ -14493,6 +14431,13 @@
         "title": "ThreadStartResponse",
         "type": "object"
       },
+      "ThreadStartSource": {
+        "enum": [
+          "startup",
+          "clear"
+        ],
+        "type": "string"
+      },
       "ThreadStartedNotification": {
         "$schema": "http://json-schema.org/draft-07/schema#",
         "properties": {
@@ -15604,14 +15549,6 @@
         "title": "WindowsWorldWritableWarningNotification",
         "type": "object"
       },
-      "WorkspaceRole": {
-        "enum": [
-          "account-owner",
-          "account-admin",
-          "standard-user"
-        ],
-        "type": "string"
-      },
       "WriteStatus": {
         "enum": [
           "ok",

codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.v2.schemas.json

@@ -100,12 +100,6 @@
             }
           ]
         },
-        "isWorkspaceOwner": {
-          "type": [
-            "boolean",
-            "null"
-          ]
-        },
         "planType": {
           "anyOf": [
             {
@@ -115,92 +109,11 @@
               "type": "null"
             }
           ]
-        },
-        "workspaceRole": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/WorkspaceRole"
-            },
-            {
-              "type": "null"
-            }
-          ]
         }
       },
       "title": "AccountUpdatedNotification",
       "type": "object"
     },
-    "AddCreditsNudgeEmailNotification": {
-      "$schema": "http://json-schema.org/draft-07/schema#",
-      "properties": {
-        "result": {
-          "$ref": "#/definitions/AddCreditsNudgeEmailResult"
-        },
-        "threadId": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "result",
-        "threadId"
-      ],
-      "title": "AddCreditsNudgeEmailNotification",
-      "type": "object"
-    },
-    "AddCreditsNudgeEmailResult": {
-      "oneOf": [
-        {
-          "properties": {
-            "status": {
-              "enum": [
-                "sent"
-              ],
-              "title": "SentAddCreditsNudgeEmailResultStatus",
-              "type": "string"
-            }
-          },
-          "required": [
-            "status"
-          ],
-          "title": "SentAddCreditsNudgeEmailResult",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "status": {
-              "enum": [
-                "cooldownActive"
-              ],
-              "title": "CooldownActiveAddCreditsNudgeEmailResultStatus",
-              "type": "string"
-            }
-          },
-          "required": [
-            "status"
-          ],
-          "title": "CooldownActiveAddCreditsNudgeEmailResult",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "message": {
-              "type": "string"
-            },
-            "status": {
-              "enum": [
-                "failed"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "message",
-            "status"
-          ],
-          "type": "object"
-        }
-      ]
-    },
     "AgentMessageDeltaNotification": {
       "$schema": "http://json-schema.org/draft-07/schema#",
       "properties": {
@@ -802,6 +715,13 @@
         }
       ]
     },
+    "AutoReviewDecisionSource": {
+      "description": "[UNSTABLE] Source that produced a terminal guardian approval review decision.",
+      "enum": [
+        "agent"
+      ],
+      "type": "string"
+    },
     "ByteRange": {
       "properties": {
         "end": {
@@ -1144,30 +1064,6 @@
           "title": "Thread/shellCommandRequest",
           "type": "object"
         },
-        {
-          "properties": {
-            "id": {
-              "$ref": "#/definitions/RequestId"
-            },
-            "method": {
-              "enum": [
-                "thread/addCreditsNudgeEmail"
-              ],
-              "title": "Thread/addCreditsNudgeEmailRequestMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/ThreadAddCreditsNudgeEmailParams"
-            }
-          },
-          "required": [
-            "id",
-            "method",
-            "params"
-          ],
-          "title": "Thread/addCreditsNudgeEmailRequest",
-          "type": "object"
-        },
         {
           "properties": {
             "id": {
@@ -1911,6 +1807,30 @@
           "title": "McpServer/resource/readRequest",
           "type": "object"
         },
+        {
+          "properties": {
+            "id": {
+              "$ref": "#/definitions/RequestId"
+            },
+            "method": {
+              "enum": [
+                "mcpServer/tool/call"
+              ],
+              "title": "McpServer/tool/callRequestMethod",
+              "type": "string"
+            },
+            "params": {
+              "$ref": "#/definitions/McpServerToolCallParams"
+            }
+          },
+          "required": [
+            "id",
+            "method",
+            "params"
+          ],
+          "title": "McpServer/tool/callRequest",
+          "type": "object"
+        },
         {
           "properties": {
             "id": {
@@ -4200,6 +4120,15 @@
             "null"
           ]
         },
+        "tags": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "type": [
+            "object",
+            "null"
+          ]
+        },
         "threadId": {
           "type": [
             "string",
@@ -4881,24 +4810,8 @@
             }
           ]
         },
-        "isWorkspaceOwner": {
-          "type": [
-            "boolean",
-            "null"
-          ]
-        },
         "requiresOpenaiAuth": {
           "type": "boolean"
-        },
-        "workspaceRole": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/WorkspaceRole"
-            },
-            {
-              "type": "null"
-            }
-          ]
         }
       },
       "required": [
@@ -5176,6 +5089,7 @@
         "inProgress",
         "approved",
         "denied",
+        "timedOut",
         "aborted"
       ],
       "type": "string"
@@ -5502,17 +5416,28 @@
     },
     "ItemGuardianApprovalReviewCompletedNotification": {
       "$schema": "http://json-schema.org/draft-07/schema#",
-      "description": "[UNSTABLE] Temporary notification payload for guardian automatic approval review. This shape is expected to change soon.\n\nTODO(ccunningham): Attach guardian review state to the reviewed tool item's lifecycle instead of sending separate standalone review notifications so the app-server API can persist and replay review state via `thread/read`.",
+      "description": "[UNSTABLE] Temporary notification payload for guardian automatic approval review. This shape is expected to change soon.",
       "properties": {
         "action": {
           "$ref": "#/definitions/GuardianApprovalReviewAction"
         },
+        "decisionSource": {
+          "$ref": "#/definitions/AutoReviewDecisionSource"
+        },
         "review": {
           "$ref": "#/definitions/GuardianApprovalReview"
         },
-        "targetItemId": {
+        "reviewId": {
+          "description": "Stable identifier for this review.",
           "type": "string"
         },
+        "targetItemId": {
+          "description": "Identifier for the reviewed item or tool call when one exists.\n\nIn most cases, one review maps to one target item. The exceptions are - execve reviews, where a single command may contain multiple execve calls to review (only possible when using the shell_zsh_fork feature) - network policy reviews, where there is no target item\n\nA network call is triggered by a CommandExecution item, so having a target_item_id set to the CommandExecution item would be misleading because the review is about the network call, not the command execution. Therefore, target_item_id is set to None for network policy reviews.",
+          "type": [
+            "string",
+            "null"
+          ]
+        },
         "threadId": {
           "type": "string"
         },
@@ -5522,8 +5447,9 @@
       },
       "required": [
         "action",
+        "decisionSource",
         "review",
-        "targetItemId",
+        "reviewId",
         "threadId",
         "turnId"
       ],
@@ -5532,7 +5458,7 @@
     },
     "ItemGuardianApprovalReviewStartedNotification": {
       "$schema": "http://json-schema.org/draft-07/schema#",
-      "description": "[UNSTABLE] Temporary notification payload for guardian automatic approval review. This shape is expected to change soon.\n\nTODO(ccunningham): Attach guardian review state to the reviewed tool item's lifecycle instead of sending separate standalone review notifications so the app-server API can persist and replay review state via `thread/read`.",
+      "description": "[UNSTABLE] Temporary notification payload for guardian automatic approval review. This shape is expected to change soon.",
       "properties": {
         "action": {
           "$ref": "#/definitions/GuardianApprovalReviewAction"
@@ -5540,9 +5466,17 @@
         "review": {
           "$ref": "#/definitions/GuardianApprovalReview"
         },
-        "targetItemId": {
+        "reviewId": {
+          "description": "Stable identifier for this review.",
           "type": "string"
         },
+        "targetItemId": {
+          "description": "Identifier for the reviewed item or tool call when one exists.\n\nIn most cases, one review maps to one target item. The exceptions are - execve reviews, where a single command may contain multiple execve calls to review (only possible when using the shell_zsh_fork feature) - network policy reviews, where there is no target item\n\nA network call is triggered by a CommandExecution item, so having a target_item_id set to the CommandExecution item would be misleading because the review is about the network call, not the command execution. Therefore, target_item_id is set to None for network policy reviews.",
+          "type": [
+            "string",
+            "null"
+          ]
+        },
         "threadId": {
           "type": "string"
         },
@@ -5553,7 +5487,7 @@
       "required": [
         "action",
         "review",
-        "targetItemId",
+        "reviewId",
         "threadId",
         "turnId"
       ],
@@ -6109,6 +6043,51 @@
       "title": "McpServerStatusUpdatedNotification",
       "type": "object"
     },
+    "McpServerToolCallParams": {
+      "$schema": "http://json-schema.org/draft-07/schema#",
+      "properties": {
+        "_meta": true,
+        "arguments": true,
+        "server": {
+          "type": "string"
+        },
+        "threadId": {
+          "type": "string"
+        },
+        "tool": {
+          "type": "string"
+        }
+      },
+      "required": [
+        "server",
+        "threadId",
+        "tool"
+      ],
+      "title": "McpServerToolCallParams",
+      "type": "object"
+    },
+    "McpServerToolCallResponse": {
+      "$schema": "http://json-schema.org/draft-07/schema#",
+      "properties": {
+        "_meta": true,
+        "content": {
+          "items": true,
+          "type": "array"
+        },
+        "isError": {
+          "type": [
+            "boolean",
+            "null"
+          ]
+        },
+        "structuredContent": true
+      },
+      "required": [
+        "content"
+      ],
+      "title": "McpServerToolCallResponse",
+      "type": "object"
+    },
     "McpToolCallError": {
       "properties": {
         "message": {
@@ -6741,6 +6720,7 @@
         "go",
         "plus",
         "pro",
+        "prolite",
         "team",
         "self_serve_business_usage_based",
         "business",
@@ -7326,16 +7306,6 @@
               "type": "null"
             }
           ]
-        },
-        "spendControl": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/SpendControlSnapshot"
-            },
-            {
-              "type": "null"
-            }
-          ]
         }
       },
       "type": "object"
@@ -9345,26 +9315,6 @@
           "title": "Account/rateLimits/updatedNotification",
           "type": "object"
         },
-        {
-          "properties": {
-            "method": {
-              "enum": [
-                "account/addCreditsNudgeEmail/completed"
-              ],
-              "title": "Account/addCreditsNudgeEmail/completedNotificationMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/AddCreditsNudgeEmailNotification"
-            }
-          },
-          "required": [
-            "method",
-            "params"
-          ],
-          "title": "Account/addCreditsNudgeEmail/completedNotification",
-          "type": "object"
-        },
         {
           "properties": {
             "method": {
@@ -10231,17 +10181,6 @@
       "title": "SkillsListResponse",
       "type": "object"
     },
-    "SpendControlSnapshot": {
-      "properties": {
-        "reached": {
-          "type": "boolean"
-        }
-      },
-      "required": [
-        "reached"
-      ],
-      "type": "object"
-    },
     "SubAgentSource": {
       "oneOf": [
         {
@@ -10533,24 +10472,6 @@
       ],
       "type": "string"
     },
-    "ThreadAddCreditsNudgeEmailParams": {
-      "$schema": "http://json-schema.org/draft-07/schema#",
-      "properties": {
-        "threadId": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "threadId"
-      ],
-      "title": "ThreadAddCreditsNudgeEmailParams",
-      "type": "object"
-    },
-    "ThreadAddCreditsNudgeEmailResponse": {
-      "$schema": "http://json-schema.org/draft-07/schema#",
-      "title": "ThreadAddCreditsNudgeEmailResponse",
-      "type": "object"
-    },
     "ThreadArchiveParams": {
       "$schema": "http://json-schema.org/draft-07/schema#",
       "properties": {
@@ -12281,6 +12202,16 @@
               "type": "null"
             }
           ]
+        },
+        "sessionStartSource": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/ThreadStartSource"
+            },
+            {
+              "type": "null"
+            }
+          ]
         }
       },
       "title": "ThreadStartParams",
@@ -12348,6 +12279,13 @@
       "title": "ThreadStartResponse",
       "type": "object"
     },
+    "ThreadStartSource": {
+      "enum": [
+        "startup",
+        "clear"
+      ],
+      "type": "string"
+    },
     "ThreadStartedNotification": {
       "$schema": "http://json-schema.org/draft-07/schema#",
       "properties": {
@@ -13459,14 +13397,6 @@
       "title": "WindowsWorldWritableWarningNotification",
       "type": "object"
     },
-    "WorkspaceRole": {
-      "enum": [
-        "account-owner",
-        "account-admin",
-        "standard-user"
-      ],
-      "type": "string"
-    },
     "WriteStatus": {
       "enum": [
         "ok",

