chore: remove duplicate mcp-types declaration in Cargo.toml

2026-03-06 22:15:30 +03:00 · 2026-02-01 09:01:20 -08:00
1361 changed files with 26641 additions and 171356 deletions
--- a/.bazelrc
+++ b/.bazelrc
@@ -15,8 +15,8 @@ common --experimental_platform_in_output_dir
 common --noenable_runfiles

 common --enable_platform_specific_config
-common:linux --host_platform=//:local_linux
-common:windows --host_platform=//:local_windows
+# TODO(zbarsky): We need to untangle these libc constraints to get linux remote builds working.
+common:linux --host_platform=//:local
 common --@rules_cc//cc/toolchains/args/archiver_flags:use_libtool_on_macos=False
 common --@toolchains_llvm_bootstrapped//config:experimental_stub_libgcc_s

@@ -28,14 +28,7 @@ common:windows --@rules_rust//rust/settings:experimental_use_sh_toolchain_for_bo

 common --incompatible_strict_action_env
 # Not ideal, but We need to allow dotslash to be found
-common:linux --test_env=PATH=/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin
-common:macos --test_env=PATH=/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin
-
-# Pass through some env vars Windows needs to use powershell?
-common:windows --test_env=PATH
-common:windows --test_env=SYSTEMROOT
-common:windows --test_env=COMSPEC
-common:windows --test_env=WINDIR
+common --test_env=PATH=/opt/homebrew/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin

 common --test_output=errors
 common --bes_results_url=https://app.buildbuddy.io/invocation/
--- a/.codespellrc
+++ b/.codespellrc
@@ -1,6 +1,6 @@
 [codespell]
 # Ref: https://github.com/codespell-project/codespell#using-a-config-file
-skip = .git*,vendor,*-lock.yaml,*.lock,.codespellrc,*test.ts,*.jsonl,frame*.txt,*.snap,*.snap.new,*meriyah.umd.min.js
+skip = .git*,vendor,*-lock.yaml,*.lock,.codespellrc,*test.ts,*.jsonl,frame*.txt,*.snap,*.snap.new
 check-hidden = true
 ignore-regex = ^\s*"image/\S+": ".*|\b(afterAll)\b
 ignore-words-list = ratatui,ser,iTerm,iterm2,iterm
--- a/.codex/skills/test-tui/SKILL.md
+++ b/.codex/skills/test-tui/SKILL.md
@@ -1,14 +0,0 @@
---
-name: test-tui
-description: Guide for testing Codex TUI interactively
---
-
-You can start and use Codex TUI to verify changes. 
-
-Important notes:
-
-Start interactively.
-Always set RUST_LOG="trace" when starting the process.
-Pass `-c log_dir=<some_temp_dir>` argument to have logs written to a specific directory to help with debugging.
-When sending a test message programmatically, send text first, then send Enter in a separate write (do not send text + Enter in one burst).
-Use `just codex` target to run - `just codex -c ...`
--- a/.github/ISSUE_TEMPLATE/1-codex-app.yml
+++ b/.github/ISSUE_TEMPLATE/1-codex-app.yml
@@ -1,47 +0,0 @@
-name: 🖥️ Codex App Bug
-description: Report an issue with the Codex App
-labels:
-  - app
-body:
-  - type: markdown
-    attributes:
-      value: |
-        Before submitting a new issue, please search for existing issues to see if your issue has already been reported.
-        If it has, please add a 👍 reaction (no need to leave a comment) to the existing issue instead of creating a new one.
-
-  - type: input
-    id: version
-    attributes:
-      label: What version of the Codex App are you using (From “About Codex” dialog)?
-    validations:
-      required: true
-  - type: input
-    id: plan
-    attributes:
-      label: What subscription do you have?
-    validations:
-      required: true
-  - type: textarea
-    id: actual
-    attributes:
-      label: What issue are you seeing?
-      description: Please include the full error messages and prompts with PII redacted. If possible, please provide text instead of a screenshot.
-    validations:
-      required: true
-  - type: textarea
-    id: steps
-    attributes:
-      label: What steps can reproduce the bug?
-      description: Explain the bug and provide a code snippet that can reproduce it. Please include session id, token limit usage, context window usage if applicable.
-    validations:
-      required: true
-  - type: textarea
-    id: expected
-    attributes:
-      label: What is the expected behavior?
-      description: If possible, please provide text instead of a screenshot.
-  - type: textarea
-    id: notes
-    attributes:
-      label: Additional information
-      description: Is there anything else you think we should know?
--- a/.github/ISSUE_TEMPLATE/2-bug-report.yml
+++ b/.github/ISSUE_TEMPLATE/2-bug-report.yml
@@ -1,5 +1,5 @@
-name: 💻 CLI Bug
-description: Report an issue in the Codex CLI
+name: 🪲 Bug Report
+description: Report an issue that should be fixed
 labels:
  - bug
  - needs triage
@@ -7,16 +7,19 @@ body:
  - type: markdown
    attributes:
      value: |
-        Before submitting a new issue, please search for existing issues to see if your issue has already been reported.
-        If it has, please add a 👍 reaction (no need to leave a comment) to the existing issue instead of creating a new one.
+        Thank you for submitting a bug report! It helps make Codex better for everyone.
+
+        If you need help or support using Codex, and are not reporting a bug, please post on [codex/discussions](https://github.com/openai/codex/discussions), where you can ask questions or engage with others on ideas for how to improve codex.

