changing decision semantics after guardian timeout (#17486)

**Summary**

This PR treats Guardian timeouts as distinct from explicit denials in
the core approval paths.
Timeouts now return timeout-specific guidance instead of Guardian
policy-rejection messaging.
It updates the command, shell, network, and MCP approval flows and adds
focused test coverage.

.devcontainer/Dockerfile.secure

@@ -0,0 +1,71 @@
+FROM mcr.microsoft.com/devcontainers/base:ubuntu-24.04
+
+ARG TZ
+ARG DEBIAN_FRONTEND=noninteractive
+ARG NODE_MAJOR=22
+ARG RUST_TOOLCHAIN=1.92.0
+ARG CODEX_NPM_VERSION=latest
+
+ENV TZ="$TZ"
+
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+        build-essential \
+        curl \
+        git \
+        ca-certificates \
+        pkg-config \
+        clang \
+        musl-tools \
+        libssl-dev \
+        libsqlite3-dev \
+        just \
+        python3 \
+        python3-pip \
+        jq \
+        less \
+        man-db \
+        unzip \
+        ripgrep \
+        fzf \
+        fd-find \
+        zsh \
+        dnsutils \
+        iproute2 \
+        ipset \
+        iptables \
+        aggregate \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+RUN curl -fsSL "https://deb.nodesource.com/setup_${NODE_MAJOR}.x" | bash - \
+    && apt-get update \
+    && apt-get install -y --no-install-recommends nodejs \
+    && npm install -g corepack@latest "@openai/codex@${CODEX_NPM_VERSION}" \
+    && corepack enable \
+    && corepack prepare pnpm@10.28.2 --activate \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*
+
+COPY .devcontainer/init-firewall.sh /usr/local/bin/init-firewall.sh
+COPY .devcontainer/post_install.py /opt/post_install.py
+COPY .devcontainer/post-start.sh /opt/post_start.sh
+
+RUN chmod 500 /usr/local/bin/init-firewall.sh \
+    && chmod 755 /opt/post_start.sh \
+    && chmod 644 /opt/post_install.py \
+    && chown vscode:vscode /opt/post_install.py
+
+RUN install -d -m 0775 -o vscode -g vscode /commandhistory /workspace \
+    && touch /commandhistory/.bash_history /commandhistory/.zsh_history \
+    && chown vscode:vscode /commandhistory/.bash_history /commandhistory/.zsh_history
+
+USER vscode
+ENV PATH="/home/vscode/.cargo/bin:${PATH}"
+WORKDIR /workspace
+
+RUN curl -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal --default-toolchain "${RUST_TOOLCHAIN}" \
+    && rustup component add clippy rustfmt rust-src \
+    && rustup target add x86_64-unknown-linux-musl aarch64-unknown-linux-musl

.devcontainer/README.md

@@ -1,10 +1,36 @@
 # Containerized Development
 
-We provide the following options to facilitate Codex development in a container. This is particularly useful for verifying the Linux build when working on a macOS host.
+We provide two container paths:
+
+- `devcontainer.json` keeps the existing Codex contributor setup for working on this repository.
+- `devcontainer.secure.json` adds a customer-oriented profile with stricter outbound network controls.
+
+## Codex contributor profile
+
+Use `devcontainer.json` when you are developing Codex itself. This is the same lightweight arm64 container that already exists in the repo.
+
+## Secure customer profile
+
+Use `devcontainer.secure.json` when you want a stricter runtime profile for running Codex inside a project container:
+
+- installs the Codex CLI plus common build tools
+- enables firewall startup with an allowlist-driven outbound policy
+- blocks IPv6 by default so the allowlist cannot be bypassed over AAAA routes
+- requires `NET_ADMIN` and `NET_RAW` so the firewall can be installed at startup
+
+This profile keeps the stricter networking isolated to the customer path instead of changing the default Codex contributor container.
+
+Start it from the CLI with:
+
+```bash
+devcontainer up --workspace-folder . --config .devcontainer/devcontainer.secure.json
+```
+
+In VS Code, choose **Dev Containers: Open Folder in Container...** and select `.devcontainer/devcontainer.secure.json`.
 
 ## Docker
 
-To build the Docker image locally for x64 and then run it with the repo mounted under `/workspace`:
+To build the contributor image locally for x64 and then run it with the repo mounted under `/workspace`:
 
 ```shell
 CODEX_DOCKER_IMAGE_NAME=codex-linux-dev
@@ -14,17 +40,6 @@ docker run --platform=linux/amd64 --rm -it -e CARGO_TARGET_DIR=/workspace/codex-
 
 Note that `/workspace/target` will contain the binaries built for your host platform, so we include `-e CARGO_TARGET_DIR=/workspace/codex-rs/target-amd64` in the `docker run` command so that the binaries built inside your container are written to a separate directory.
 
-For arm64, specify `--platform=linux/amd64` instead for both `docker build` and `docker run`.
+For arm64, specify `--platform=linux/arm64` instead for both `docker build` and `docker run`.
 
-Currently, the `Dockerfile` works for both x64 and arm64 Linux, though you need to run `rustup target add x86_64-unknown-linux-musl` yourself to install the musl toolchain for x64.
-
-## VS Code
-
-VS Code recognizes the `devcontainer.json` file and gives you the option to develop Codex in a container. Currently, `devcontainer.json` builds and runs the `arm64` flavor of the container.
-
-From the integrated terminal in VS Code, you can build either flavor of the `arm64` build (GNU or musl):
-
-```shell
-cargo build --target aarch64-unknown-linux-musl
-cargo build --target aarch64-unknown-linux-gnu
-```
+Currently, the contributor `Dockerfile` works for both x64 and arm64 Linux, though you need to run `rustup target add x86_64-unknown-linux-musl` yourself to install the musl toolchain for x64.

.devcontainer/devcontainer.secure.json

@@ -0,0 +1,76 @@
+{
+  "$schema": "https://raw.githubusercontent.com/devcontainers/spec/main/schemas/devContainer.schema.json",
+  "name": "Codex (Secure)",
+  "build": {
+    "dockerfile": "Dockerfile.secure",
+    "context": "..",
+    "args": {
+      "TZ": "${localEnv:TZ:UTC}",
+      "NODE_MAJOR": "22",
+      "RUST_TOOLCHAIN": "1.92.0",
+      "CODEX_NPM_VERSION": "latest"
+    }
+  },
+  "runArgs": [
+    "--cap-add=NET_ADMIN",
+    "--cap-add=NET_RAW"
+  ],
+  "init": true,
+  "updateRemoteUserUID": true,
+  "remoteUser": "vscode",
+  "workspaceMount": "source=${localWorkspaceFolder},target=/workspace,type=bind,consistency=delegated",
+  "workspaceFolder": "/workspace",
+  "mounts": [
+    "source=codex-commandhistory-${devcontainerId},target=/commandhistory,type=volume",
+    "source=codex-home-${devcontainerId},target=/home/vscode/.codex,type=volume",
+    "source=codex-gh-${devcontainerId},target=/home/vscode/.config/gh,type=volume",
+    "source=codex-cargo-registry-${devcontainerId},target=/home/vscode/.cargo/registry,type=volume",
+    "source=codex-cargo-git-${devcontainerId},target=/home/vscode/.cargo/git,type=volume",
+    "source=codex-rustup-${devcontainerId},target=/home/vscode/.rustup,type=volume",
+    "source=${localEnv:HOME}/.gitconfig,target=/home/vscode/.gitconfig,type=bind,readonly"
+  ],
+  "containerEnv": {
+    "RUST_BACKTRACE": "1",
+    "CODEX_UNSAFE_ALLOW_NO_SANDBOX": "1",
+    "CODEX_ENABLE_FIREWALL": "1",
+    "CODEX_INCLUDE_GITHUB_META_RANGES": "1",
+    "OPENAI_ALLOWED_DOMAINS": "api.openai.com auth.openai.com github.com api.github.com codeload.github.com raw.githubusercontent.com objects.githubusercontent.com crates.io index.crates.io static.crates.io static.rust-lang.org registry.npmjs.org pypi.org files.pythonhosted.org",
+    "CARGO_TARGET_DIR": "/workspace/.cache/cargo-target",
+    "GIT_CONFIG_GLOBAL": "/home/vscode/.gitconfig.local",
+    "COREPACK_ENABLE_DOWNLOAD_PROMPT": "0",
+    "PYTHONDONTWRITEBYTECODE": "1",
+    "PIP_DISABLE_PIP_VERSION_CHECK": "1"
+  },
+  "remoteEnv": {
+    "OPENAI_API_KEY": "${localEnv:OPENAI_API_KEY}"
+  },
+  "postCreateCommand": "python3 /opt/post_install.py",
+  "postStartCommand": "bash /opt/post_start.sh",
+  "waitFor": "postStartCommand",
+  "customizations": {
+    "vscode": {
+      "settings": {
+        "terminal.integrated.defaultProfile.linux": "zsh",
+        "terminal.integrated.profiles.linux": {
+          "bash": {
+            "path": "bash",
+            "icon": "terminal-bash"
+          },
+          "zsh": {
+            "path": "zsh"
+          }
+        },
+        "files.trimTrailingWhitespace": true,
+        "files.insertFinalNewline": true,
+        "files.trimFinalNewlines": true
+      },
+      "extensions": [
+        "openai.chatgpt",
+        "rust-lang.rust-analyzer",
+        "tamasfe.even-better-toml",
+        "vadimcn.vscode-lldb",
+        "ms-azuretools.vscode-docker"
+      ]
+    }
+  }
+}

.devcontainer/init-firewall.sh

@@ -0,0 +1,170 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+
+allowed_domains_file="/etc/codex/allowed_domains.txt"
+include_github_meta_ranges="${CODEX_INCLUDE_GITHUB_META_RANGES:-1}"
+
+if [ -f "$allowed_domains_file" ]; then
+  mapfile -t allowed_domains < <(sed '/^\s*#/d;/^\s*$/d' "$allowed_domains_file")
+else
+  allowed_domains=("api.openai.com")
+fi
+
+if [ "${#allowed_domains[@]}" -eq 0 ]; then
+  echo "ERROR: No allowed domains configured"
+  exit 1
+fi
+
+add_ipv4_cidr_to_allowlist() {
+  local source="$1"
+  local cidr="$2"
+
+  if [[ ! "$cidr" =~ ^[0-9]{1,3}(\.[0-9]{1,3}){3}/[0-9]{1,2}$ ]]; then
+    echo "ERROR: Invalid ${source} CIDR range: $cidr"
+    exit 1
+  fi
+
+  ipset add allowed-domains "$cidr" -exist
+}
+
+configure_ipv6_default_deny() {
+  if ! command -v ip6tables >/dev/null 2>&1; then
+    echo "ERROR: ip6tables is required to enforce IPv6 default-deny policy"
+    exit 1
+  fi
+
+  ip6tables -F
+  ip6tables -X
+  ip6tables -t mangle -F
+  ip6tables -t mangle -X
+  ip6tables -t nat -F 2>/dev/null || true
+  ip6tables -t nat -X 2>/dev/null || true
+
+  ip6tables -A INPUT -i lo -j ACCEPT
+  ip6tables -A OUTPUT -o lo -j ACCEPT
+  ip6tables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+  ip6tables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+  ip6tables -P INPUT DROP
+  ip6tables -P FORWARD DROP
+  ip6tables -P OUTPUT DROP
+
+  echo "IPv6 firewall policy configured (default-deny)"
+}
+
+# Preserve docker-managed DNS NAT rules before clearing tables.