codex-rs/app-server-protocol/schema/json/v2/AccountRateLimitsUpdatedNotification.json

@@ -28,6 +28,7 @@
         "go",
         "plus",
         "pro",
+        "prolite",
         "team",
         "self_serve_business_usage_based",
         "business",
@@ -91,16 +92,6 @@
               "type": "null"
             }
           ]
-        },
-        "spendControl": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/SpendControlSnapshot"
-            },
-            {
-              "type": "null"
-            }
-          ]
         }
       },
       "type": "object"
@@ -130,17 +121,6 @@
         "usedPercent"
       ],
       "type": "object"
-    },
-    "SpendControlSnapshot": {
-      "properties": {
-        "reached": {
-          "type": "boolean"
-        }
-      },
-      "required": [
-        "reached"
-      ],
-      "type": "object"
     }
   },
   "properties": {

codex-rs/app-server-protocol/schema/json/v2/AccountUpdatedNotification.json

@@ -33,6 +33,7 @@
         "go",
         "plus",
         "pro",
+        "prolite",
         "team",
         "self_serve_business_usage_based",
         "business",
@@ -42,14 +43,6 @@
         "unknown"
       ],
       "type": "string"
-    },
-    "WorkspaceRole": {
-      "enum": [
-        "account-owner",
-        "account-admin",
-        "standard-user"
-      ],
-      "type": "string"
     }
   },
   "properties": {
@@ -63,12 +56,6 @@
         }
       ]
     },
-    "isWorkspaceOwner": {
-      "type": [
-        "boolean",
-        "null"
-      ]
-    },
     "planType": {
       "anyOf": [
         {
@@ -78,16 +65,6 @@
           "type": "null"
         }
       ]
-    },
-    "workspaceRole": {
-      "anyOf": [
-        {
-          "$ref": "#/definitions/WorkspaceRole"
-        },
-        {
-          "type": "null"
-        }
-      ]
     }
   },
   "title": "AccountUpdatedNotification",

codex-rs/app-server-protocol/schema/json/v2/AddCreditsNudgeEmailNotification.json

@@ -1,73 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "AddCreditsNudgeEmailResult": {
-      "oneOf": [
-        {
-          "properties": {
-            "status": {
-              "enum": [
-                "sent"
-              ],
-              "title": "SentAddCreditsNudgeEmailResultStatus",
-              "type": "string"
-            }
-          },
-          "required": [
-            "status"
-          ],
-          "title": "SentAddCreditsNudgeEmailResult",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "status": {
-              "enum": [
-                "cooldownActive"
-              ],
-              "title": "CooldownActiveAddCreditsNudgeEmailResultStatus",
-              "type": "string"
-            }
-          },
-          "required": [
-            "status"
-          ],
-          "title": "CooldownActiveAddCreditsNudgeEmailResult",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "message": {
-              "type": "string"
-            },
-            "status": {
-              "enum": [
-                "failed"
-              ],
-              "type": "string"
-            }
-          },
-          "required": [
-            "message",
-            "status"
-          ],
-          "type": "object"
-        }
-      ]
-    }
-  },
-  "properties": {
-    "result": {
-      "$ref": "#/definitions/AddCreditsNudgeEmailResult"
-    },
-    "threadId": {
-      "type": "string"
-    }
-  },
-  "required": [
-    "result",
-    "threadId"
-  ],
-  "title": "AddCreditsNudgeEmailNotification",
-  "type": "object"
-}

codex-rs/app-server-protocol/schema/json/v2/FeedbackUploadParams.json

@@ -22,6 +22,15 @@
         "null"
       ]
     },
+    "tags": {
+      "additionalProperties": {
+        "type": "string"
+      },
+      "type": [
+        "object",
+        "null"
+      ]
+    },
     "threadId": {
       "type": [
         "string",

codex-rs/app-server-protocol/schema/json/v2/GetAccountRateLimitsResponse.json

@@ -28,6 +28,7 @@
         "go",
         "plus",
         "pro",
+        "prolite",
         "team",
         "self_serve_business_usage_based",
         "business",
@@ -91,16 +92,6 @@
               "type": "null"
             }
           ]
-        },
-        "spendControl": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/SpendControlSnapshot"
-            },
-            {
-              "type": "null"
-            }
-          ]
         }
       },
       "type": "object"
@@ -130,17 +121,6 @@
         "usedPercent"
       ],
       "type": "object"
-    },
-    "SpendControlSnapshot": {
-      "properties": {
-        "reached": {
-          "type": "boolean"
-        }
-      },
-      "required": [
-        "reached"
-      ],
-      "type": "object"
     }
   },
   "properties": {

codex-rs/app-server-protocol/schema/json/v2/GetAccountResponse.json

@@ -51,6 +51,7 @@
         "go",
         "plus",
         "pro",
+        "prolite",
         "team",
         "self_serve_business_usage_based",
         "business",
@@ -60,14 +61,6 @@
         "unknown"
       ],
       "type": "string"
-    },
-    "WorkspaceRole": {
-      "enum": [
-        "account-owner",
-        "account-admin",
-        "standard-user"
-      ],
-      "type": "string"
     }
   },
   "properties": {
@@ -81,24 +74,8 @@
         }
       ]
     },
-    "isWorkspaceOwner": {
-      "type": [
-        "boolean",
-        "null"
-      ]
-    },
     "requiresOpenaiAuth": {
       "type": "boolean"
-    },
-    "workspaceRole": {
-      "anyOf": [
-        {
-          "$ref": "#/definitions/WorkspaceRole"
-        },
-        {
-          "type": "null"
-        }
-      ]
     }
   },
   "required": [

codex-rs/app-server-protocol/schema/json/v2/ItemGuardianApprovalReviewCompletedNotification.json