        Make sure you are running the [latest](https://npmjs.com/package/@openai/codex) version of Codex CLI. The bug you are experiencing may already have been fixed.

+        Please try to include as much information as possible.
+
  - type: input
    id: version
    attributes:
-      label: What version of Codex CLI is running?
-      description: use `codex --version`
+      label: What version of Codex is running?
+      description: Copy the output of `codex --version`
    validations:
      required: true
  - type: input
@@ -29,13 +32,13 @@ body:
    id: model
    attributes:
      label: Which model were you using?
-      description: Like `gpt-5.2`, `gpt-5.2-codex`, etc.
+      description: Like `gpt-4.1`, `o4-mini`, `o3`, etc.
  - type: input
    id: platform
    attributes:
      label: What platform is your computer?
      description: |
-        For macOS and Linux: copy the output of `uname -mprs`
+        For MacOS and Linux: copy the output of `uname -mprs`
        For Windows: copy the output of `"$([Environment]::OSVersion | ForEach-Object VersionString) $(if ([Environment]::Is64BitOperatingSystem) { "x64" } else { "x86" })"` in the PowerShell console
  - type: input
    id: terminal
@@ -55,7 +58,7 @@ body:
    id: steps
    attributes:
      label: What steps can reproduce the bug?
-      description: Explain the bug and provide a code snippet that can reproduce it. Please include thread id if applicable.
+      description: Explain the bug and provide a code snippet that can reproduce it. Please include session id, token limit usage, context window usage if applicable.
    validations:
      required: true
  - type: textarea
--- a/.github/ISSUE_TEMPLATE/3-docs-issue.yml
+++ b/.github/ISSUE_TEMPLATE/3-docs-issue.yml
--- a/.github/ISSUE_TEMPLATE/4-bug-report.yml
+++ b/.github/ISSUE_TEMPLATE/4-bug-report.yml
@@ -1,37 +0,0 @@
-name: 🪲 Other Bug
-description: Report an issue in Codex Web, integrations, or other Codex components
-labels:
-  - bug
-body:
-  - type: markdown
-    attributes:
-      value: |
-        Before submitting a new issue, please search for existing issues to see if your issue has already been reported.
-        If it has, please add a 👍 reaction (no need to leave a comment) to the existing issue instead of creating a new one.
-
-        If you need help or support using Codex and are not reporting a bug, please post on [codex/discussions](https://github.com/openai/codex/discussions), where you can ask questions or engage with others on ideas for how to improve codex.
-
-  - type: textarea
-    id: actual
-    attributes:
-      label: What issue are you seeing?
-      description: Please include the full error messages and prompts with PII redacted. If possible, please provide text instead of a screenshot.
-    validations:
-      required: true
-  - type: textarea
-    id: steps
-    attributes:
-      label: What steps can reproduce the bug?
-      description: Explain the bug and provide a code snippet that can reproduce it.
-    validations:
-      required: true
-  - type: textarea
-    id: expected
-    attributes:
-      label: What is the expected behavior?
-      description: If possible, please provide text instead of a screenshot.
-  - type: textarea
-    id: notes
-    attributes:
-      label: Additional information
-      description: Is there anything else you think we should know?
--- a/.github/ISSUE_TEMPLATE/4-feature-request.yml
+++ b/.github/ISSUE_TEMPLATE/4-feature-request.yml
@@ -12,13 +12,6 @@ body:
        1. Search existing issues for similar features. If you find one, 👍 it rather than opening a new one.
        2. The Codex team will try to balance the varying needs of the community when prioritizing or rejecting new features. Not all features will be accepted. See [Contributing](https://github.com/openai/codex#contributing) for more details.