+docker_dns_rules="$(iptables-save -t nat | grep "127\\.0\\.0\\.11" || true)"
+
+iptables -F
+iptables -X
+iptables -t nat -F
+iptables -t nat -X
+iptables -t mangle -F
+iptables -t mangle -X
+ipset destroy allowed-domains 2>/dev/null || true
+
+if [ -n "$docker_dns_rules" ]; then
+  echo "Restoring Docker DNS NAT rules"
+  iptables -t nat -N DOCKER_OUTPUT 2>/dev/null || true
+  iptables -t nat -N DOCKER_POSTROUTING 2>/dev/null || true
+  while IFS= read -r rule; do
+    [ -z "$rule" ] && continue
+    iptables -t nat $rule
+  done <<< "$docker_dns_rules"
+fi
+
+# Allow DNS resolution and localhost communication.
+iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
+iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
+iptables -A INPUT -p udp --sport 53 -j ACCEPT
+iptables -A INPUT -p tcp --sport 53 -j ACCEPT
+iptables -A INPUT -i lo -j ACCEPT
+iptables -A OUTPUT -o lo -j ACCEPT
+
+ipset create allowed-domains hash:net
+
+for domain in "${allowed_domains[@]}"; do
+  echo "Resolving $domain"
+  ips="$(dig +short A "$domain" | sed '/^\s*$/d')"
+  if [ -z "$ips" ]; then
+    echo "ERROR: Failed to resolve $domain"
+    exit 1
+  fi
+
+  while IFS= read -r ip; do
+    if [[ ! "$ip" =~ ^[0-9]{1,3}(\.[0-9]{1,3}){3}$ ]]; then
+      echo "ERROR: Invalid IPv4 address from DNS for $domain: $ip"
+      exit 1
+    fi
+    ipset add allowed-domains "$ip" -exist
+  done <<< "$ips"
+done
+
+if [ "$include_github_meta_ranges" = "1" ]; then
+  echo "Fetching GitHub meta ranges"
+  github_meta="$(curl -fsSL --connect-timeout 10 https://api.github.com/meta)"
+
+  if ! echo "$github_meta" | jq -e '.web and .api and .git' >/dev/null; then
+    echo "ERROR: GitHub meta response missing expected fields"
+    exit 1
+  fi
+
+  while IFS= read -r cidr; do
+    [ -z "$cidr" ] && continue
+    if [[ "$cidr" == *:* ]]; then
+      # Current policy enforces IPv4-only ipset entries.
+      continue
+    fi
+    add_ipv4_cidr_to_allowlist "GitHub" "$cidr"
+  done < <(echo "$github_meta" | jq -r '((.web // []) + (.api // []) + (.git // []))[]' | sort -u)
+fi
+
+host_ip="$(ip route | awk '/default/ {print $3; exit}')"
+if [ -z "$host_ip" ]; then
+  echo "ERROR: Failed to detect host IP"
+  exit 1
+fi
+
+host_network="$(echo "$host_ip" | sed 's/\.[0-9]*$/.0\/24/')"
+iptables -A INPUT -s "$host_network" -j ACCEPT
+iptables -A OUTPUT -d "$host_network" -j ACCEPT
+
+iptables -P INPUT DROP
+iptables -P FORWARD DROP
+iptables -P OUTPUT DROP
+
+iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+iptables -A OUTPUT -m set --match-set allowed-domains dst -j ACCEPT
+
+# Reject rather than silently drop to make policy failures obvious.
+iptables -A INPUT -j REJECT --reject-with icmp-admin-prohibited
+iptables -A OUTPUT -j REJECT --reject-with icmp-admin-prohibited
+iptables -A FORWARD -j REJECT --reject-with icmp-admin-prohibited
+
+configure_ipv6_default_deny
+
+echo "Firewall configuration complete"
+
+if curl --connect-timeout 5 https://example.com >/dev/null 2>&1; then
+  echo "ERROR: Firewall verification failed - was able to reach https://example.com"
+  exit 1
+fi
+
+if ! curl --connect-timeout 5 https://api.openai.com >/dev/null 2>&1; then
+  echo "ERROR: Firewall verification failed - unable to reach https://api.openai.com"
+  exit 1
+fi
+
+if [ "$include_github_meta_ranges" = "1" ] && ! curl --connect-timeout 5 https://api.github.com/zen >/dev/null 2>&1; then
+  echo "ERROR: Firewall verification failed - unable to reach https://api.github.com"
+  exit 1
+fi
+
+if curl --connect-timeout 5 -6 https://example.com >/dev/null 2>&1; then
+  echo "ERROR: Firewall verification failed - was able to reach https://example.com over IPv6"
+  exit 1
+fi
+
+echo "Firewall verification passed"

.devcontainer/post-start.sh

@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+if [ "${CODEX_ENABLE_FIREWALL:-1}" != "1" ]; then
+  echo "[devcontainer] Firewall mode: permissive (CODEX_ENABLE_FIREWALL=${CODEX_ENABLE_FIREWALL:-unset})."
+  exit 0
+fi
+
+echo "[devcontainer] Firewall mode: strict"
+
+domains_raw="${OPENAI_ALLOWED_DOMAINS:-api.openai.com}"
+mapfile -t domains < <(printf '%s\n' "$domains_raw" | tr ', ' '\n\n' | sed '/^$/d' | sort -u)
+
+if [ "${#domains[@]}" -eq 0 ]; then
+  echo "[devcontainer] No allowed domains configured."
+  exit 1
+fi
+
+tmp_file="$(mktemp)"
+for domain in "${domains[@]}"; do
+  if [[ ! "$domain" =~ ^[a-zA-Z0-9][a-zA-Z0-9.-]*\.[a-zA-Z]{2,}$ ]]; then
+    echo "[devcontainer] Invalid domain in OPENAI_ALLOWED_DOMAINS: $domain"
+    rm -f "$tmp_file"
+    exit 1
+  fi
+  printf '%s\n' "$domain" >> "$tmp_file"
+done
+
+sudo install -d -m 0755 /etc/codex
+sudo cp "$tmp_file" /etc/codex/allowed_domains.txt
+sudo chown root:root /etc/codex/allowed_domains.txt
+sudo chmod 0444 /etc/codex/allowed_domains.txt
+rm -f "$tmp_file"
+
+echo "[devcontainer] Applying firewall policy for domains: ${domains[*]}"
+sudo --preserve-env=CODEX_INCLUDE_GITHUB_META_RANGES /usr/local/bin/init-firewall.sh

.devcontainer/post_install.py

@@ -0,0 +1,113 @@
+#!/usr/bin/env python3
+"""Post-install configuration for the Codex devcontainer."""
+
+from __future__ import annotations
+
+import os
+import subprocess
+import sys
+from pathlib import Path
+
+
+def ensure_history_files() -> None:
+    command_history_dir = Path("/commandhistory")
+    command_history_dir.mkdir(parents=True, exist_ok=True)
+
+    for filename in (".bash_history", ".zsh_history"):
+        (command_history_dir / filename).touch(exist_ok=True)
+
+
+def fix_directory_ownership() -> None:
+    uid = os.getuid()
+    gid = os.getgid()
+
+    paths = [
+        Path.home() / ".codex",
+        Path.home() / ".config" / "gh",
+        Path.home() / ".cargo",
+        Path.home() / ".rustup",
+        Path("/commandhistory"),
+    ]
+
+    for path in paths:
+        if not path.exists():
+            continue
+
+        stat_info = path.stat()
+        if stat_info.st_uid == uid and stat_info.st_gid == gid:
+            continue
+
+        try:
+            subprocess.run(
+                ["sudo", "chown", "-R", f"{uid}:{gid}", str(path)],
+                check=True,
+                capture_output=True,
+                text=True,
+            )
+            print(f"[post_install] fixed ownership: {path}", file=sys.stderr)
+        except subprocess.CalledProcessError as err:
+            print(
+                f"[post_install] warning: could not fix ownership of {path}: {err.stderr.strip()}",
+                file=sys.stderr,
+            )
+
+
+def setup_git_config() -> None:
+    home = Path.home()
+    host_gitconfig = home / ".gitconfig"
+    local_gitconfig = home / ".gitconfig.local"
+    gitignore_global = home / ".gitignore_global"
+
+    gitignore_global.write_text(
+        """# Codex
+.codex/
+
+# Rust
+/target/
+
+# Node
+node_modules/
+
+# Python
+__pycache__/
+*.pyc
+
+# Editors
+.vscode/
+.idea/
+
+# macOS
+.DS_Store
+""",
+        encoding="utf-8",
+    )
+
+    include_line = (
+        f"[include]\n    path = {host_gitconfig}\n\n" if host_gitconfig.exists() else ""
+    )
+
+    local_gitconfig.write_text(
+        f"""# Container-local git configuration
+{include_line}[core]
+    excludesfile = {gitignore_global}
+
+[merge]
+    conflictstyle = diff3
+
+[diff]
+    colorMoved = default
+""",
+        encoding="utf-8",
+    )
+
+
+def main() -> None:
+    print("[post_install] configuring devcontainer...", file=sys.stderr)
+    ensure_history_files()
+    fix_directory_ownership()
+    setup_git_config()
+    print("[post_install] complete", file=sys.stderr)
+
+
+if __name__ == "__main__":
+    main()

.github/scripts/verify_tui_core_boundary.py

@@ -0,0 +1,89 @@
+#!/usr/bin/env python3
+
+"""Verify codex-tui does not depend on or import codex-core directly."""
+
+from __future__ import annotations
+
+import re
+import sys
+import tomllib
+from pathlib import Path
+
+
+ROOT = Path(__file__).resolve().parents[2]
+TUI_ROOT = ROOT / "codex-rs" / "tui"
+TUI_MANIFEST = TUI_ROOT / "Cargo.toml"
+FORBIDDEN_PACKAGE = "codex-core"
+FORBIDDEN_SOURCE_PATTERNS = (
+    re.compile(r"\bcodex_core::"),
+    re.compile(r"\buse\s+codex_core\b"),
+    re.compile(r"\bextern\s+crate\s+codex_core\b"),
+)
+
+
+def main() -> int:
+    failures = []
+    failures.extend(manifest_failures())
+    failures.extend(source_failures())
+
+    if not failures:
+        return 0
+
+    print("codex-tui must not depend on or import codex-core directly.")
+    print(
+        "Use the app-server protocol/client boundary instead; temporary embedded "
+        "startup gaps belong behind codex_app_server_client::legacy_core."