@@ -1,6 +1,13 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
   "definitions": {
+    "AutoReviewDecisionSource": {
+      "description": "[UNSTABLE] Source that produced a terminal guardian approval review decision.",
+      "enum": [
+        "agent"
+      ],
+      "type": "string"
+    },
     "GuardianApprovalReview": {
       "description": "[UNSTABLE] Temporary guardian approval review payload used by `item/autoApprovalReview/*` notifications. This shape is expected to change soon.",
       "properties": {
@@ -215,6 +222,7 @@
         "inProgress",
         "approved",
         "denied",
+        "timedOut",
         "aborted"
       ],
       "type": "string"
@@ -256,17 +264,28 @@
       "type": "string"
     }
   },
-  "description": "[UNSTABLE] Temporary notification payload for guardian automatic approval review. This shape is expected to change soon.\n\nTODO(ccunningham): Attach guardian review state to the reviewed tool item's lifecycle instead of sending separate standalone review notifications so the app-server API can persist and replay review state via `thread/read`.",
+  "description": "[UNSTABLE] Temporary notification payload for guardian automatic approval review. This shape is expected to change soon.",
   "properties": {
     "action": {
       "$ref": "#/definitions/GuardianApprovalReviewAction"
     },
+    "decisionSource": {
+      "$ref": "#/definitions/AutoReviewDecisionSource"
+    },
     "review": {
       "$ref": "#/definitions/GuardianApprovalReview"
     },
-    "targetItemId": {
+    "reviewId": {
+      "description": "Stable identifier for this review.",
       "type": "string"
     },
+    "targetItemId": {
+      "description": "Identifier for the reviewed item or tool call when one exists.\n\nIn most cases, one review maps to one target item. The exceptions are - execve reviews, where a single command may contain multiple execve calls to review (only possible when using the shell_zsh_fork feature) - network policy reviews, where there is no target item\n\nA network call is triggered by a CommandExecution item, so having a target_item_id set to the CommandExecution item would be misleading because the review is about the network call, not the command execution. Therefore, target_item_id is set to None for network policy reviews.",
+      "type": [
+        "string",
+        "null"
+      ]
+    },
     "threadId": {
       "type": "string"
     },
@@ -276,8 +295,9 @@
   },
   "required": [
     "action",
+    "decisionSource",
     "review",
-    "targetItemId",
+    "reviewId",
     "threadId",
     "turnId"
   ],

codex-rs/app-server-protocol/schema/json/v2/ItemGuardianApprovalReviewStartedNotification.json

@@ -215,6 +215,7 @@
         "inProgress",
         "approved",
         "denied",
+        "timedOut",
         "aborted"
       ],
       "type": "string"
@@ -256,7 +257,7 @@
       "type": "string"
     }
   },
-  "description": "[UNSTABLE] Temporary notification payload for guardian automatic approval review. This shape is expected to change soon.\n\nTODO(ccunningham): Attach guardian review state to the reviewed tool item's lifecycle instead of sending separate standalone review notifications so the app-server API can persist and replay review state via `thread/read`.",
+  "description": "[UNSTABLE] Temporary notification payload for guardian automatic approval review. This shape is expected to change soon.",
   "properties": {
     "action": {
       "$ref": "#/definitions/GuardianApprovalReviewAction"
@@ -264,9 +265,17 @@
     "review": {
       "$ref": "#/definitions/GuardianApprovalReview"
     },
-    "targetItemId": {
+    "reviewId": {
+      "description": "Stable identifier for this review.",
       "type": "string"
     },
+    "targetItemId": {
+      "description": "Identifier for the reviewed item or tool call when one exists.\n\nIn most cases, one review maps to one target item. The exceptions are - execve reviews, where a single command may contain multiple execve calls to review (only possible when using the shell_zsh_fork feature) - network policy reviews, where there is no target item\n\nA network call is triggered by a CommandExecution item, so having a target_item_id set to the CommandExecution item would be misleading because the review is about the network call, not the command execution. Therefore, target_item_id is set to None for network policy reviews.",
+      "type": [
+        "string",
+        "null"
+      ]
+    },
     "threadId": {
       "type": "string"
     },
@@ -277,7 +286,7 @@
   "required": [
     "action",
     "review",
-    "targetItemId",
+    "reviewId",
     "threadId",
     "turnId"
   ],

codex-rs/app-server-protocol/schema/json/v2/McpServerToolCallParams.json

@@ -0,0 +1,23 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "properties": {
+    "_meta": true,
+    "arguments": true,
+    "server": {
+      "type": "string"
+    },
+    "threadId": {
+      "type": "string"
+    },
+    "tool": {
+      "type": "string"
+    }
+  },
+  "required": [
+    "server",
+    "threadId",
+    "tool"
+  ],
+  "title": "McpServerToolCallParams",
+  "type": "object"
+}

codex-rs/app-server-protocol/schema/json/v2/McpServerToolCallResponse.json

@@ -0,0 +1,22 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "properties": {
+    "_meta": true,
+    "content": {
+      "items": true,
+      "type": "array"
+    },
+    "isError": {
+      "type": [
+        "boolean",
+        "null"
+      ]
+    },
+    "structuredContent": true
+  },
+  "required": [
+    "content"
+  ],
+  "title": "McpServerToolCallResponse",
+  "type": "object"
+}

codex-rs/app-server-protocol/schema/json/v2/ThreadAddCreditsNudgeEmailParams.json

@@ -1,13 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "threadId": {
-      "type": "string"
-    }
-  },
-  "required": [
-    "threadId"
-  ],
-  "title": "ThreadAddCreditsNudgeEmailParams",
-  "type": "object"
-}

codex-rs/app-server-protocol/schema/json/v2/ThreadAddCreditsNudgeEmailResponse.json

@@ -1,5 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "title": "ThreadAddCreditsNudgeEmailResponse",
-  "type": "object"
-}

codex-rs/app-server-protocol/schema/json/v2/ThreadStartParams.json

@@ -101,6 +101,13 @@
         "flex"
       ],
       "type": "string"
+    },
+    "ThreadStartSource": {
+      "enum": [
+        "startup",
+        "clear"
+      ],
+      "type": "string"
     }
   },
   "properties": {
@@ -210,6 +217,16 @@
           "type": "null"
         }
       ]
+    },
+    "sessionStartSource": {
+      "anyOf": [
+        {
+          "$ref": "#/definitions/ThreadStartSource"
+        },
+        {
+          "type": "null"
+        }
+      ]
     }
   },
   "title": "ThreadStartParams",

codex-rs/app-server-protocol/schema/typescript/ApplyPatchApprovalParams.ts

@@ -4,16 +4,16 @@
 import type { FileChange } from "./FileChange";
 import type { ThreadId } from "./ThreadId";
 
-export type ApplyPatchApprovalParams = { conversationId: ThreadId, 
+export type ApplyPatchApprovalParams = { conversationId: ThreadId,
 /**
  * Use to correlate this with [codex_protocol::protocol::PatchApplyBeginEvent]
  * and [codex_protocol::protocol::PatchApplyEndEvent].
  */
-callId: string, fileChanges: { [key in string]?: FileChange }, 
+callId: string, fileChanges: { [key in string]?: FileChange },
 /**
  * Optional explanatory reason (e.g. request for extra write access).
  */
-reason: string | null, 
+reason: string | null,
 /**
  * When set, the agent is asking the user to allow writes under this root
  * for the remainder of the session (unclear if this is honored today).

codex-rs/app-server-protocol/schema/typescript/ExecCommandApprovalParams.ts

@@ -4,12 +4,12 @@
 import type { ParsedCommand } from "./ParsedCommand";
 import type { ThreadId } from "./ThreadId";
 