-  - type: input
-    id: variant
-    attributes:
-      label: What variant of Codex are you using?
-      description: (e.g., App, IDE Extension, CLI, Web)
-    validations:
-      required: true
  - type: textarea
    id: feature
    attributes:
--- a/.github/ISSUE_TEMPLATE/5-vs-code-extension.yml
+++ b/.github/ISSUE_TEMPLATE/5-vs-code-extension.yml
@@ -1,7 +1,8 @@
-name: 🧑‍💻 IDE Extension Bug
-description: Report an issue with the IDE extension
+name: 🧑‍💻 VS Code Extension
+description: Report an issue with the VS Code extension
 labels:
  - extension
+  - needs triage
 body:
  - type: markdown
    attributes:
@@ -12,7 +13,7 @@ body:
  - type: input
    id: version
    attributes:
-      label: What version of the IDE extension are you using?
+      label: What version of the VS Code extension are you using?
    validations:
      required: true
  - type: input
@@ -33,20 +34,20 @@ body:
    attributes:
      label: What platform is your computer?
      description: |
-        For macOS and Linux: copy the output of `uname -mprs`
+        For MacOS and Linux: copy the output of `uname -mprs`
        For Windows: copy the output of `"$([Environment]::OSVersion | ForEach-Object VersionString) $(if ([Environment]::Is64BitOperatingSystem) { "x64" } else { "x86" })"` in the PowerShell console
  - type: textarea
    id: actual
    attributes:
      label: What issue are you seeing?
-      description: Please include the full error messages and prompts with PII redacted. If possible, please provide text instead of a screenshot.
+      description: Please include the full error messages and prompts with PII redacted. If possible, please provide text instead of a screenshot. 
    validations:
      required: true
  - type: textarea
    id: steps
    attributes:
      label: What steps can reproduce the bug?
-      description: Explain the bug and provide a code snippet that can reproduce it.
+      description: Explain the bug and provide a code snippet that can reproduce it. Please include session id, token limit usage, context window usage if applicable.
    validations:
      required: true
  - type: textarea
--- a/.github/scripts/install-musl-build-tools.sh
+++ b/.github/scripts/install-musl-build-tools.sh
@@ -17,7 +17,7 @@ if [[ -n "${APT_INSTALL_ARGS:-}" ]]; then
 fi

 sudo apt-get update "${apt_update_args[@]}"
-sudo apt-get install -y "${apt_install_args[@]}" ca-certificates curl musl-tools pkg-config libcap-dev g++ clang libc++-dev libc++abi-dev lld xz-utils
+sudo apt-get install -y "${apt_install_args[@]}" musl-tools pkg-config g++ clang libc++-dev libc++abi-dev lld

 case "${TARGET}" in
  x86_64-unknown-linux-musl)
@@ -32,11 +32,6 @@ case "${TARGET}" in
    ;;
 esac