+    )
+    print()
+    for failure in failures:
+        print(f"- {failure}")
+
+    return 1
+
+
+def manifest_failures() -> list[str]:
+    manifest = tomllib.loads(TUI_MANIFEST.read_text())
+    failures = []
+    for section_name, dependencies in dependency_sections(manifest):
+        if FORBIDDEN_PACKAGE in dependencies:
+            failures.append(
+                f"{relative_path(TUI_MANIFEST)} declares `{FORBIDDEN_PACKAGE}` "
+                f"in `[{section_name}]`"
+            )
+    return failures
+
+
+def dependency_sections(manifest: dict) -> list[tuple[str, dict]]:
+    sections: list[tuple[str, dict]] = []
+    for section_name in ("dependencies", "dev-dependencies", "build-dependencies"):
+        dependencies = manifest.get(section_name)
+        if isinstance(dependencies, dict):
+            sections.append((section_name, dependencies))
+
+    for target_name, target in manifest.get("target", {}).items():
+        if not isinstance(target, dict):
+            continue
+        for section_name in ("dependencies", "dev-dependencies", "build-dependencies"):
+            dependencies = target.get(section_name)
+            if isinstance(dependencies, dict):
+                sections.append((f'target.{target_name}.{section_name}', dependencies))
+
+    return sections
+
+
+def source_failures() -> list[str]:
+    failures = []
+    for path in sorted(TUI_ROOT.glob("**/*.rs")):
+        text = path.read_text()
+        for line_number, line in enumerate(text.splitlines(), start=1):
+            if any(pattern.search(line) for pattern in FORBIDDEN_SOURCE_PATTERNS):
+                failures.append(f"{relative_path(path)}:{line_number} imports `codex_core`")
+    return failures
+
+
+def relative_path(path: Path) -> str:
+    return str(path.relative_to(ROOT))
+
+
+if __name__ == "__main__":
+    sys.exit(main())

.github/workflows/ci.yml

@@ -17,6 +17,9 @@ jobs:
       - name: Verify codex-rs Cargo manifests inherit workspace settings
         run: python3 .github/scripts/verify_cargo_workspace_manifests.py
 
+      - name: Verify codex-tui does not import codex-core directly
+        run: python3 .github/scripts/verify_tui_core_boundary.py
+
       - name: Verify Bazel clippy flags match Cargo workspace lints
         run: python3 .github/scripts/verify_bazel_clippy_lints.py
 

.github/workflows/issue-labeler.yml

@@ -44,6 +44,7 @@ jobs:
             6. iOS — Issues with the Codex iOS app.
 
             - Additionally add zero or more of the following labels that are relevant to the issue content. Prefer a small set of precise labels over many broad ones.
+            - For agent-area issues, prefer the most specific applicable label. Use "agent" only as a fallback for agent-related issues that do not fit a more specific agent-area label. Prefer "app-server" over "session" or "config" when the issue is about app-server protocol, API, RPC, schema, launch, or bridge behavior.
             1. windows-os — Bugs or friction specific to Windows environments (always when PowerShell is mentioned, path handling, copy/paste, OS-specific auth or tooling failures).
             2. mcp — Topics involving Model Context Protocol servers/clients.
             3. mcp-server — Problems related to the codex mcp-server command, where codex runs as an MCP server.
@@ -61,6 +62,13 @@ jobs:
             15. sandbox - Issues related to local sandbox environments or tool call approvals to override sandbox restrictions.
             16. tool-calls - Problems related to specific tool call invocations including unexpected errors, failures, or hangs.
             17. TUI - Problems with the terminal user interface (TUI) including keyboard shortcuts, copy & pasting, menus, or screen update issues.
+            18. app-server - Issues involving the app-server protocol or interfaces, including SDK/API payloads, thread/* and turn/* RPCs, app-server launch behavior, external app/controller bridges, and app-server protocol/schema behavior.
+            19. connectivity - Network connectivity or endpoint issues, including reconnecting messages, stream dropped/disconnected errors, websocket/SSE/transport failures, timeout/network/VPN/proxy/API endpoint failures, and related retry behavior.
+            20. subagent - Issues involving subagents, sub-agents, or multi-agent behavior, including spawn_agent, wait_agent, close_agent, worker/explorer roles, delegation, agent teams, lifecycle, model/config inheritance, quotas, and orchestration.
+            21. session - Issues involving session or thread management, including resume, fork, archive, rename/title, thread history, rollout persistence, compaction, checkpoints, retention, and cross-session state.
+            22. config - Issues involving config.toml, config keys, config key merging, config updates, profiles, hooks config, project config, agent role TOMLs, instruction/personality config, and config schema behavior.
+            23. plan - Issues involving plan mode, planning workflows, or plan-specific tools/behavior.
+            24. agent - Fallback only for core agent loop or agent-related issues that do not fit app-server, connectivity, subagent, session, config, or plan.
 
             Issue number: ${{ github.event.issue.number }}
 

codex-rs/Cargo.lock

@@ -2845,7 +2845,6 @@ dependencies = [
  "codex-cli",
  "codex-cloud-requirements",
  "codex-config",
- "codex-core",
  "codex-exec-server",
  "codex-features",
  "codex-feedback",

codex-rs/app-server-client/src/lib.rs

@@ -56,6 +56,90 @@ use tracing::warn;
 pub use crate::remote::RemoteAppServerClient;
 pub use crate::remote::RemoteAppServerConnectArgs;
 
+/// Transitional access to core-only embedded app-server types.
+///
+/// New TUI behavior should prefer the app-server protocol methods. This
+/// module exists so clients can remove a direct `codex-core` dependency
+/// while legacy startup/config paths are migrated to RPCs.
+pub mod legacy_core {
+    pub use codex_core::Cursor;
+    pub use codex_core::DEFAULT_PROJECT_DOC_FILENAME;
+    pub use codex_core::INTERACTIVE_SESSION_SOURCES;
+    pub use codex_core::LOCAL_PROJECT_DOC_FILENAME;
+    pub use codex_core::McpManager;
+    pub use codex_core::PLUGIN_TEXT_MENTION_SIGIL;
+    pub use codex_core::RolloutRecorder;
+    pub use codex_core::TOOL_MENTION_SIGIL;
+    pub use codex_core::ThreadItem;
+    pub use codex_core::ThreadSortKey;
+    pub use codex_core::ThreadsPage;
+    pub use codex_core::append_message_history_entry;
+    pub use codex_core::check_execpolicy_for_warnings;
+    pub use codex_core::discover_project_doc_paths;
+    pub use codex_core::find_thread_meta_by_name_str;
+    pub use codex_core::find_thread_name_by_id;
+    pub use codex_core::find_thread_names_by_ids;
+    pub use codex_core::format_exec_policy_error_with_source;
+    pub use codex_core::grant_read_root_non_elevated;
+    pub use codex_core::lookup_message_history_entry;
+    pub use codex_core::message_history_metadata;
+    pub use codex_core::path_utils;
+    pub use codex_core::read_session_meta_line;
+    pub use codex_core::web_search_detail;
+
+    pub mod config {
+        pub use codex_core::config::*;
+
+        pub mod edit {
+            pub use codex_core::config::edit::*;
+        }
+    }
+
+    pub mod config_loader {
+        pub use codex_core::config_loader::*;
+    }
+
+    pub mod connectors {
+        pub use codex_core::connectors::*;
+    }
+
+    pub mod otel_init {
+        pub use codex_core::otel_init::*;
+    }
+
+    pub mod personality_migration {
+        pub use codex_core::personality_migration::*;
+    }
+
+    pub mod plugins {
+        pub use codex_core::plugins::*;
+    }
+
+    pub mod review_format {
+        pub use codex_core::review_format::*;
+    }
+
+    pub mod review_prompts {
+        pub use codex_core::review_prompts::*;
+    }
+
+    pub mod skills {
+        pub use codex_core::skills::*;
+    }
+
+    pub mod test_support {
+        pub use codex_core::test_support::*;
+    }
+
+    pub mod util {
+        pub use codex_core::util::*;
+    }
+
+    pub mod windows_sandbox {
+        pub use codex_core::windows_sandbox::*;
+    }
+}
+
 const SHUTDOWN_TIMEOUT: Duration = Duration::from_secs(5);
 
 /// Raw app-server request result for typed in-process requests.