-export type ExecCommandApprovalParams = { conversationId: ThreadId, 
+export type ExecCommandApprovalParams = { conversationId: ThreadId,
 /**
  * Use to correlate this with [codex_protocol::protocol::ExecCommandBeginEvent]
  * and [codex_protocol::protocol::ExecCommandEndEvent].
  */
-callId: string, 
+callId: string,
 /**
  * Identifier for this specific approval callback.
  */

codex-rs/app-server-protocol/schema/typescript/InitializeCapabilities.ts

@@ -5,11 +5,11 @@
 /**
  * Client-declared capabilities negotiated during initialize.
  */
-export type InitializeCapabilities = { 
+export type InitializeCapabilities = {
 /**
  * Opt into receiving experimental API methods and fields.
  */
-experimentalApi: boolean, 
+experimentalApi: boolean,
 /**
  * Exact notification method names that should be suppressed for this
  * connection (for example `thread/started`).

codex-rs/app-server-protocol/schema/typescript/InitializeResponse.ts

@@ -3,16 +3,16 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { AbsolutePathBuf } from "./AbsolutePathBuf";
 
-export type InitializeResponse = { userAgent: string, 
+export type InitializeResponse = { userAgent: string,
 /**
  * Absolute path to the server's $CODEX_HOME directory.
  */
-codexHome: AbsolutePathBuf, 
+codexHome: AbsolutePathBuf,
 /**
  * Platform family for the running app-server target, for example
  * `"unix"` or `"windows"`.
  */
-platformFamily: string, 
+platformFamily: string,
 /**
  * Operating system for the running app-server target, for example
  * `"macos"`, `"linux"`, or `"windows"`.

codex-rs/app-server-protocol/schema/typescript/ParsedCommand.ts

@@ -2,7 +2,7 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type ParsedCommand = { "type": "read", cmd: string, name: string, 
+export type ParsedCommand = { "type": "read", cmd: string, name: string,
 /**
  * (Best effort) Path to the file being read by the command. When
  * possible, this is an absolute path, though when relative, it should

codex-rs/app-server-protocol/schema/typescript/PlanType.ts

@@ -2,4 +2,4 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type PlanType = "free" | "go" | "plus" | "pro" | "team" | "self_serve_business_usage_based" | "business" | "enterprise_cbp_usage_based" | "enterprise" | "edu" | "unknown";
+export type PlanType = "free" | "go" | "plus" | "pro" | "prolite" | "team" | "self_serve_business_usage_based" | "business" | "enterprise_cbp_usage_based" | "enterprise" | "edu" | "unknown";

codex-rs/app-server-protocol/schema/typescript/ResourceContent.ts

@@ -6,11 +6,11 @@ import type { JsonValue } from "./serde_json/JsonValue";
 /**
  * Contents returned when reading a resource from an MCP server.
  */
-export type ResourceContent = { 
+export type ResourceContent = {
 /**
  * The URI of this resource.
  */
-uri: string, mimeType?: string, text: string, _meta?: JsonValue, } | { 
+uri: string, mimeType?: string, text: string, _meta?: JsonValue, } | {
 /**
  * The URI of this resource.
  */

codex-rs/app-server-protocol/schema/typescript/ResponseItem.ts

@@ -11,7 +11,7 @@ import type { ReasoningItemContent } from "./ReasoningItemContent";
 import type { ReasoningItemReasoningSummary } from "./ReasoningItemReasoningSummary";
 import type { WebSearchAction } from "./WebSearchAction";
 
-export type ResponseItem = { "type": "message", role: string, content: Array<ContentItem>, end_turn?: boolean, phase?: MessagePhase, } | { "type": "reasoning", summary: Array<ReasoningItemReasoningSummary>, content?: Array<ReasoningItemContent>, encrypted_content: string | null, } | { "type": "local_shell_call", 
+export type ResponseItem = { "type": "message", role: string, content: Array<ContentItem>, end_turn?: boolean, phase?: MessagePhase, } | { "type": "reasoning", summary: Array<ReasoningItemReasoningSummary>, content?: Array<ReasoningItemContent>, encrypted_content: string | null, } | { "type": "local_shell_call",
 /**
  * Set when using the Responses API.
  */

codex-rs/app-server-protocol/schema/typescript/ReviewDecision.ts

@@ -7,4 +7,4 @@ import type { NetworkPolicyAmendment } from "./NetworkPolicyAmendment";
 /**
  * User's decision in response to an ExecApprovalRequest.
  */
-export type ReviewDecision = "approved" | { "approved_execpolicy_amendment": { proposed_execpolicy_amendment: ExecPolicyAmendment, } } | "approved_for_session" | { "network_policy_amendment": { network_policy_amendment: NetworkPolicyAmendment, } } | "denied" | "abort";
+export type ReviewDecision = "approved" | { "approved_execpolicy_amendment": { proposed_execpolicy_amendment: ExecPolicyAmendment, } } | "approved_for_session" | { "network_policy_amendment": { network_policy_amendment: NetworkPolicyAmendment, } } | "denied" | "timed_out" | "abort";