-libcap_version="2.75"
-libcap_sha256="de4e7e064c9ba451d5234dd46e897d7c71c96a9ebf9a0c445bc04f4742d83632"
-libcap_tarball_name="libcap-${libcap_version}.tar.xz"
-libcap_download_url="https://mirrors.edge.kernel.org/pub/linux/libs/security/linux-privs/libcap2/${libcap_tarball_name}"
-
 # Use the musl toolchain as the Rust linker to avoid Zig injecting its own CRT.
 if command -v "${arch}-linux-musl-gcc" >/dev/null; then
  musl_linker="$(command -v "${arch}-linux-musl-gcc")"
@@ -52,43 +47,6 @@ runner_temp="${RUNNER_TEMP:-/tmp}"
 tool_root="${runner_temp}/codex-musl-tools-${TARGET}"
 mkdir -p "${tool_root}"

-libcap_root="${tool_root}/libcap-${libcap_version}"
-libcap_src_root="${libcap_root}/src"
-libcap_prefix="${libcap_root}/prefix"
-libcap_pkgconfig_dir="${libcap_prefix}/lib/pkgconfig"
-
-if [[ ! -f "${libcap_prefix}/lib/libcap.a" ]]; then
-  mkdir -p "${libcap_src_root}" "${libcap_prefix}/lib" "${libcap_prefix}/include/sys" "${libcap_prefix}/include/linux" "${libcap_pkgconfig_dir}"
-  libcap_tarball="${libcap_root}/${libcap_tarball_name}"
-
-  curl -fsSL "${libcap_download_url}" -o "${libcap_tarball}"
-  echo "${libcap_sha256}  ${libcap_tarball}" | sha256sum -c -
-
-  tar -xJf "${libcap_tarball}" -C "${libcap_src_root}"
-  libcap_source_dir="${libcap_src_root}/libcap-${libcap_version}"
-  make -C "${libcap_source_dir}/libcap" -j"$(nproc)" \
-    CC="${musl_linker}" \
-    AR=ar \
-    RANLIB=ranlib
-
-  cp "${libcap_source_dir}/libcap/libcap.a" "${libcap_prefix}/lib/libcap.a"
-  cp "${libcap_source_dir}/libcap/include/uapi/linux/capability.h" "${libcap_prefix}/include/linux/capability.h"
-  cp "${libcap_source_dir}/libcap/../libcap/include/sys/capability.h" "${libcap_prefix}/include/sys/capability.h"
-
-  cat > "${libcap_pkgconfig_dir}/libcap.pc" <<EOF
-prefix=${libcap_prefix}
-exec_prefix=\${prefix}
-libdir=\${prefix}/lib
-includedir=\${prefix}/include
-
-Name: libcap
-Description: Linux capabilities
-Version: ${libcap_version}
-Libs: -L\${libdir} -lcap
-Cflags: -I\${includedir}
-EOF
-fi
-
 sysroot=""
 if command -v zig >/dev/null; then
  zig_bin="$(command -v zig)"
@@ -101,19 +59,7 @@ set -euo pipefail