codex-rs/app-server-protocol/schema/json/ApplyPatchApprovalResponse.json

@@ -94,6 +94,13 @@
           ],
           "type": "string"
         },
+        {
+          "description": "Automatic approval review timed out before reaching a decision.",
+          "enum": [
+            "timed_out"
+          ],
+          "type": "string"
+        },
         {
           "description": "User has denied this command and the agent should not do anything until the user's next command.",
           "enum": [

codex-rs/app-server-protocol/schema/json/ClientRequest.json

@@ -647,6 +647,15 @@
             "null"
           ]
         },
+        "tags": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "type": [
+            "object",
+            "null"
+          ]
+        },
         "threadId": {
           "type": [
             "string",
@@ -1277,6 +1286,27 @@
       ],
       "type": "string"
     },
+    "McpServerToolCallParams": {
+      "properties": {
+        "_meta": true,
+        "arguments": true,
+        "server": {
+          "type": "string"
+        },
+        "threadId": {
+          "type": "string"
+        },
+        "tool": {
+          "type": "string"
+        }
+      },
+      "required": [
+        "server",
+        "threadId",
+        "tool"
+      ],
+      "type": "object"
+    },
     "MergeStrategy": {
       "enum": [
         "replace",
@@ -4569,6 +4599,30 @@
       "title": "McpServer/resource/readRequest",
       "type": "object"
     },
+    {
+      "properties": {
+        "id": {
+          "$ref": "#/definitions/RequestId"
+        },
+        "method": {
+          "enum": [
+            "mcpServer/tool/call"
+          ],
+          "title": "McpServer/tool/callRequestMethod",
+          "type": "string"
+        },
+        "params": {
+          "$ref": "#/definitions/McpServerToolCallParams"
+        }
+      },
+      "required": [
+        "id",
+        "method",
+        "params"
+      ],
+      "title": "McpServer/tool/callRequest",
+      "type": "object"
+    },
     {
       "properties": {
         "id": {

codex-rs/app-server-protocol/schema/json/ExecCommandApprovalResponse.json

@@ -94,6 +94,13 @@
           ],
           "type": "string"
         },
+        {
+          "description": "Automatic approval review timed out before reaching a decision.",
+          "enum": [
+            "timed_out"
+          ],
+          "type": "string"
+        },
         {
           "description": "User has denied this command and the agent should not do anything until the user's next command.",
           "enum": [

codex-rs/app-server-protocol/schema/json/ServerNotification.json

@@ -1348,6 +1348,7 @@
         "inProgress",
         "approved",
         "denied",
+        "timedOut",
         "aborted"
       ],
       "type": "string"
@@ -2009,6 +2010,7 @@
         "go",
         "plus",
         "pro",
+        "prolite",
         "team",
         "self_serve_business_usage_based",
         "business",

codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.schemas.json

@@ -1225,6 +1225,30 @@
           "title": "McpServer/resource/readRequest",
           "type": "object"
         },
+        {
+          "properties": {
+            "id": {
+              "$ref": "#/definitions/v2/RequestId"
+            },
+            "method": {
+              "enum": [
+                "mcpServer/tool/call"
+              ],
+              "title": "McpServer/tool/callRequestMethod",
+              "type": "string"
+            },
+            "params": {
+              "$ref": "#/definitions/v2/McpServerToolCallParams"
+            }
+          },
+          "required": [
+            "id",
+            "method",
+            "params"
+          ],
+          "title": "McpServer/tool/callRequest",
+          "type": "object"
+        },
         {
           "properties": {
             "id": {
@@ -3398,6 +3422,13 @@
           ],
           "type": "string"
         },
+        {
+          "description": "Automatic approval review timed out before reaching a decision.",
+          "enum": [
+            "timed_out"
+          ],
+          "type": "string"
+        },
         {
           "description": "User has denied this command and the agent should not do anything until the user's next command.",
           "enum": [
@@ -7448,6 +7479,15 @@
               "null"
             ]
           },
+          "tags": {
+            "additionalProperties": {
+              "type": "string"
+            },
+            "type": [
+              "object",
+              "null"
+            ]
+          },
           "threadId": {
             "type": [
               "string",
@@ -8297,6 +8337,7 @@
           "inProgress",
           "approved",
           "denied",
+          "timedOut",
           "aborted"
         ],
         "type": "string"
@@ -9206,6 +9247,51 @@
         "title": "McpServerStatusUpdatedNotification",
         "type": "object"
       },
+      "McpServerToolCallParams": {
+        "$schema": "http://json-schema.org/draft-07/schema#",
+        "properties": {
+          "_meta": true,
+          "arguments": true,
+          "server": {
+            "type": "string"
+          },
+          "threadId": {
+            "type": "string"
+          },
+          "tool": {
+            "type": "string"
+          }
+        },
+        "required": [
+          "server",
+          "threadId",
+          "tool"
+        ],
+        "title": "McpServerToolCallParams",
+        "type": "object"
+      },
+      "McpServerToolCallResponse": {
+        "$schema": "http://json-schema.org/draft-07/schema#",
+        "properties": {
+          "_meta": true,
+          "content": {
+            "items": true,
+            "type": "array"
+          },
+          "isError": {
+            "type": [
+              "boolean",
+              "null"
+            ]
+          },
+          "structuredContent": true
+        },
+        "required": [
+          "content"
+        ],
+        "title": "McpServerToolCallResponse",
+        "type": "object"
+      },
       "McpToolCallError": {
         "properties": {
           "message": {
@@ -9838,6 +9924,7 @@
           "go",
           "plus",
           "pro",
+          "prolite",
           "team",
           "self_serve_business_usage_based",
           "business",

codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.v2.schemas.json

@@ -1807,6 +1807,30 @@
           "title": "McpServer/resource/readRequest",
           "type": "object"
         },
+        {
+          "properties": {
+            "id": {
+              "$ref": "#/definitions/RequestId"
+            },
+            "method": {
+              "enum": [
+                "mcpServer/tool/call"
+              ],
+              "title": "McpServer/tool/callRequestMethod",
+              "type": "string"
+            },
+            "params": {
+              "$ref": "#/definitions/McpServerToolCallParams"
+            }
+          },
+          "required": [
+            "id",
+            "method",
+            "params"
+          ],
+          "title": "McpServer/tool/callRequest",
+          "type": "object"
+        },
         {
           "properties": {
             "id": {
@@ -4096,6 +4120,15 @@
             "null"
           ]
         },
+        "tags": {
+          "additionalProperties": {
+            "type": "string"
+          },
+          "type": [
+            "object",
+            "null"
+          ]
+        },
         "threadId": {
           "type": [
             "string",
@@ -5056,6 +5089,7 @@
         "inProgress",
         "approved",
         "denied",
+        "timedOut",
         "aborted"
       ],
       "type": "string"
@@ -6009,6 +6043,51 @@
       "title": "McpServerStatusUpdatedNotification",
       "type": "object"
     },
+    "McpServerToolCallParams": {
+      "$schema": "http://json-schema.org/draft-07/schema#",
+      "properties": {
+        "_meta": true,
+        "arguments": true,
+        "server": {
+          "type": "string"
+        },
+        "threadId": {
+          "type": "string"
+        },
+        "tool": {
+          "type": "string"
+        }
+      },
+      "required": [
+        "server",
+        "threadId",
+        "tool"
+      ],
+      "title": "McpServerToolCallParams",
+      "type": "object"
+    },
+    "McpServerToolCallResponse": {
+      "$schema": "http://json-schema.org/draft-07/schema#",
+      "properties": {
+        "_meta": true,
+        "content": {
+          "items": true,
+          "type": "array"
+        },
+        "isError": {
+          "type": [
+            "boolean",
+            "null"
+          ]
+        },
+        "structuredContent": true
+      },
+      "required": [
+        "content"
+      ],
+      "title": "McpServerToolCallResponse",
+      "type": "object"
+    },
     "McpToolCallError": {
       "properties": {
         "message": {
@@ -6641,6 +6720,7 @@
         "go",
         "plus",
         "pro",
+        "prolite",
         "team",
         "self_serve_business_usage_based",
         "business",

codex-rs/app-server-protocol/schema/json/v2/AccountRateLimitsUpdatedNotification.json

@@ -28,6 +28,7 @@
         "go",
         "plus",
         "pro",
+        "prolite",
         "team",
         "self_serve_business_usage_based",
         "business",

codex-rs/app-server-protocol/schema/json/v2/AccountUpdatedNotification.json

@@ -33,6 +33,7 @@
         "go",
         "plus",
         "pro",
+        "prolite",
         "team",
         "self_serve_business_usage_based",
         "business",

codex-rs/app-server-protocol/schema/json/v2/FeedbackUploadParams.json

@@ -22,6 +22,15 @@
         "null"
       ]
     },
+    "tags": {
+      "additionalProperties": {
+        "type": "string"
+      },
+      "type": [
+        "object",
+        "null"
+      ]
+    },
     "threadId": {
       "type": [
         "string",

codex-rs/app-server-protocol/schema/json/v2/GetAccountRateLimitsResponse.json

@@ -28,6 +28,7 @@
         "go",
         "plus",
         "pro",
+        "prolite",
         "team",
         "self_serve_business_usage_based",
         "business",

codex-rs/app-server-protocol/schema/json/v2/GetAccountResponse.json

@@ -51,6 +51,7 @@
         "go",
         "plus",
         "pro",
+        "prolite",
         "team",
         "self_serve_business_usage_based",
         "business",

codex-rs/app-server-protocol/schema/json/v2/ItemGuardianApprovalReviewCompletedNotification.json

@@ -222,6 +222,7 @@
         "inProgress",
         "approved",
         "denied",
+        "timedOut",
         "aborted"
       ],
       "type": "string"

codex-rs/app-server-protocol/schema/json/v2/ItemGuardianApprovalReviewStartedNotification.json

@@ -215,6 +215,7 @@
         "inProgress",
         "approved",
         "denied",
+        "timedOut",
         "aborted"
       ],
       "type": "string"

codex-rs/app-server-protocol/schema/json/v2/McpServerToolCallParams.json

@@ -0,0 +1,23 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "properties": {
+    "_meta": true,
+    "arguments": true,
+    "server": {
+      "type": "string"
+    },
+    "threadId": {
+      "type": "string"
+    },
+    "tool": {
+      "type": "string"
+    }
+  },
+  "required": [
+    "server",
+    "threadId",
+    "tool"
+  ],
+  "title": "McpServerToolCallParams",
+  "type": "object"
+}

codex-rs/app-server-protocol/schema/json/v2/McpServerToolCallResponse.json

@@ -0,0 +1,22 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "properties": {
+    "_meta": true,
+    "content": {
+      "items": true,
+      "type": "array"
+    },
+    "isError": {
+      "type": [
+        "boolean",
+        "null"
+      ]
+    },
+    "structuredContent": true
+  },
+  "required": [
+    "content"
+  ],
+  "title": "McpServerToolCallResponse",
+  "type": "object"
+}

codex-rs/app-server-protocol/schema/typescript/ApplyPatchApprovalParams.ts

@@ -4,16 +4,16 @@
 import type { FileChange } from "./FileChange";
 import type { ThreadId } from "./ThreadId";
 
-export type ApplyPatchApprovalParams = { conversationId: ThreadId, 
+export type ApplyPatchApprovalParams = { conversationId: ThreadId,
 /**
  * Use to correlate this with [codex_protocol::protocol::PatchApplyBeginEvent]
  * and [codex_protocol::protocol::PatchApplyEndEvent].
  */
-callId: string, fileChanges: { [key in string]?: FileChange }, 
+callId: string, fileChanges: { [key in string]?: FileChange },
 /**
  * Optional explanatory reason (e.g. request for extra write access).
  */
-reason: string | null, 
+reason: string | null,
 /**
  * When set, the agent is asking the user to allow writes under this root
  * for the remainder of the session (unclear if this is honored today).

codex-rs/app-server-protocol/schema/typescript/ExecCommandApprovalParams.ts

@@ -4,12 +4,12 @@
 import type { ParsedCommand } from "./ParsedCommand";
 import type { ThreadId } from "./ThreadId";
 
-export type ExecCommandApprovalParams = { conversationId: ThreadId, 
+export type ExecCommandApprovalParams = { conversationId: ThreadId,
 /**
  * Use to correlate this with [codex_protocol::protocol::ExecCommandBeginEvent]
  * and [codex_protocol::protocol::ExecCommandEndEvent].
  */
-callId: string, 
+callId: string,
 /**
  * Identifier for this specific approval callback.
  */

codex-rs/app-server-protocol/schema/typescript/InitializeCapabilities.ts

@@ -5,11 +5,11 @@
 /**
  * Client-declared capabilities negotiated during initialize.
  */
-export type InitializeCapabilities = { 
+export type InitializeCapabilities = {
 /**
  * Opt into receiving experimental API methods and fields.
  */
-experimentalApi: boolean, 
+experimentalApi: boolean,
 /**
  * Exact notification method names that should be suppressed for this
  * connection (for example `thread/started`).

codex-rs/app-server-protocol/schema/typescript/InitializeResponse.ts

@@ -3,16 +3,16 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { AbsolutePathBuf } from "./AbsolutePathBuf";
 
-export type InitializeResponse = { userAgent: string, 
+export type InitializeResponse = { userAgent: string,
 /**
  * Absolute path to the server's $CODEX_HOME directory.
  */
-codexHome: AbsolutePathBuf, 
+codexHome: AbsolutePathBuf,
 /**
  * Platform family for the running app-server target, for example
  * `"unix"` or `"windows"`.
  */
-platformFamily: string, 
+platformFamily: string,
 /**
  * Operating system for the running app-server target, for example
  * `"macos"`, `"linux"`, or `"windows"`.