codex-rs/app-server-protocol/schema/typescript/ServerNotification.ts

@@ -6,7 +6,6 @@ import type { FuzzyFileSearchSessionUpdatedNotification } from "./FuzzyFileSearc
 import type { AccountLoginCompletedNotification } from "./v2/AccountLoginCompletedNotification";
 import type { AccountRateLimitsUpdatedNotification } from "./v2/AccountRateLimitsUpdatedNotification";
 import type { AccountUpdatedNotification } from "./v2/AccountUpdatedNotification";
-import type { AddCreditsNudgeEmailNotification } from "./v2/AddCreditsNudgeEmailNotification";
 import type { AgentMessageDeltaNotification } from "./v2/AgentMessageDeltaNotification";
 import type { AppListUpdatedNotification } from "./v2/AppListUpdatedNotification";
 import type { CommandExecOutputDeltaNotification } from "./v2/CommandExecOutputDeltaNotification";
@@ -59,4 +58,4 @@ import type { WindowsWorldWritableWarningNotification } from "./v2/WindowsWorldW
 /**
  * Notification sent from the server to the client.
  */
-export type ServerNotification = { "method": "error", "params": ErrorNotification } | { "method": "thread/started", "params": ThreadStartedNotification } | { "method": "thread/status/changed", "params": ThreadStatusChangedNotification } | { "method": "thread/archived", "params": ThreadArchivedNotification } | { "method": "thread/unarchived", "params": ThreadUnarchivedNotification } | { "method": "thread/closed", "params": ThreadClosedNotification } | { "method": "skills/changed", "params": SkillsChangedNotification } | { "method": "thread/name/updated", "params": ThreadNameUpdatedNotification } | { "method": "thread/tokenUsage/updated", "params": ThreadTokenUsageUpdatedNotification } | { "method": "turn/started", "params": TurnStartedNotification } | { "method": "hook/started", "params": HookStartedNotification } | { "method": "turn/completed", "params": TurnCompletedNotification } | { "method": "hook/completed", "params": HookCompletedNotification } | { "method": "turn/diff/updated", "params": TurnDiffUpdatedNotification } | { "method": "turn/plan/updated", "params": TurnPlanUpdatedNotification } | { "method": "item/started", "params": ItemStartedNotification } | { "method": "item/autoApprovalReview/started", "params": ItemGuardianApprovalReviewStartedNotification } | { "method": "item/autoApprovalReview/completed", "params": ItemGuardianApprovalReviewCompletedNotification } | { "method": "item/completed", "params": ItemCompletedNotification } | { "method": "rawResponseItem/completed", "params": RawResponseItemCompletedNotification } | { "method": "item/agentMessage/delta", "params": AgentMessageDeltaNotification } | { "method": "item/plan/delta", "params": PlanDeltaNotification } | { "method": "command/exec/outputDelta", "params": CommandExecOutputDeltaNotification } | { "method": "item/commandExecution/outputDelta", "params": CommandExecutionOutputDeltaNotification } | { "method": "item/commandExecution/terminalInteraction", "params": TerminalInteractionNotification } | { "method": "item/fileChange/outputDelta", "params": FileChangeOutputDeltaNotification } | { "method": "serverRequest/resolved", "params": ServerRequestResolvedNotification } | { "method": "item/mcpToolCall/progress", "params": McpToolCallProgressNotification } | { "method": "mcpServer/oauthLogin/completed", "params": McpServerOauthLoginCompletedNotification } | { "method": "mcpServer/startupStatus/updated", "params": McpServerStatusUpdatedNotification } | { "method": "account/updated", "params": AccountUpdatedNotification } | { "method": "account/rateLimits/updated", "params": AccountRateLimitsUpdatedNotification } | { "method": "account/addCreditsNudgeEmail/completed", "params": AddCreditsNudgeEmailNotification } | { "method": "app/list/updated", "params": AppListUpdatedNotification } | { "method": "fs/changed", "params": FsChangedNotification } | { "method": "item/reasoning/summaryTextDelta", "params": ReasoningSummaryTextDeltaNotification } | { "method": "item/reasoning/summaryPartAdded", "params": ReasoningSummaryPartAddedNotification } | { "method": "item/reasoning/textDelta", "params": ReasoningTextDeltaNotification } | { "method": "thread/compacted", "params": ContextCompactedNotification } | { "method": "model/rerouted", "params": ModelReroutedNotification } | { "method": "deprecationNotice", "params": DeprecationNoticeNotification } | { "method": "configWarning", "params": ConfigWarningNotification } | { "method": "fuzzyFileSearch/sessionUpdated", "params": FuzzyFileSearchSessionUpdatedNotification } | { "method": "fuzzyFileSearch/sessionCompleted", "params": FuzzyFileSearchSessionCompletedNotification } | { "method": "thread/realtime/started", "params": ThreadRealtimeStartedNotification } | { "method": "thread/realtime/itemAdded", "params": ThreadRealtimeItemAddedNotification } | { "method": "thread/realtime/transcriptUpdated", "params": ThreadRealtimeTranscriptUpdatedNotification } | { "method": "thread/realtime/outputAudio/delta", "params": ThreadRealtimeOutputAudioDeltaNotification } | { "method": "thread/realtime/sdp", "params": ThreadRealtimeSdpNotification } | { "method": "thread/realtime/error", "params": ThreadRealtimeErrorNotification } | { "method": "thread/realtime/closed", "params": ThreadRealtimeClosedNotification } | { "method": "windows/worldWritableWarning", "params": WindowsWorldWritableWarningNotification } | { "method": "windowsSandbox/setupCompleted", "params": WindowsSandboxSetupCompletedNotification } | { "method": "account/login/completed", "params": AccountLoginCompletedNotification };
+export type ServerNotification = { "method": "error", "params": ErrorNotification } | { "method": "thread/started", "params": ThreadStartedNotification } | { "method": "thread/status/changed", "params": ThreadStatusChangedNotification } | { "method": "thread/archived", "params": ThreadArchivedNotification } | { "method": "thread/unarchived", "params": ThreadUnarchivedNotification } | { "method": "thread/closed", "params": ThreadClosedNotification } | { "method": "skills/changed", "params": SkillsChangedNotification } | { "method": "thread/name/updated", "params": ThreadNameUpdatedNotification } | { "method": "thread/tokenUsage/updated", "params": ThreadTokenUsageUpdatedNotification } | { "method": "turn/started", "params": TurnStartedNotification } | { "method": "hook/started", "params": HookStartedNotification } | { "method": "turn/completed", "params": TurnCompletedNotification } | { "method": "hook/completed", "params": HookCompletedNotification } | { "method": "turn/diff/updated", "params": TurnDiffUpdatedNotification } | { "method": "turn/plan/updated", "params": TurnPlanUpdatedNotification } | { "method": "item/started", "params": ItemStartedNotification } | { "method": "item/autoApprovalReview/started", "params": ItemGuardianApprovalReviewStartedNotification } | { "method": "item/autoApprovalReview/completed", "params": ItemGuardianApprovalReviewCompletedNotification } | { "method": "item/completed", "params": ItemCompletedNotification } | { "method": "rawResponseItem/completed", "params": RawResponseItemCompletedNotification } | { "method": "item/agentMessage/delta", "params": AgentMessageDeltaNotification } | { "method": "item/plan/delta", "params": PlanDeltaNotification } | { "method": "command/exec/outputDelta", "params": CommandExecOutputDeltaNotification } | { "method": "item/commandExecution/outputDelta", "params": CommandExecutionOutputDeltaNotification } | { "method": "item/commandExecution/terminalInteraction", "params": TerminalInteractionNotification } | { "method": "item/fileChange/outputDelta", "params": FileChangeOutputDeltaNotification } | { "method": "serverRequest/resolved", "params": ServerRequestResolvedNotification } | { "method": "item/mcpToolCall/progress", "params": McpToolCallProgressNotification } | { "method": "mcpServer/oauthLogin/completed", "params": McpServerOauthLoginCompletedNotification } | { "method": "mcpServer/startupStatus/updated", "params": McpServerStatusUpdatedNotification } | { "method": "account/updated", "params": AccountUpdatedNotification } | { "method": "account/rateLimits/updated", "params": AccountRateLimitsUpdatedNotification } | { "method": "app/list/updated", "params": AppListUpdatedNotification } | { "method": "fs/changed", "params": FsChangedNotification } | { "method": "item/reasoning/summaryTextDelta", "params": ReasoningSummaryTextDeltaNotification } | { "method": "item/reasoning/summaryPartAdded", "params": ReasoningSummaryPartAddedNotification } | { "method": "item/reasoning/textDelta", "params": ReasoningTextDeltaNotification } | { "method": "thread/compacted", "params": ContextCompactedNotification } | { "method": "model/rerouted", "params": ModelReroutedNotification } | { "method": "deprecationNotice", "params": DeprecationNoticeNotification } | { "method": "configWarning", "params": ConfigWarningNotification } | { "method": "fuzzyFileSearch/sessionUpdated", "params": FuzzyFileSearchSessionUpdatedNotification } | { "method": "fuzzyFileSearch/sessionCompleted", "params": FuzzyFileSearchSessionCompletedNotification } | { "method": "thread/realtime/started", "params": ThreadRealtimeStartedNotification } | { "method": "thread/realtime/itemAdded", "params": ThreadRealtimeItemAddedNotification } | { "method": "thread/realtime/transcriptUpdated", "params": ThreadRealtimeTranscriptUpdatedNotification } | { "method": "thread/realtime/outputAudio/delta", "params": ThreadRealtimeOutputAudioDeltaNotification } | { "method": "thread/realtime/sdp", "params": ThreadRealtimeSdpNotification } | { "method": "thread/realtime/error", "params": ThreadRealtimeErrorNotification } | { "method": "thread/realtime/closed", "params": ThreadRealtimeClosedNotification } | { "method": "windows/worldWritableWarning", "params": WindowsWorldWritableWarningNotification } | { "method": "windowsSandbox/setupCompleted", "params": WindowsSandboxSetupCompletedNotification } | { "method": "account/login/completed", "params": AccountLoginCompletedNotification };

codex-rs/app-server-protocol/schema/typescript/v2/AccountUpdatedNotification.ts

@@ -3,6 +3,5 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { AuthMode } from "../AuthMode";
 import type { PlanType } from "../PlanType";
-import type { WorkspaceRole } from "./WorkspaceRole";
 
-export type AccountUpdatedNotification = { authMode: AuthMode | null, planType: PlanType | null, workspaceRole: WorkspaceRole | null, isWorkspaceOwner: boolean | null, };
+export type AccountUpdatedNotification = { authMode: AuthMode | null, planType: PlanType | null, };

codex-rs/app-server-protocol/schema/typescript/v2/AddCreditsNudgeEmailNotification.ts

@@ -1,6 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { AddCreditsNudgeEmailResult } from "./AddCreditsNudgeEmailResult";
-
-export type AddCreditsNudgeEmailNotification = { threadId: string, result: AddCreditsNudgeEmailResult, };

codex-rs/app-server-protocol/schema/typescript/v2/AddCreditsNudgeEmailResult.ts

@@ -1,5 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-
-export type AddCreditsNudgeEmailResult = { "status": "sent" } | { "status": "cooldownActive" } | { "status": "failed", message: string, };

codex-rs/app-server-protocol/schema/typescript/v2/AppInfo.ts

@@ -7,7 +7,7 @@ import type { AppMetadata } from "./AppMetadata";
 /**
  * EXPERIMENTAL - app metadata returned by app-list APIs.
  */
-export type AppInfo = { id: string, name: string, description: string | null, logoUrl: string | null, logoUrlDark: string | null, distributionChannel: string | null, branding: AppBranding | null, appMetadata: AppMetadata | null, labels: { [key in string]?: string } | null, installUrl: string | null, isAccessible: boolean, 
+export type AppInfo = { id: string, name: string, description: string | null, logoUrl: string | null, logoUrlDark: string | null, distributionChannel: string | null, branding: AppBranding | null, appMetadata: AppMetadata | null, labels: { [key in string]?: string } | null, installUrl: string | null, isAccessible: boolean,
 /**
  * Whether this app is enabled in config.toml.
  * Example:

codex-rs/app-server-protocol/schema/typescript/v2/AppsListParams.ts

@@ -5,19 +5,19 @@
 /**
  * EXPERIMENTAL - list available apps/connectors.
  */
-export type AppsListParams = { 
+export type AppsListParams = {
 /**
  * Opaque pagination cursor returned by a previous call.
  */
-cursor?: string | null, 
+cursor?: string | null,
 /**
  * Optional page size; defaults to a reasonable server-side value.
  */
-limit?: number | null, 
+limit?: number | null,
 /**
  * Optional thread id used to evaluate app feature gating from that thread's config.
  */
-threadId?: string | null, 
+threadId?: string | null,
 /**
  * When true, bypass app caches and fetch the latest data from sources.
  */

codex-rs/app-server-protocol/schema/typescript/v2/AppsListResponse.ts

@@ -6,7 +6,7 @@ import type { AppInfo } from "./AppInfo";
 /**
  * EXPERIMENTAL - app list response.
  */
-export type AppsListResponse = { data: Array<AppInfo>, 
+export type AppsListResponse = { data: Array<AppInfo>,
 /**
  * Opaque cursor to pass to the next call to continue after the last item.
  * If None, there are no more items to return.