 args=()
 skip_next=0
-pending_include=0
 for arg in "\$@"; do
-  if [[ "\${pending_include}" -eq 1 ]]; then
-    pending_include=0
-    if [[ "\${arg}" == /usr/include || "\${arg}" == /usr/include/* ]]; then
-      # Keep host-only headers available, but after the target sysroot headers.
-      args+=("-idirafter" "\${arg}")
-    else
-      args+=("-I" "\${arg}")
-    fi
-    continue
-  fi
-
  if [[ "\${skip_next}" -eq 1 ]]; then
    skip_next=0
    continue
@@ -131,21 +77,6 @@ for arg in "\$@"; do
      fi
      continue
      ;;
-    -I)
-      pending_include=1
-      continue
-      ;;
-    -I/usr/include|-I/usr/include/*)
-      # Avoid making glibc headers win over musl headers.
-      args+=("-idirafter" "\${arg#-I}")
-      continue
-      ;;
-    -Wp,-U_FORTIFY_SOURCE)
-      # aws-lc-sys emits this GCC preprocessor forwarding form in debug
-      # builds, but zig cc expects the define flag directly.
-      args+=("-U_FORTIFY_SOURCE")
-      continue
-      ;;
  esac
  args+=("\${arg}")
 done
@@ -158,51 +89,22 @@ set -euo pipefail