codex-rs/app-server-protocol/schema/typescript/ParsedCommand.ts

@@ -2,7 +2,7 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type ParsedCommand = { "type": "read", cmd: string, name: string, 
+export type ParsedCommand = { "type": "read", cmd: string, name: string,
 /**
  * (Best effort) Path to the file being read by the command. When
  * possible, this is an absolute path, though when relative, it should

codex-rs/app-server-protocol/schema/typescript/PlanType.ts

@@ -2,4 +2,4 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type PlanType = "free" | "go" | "plus" | "pro" | "team" | "self_serve_business_usage_based" | "business" | "enterprise_cbp_usage_based" | "enterprise" | "edu" | "unknown";
+export type PlanType = "free" | "go" | "plus" | "pro" | "prolite" | "team" | "self_serve_business_usage_based" | "business" | "enterprise_cbp_usage_based" | "enterprise" | "edu" | "unknown";

codex-rs/app-server-protocol/schema/typescript/ResourceContent.ts

@@ -6,11 +6,11 @@ import type { JsonValue } from "./serde_json/JsonValue";
 /**
  * Contents returned when reading a resource from an MCP server.
  */
-export type ResourceContent = { 
+export type ResourceContent = {
 /**
  * The URI of this resource.
  */
-uri: string, mimeType?: string, text: string, _meta?: JsonValue, } | { 
+uri: string, mimeType?: string, text: string, _meta?: JsonValue, } | {
 /**
  * The URI of this resource.
  */

codex-rs/app-server-protocol/schema/typescript/ResponseItem.ts

@@ -11,7 +11,7 @@ import type { ReasoningItemContent } from "./ReasoningItemContent";
 import type { ReasoningItemReasoningSummary } from "./ReasoningItemReasoningSummary";
 import type { WebSearchAction } from "./WebSearchAction";
 
-export type ResponseItem = { "type": "message", role: string, content: Array<ContentItem>, end_turn?: boolean, phase?: MessagePhase, } | { "type": "reasoning", summary: Array<ReasoningItemReasoningSummary>, content?: Array<ReasoningItemContent>, encrypted_content: string | null, } | { "type": "local_shell_call", 
+export type ResponseItem = { "type": "message", role: string, content: Array<ContentItem>, end_turn?: boolean, phase?: MessagePhase, } | { "type": "reasoning", summary: Array<ReasoningItemReasoningSummary>, content?: Array<ReasoningItemContent>, encrypted_content: string | null, } | { "type": "local_shell_call",
 /**
  * Set when using the Responses API.
  */

codex-rs/app-server-protocol/schema/typescript/ReviewDecision.ts

@@ -7,4 +7,4 @@ import type { NetworkPolicyAmendment } from "./NetworkPolicyAmendment";
 /**
  * User's decision in response to an ExecApprovalRequest.
  */
-export type ReviewDecision = "approved" | { "approved_execpolicy_amendment": { proposed_execpolicy_amendment: ExecPolicyAmendment, } } | "approved_for_session" | { "network_policy_amendment": { network_policy_amendment: NetworkPolicyAmendment, } } | "denied" | "abort";
+export type ReviewDecision = "approved" | { "approved_execpolicy_amendment": { proposed_execpolicy_amendment: ExecPolicyAmendment, } } | "approved_for_session" | { "network_policy_amendment": { network_policy_amendment: NetworkPolicyAmendment, } } | "denied" | "timed_out" | "abort";

codex-rs/app-server-protocol/schema/typescript/v2/AppInfo.ts

@@ -7,7 +7,7 @@ import type { AppMetadata } from "./AppMetadata";
 /**
  * EXPERIMENTAL - app metadata returned by app-list APIs.
  */
-export type AppInfo = { id: string, name: string, description: string | null, logoUrl: string | null, logoUrlDark: string | null, distributionChannel: string | null, branding: AppBranding | null, appMetadata: AppMetadata | null, labels: { [key in string]?: string } | null, installUrl: string | null, isAccessible: boolean, 
+export type AppInfo = { id: string, name: string, description: string | null, logoUrl: string | null, logoUrlDark: string | null, distributionChannel: string | null, branding: AppBranding | null, appMetadata: AppMetadata | null, labels: { [key in string]?: string } | null, installUrl: string | null, isAccessible: boolean,
 /**
  * Whether this app is enabled in config.toml.
  * Example:

codex-rs/app-server-protocol/schema/typescript/v2/AppsListParams.ts

@@ -5,19 +5,19 @@
 /**
  * EXPERIMENTAL - list available apps/connectors.
  */
-export type AppsListParams = { 
+export type AppsListParams = {
 /**
  * Opaque pagination cursor returned by a previous call.
  */
-cursor?: string | null, 
+cursor?: string | null,
 /**
  * Optional page size; defaults to a reasonable server-side value.
  */
-limit?: number | null, 
+limit?: number | null,
 /**
  * Optional thread id used to evaluate app feature gating from that thread's config.
  */
-threadId?: string | null, 
+threadId?: string | null,
 /**
  * When true, bypass app caches and fetch the latest data from sources.
  */

codex-rs/app-server-protocol/schema/typescript/v2/AppsListResponse.ts

@@ -6,7 +6,7 @@ import type { AppInfo } from "./AppInfo";
 /**
  * EXPERIMENTAL - app list response.
  */
-export type AppsListResponse = { data: Array<AppInfo>, 
+export type AppsListResponse = { data: Array<AppInfo>,
 /**
  * Opaque cursor to pass to the next call to continue after the last item.
  * If None, there are no more items to return.

codex-rs/app-server-protocol/schema/typescript/v2/ChatgptAuthTokensRefreshParams.ts

@@ -3,7 +3,7 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { ChatgptAuthTokensRefreshReason } from "./ChatgptAuthTokensRefreshReason";
 
-export type ChatgptAuthTokensRefreshParams = { reason: ChatgptAuthTokensRefreshReason, 
+export type ChatgptAuthTokensRefreshParams = { reason: ChatgptAuthTokensRefreshReason,
 /**
  * Workspace/account identifier that Codex was previously using.
  *

codex-rs/app-server-protocol/schema/typescript/v2/CommandExecOutputDeltaNotification.ts

@@ -9,20 +9,20 @@ import type { CommandExecOutputStream } from "./CommandExecOutputStream";
  * These notifications are connection-scoped. If the originating connection
  * closes, the server terminates the process.
  */
-export type CommandExecOutputDeltaNotification = { 
+export type CommandExecOutputDeltaNotification = {
 /**
  * Client-supplied, connection-scoped `processId` from the original
  * `command/exec` request.
  */
-processId: string, 
+processId: string,
 /**
  * Output stream for this chunk.
  */
-stream: CommandExecOutputStream, 
+stream: CommandExecOutputStream,
 /**
  * Base64-encoded output bytes.
  */
-deltaBase64: string, 
+deltaBase64: string,
 /**
  * `true` on the final streamed chunk for a stream when `outputBytesCap`
  * truncated later output on that stream.

codex-rs/app-server-protocol/schema/typescript/v2/CommandExecParams.ts

@@ -12,11 +12,11 @@ import type { SandboxPolicy } from "./SandboxPolicy";
  * sent only after all `command/exec/outputDelta` notifications for that
  * connection have been emitted.
  */
-export type CommandExecParams = { 
+export type CommandExecParams = {
 /**
  * Command argv vector. Empty arrays are rejected.
  */
-command: Array<string>, 
+command: Array<string>,
 /**
  * Optional client-supplied, connection-scoped process id.
  *
@@ -25,56 +25,56 @@ command: Array<string>,
  * `command/exec/terminate` calls. When omitted, buffered execution gets an
  * internal id that is not exposed to the client.
  */
-processId?: string | null, 
+processId?: string | null,
 /**
  * Enable PTY mode.
  *
  * This implies `streamStdin` and `streamStdoutStderr`.
  */
-tty?: boolean, 
+tty?: boolean,
 /**
  * Allow follow-up `command/exec/write` requests to write stdin bytes.
  *
  * Requires a client-supplied `processId`.
  */
-streamStdin?: boolean, 
+streamStdin?: boolean,
 /**
  * Stream stdout/stderr via `command/exec/outputDelta` notifications.
  *
  * Streamed bytes are not duplicated into the final response and require a
  * client-supplied `processId`.
  */
-streamStdoutStderr?: boolean, 
+streamStdoutStderr?: boolean,
 /**
  * Optional per-stream stdout/stderr capture cap in bytes.
  *
  * When omitted, the server default applies. Cannot be combined with
  * `disableOutputCap`.
  */
-outputBytesCap?: number | null, 
+outputBytesCap?: number | null,
 /**
  * Disable stdout/stderr capture truncation for this request.
  *
  * Cannot be combined with `outputBytesCap`.
  */
-disableOutputCap?: boolean, 
+disableOutputCap?: boolean,
 /**
  * Disable the timeout entirely for this request.
  *
  * Cannot be combined with `timeoutMs`.
  */
-disableTimeout?: boolean, 
+disableTimeout?: boolean,
 /**
  * Optional timeout in milliseconds.
  *
  * When omitted, the server default applies. Cannot be combined with
  * `disableTimeout`.
  */
-timeoutMs?: number | null, 
+timeoutMs?: number | null,
 /**
  * Optional working directory. Defaults to the server cwd.
  */
-cwd?: string | null, 
+cwd?: string | null,
 /**
  * Optional environment overrides merged into the server-computed
  * environment.
@@ -82,12 +82,12 @@ cwd?: string | null,
  * Matching names override inherited values. Set a key to `null` to unset
  * an inherited variable.
  */
-env?: { [key in string]?: string | null } | null, 
+env?: { [key in string]?: string | null } | null,
 /**
  * Optional initial PTY size in character cells. Only valid when `tty` is
  * true.
  */
-size?: CommandExecTerminalSize | null, 
+size?: CommandExecTerminalSize | null,
 /**
  * Optional sandbox policy for this command.
  *

codex-rs/app-server-protocol/schema/typescript/v2/CommandExecResizeParams.ts

@@ -6,12 +6,12 @@ import type { CommandExecTerminalSize } from "./CommandExecTerminalSize";
 /**
  * Resize a running PTY-backed `command/exec` session.
  */
-export type CommandExecResizeParams = { 
+export type CommandExecResizeParams = {
 /**
  * Client-supplied, connection-scoped `processId` from the original
  * `command/exec` request.
  */
-processId: string, 
+processId: string,
 /**
  * New PTY size in character cells.
  */

codex-rs/app-server-protocol/schema/typescript/v2/CommandExecResponse.ts

@@ -5,17 +5,17 @@
 /**
  * Final buffered result for `command/exec`.
  */
-export type CommandExecResponse = { 
+export type CommandExecResponse = {
 /**
  * Process exit code.
  */
-exitCode: number, 
+exitCode: number,
 /**
  * Buffered stdout capture.
  *
  * Empty when stdout was streamed via `command/exec/outputDelta`.
  */
-stdout: string, 
+stdout: string,
 /**
  * Buffered stderr capture.