codex-rs/app-server-protocol/schema/typescript/v2/AutoReviewDecisionSource.ts

@@ -2,4 +2,7 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type ThreadAddCreditsNudgeEmailResponse = Record<string, never>;
+/**
+ * [UNSTABLE] Source that produced a terminal guardian approval review decision.
+ */
+export type AutoReviewDecisionSource = "agent";

codex-rs/app-server-protocol/schema/typescript/v2/ChatgptAuthTokensRefreshParams.ts

@@ -3,7 +3,7 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { ChatgptAuthTokensRefreshReason } from "./ChatgptAuthTokensRefreshReason";
 
-export type ChatgptAuthTokensRefreshParams = { reason: ChatgptAuthTokensRefreshReason, 
+export type ChatgptAuthTokensRefreshParams = { reason: ChatgptAuthTokensRefreshReason,
 /**
  * Workspace/account identifier that Codex was previously using.
  *

codex-rs/app-server-protocol/schema/typescript/v2/CommandExecOutputDeltaNotification.ts

@@ -9,20 +9,20 @@ import type { CommandExecOutputStream } from "./CommandExecOutputStream";
  * These notifications are connection-scoped. If the originating connection
  * closes, the server terminates the process.
  */
-export type CommandExecOutputDeltaNotification = { 
+export type CommandExecOutputDeltaNotification = {
 /**
  * Client-supplied, connection-scoped `processId` from the original
  * `command/exec` request.
  */
-processId: string, 
+processId: string,
 /**
  * Output stream for this chunk.
  */
-stream: CommandExecOutputStream, 
+stream: CommandExecOutputStream,
 /**
  * Base64-encoded output bytes.
  */
-deltaBase64: string, 
+deltaBase64: string,
 /**
  * `true` on the final streamed chunk for a stream when `outputBytesCap`
  * truncated later output on that stream.

codex-rs/app-server-protocol/schema/typescript/v2/CommandExecParams.ts

@@ -12,11 +12,11 @@ import type { SandboxPolicy } from "./SandboxPolicy";
  * sent only after all `command/exec/outputDelta` notifications for that
  * connection have been emitted.
  */
-export type CommandExecParams = { 
+export type CommandExecParams = {
 /**
  * Command argv vector. Empty arrays are rejected.
  */
-command: Array<string>, 
+command: Array<string>,
 /**
  * Optional client-supplied, connection-scoped process id.
  *
@@ -25,56 +25,56 @@ command: Array<string>,
  * `command/exec/terminate` calls. When omitted, buffered execution gets an
  * internal id that is not exposed to the client.
  */
-processId?: string | null, 
+processId?: string | null,
 /**
  * Enable PTY mode.
  *
  * This implies `streamStdin` and `streamStdoutStderr`.
  */
-tty?: boolean, 
+tty?: boolean,
 /**
  * Allow follow-up `command/exec/write` requests to write stdin bytes.
  *
  * Requires a client-supplied `processId`.
  */
-streamStdin?: boolean, 
+streamStdin?: boolean,
 /**
  * Stream stdout/stderr via `command/exec/outputDelta` notifications.
  *
  * Streamed bytes are not duplicated into the final response and require a
  * client-supplied `processId`.
  */
-streamStdoutStderr?: boolean, 
+streamStdoutStderr?: boolean,
 /**
  * Optional per-stream stdout/stderr capture cap in bytes.
  *
  * When omitted, the server default applies. Cannot be combined with
  * `disableOutputCap`.
  */
-outputBytesCap?: number | null, 
+outputBytesCap?: number | null,
 /**
  * Disable stdout/stderr capture truncation for this request.
  *
  * Cannot be combined with `outputBytesCap`.
  */
-disableOutputCap?: boolean, 
+disableOutputCap?: boolean,
 /**
  * Disable the timeout entirely for this request.
  *
  * Cannot be combined with `timeoutMs`.
  */
-disableTimeout?: boolean, 
+disableTimeout?: boolean,
 /**
  * Optional timeout in milliseconds.
  *
  * When omitted, the server default applies. Cannot be combined with
  * `disableTimeout`.
  */
-timeoutMs?: number | null, 
+timeoutMs?: number | null,
 /**
  * Optional working directory. Defaults to the server cwd.
  */
-cwd?: string | null, 
+cwd?: string | null,
 /**
  * Optional environment overrides merged into the server-computed
  * environment.
@@ -82,12 +82,12 @@ cwd?: string | null,
  * Matching names override inherited values. Set a key to `null` to unset
  * an inherited variable.
  */
-env?: { [key in string]?: string | null } | null, 
+env?: { [key in string]?: string | null } | null,
 /**
  * Optional initial PTY size in character cells. Only valid when `tty` is
  * true.
  */
-size?: CommandExecTerminalSize | null, 
+size?: CommandExecTerminalSize | null,
 /**
  * Optional sandbox policy for this command.
  *

codex-rs/app-server-protocol/schema/typescript/v2/CommandExecResizeParams.ts

@@ -6,12 +6,12 @@ import type { CommandExecTerminalSize } from "./CommandExecTerminalSize";
 /**
  * Resize a running PTY-backed `command/exec` session.
  */
-export type CommandExecResizeParams = { 
+export type CommandExecResizeParams = {
 /**
  * Client-supplied, connection-scoped `processId` from the original
  * `command/exec` request.
  */
-processId: string, 
+processId: string,
 /**
  * New PTY size in character cells.
  */

codex-rs/app-server-protocol/schema/typescript/v2/CommandExecResponse.ts

@@ -5,17 +5,17 @@
 /**
  * Final buffered result for `command/exec`.
  */
-export type CommandExecResponse = { 
+export type CommandExecResponse = {
 /**
  * Process exit code.
  */
-exitCode: number, 
+exitCode: number,
 /**
  * Buffered stdout capture.
  *
  * Empty when stdout was streamed via `command/exec/outputDelta`.
  */
-stdout: string, 
+stdout: string,
 /**
  * Buffered stderr capture.
  *

codex-rs/app-server-protocol/schema/typescript/v2/CommandExecTerminalSize.ts

@@ -5,11 +5,11 @@
 /**
  * PTY size in character cells for `command/exec` PTY sessions.
  */
-export type CommandExecTerminalSize = { 
+export type CommandExecTerminalSize = {
 /**
  * Terminal height in character cells.
  */
-rows: number, 
+rows: number,
 /**
  * Terminal width in character cells.
  */

codex-rs/app-server-protocol/schema/typescript/v2/CommandExecTerminateParams.ts

@@ -5,7 +5,7 @@
 /**
  * Terminate a running `command/exec` session.
  */
-export type CommandExecTerminateParams = { 
+export type CommandExecTerminateParams = {
 /**
  * Client-supplied, connection-scoped `processId` from the original
  * `command/exec` request.

codex-rs/app-server-protocol/schema/typescript/v2/CommandExecWriteParams.ts

@@ -6,16 +6,16 @@
  * Write stdin bytes to a running `command/exec` session, close stdin, or
  * both.
  */
-export type CommandExecWriteParams = { 
+export type CommandExecWriteParams = {
 /**
  * Client-supplied, connection-scoped `processId` from the original
  * `command/exec` request.
  */
-processId: string, 
+processId: string,
 /**
  * Optional base64-encoded stdin bytes to write.
  */
-deltaBase64?: string | null, 
+deltaBase64?: string | null,
 /**
  * Close stdin after writing `deltaBase64`, if present.
  */

codex-rs/app-server-protocol/schema/typescript/v2/CommandExecutionRequestApprovalParams.ts

@@ -8,7 +8,7 @@ import type { ExecPolicyAmendment } from "./ExecPolicyAmendment";
 import type { NetworkApprovalContext } from "./NetworkApprovalContext";
 import type { NetworkPolicyAmendment } from "./NetworkPolicyAmendment";
 