  *

codex-rs/app-server-protocol/schema/typescript/v2/CommandExecTerminalSize.ts

@@ -5,11 +5,11 @@
 /**
  * PTY size in character cells for `command/exec` PTY sessions.
  */
-export type CommandExecTerminalSize = { 
+export type CommandExecTerminalSize = {
 /**
  * Terminal height in character cells.
  */
-rows: number, 
+rows: number,
 /**
  * Terminal width in character cells.
  */

codex-rs/app-server-protocol/schema/typescript/v2/CommandExecTerminateParams.ts

@@ -5,7 +5,7 @@
 /**
  * Terminate a running `command/exec` session.
  */
-export type CommandExecTerminateParams = { 
+export type CommandExecTerminateParams = {
 /**
  * Client-supplied, connection-scoped `processId` from the original
  * `command/exec` request.

codex-rs/app-server-protocol/schema/typescript/v2/CommandExecWriteParams.ts

@@ -6,16 +6,16 @@
  * Write stdin bytes to a running `command/exec` session, close stdin, or
  * both.
  */
-export type CommandExecWriteParams = { 
+export type CommandExecWriteParams = {
 /**
  * Client-supplied, connection-scoped `processId` from the original
  * `command/exec` request.
  */
-processId: string, 
+processId: string,
 /**
  * Optional base64-encoded stdin bytes to write.
  */
-deltaBase64?: string | null, 
+deltaBase64?: string | null,
 /**
  * Close stdin after writing `deltaBase64`, if present.
  */

codex-rs/app-server-protocol/schema/typescript/v2/CommandExecutionRequestApprovalParams.ts

@@ -8,7 +8,7 @@ import type { ExecPolicyAmendment } from "./ExecPolicyAmendment";
 import type { NetworkApprovalContext } from "./NetworkApprovalContext";
 import type { NetworkPolicyAmendment } from "./NetworkPolicyAmendment";
 
-export type CommandExecutionRequestApprovalParams = { threadId: string, turnId: string, itemId: string, 
+export type CommandExecutionRequestApprovalParams = { threadId: string, turnId: string, itemId: string,
 /**
  * Unique identifier for this specific approval callback.
  *
@@ -18,39 +18,39 @@ export type CommandExecutionRequestApprovalParams = { threadId: string, turnId:
  * one parent `itemId`, so `approvalId` is a distinct opaque callback id
  * (a UUID) used to disambiguate routing.
  */
-approvalId?: string | null, 
+approvalId?: string | null,
 /**
  * Optional explanatory reason (e.g. request for network access).
  */
-reason?: string | null, 
+reason?: string | null,
 /**
  * Optional context for a managed-network approval prompt.
  */
-networkApprovalContext?: NetworkApprovalContext | null, 
+networkApprovalContext?: NetworkApprovalContext | null,
 /**
  * The command to be executed.
  */
-command?: string | null, 
+command?: string | null,
 /**
  * The command's working directory.
  */
-cwd?: string | null, 
+cwd?: string | null,
 /**
  * Best-effort parsed command actions for friendly display.
  */
-commandActions?: Array<CommandAction> | null, 
+commandActions?: Array<CommandAction> | null,
 /**
  * Optional additional permissions requested for this command.
  */
-additionalPermissions?: AdditionalPermissionProfile | null, 
+additionalPermissions?: AdditionalPermissionProfile | null,
 /**
  * Optional proposed execpolicy amendment to allow similar commands without prompting.
  */
-proposedExecpolicyAmendment?: ExecPolicyAmendment | null, 
+proposedExecpolicyAmendment?: ExecPolicyAmendment | null,
 /**
  * Optional proposed network policy amendments (allow/deny host) for future requests.
  */
-proposedNetworkPolicyAmendments?: Array<NetworkPolicyAmendment> | null, 
+proposedNetworkPolicyAmendments?: Array<NetworkPolicyAmendment> | null,
 /**
  * Ordered list of decisions the client may present for this prompt.
  */

codex-rs/app-server-protocol/schema/typescript/v2/ConfigBatchWriteParams.ts

@@ -3,11 +3,11 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { ConfigEdit } from "./ConfigEdit";
 
-export type ConfigBatchWriteParams = { edits: Array<ConfigEdit>, 
+export type ConfigBatchWriteParams = { edits: Array<ConfigEdit>,
 /**
  * Path to the config file to write; defaults to the user's `config.toml` when omitted.
  */
-filePath?: string | null, expectedVersion?: string | null, 
+filePath?: string | null, expectedVersion?: string | null,
 /**
  * When true, hot-reload the updated user config into all loaded threads after writing.
  */

codex-rs/app-server-protocol/schema/typescript/v2/ConfigLayerSource.ts

@@ -3,12 +3,12 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { AbsolutePathBuf } from "../AbsolutePathBuf";
 
-export type ConfigLayerSource = { "type": "mdm", domain: string, key: string, } | { "type": "system", 
+export type ConfigLayerSource = { "type": "mdm", domain: string, key: string, } | { "type": "system",
 /**
  * This is the path to the system config.toml file, though it is not
  * guaranteed to exist.
  */
-file: AbsolutePathBuf, } | { "type": "user", 
+file: AbsolutePathBuf, } | { "type": "user",
 /**
  * This is the path to the user's config.toml file, though it is not
  * guaranteed to exist.

codex-rs/app-server-protocol/schema/typescript/v2/ConfigReadParams.ts

@@ -2,7 +2,7 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type ConfigReadParams = { includeLayers: boolean, 
+export type ConfigReadParams = { includeLayers: boolean,
 /**
  * Optional working directory to resolve project config layers. If specified,
  * return the effective config as seen from that directory (i.e., including any

codex-rs/app-server-protocol/schema/typescript/v2/ConfigRequirementsReadResponse.ts

@@ -3,7 +3,7 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { ConfigRequirements } from "./ConfigRequirements";
 
-export type ConfigRequirementsReadResponse = { 
+export type ConfigRequirementsReadResponse = {
 /**
  * Null if no requirements are configured (e.g. no requirements.toml/MDM entries).
  */

codex-rs/app-server-protocol/schema/typescript/v2/ConfigValueWriteParams.ts

@@ -4,7 +4,7 @@
 import type { JsonValue } from "../serde_json/JsonValue";
 import type { MergeStrategy } from "./MergeStrategy";
 
-export type ConfigValueWriteParams = { keyPath: string, value: JsonValue, mergeStrategy: MergeStrategy, 
+export type ConfigValueWriteParams = { keyPath: string, value: JsonValue, mergeStrategy: MergeStrategy,
 /**
  * Path to the config file to write; defaults to the user's `config.toml` when omitted.
  */

codex-rs/app-server-protocol/schema/typescript/v2/ConfigWarningNotification.ts

@@ -3,19 +3,19 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { TextRange } from "./TextRange";
 
-export type ConfigWarningNotification = { 
+export type ConfigWarningNotification = {
 /**
  * Concise summary of the warning.
  */
-summary: string, 
+summary: string,
 /**
  * Optional extra guidance or error details.
  */
-details: string | null, 
+details: string | null,
 /**
  * Optional path to the config file that triggered the warning.
  */
-path?: string, 
+path?: string,
 /**
  * Optional range for the error location inside the config file.
  */

codex-rs/app-server-protocol/schema/typescript/v2/ConfigWriteResponse.ts

@@ -5,7 +5,7 @@ import type { AbsolutePathBuf } from "../AbsolutePathBuf";
 import type { OverriddenMetadata } from "./OverriddenMetadata";
 import type { WriteStatus } from "./WriteStatus";
 
-export type ConfigWriteResponse = { status: WriteStatus, version: string, 
+export type ConfigWriteResponse = { status: WriteStatus, version: string,
 /**
  * Canonical path to the config file that was written.
  */

codex-rs/app-server-protocol/schema/typescript/v2/DeprecationNoticeNotification.ts

@@ -2,11 +2,11 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type DeprecationNoticeNotification = { 
+export type DeprecationNoticeNotification = {
 /**
  * Concise summary of what is deprecated.
  */
-summary: string, 
+summary: string,
 /**
  * Optional extra guidance, such as migration steps or rationale.
  */

codex-rs/app-server-protocol/schema/typescript/v2/ExperimentalFeature.ts

@@ -3,34 +3,34 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { ExperimentalFeatureStage } from "./ExperimentalFeatureStage";
 
-export type ExperimentalFeature = { 
+export type ExperimentalFeature = {
 /**
  * Stable key used in config.toml and CLI flag toggles.
  */
-name: string, 
+name: string,
 /**
  * Lifecycle stage of this feature flag.
  */
-stage: ExperimentalFeatureStage, 
+stage: ExperimentalFeatureStage,
 /**
  * User-facing display name shown in the experimental features UI.
  * Null when this feature is not in beta.
  */
-displayName: string | null, 
+displayName: string | null,
 /**
  * Short summary describing what the feature does.
  * Null when this feature is not in beta.
  */
-description: string | null, 
+description: string | null,
 /**
  * Announcement copy shown to users when the feature is introduced.
  * Null when this feature is not in beta.
  */
-announcement: string | null, 
+announcement: string | null,
 /**
  * Whether this feature is currently enabled in the loaded config.
  */
-enabled: boolean, 
+enabled: boolean,
 /**
  * Whether this feature is enabled by default.
  */

codex-rs/app-server-protocol/schema/typescript/v2/ExperimentalFeatureEnablementSetParams.ts

@@ -2,7 +2,7 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type ExperimentalFeatureEnablementSetParams = { 
+export type ExperimentalFeatureEnablementSetParams = {
 /**
  * Process-wide runtime feature enablement keyed by canonical feature name.
  *

codex-rs/app-server-protocol/schema/typescript/v2/ExperimentalFeatureEnablementSetResponse.ts

@@ -2,7 +2,7 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type ExperimentalFeatureEnablementSetResponse = { 
+export type ExperimentalFeatureEnablementSetResponse = {
 /**
  * Feature enablement entries updated by this request.
  */

codex-rs/app-server-protocol/schema/typescript/v2/ExperimentalFeatureListParams.ts

@@ -2,11 +2,11 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type ExperimentalFeatureListParams = { 
+export type ExperimentalFeatureListParams = {
 /**
  * Opaque pagination cursor returned by a previous call.
  */
-cursor?: string | null, 
+cursor?: string | null,
 /**
  * Optional page size; defaults to a reasonable server-side value.
  */

codex-rs/app-server-protocol/schema/typescript/v2/ExperimentalFeatureListResponse.ts

@@ -3,7 +3,7 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { ExperimentalFeature } from "./ExperimentalFeature";
 
-export type ExperimentalFeatureListResponse = { data: Array<ExperimentalFeature>, 
+export type ExperimentalFeatureListResponse = { data: Array<ExperimentalFeature>,
 /**
  * Opaque cursor to pass to the next call to continue after the last item.
  * If None, there are no more items to return.

codex-rs/app-server-protocol/schema/typescript/v2/ExternalAgentConfigDetectParams.ts

@@ -2,11 +2,11 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type ExternalAgentConfigDetectParams = { 
+export type ExternalAgentConfigDetectParams = {
 /**
  * If true, include detection under the user's home (~/.claude, ~/.codex, etc.).
  */
-includeHome?: boolean, 
+includeHome?: boolean,
 /**
  * Zero or more working directories to include for repo-scoped detection.
  */

codex-rs/app-server-protocol/schema/typescript/v2/ExternalAgentConfigMigrationItem.ts

@@ -3,7 +3,7 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { ExternalAgentConfigMigrationItemType } from "./ExternalAgentConfigMigrationItemType";
 
-export type ExternalAgentConfigMigrationItem = { itemType: ExternalAgentConfigMigrationItemType, description: string, 
+export type ExternalAgentConfigMigrationItem = { itemType: ExternalAgentConfigMigrationItemType, description: string,
 /**
  * Null or empty means home-scoped migration; non-empty means repo-scoped migration.
  */

codex-rs/app-server-protocol/schema/typescript/v2/FeedbackUploadParams.ts

@@ -2,4 +2,4 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type FeedbackUploadParams = { classification: string, reason?: string | null, threadId?: string | null, includeLogs: boolean, extraLogFiles?: Array<string> | null, };
+export type FeedbackUploadParams = { classification: string, reason?: string | null, threadId?: string | null, includeLogs: boolean, extraLogFiles?: Array<string> | null, tags?: { [key in string]?: string } | null, };

codex-rs/app-server-protocol/schema/typescript/v2/FileChangeRequestApprovalParams.ts

@@ -2,11 +2,11 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type FileChangeRequestApprovalParams = { threadId: string, turnId: string, itemId: string, 
+export type FileChangeRequestApprovalParams = { threadId: string, turnId: string, itemId: string,
 /**
  * Optional explanatory reason (e.g. request for extra write access).
  */
-reason?: string | null, 
+reason?: string | null,
 /**
  * [UNSTABLE] When set, the agent is asking the user to allow writes under this root
  * for the remainder of the session (unclear if this is honored today).

codex-rs/app-server-protocol/schema/typescript/v2/FsChangedNotification.ts

@@ -6,11 +6,11 @@ import type { AbsolutePathBuf } from "../AbsolutePathBuf";
 /**
  * Filesystem watch notification emitted for `fs/watch` subscribers.
  */
-export type FsChangedNotification = { 
+export type FsChangedNotification = {
 /**
  * Watch identifier previously provided to `fs/watch`.
  */
-watchId: string, 
+watchId: string,
 /**
  * File or directory paths associated with this event.
  */

codex-rs/app-server-protocol/schema/typescript/v2/FsCopyParams.ts

@@ -6,15 +6,15 @@ import type { AbsolutePathBuf } from "../AbsolutePathBuf";
 /**
  * Copy a file or directory tree on the host filesystem.
  */
-export type FsCopyParams = { 
+export type FsCopyParams = {
 /**
  * Absolute source path.
  */
-sourcePath: AbsolutePathBuf, 
+sourcePath: AbsolutePathBuf,
 /**
  * Absolute destination path.
  */
-destinationPath: AbsolutePathBuf, 
+destinationPath: AbsolutePathBuf,
 /**
  * Required for directory copies; ignored for file copies.
  */

codex-rs/app-server-protocol/schema/typescript/v2/FsCreateDirectoryParams.ts

@@ -6,11 +6,11 @@ import type { AbsolutePathBuf } from "../AbsolutePathBuf";
 /**
  * Create a directory on the host filesystem.
  */
-export type FsCreateDirectoryParams = { 
+export type FsCreateDirectoryParams = {
 /**
  * Absolute directory path to create.
  */
-path: AbsolutePathBuf, 
+path: AbsolutePathBuf,
 /**
  * Whether parent directories should also be created. Defaults to `true`.
  */

codex-rs/app-server-protocol/schema/typescript/v2/FsGetMetadataParams.ts

@@ -6,7 +6,7 @@ import type { AbsolutePathBuf } from "../AbsolutePathBuf";
 /**
  * Request metadata for an absolute path.
  */
-export type FsGetMetadataParams = { 
+export type FsGetMetadataParams = {
 /**
  * Absolute path to inspect.
  */

codex-rs/app-server-protocol/schema/typescript/v2/FsGetMetadataResponse.ts

@@ -5,19 +5,19 @@
 /**
  * Metadata returned by `fs/getMetadata`.
  */
-export type FsGetMetadataResponse = { 
+export type FsGetMetadataResponse = {
 /**
  * Whether the path currently resolves to a directory.
  */
-isDirectory: boolean, 
+isDirectory: boolean,
 /**
  * Whether the path currently resolves to a regular file.
  */
-isFile: boolean, 
+isFile: boolean,
 /**
  * File creation time in Unix milliseconds when available, otherwise `0`.
  */
-createdAtMs: number, 
+createdAtMs: number,
 /**
  * File modification time in Unix milliseconds when available, otherwise `0`.
  */

codex-rs/app-server-protocol/schema/typescript/v2/FsReadDirectoryEntry.ts

@@ -5,15 +5,15 @@
 /**
  * A directory entry returned by `fs/readDirectory`.
  */
-export type FsReadDirectoryEntry = { 
+export type FsReadDirectoryEntry = {
 /**
  * Direct child entry name only, not an absolute or relative path.
  */
-fileName: string, 
+fileName: string,
 /**
  * Whether this entry resolves to a directory.
  */
-isDirectory: boolean, 
+isDirectory: boolean,
 /**
  * Whether this entry resolves to a regular file.
  */

codex-rs/app-server-protocol/schema/typescript/v2/FsReadDirectoryParams.ts

@@ -6,7 +6,7 @@ import type { AbsolutePathBuf } from "../AbsolutePathBuf";
 /**
  * List direct child names for a directory.
  */
-export type FsReadDirectoryParams = { 
+export type FsReadDirectoryParams = {
 /**
  * Absolute directory path to read.
  */

codex-rs/app-server-protocol/schema/typescript/v2/FsReadDirectoryResponse.ts

@@ -6,7 +6,7 @@ import type { FsReadDirectoryEntry } from "./FsReadDirectoryEntry";
 /**
  * Directory entries returned by `fs/readDirectory`.
  */
-export type FsReadDirectoryResponse = { 
+export type FsReadDirectoryResponse = {
 /**
  * Direct child entries in the requested directory.
  */

codex-rs/app-server-protocol/schema/typescript/v2/FsReadFileParams.ts

@@ -6,7 +6,7 @@ import type { AbsolutePathBuf } from "../AbsolutePathBuf";
 /**
  * Read a file from the host filesystem.
  */
-export type FsReadFileParams = { 
+export type FsReadFileParams = {
 /**
  * Absolute path to read.
  */

codex-rs/app-server-protocol/schema/typescript/v2/FsReadFileResponse.ts

@@ -5,7 +5,7 @@
 /**
  * Base64-encoded file contents returned by `fs/readFile`.
  */
-export type FsReadFileResponse = { 
+export type FsReadFileResponse = {
 /**
  * File contents encoded as base64.
  */

codex-rs/app-server-protocol/schema/typescript/v2/FsRemoveParams.ts

@@ -6,15 +6,15 @@ import type { AbsolutePathBuf } from "../AbsolutePathBuf";
 /**
  * Remove a file or directory tree from the host filesystem.
  */
-export type FsRemoveParams = { 
+export type FsRemoveParams = {
 /**
  * Absolute path to remove.
  */
-path: AbsolutePathBuf, 
+path: AbsolutePathBuf,
 /**
  * Whether directory removal should recurse. Defaults to `true`.
  */
-recursive?: boolean | null, 
+recursive?: boolean | null,
 /**
  * Whether missing paths should be ignored. Defaults to `true`.
  */

codex-rs/app-server-protocol/schema/typescript/v2/FsUnwatchParams.ts

@@ -5,7 +5,7 @@
 /**
  * Stop filesystem watch notifications for a prior `fs/watch`.
  */
-export type FsUnwatchParams = { 
+export type FsUnwatchParams = {
 /**
  * Watch identifier previously provided to `fs/watch`.
  */

codex-rs/app-server-protocol/schema/typescript/v2/FsWatchParams.ts

@@ -6,11 +6,11 @@ import type { AbsolutePathBuf } from "../AbsolutePathBuf";
 /**
  * Start filesystem watch notifications for an absolute path.
  */
-export type FsWatchParams = { 
+export type FsWatchParams = {
 /**
  * Connection-scoped watch identifier used for `fs/unwatch` and `fs/changed`.
  */
-watchId: string, 
+watchId: string,
 /**
  * Absolute file or directory path to watch.
  */

codex-rs/app-server-protocol/schema/typescript/v2/FsWatchResponse.ts

@@ -6,7 +6,7 @@ import type { AbsolutePathBuf } from "../AbsolutePathBuf";
 /**
  * Successful response for `fs/watch`.
  */
-export type FsWatchResponse = { 
+export type FsWatchResponse = {
 /**
  * Canonicalized path associated with the watch.
  */

codex-rs/app-server-protocol/schema/typescript/v2/FsWriteFileParams.ts

@@ -6,11 +6,11 @@ import type { AbsolutePathBuf } from "../AbsolutePathBuf";
 /**
  * Write a file on the host filesystem.
  */
-export type FsWriteFileParams = { 
+export type FsWriteFileParams = {
 /**
  * Absolute path to write.
  */
-path: AbsolutePathBuf, 
+path: AbsolutePathBuf,
 /**
  * File contents encoded as base64.
  */

codex-rs/app-server-protocol/schema/typescript/v2/GetAccountParams.ts

@@ -2,7 +2,7 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type GetAccountParams = { 
+export type GetAccountParams = {
 /**
  * When `true`, requests a proactive token refresh before returning.
  *

codex-rs/app-server-protocol/schema/typescript/v2/GetAccountRateLimitsResponse.ts

@@ -3,11 +3,11 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { RateLimitSnapshot } from "./RateLimitSnapshot";
 
-export type GetAccountRateLimitsResponse = { 
+export type GetAccountRateLimitsResponse = {
 /**
  * Backward-compatible single-bucket view; mirrors the historical payload.
  */
-rateLimits: RateLimitSnapshot, 
+rateLimits: RateLimitSnapshot,
 /**
  * Multi-bucket view keyed by metered `limit_id` (for example, `codex`).
  */

codex-rs/app-server-protocol/schema/typescript/v2/GuardianApprovalReviewStatus.ts

@@ -5,4 +5,4 @@
 /**
  * [UNSTABLE] Lifecycle state for a guardian approval review.
  */
-export type GuardianApprovalReviewStatus = "inProgress" | "approved" | "denied" | "aborted";
+export type GuardianApprovalReviewStatus = "inProgress" | "approved" | "denied" | "timedOut" | "aborted";

codex-rs/app-server-protocol/schema/typescript/v2/ItemGuardianApprovalReviewCompletedNotification.ts

@@ -9,11 +9,11 @@ import type { GuardianApprovalReviewAction } from "./GuardianApprovalReviewActio
  * [UNSTABLE] Temporary notification payload for guardian automatic approval
  * review. This shape is expected to change soon.