-export type CommandExecutionRequestApprovalParams = { threadId: string, turnId: string, itemId: string, 
+export type CommandExecutionRequestApprovalParams = { threadId: string, turnId: string, itemId: string,
 /**
  * Unique identifier for this specific approval callback.
  *
@@ -18,39 +18,39 @@ export type CommandExecutionRequestApprovalParams = { threadId: string, turnId:
  * one parent `itemId`, so `approvalId` is a distinct opaque callback id
  * (a UUID) used to disambiguate routing.
  */
-approvalId?: string | null, 
+approvalId?: string | null,
 /**
  * Optional explanatory reason (e.g. request for network access).
  */
-reason?: string | null, 
+reason?: string | null,
 /**
  * Optional context for a managed-network approval prompt.
  */
-networkApprovalContext?: NetworkApprovalContext | null, 
+networkApprovalContext?: NetworkApprovalContext | null,
 /**
  * The command to be executed.
  */
-command?: string | null, 
+command?: string | null,
 /**
  * The command's working directory.
  */
-cwd?: string | null, 
+cwd?: string | null,
 /**
  * Best-effort parsed command actions for friendly display.
  */
-commandActions?: Array<CommandAction> | null, 
+commandActions?: Array<CommandAction> | null,
 /**
  * Optional additional permissions requested for this command.
  */
-additionalPermissions?: AdditionalPermissionProfile | null, 
+additionalPermissions?: AdditionalPermissionProfile | null,
 /**
  * Optional proposed execpolicy amendment to allow similar commands without prompting.
  */
-proposedExecpolicyAmendment?: ExecPolicyAmendment | null, 
+proposedExecpolicyAmendment?: ExecPolicyAmendment | null,
 /**
  * Optional proposed network policy amendments (allow/deny host) for future requests.
  */
-proposedNetworkPolicyAmendments?: Array<NetworkPolicyAmendment> | null, 
+proposedNetworkPolicyAmendments?: Array<NetworkPolicyAmendment> | null,
 /**
  * Ordered list of decisions the client may present for this prompt.
  */

codex-rs/app-server-protocol/schema/typescript/v2/ConfigBatchWriteParams.ts

@@ -3,11 +3,11 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { ConfigEdit } from "./ConfigEdit";
 
-export type ConfigBatchWriteParams = { edits: Array<ConfigEdit>, 
+export type ConfigBatchWriteParams = { edits: Array<ConfigEdit>,
 /**
  * Path to the config file to write; defaults to the user's `config.toml` when omitted.
  */
-filePath?: string | null, expectedVersion?: string | null, 
+filePath?: string | null, expectedVersion?: string | null,
 /**
  * When true, hot-reload the updated user config into all loaded threads after writing.
  */

codex-rs/app-server-protocol/schema/typescript/v2/ConfigLayerSource.ts

@@ -3,12 +3,12 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { AbsolutePathBuf } from "../AbsolutePathBuf";
 
-export type ConfigLayerSource = { "type": "mdm", domain: string, key: string, } | { "type": "system", 
+export type ConfigLayerSource = { "type": "mdm", domain: string, key: string, } | { "type": "system",
 /**
  * This is the path to the system config.toml file, though it is not
  * guaranteed to exist.
  */
-file: AbsolutePathBuf, } | { "type": "user", 
+file: AbsolutePathBuf, } | { "type": "user",
 /**
  * This is the path to the user's config.toml file, though it is not
  * guaranteed to exist.

codex-rs/app-server-protocol/schema/typescript/v2/ConfigReadParams.ts

@@ -2,7 +2,7 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type ConfigReadParams = { includeLayers: boolean, 
+export type ConfigReadParams = { includeLayers: boolean,
 /**
  * Optional working directory to resolve project config layers. If specified,
  * return the effective config as seen from that directory (i.e., including any

codex-rs/app-server-protocol/schema/typescript/v2/ConfigRequirementsReadResponse.ts

@@ -3,7 +3,7 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { ConfigRequirements } from "./ConfigRequirements";
 
-export type ConfigRequirementsReadResponse = { 
+export type ConfigRequirementsReadResponse = {
 /**
  * Null if no requirements are configured (e.g. no requirements.toml/MDM entries).
  */

codex-rs/app-server-protocol/schema/typescript/v2/ConfigValueWriteParams.ts

@@ -4,7 +4,7 @@
 import type { JsonValue } from "../serde_json/JsonValue";
 import type { MergeStrategy } from "./MergeStrategy";
 
-export type ConfigValueWriteParams = { keyPath: string, value: JsonValue, mergeStrategy: MergeStrategy, 
+export type ConfigValueWriteParams = { keyPath: string, value: JsonValue, mergeStrategy: MergeStrategy,
 /**
  * Path to the config file to write; defaults to the user's `config.toml` when omitted.
  */

codex-rs/app-server-protocol/schema/typescript/v2/ConfigWarningNotification.ts

@@ -3,19 +3,19 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { TextRange } from "./TextRange";
 
-export type ConfigWarningNotification = { 
+export type ConfigWarningNotification = {
 /**
  * Concise summary of the warning.
  */
-summary: string, 
+summary: string,
 /**
  * Optional extra guidance or error details.
  */
-details: string | null, 
+details: string | null,
 /**
  * Optional path to the config file that triggered the warning.
  */
-path?: string, 
+path?: string,
 /**
  * Optional range for the error location inside the config file.
  */

codex-rs/app-server-protocol/schema/typescript/v2/ConfigWriteResponse.ts

@@ -5,7 +5,7 @@ import type { AbsolutePathBuf } from "../AbsolutePathBuf";
 import type { OverriddenMetadata } from "./OverriddenMetadata";
 import type { WriteStatus } from "./WriteStatus";
 
-export type ConfigWriteResponse = { status: WriteStatus, version: string, 
+export type ConfigWriteResponse = { status: WriteStatus, version: string,
 /**
  * Canonical path to the config file that was written.
  */

codex-rs/app-server-protocol/schema/typescript/v2/DeprecationNoticeNotification.ts

@@ -2,11 +2,11 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type DeprecationNoticeNotification = { 
+export type DeprecationNoticeNotification = {
 /**
  * Concise summary of what is deprecated.
  */
-summary: string, 
+summary: string,
 /**
  * Optional extra guidance, such as migration steps or rationale.
  */

codex-rs/app-server-protocol/schema/typescript/v2/ExperimentalFeature.ts

@@ -3,34 +3,34 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { ExperimentalFeatureStage } from "./ExperimentalFeatureStage";
 
-export type ExperimentalFeature = { 
+export type ExperimentalFeature = {
 /**
  * Stable key used in config.toml and CLI flag toggles.
  */
-name: string, 
+name: string,
 /**
  * Lifecycle stage of this feature flag.
  */
-stage: ExperimentalFeatureStage, 
+stage: ExperimentalFeatureStage,
 /**
  * User-facing display name shown in the experimental features UI.
  * Null when this feature is not in beta.
  */
-displayName: string | null, 
+displayName: string | null,
 /**
  * Short summary describing what the feature does.
  * Null when this feature is not in beta.
  */
-description: string | null, 
+description: string | null,
 /**
  * Announcement copy shown to users when the feature is introduced.
  * Null when this feature is not in beta.
  */
-announcement: string | null, 
+announcement: string | null,
 /**
  * Whether this feature is currently enabled in the loaded config.
  */
-enabled: boolean, 
+enabled: boolean,
 /**
  * Whether this feature is enabled by default.
  */

codex-rs/app-server-protocol/schema/typescript/v2/ExperimentalFeatureEnablementSetParams.ts

@@ -2,7 +2,7 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type ExperimentalFeatureEnablementSetParams = { 
+export type ExperimentalFeatureEnablementSetParams = {
 /**
  * Process-wide runtime feature enablement keyed by canonical feature name.
  *

codex-rs/app-server-protocol/schema/typescript/v2/ExperimentalFeatureEnablementSetResponse.ts

@@ -2,7 +2,7 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type ExperimentalFeatureEnablementSetResponse = { 
+export type ExperimentalFeatureEnablementSetResponse = {
 /**
  * Feature enablement entries updated by this request.
  */

codex-rs/app-server-protocol/schema/typescript/v2/ExperimentalFeatureListParams.ts

@@ -2,11 +2,11 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type ExperimentalFeatureListParams = { 
+export type ExperimentalFeatureListParams = {
 /**
  * Opaque pagination cursor returned by a previous call.
  */
-cursor?: string | null, 
+cursor?: string | null,
 /**
  * Optional page size; defaults to a reasonable server-side value.
  */

codex-rs/app-server-protocol/schema/typescript/v2/ExperimentalFeatureListResponse.ts

@@ -3,7 +3,7 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { ExperimentalFeature } from "./ExperimentalFeature";
 
-export type ExperimentalFeatureListResponse = { data: Array<ExperimentalFeature>, 
+export type ExperimentalFeatureListResponse = { data: Array<ExperimentalFeature>,
 /**
  * Opaque cursor to pass to the next call to continue after the last item.
  * If None, there are no more items to return.

codex-rs/app-server-protocol/schema/typescript/v2/ExternalAgentConfigDetectParams.ts

@@ -2,11 +2,11 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type ExternalAgentConfigDetectParams = { 
+export type ExternalAgentConfigDetectParams = {
 /**
  * If true, include detection under the user's home (~/.claude, ~/.codex, etc.).
  */
-includeHome?: boolean, 
+includeHome?: boolean,
 /**
  * Zero or more working directories to include for repo-scoped detection.
  */

codex-rs/app-server-protocol/schema/typescript/v2/ExternalAgentConfigMigrationItem.ts

@@ -3,7 +3,7 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { ExternalAgentConfigMigrationItemType } from "./ExternalAgentConfigMigrationItemType";
 