  */
-export type ItemGuardianApprovalReviewCompletedNotification = { threadId: string, turnId: string, 
+export type ItemGuardianApprovalReviewCompletedNotification = { threadId: string, turnId: string,
 /**
  * Stable identifier for this review.
  */
-reviewId: string, 
+reviewId: string,
 /**
  * Identifier for the reviewed item or tool call when one exists.
  *

codex-rs/app-server-protocol/schema/typescript/v2/ItemGuardianApprovalReviewStartedNotification.ts

@@ -8,11 +8,11 @@ import type { GuardianApprovalReviewAction } from "./GuardianApprovalReviewActio
  * [UNSTABLE] Temporary notification payload for guardian automatic approval
  * review. This shape is expected to change soon.
  */
-export type ItemGuardianApprovalReviewStartedNotification = { threadId: string, turnId: string, 
+export type ItemGuardianApprovalReviewStartedNotification = { threadId: string, turnId: string,
 /**
  * Stable identifier for this review.
  */
-reviewId: string, 
+reviewId: string,
 /**
  * Identifier for the reviewed item or tool call when one exists.
  *

codex-rs/app-server-protocol/schema/typescript/v2/ListMcpServerStatusParams.ts

@@ -3,15 +3,15 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { McpServerStatusDetail } from "./McpServerStatusDetail";
 
-export type ListMcpServerStatusParams = { 
+export type ListMcpServerStatusParams = {
 /**
  * Opaque pagination cursor returned by a previous call.
  */
-cursor?: string | null, 
+cursor?: string | null,
 /**
  * Optional page size; defaults to a server-defined value.
  */
-limit?: number | null, 
+limit?: number | null,
 /**
  * Controls how much MCP inventory data to fetch for each server.
  * Defaults to `Full` when omitted.

codex-rs/app-server-protocol/schema/typescript/v2/ListMcpServerStatusResponse.ts

@@ -3,7 +3,7 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { McpServerStatus } from "./McpServerStatus";
 
-export type ListMcpServerStatusResponse = { data: Array<McpServerStatus>, 
+export type ListMcpServerStatusResponse = { data: Array<McpServerStatus>,
 /**
  * Opaque cursor to pass to the next call to continue after the last item.
  * If None, there are no more items to return.

codex-rs/app-server-protocol/schema/typescript/v2/LoginAccountParams.ts

@@ -2,16 +2,16 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type LoginAccountParams = { "type": "apiKey", apiKey: string, } | { "type": "chatgpt" } | { "type": "chatgptDeviceCode" } | { "type": "chatgptAuthTokens", 
+export type LoginAccountParams = { "type": "apiKey", apiKey: string, } | { "type": "chatgpt" } | { "type": "chatgptDeviceCode" } | { "type": "chatgptAuthTokens",
 /**
  * Access token (JWT) supplied by the client.
  * This token is used for backend API requests and email extraction.
  */
-accessToken: string, 
+accessToken: string,
 /**
  * Workspace/account identifier supplied by the client.
  */
-chatgptAccountId: string, 
+chatgptAccountId: string,
 /**
  * Optional plan type supplied by the client.
  *

codex-rs/app-server-protocol/schema/typescript/v2/LoginAccountResponse.ts

@@ -2,15 +2,15 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type LoginAccountResponse = { "type": "apiKey", } | { "type": "chatgpt", loginId: string, 
+export type LoginAccountResponse = { "type": "apiKey", } | { "type": "chatgpt", loginId: string,
 /**
  * URL the client should open in a browser to initiate the OAuth flow.
  */
-authUrl: string, } | { "type": "chatgptDeviceCode", loginId: string, 
+authUrl: string, } | { "type": "chatgptDeviceCode", loginId: string,
 /**
  * URL the client should open in a browser to complete device code authorization.
  */
-verificationUrl: string, 
+verificationUrl: string,
 /**
  * One-time code the user must enter after signing in.
  */

codex-rs/app-server-protocol/schema/typescript/v2/McpServerElicitationRequestParams.ts

@@ -4,7 +4,7 @@
 import type { JsonValue } from "../serde_json/JsonValue";
 import type { McpElicitationSchema } from "./McpElicitationSchema";
 
-export type McpServerElicitationRequestParams = { threadId: string, 
+export type McpServerElicitationRequestParams = { threadId: string,
 /**
  * Active Codex turn when this elicitation was observed, if app-server could correlate one.
  *

codex-rs/app-server-protocol/schema/typescript/v2/McpServerElicitationRequestResponse.ts

@@ -4,13 +4,13 @@
 import type { JsonValue } from "../serde_json/JsonValue";
 import type { McpServerElicitationAction } from "./McpServerElicitationAction";
 
-export type McpServerElicitationRequestResponse = { action: McpServerElicitationAction, 
+export type McpServerElicitationRequestResponse = { action: McpServerElicitationAction,
 /**
  * Structured user input for accepted elicitations, mirroring RMCP `CreateElicitationResult`.
  *
  * This is nullable because decline/cancel responses have no content.
  */
-content: JsonValue | null, 
+content: JsonValue | null,
 /**
  * Optional client metadata for form-mode action handling.
  */

codex-rs/app-server-protocol/schema/typescript/v2/McpServerToolCallParams.ts

@@ -0,0 +1,6 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { JsonValue } from "../serde_json/JsonValue";
+
+export type McpServerToolCallParams = { threadId: string, server: string, tool: string, arguments?: JsonValue, _meta?: JsonValue, };

codex-rs/app-server-protocol/schema/typescript/v2/McpServerToolCallResponse.ts

@@ -0,0 +1,6 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { JsonValue } from "../serde_json/JsonValue";
+
+export type McpServerToolCallResponse = { content: Array<JsonValue>, structuredContent?: JsonValue, isError?: boolean, _meta?: JsonValue, };

codex-rs/app-server-protocol/schema/typescript/v2/ModelListParams.ts

@@ -2,15 +2,15 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type ModelListParams = { 
+export type ModelListParams = {
 /**
  * Opaque pagination cursor returned by a previous call.
  */
-cursor?: string | null, 
+cursor?: string | null,
 /**
  * Optional page size; defaults to a reasonable server-side value.
  */
-limit?: number | null, 
+limit?: number | null,
 /**
  * When true, include models that are hidden from the default picker list.
  */

codex-rs/app-server-protocol/schema/typescript/v2/ModelListResponse.ts

@@ -3,7 +3,7 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { Model } from "./Model";
 
-export type ModelListResponse = { data: Array<Model>, 
+export type ModelListResponse = { data: Array<Model>,
 /**
  * Opaque cursor to pass to the next call to continue after the last item.
  * If None, there are no more items to return.

codex-rs/app-server-protocol/schema/typescript/v2/NetworkRequirements.ts

@@ -4,28 +4,28 @@
 import type { NetworkDomainPermission } from "./NetworkDomainPermission";
 import type { NetworkUnixSocketPermission } from "./NetworkUnixSocketPermission";
 
-export type NetworkRequirements = { enabled: boolean | null, httpPort: number | null, socksPort: number | null, allowUpstreamProxy: boolean | null, dangerouslyAllowNonLoopbackProxy: boolean | null, dangerouslyAllowAllUnixSockets: boolean | null, 
+export type NetworkRequirements = { enabled: boolean | null, httpPort: number | null, socksPort: number | null, allowUpstreamProxy: boolean | null, dangerouslyAllowNonLoopbackProxy: boolean | null, dangerouslyAllowAllUnixSockets: boolean | null,
 /**
  * Canonical network permission map for `experimental_network`.
  */
-domains: { [key in string]?: NetworkDomainPermission } | null, 
+domains: { [key in string]?: NetworkDomainPermission } | null,
 /**
  * When true, only managed allowlist entries are respected while managed
  * network enforcement is active.
  */
-managedAllowedDomainsOnly: boolean | null, 
+managedAllowedDomainsOnly: boolean | null,
 /**
  * Legacy compatibility view derived from `domains`.
  */
-allowedDomains: Array<string> | null, 
+allowedDomains: Array<string> | null,
 /**
  * Legacy compatibility view derived from `domains`.
  */
-deniedDomains: Array<string> | null, 
+deniedDomains: Array<string> | null,
 /**
  * Canonical unix socket permission map for `experimental_network`.
  */
-unixSockets: { [key in string]?: NetworkUnixSocketPermission } | null, 
+unixSockets: { [key in string]?: NetworkUnixSocketPermission } | null,
 /**
  * Legacy compatibility view derived from `unix_sockets`.
  */

codex-rs/app-server-protocol/schema/typescript/v2/PluginInstallParams.ts

@@ -3,7 +3,7 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { AbsolutePathBuf } from "../AbsolutePathBuf";
 
-export type PluginInstallParams = { marketplacePath: AbsolutePathBuf, pluginName: string, 
+export type PluginInstallParams = { marketplacePath: AbsolutePathBuf, pluginName: string,
 /**
  * When true, apply the remote plugin change before the local install flow.
  */

codex-rs/app-server-protocol/schema/typescript/v2/PluginInterface.ts

@@ -3,7 +3,7 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { AbsolutePathBuf } from "../AbsolutePathBuf";
 
-export type PluginInterface = { displayName: string | null, shortDescription: string | null, longDescription: string | null, developerName: string | null, category: string | null, capabilities: Array<string>, websiteUrl: string | null, privacyPolicyUrl: string | null, termsOfServiceUrl: string | null, 
+export type PluginInterface = { displayName: string | null, shortDescription: string | null, longDescription: string | null, developerName: string | null, category: string | null, capabilities: Array<string>, websiteUrl: string | null, privacyPolicyUrl: string | null, termsOfServiceUrl: string | null,
 /**
  * Starter prompts for the plugin. Capped at 3 entries with a maximum of
  * 128 characters per entry.

codex-rs/app-server-protocol/schema/typescript/v2/PluginListParams.ts

@@ -3,12 +3,12 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { AbsolutePathBuf } from "../AbsolutePathBuf";
 
-export type PluginListParams = { 
+export type PluginListParams = {
 /**
  * Optional working directories used to discover repo marketplaces. When omitted,
  * only home-scoped marketplaces and the official curated marketplace are considered.
  */
-cwds?: Array<AbsolutePathBuf> | null, 
+cwds?: Array<AbsolutePathBuf> | null,
 /**
  * When true, reconcile the official curated marketplace against the remote plugin state
  * before listing marketplaces.

codex-rs/app-server-protocol/schema/typescript/v2/PluginUninstallParams.ts

@@ -2,7 +2,7 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type PluginUninstallParams = { pluginId: string, 
+export type PluginUninstallParams = { pluginId: string,
 /**
  * When true, apply the remote plugin change before the local uninstall flow.
  */