-export type ExternalAgentConfigMigrationItem = { itemType: ExternalAgentConfigMigrationItemType, description: string, 
+export type ExternalAgentConfigMigrationItem = { itemType: ExternalAgentConfigMigrationItemType, description: string,
 /**
  * Null or empty means home-scoped migration; non-empty means repo-scoped migration.
  */

codex-rs/app-server-protocol/schema/typescript/v2/FeedbackUploadParams.ts

@@ -2,4 +2,4 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type FeedbackUploadParams = { classification: string, reason?: string | null, threadId?: string | null, includeLogs: boolean, extraLogFiles?: Array<string> | null, };
+export type FeedbackUploadParams = { classification: string, reason?: string | null, threadId?: string | null, includeLogs: boolean, extraLogFiles?: Array<string> | null, tags?: { [key in string]?: string } | null, };

codex-rs/app-server-protocol/schema/typescript/v2/FileChangeRequestApprovalParams.ts

@@ -2,11 +2,11 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type FileChangeRequestApprovalParams = { threadId: string, turnId: string, itemId: string, 
+export type FileChangeRequestApprovalParams = { threadId: string, turnId: string, itemId: string,
 /**
  * Optional explanatory reason (e.g. request for extra write access).
  */
-reason?: string | null, 
+reason?: string | null,
 /**
  * [UNSTABLE] When set, the agent is asking the user to allow writes under this root
  * for the remainder of the session (unclear if this is honored today).

codex-rs/app-server-protocol/schema/typescript/v2/FsChangedNotification.ts

@@ -6,11 +6,11 @@ import type { AbsolutePathBuf } from "../AbsolutePathBuf";
 /**
  * Filesystem watch notification emitted for `fs/watch` subscribers.
  */
-export type FsChangedNotification = { 
+export type FsChangedNotification = {
 /**
  * Watch identifier previously provided to `fs/watch`.
  */
-watchId: string, 
+watchId: string,
 /**
  * File or directory paths associated with this event.
  */

codex-rs/app-server-protocol/schema/typescript/v2/FsCopyParams.ts

@@ -6,15 +6,15 @@ import type { AbsolutePathBuf } from "../AbsolutePathBuf";
 /**
  * Copy a file or directory tree on the host filesystem.
  */
-export type FsCopyParams = { 
+export type FsCopyParams = {
 /**
  * Absolute source path.
  */
-sourcePath: AbsolutePathBuf, 
+sourcePath: AbsolutePathBuf,
 /**
  * Absolute destination path.
  */
-destinationPath: AbsolutePathBuf, 
+destinationPath: AbsolutePathBuf,
 /**
  * Required for directory copies; ignored for file copies.
  */

codex-rs/app-server-protocol/schema/typescript/v2/FsCreateDirectoryParams.ts

@@ -6,11 +6,11 @@ import type { AbsolutePathBuf } from "../AbsolutePathBuf";
 /**
  * Create a directory on the host filesystem.
  */
-export type FsCreateDirectoryParams = { 
+export type FsCreateDirectoryParams = {
 /**
  * Absolute directory path to create.
  */
-path: AbsolutePathBuf, 
+path: AbsolutePathBuf,
 /**
  * Whether parent directories should also be created. Defaults to `true`.
  */

codex-rs/app-server-protocol/schema/typescript/v2/FsGetMetadataParams.ts

@@ -6,7 +6,7 @@ import type { AbsolutePathBuf } from "../AbsolutePathBuf";
 /**
  * Request metadata for an absolute path.
  */
-export type FsGetMetadataParams = { 
+export type FsGetMetadataParams = {
 /**
  * Absolute path to inspect.
  */

codex-rs/app-server-protocol/schema/typescript/v2/FsGetMetadataResponse.ts

@@ -5,19 +5,19 @@
 /**
  * Metadata returned by `fs/getMetadata`.
  */
-export type FsGetMetadataResponse = { 
+export type FsGetMetadataResponse = {
 /**
  * Whether the path currently resolves to a directory.
  */
-isDirectory: boolean, 
+isDirectory: boolean,
 /**
  * Whether the path currently resolves to a regular file.
  */
-isFile: boolean, 
+isFile: boolean,
 /**
  * File creation time in Unix milliseconds when available, otherwise `0`.
  */
-createdAtMs: number, 
+createdAtMs: number,
 /**
  * File modification time in Unix milliseconds when available, otherwise `0`.
  */

codex-rs/app-server-protocol/schema/typescript/v2/FsReadDirectoryEntry.ts

@@ -5,15 +5,15 @@
 /**
  * A directory entry returned by `fs/readDirectory`.
  */
-export type FsReadDirectoryEntry = { 
+export type FsReadDirectoryEntry = {
 /**
  * Direct child entry name only, not an absolute or relative path.
  */
-fileName: string, 
+fileName: string,
 /**
  * Whether this entry resolves to a directory.
  */
-isDirectory: boolean, 
+isDirectory: boolean,
 /**
  * Whether this entry resolves to a regular file.
  */

codex-rs/app-server-protocol/schema/typescript/v2/FsReadDirectoryParams.ts

@@ -6,7 +6,7 @@ import type { AbsolutePathBuf } from "../AbsolutePathBuf";
 /**
  * List direct child names for a directory.
  */
-export type FsReadDirectoryParams = { 
+export type FsReadDirectoryParams = {
 /**
  * Absolute directory path to read.
  */

codex-rs/app-server-protocol/schema/typescript/v2/FsReadDirectoryResponse.ts

@@ -6,7 +6,7 @@ import type { FsReadDirectoryEntry } from "./FsReadDirectoryEntry";
 /**
  * Directory entries returned by `fs/readDirectory`.
  */
-export type FsReadDirectoryResponse = { 
+export type FsReadDirectoryResponse = {
 /**
  * Direct child entries in the requested directory.
  */

codex-rs/app-server-protocol/schema/typescript/v2/FsReadFileParams.ts

@@ -6,7 +6,7 @@ import type { AbsolutePathBuf } from "../AbsolutePathBuf";
 /**
  * Read a file from the host filesystem.
  */
-export type FsReadFileParams = { 
+export type FsReadFileParams = {
 /**
  * Absolute path to read.
  */

codex-rs/app-server-protocol/schema/typescript/v2/FsReadFileResponse.ts

@@ -5,7 +5,7 @@
 /**
  * Base64-encoded file contents returned by `fs/readFile`.
  */
-export type FsReadFileResponse = { 
+export type FsReadFileResponse = {
 /**
  * File contents encoded as base64.
  */

codex-rs/app-server-protocol/schema/typescript/v2/FsRemoveParams.ts

@@ -6,15 +6,15 @@ import type { AbsolutePathBuf } from "../AbsolutePathBuf";
 /**
  * Remove a file or directory tree from the host filesystem.
  */
-export type FsRemoveParams = { 
+export type FsRemoveParams = {
 /**
  * Absolute path to remove.
  */
-path: AbsolutePathBuf, 
+path: AbsolutePathBuf,
 /**
  * Whether directory removal should recurse. Defaults to `true`.
  */
-recursive?: boolean | null, 
+recursive?: boolean | null,
 /**
  * Whether missing paths should be ignored. Defaults to `true`.
  */

codex-rs/app-server-protocol/schema/typescript/v2/FsUnwatchParams.ts

@@ -5,7 +5,7 @@
 /**
  * Stop filesystem watch notifications for a prior `fs/watch`.
  */
-export type FsUnwatchParams = { 
+export type FsUnwatchParams = {
 /**
  * Watch identifier previously provided to `fs/watch`.
  */

codex-rs/app-server-protocol/schema/typescript/v2/FsWatchParams.ts

@@ -6,11 +6,11 @@ import type { AbsolutePathBuf } from "../AbsolutePathBuf";
 /**
  * Start filesystem watch notifications for an absolute path.
  */
-export type FsWatchParams = { 
+export type FsWatchParams = {
 /**
  * Connection-scoped watch identifier used for `fs/unwatch` and `fs/changed`.
  */
-watchId: string, 
+watchId: string,
 /**
  * Absolute file or directory path to watch.
  */

codex-rs/app-server-protocol/schema/typescript/v2/FsWatchResponse.ts

@@ -6,7 +6,7 @@ import type { AbsolutePathBuf } from "../AbsolutePathBuf";
 /**
  * Successful response for `fs/watch`.
  */
-export type FsWatchResponse = { 
+export type FsWatchResponse = {
 /**
  * Canonicalized path associated with the watch.
  */

codex-rs/app-server-protocol/schema/typescript/v2/FsWriteFileParams.ts

@@ -6,11 +6,11 @@ import type { AbsolutePathBuf } from "../AbsolutePathBuf";
 /**
  * Write a file on the host filesystem.
  */
-export type FsWriteFileParams = { 
+export type FsWriteFileParams = {
 /**
  * Absolute path to write.
  */
-path: AbsolutePathBuf, 
+path: AbsolutePathBuf,
 /**
  * File contents encoded as base64.
  */