 args=()
 skip_next=0
-pending_include=0
 for arg in "\$@"; do
-  if [[ "\${pending_include}" -eq 1 ]]; then
-    pending_include=0
-    if [[ "\${arg}" == /usr/include || "\${arg}" == /usr/include/* ]]; then
-      # Keep host-only headers available, but after the target sysroot headers.
-      args+=("-idirafter" "\${arg}")
-    else
-      args+=("-I" "\${arg}")
-    fi
-    continue
-  fi
-
  if [[ "\${skip_next}" -eq 1 ]]; then
    skip_next=0
    continue
  fi
  case "\${arg}" in
    --target)
-      # Drop explicit --target and its value: we always pass zig's -target below.
      skip_next=1
      continue
      ;;
    --target=*|-target=*|-target)
-      # Zig expects -target and rejects Rust triples like *-unknown-linux-musl.
      if [[ "\${arg}" == "-target" ]]; then
        skip_next=1
      fi
      continue
      ;;
-    -I)
-      pending_include=1
-      continue
-      ;;
-    -I/usr/include|-I/usr/include/*)
-      # Avoid making glibc headers win over musl headers.
-      args+=("-idirafter" "\${arg#-I}")
-      continue
-      ;;
-    -Wp,-U_FORTIFY_SOURCE)
-      # aws-lc-sys emits this GCC forwarding form in debug builds; zig c++
-      # expects the define flag directly.
-      args+=("-U_FORTIFY_SOURCE")
-      continue
-      ;;
  esac
  args+=("\${arg}")
 done
@@ -259,21 +161,3 @@ echo "${cargo_linker_var}=${musl_linker}" >> "$GITHUB_ENV"
 echo "CMAKE_C_COMPILER=${cc}" >> "$GITHUB_ENV"
 echo "CMAKE_CXX_COMPILER=${cxx}" >> "$GITHUB_ENV"
 echo "CMAKE_ARGS=-DCMAKE_HAVE_THREADS_LIBRARY=1 -DCMAKE_USE_PTHREADS_INIT=1 -DCMAKE_THREAD_LIBS_INIT=-pthread -DTHREADS_PREFER_PTHREAD_FLAG=ON" >> "$GITHUB_ENV"
-
-# Allow pkg-config resolution during cross-compilation.
-echo "PKG_CONFIG_ALLOW_CROSS=1" >> "$GITHUB_ENV"
-pkg_config_path="${libcap_pkgconfig_dir}"
-if [[ -n "${PKG_CONFIG_PATH:-}" ]]; then
-  pkg_config_path="${pkg_config_path}:${PKG_CONFIG_PATH}"
-fi
-echo "PKG_CONFIG_PATH=${pkg_config_path}" >> "$GITHUB_ENV"
-pkg_config_path_var="PKG_CONFIG_PATH_${TARGET}"
-pkg_config_path_var="${pkg_config_path_var//-/_}"
-echo "${pkg_config_path_var}=${libcap_pkgconfig_dir}" >> "$GITHUB_ENV"
-
-if [[ -n "${sysroot}" && "${sysroot}" != "/" ]]; then
-  echo "PKG_CONFIG_SYSROOT_DIR=${sysroot}" >> "$GITHUB_ENV"
-  pkg_config_sysroot_var="PKG_CONFIG_SYSROOT_DIR_${TARGET}"
-  pkg_config_sysroot_var="${pkg_config_sysroot_var//-/_}"
-  echo "${pkg_config_sysroot_var}=${sysroot}" >> "$GITHUB_ENV"
-fi
--- a/.github/workflows/bazel.yml
+++ b/.github/workflows/bazel.yml
@@ -102,43 +102,9 @@ jobs:
          BUILDBUDDY_API_KEY: ${{ secrets.BUILDBUDDY_API_KEY }}
        shell: bash
        run: |
-          bazel_args=(
-            test
-            //...
-            --test_verbose_timeout_warnings
-            --build_metadata=REPO_URL=https://github.com/openai/codex.git
-            --build_metadata=COMMIT_SHA=$(git rev-parse HEAD)
-            --build_metadata=ROLE=CI
-            --build_metadata=VISIBILITY=PUBLIC
-          )
-
-          if [[ -n "${BUILDBUDDY_API_KEY:-}" ]]; then
-            echo "BuildBuddy API key is available; using remote Bazel configuration."
-            bazel $BAZEL_STARTUP_ARGS \
-              --bazelrc=.github/workflows/ci.bazelrc \
-              "${bazel_args[@]}" \
-              "--remote_header=x-buildbuddy-api-key=$BUILDBUDDY_API_KEY"
-          else
-            echo "BuildBuddy API key is not available; using local Bazel configuration."
-            # Keep fork/community PRs on Bazel but disable remote services that are
-            # configured in .bazelrc and require auth.
-            #
-            # Flag docs:
-            # - Command-line reference: https://bazel.build/reference/command-line-reference
-            # - Remote caching overview: https://bazel.build/remote/caching
-            # - Remote execution overview: https://bazel.build/remote/rbe
-            # - Build Event Protocol overview: https://bazel.build/remote/bep
-            #
-            # --noexperimental_remote_repo_contents_cache:
-            #   disable remote repo contents cache enabled in .bazelrc startup options.
-            #   https://bazel.build/reference/command-line-reference#startup_options-flag--experimental_remote_repo_contents_cache
-            # --remote_cache= and --remote_executor=:
-            #   clear remote cache/execution endpoints configured in .bazelrc.
-            #   https://bazel.build/reference/command-line-reference#common_options-flag--remote_cache
-            #   https://bazel.build/reference/command-line-reference#common_options-flag--remote_executor
-            bazel $BAZEL_STARTUP_ARGS \
-              --noexperimental_remote_repo_contents_cache \
-              "${bazel_args[@]}" \
-              --remote_cache= \
-              --remote_executor=
-          fi
+          bazel $BAZEL_STARTUP_ARGS --bazelrc=.github/workflows/ci.bazelrc test //... \
+            --build_metadata=REPO_URL=https://github.com/openai/codex.git \
+            --build_metadata=COMMIT_SHA=$(git rev-parse HEAD) \
+            --build_metadata=ROLE=CI \
+            --build_metadata=VISIBILITY=PUBLIC \
+            "--remote_header=x-buildbuddy-api-key=$BUILDBUDDY_API_KEY"
--- a/.github/workflows/ci.bazelrc
+++ b/.github/workflows/ci.bazelrc
@@ -1,13 +1,6 @@
 common --remote_download_minimal
+common --nobuild_runfile_links
 common --keep_going
-common --verbose_failures
-
-# Disable disk cache since we have remote one and aren't using persistent workers.
-common --disk_cache=
-
-# Rearrange caches on Windows so they're on the same volume as the checkout.
-common:windows --repo_contents_cache=D:/a/.cache/bazel-repo-contents-cache
-common:windows --repository_cache=D:/a/.cache/bazel-repo-cache

 # We prefer to run the build actions entirely remotely so we can dial up the concurrency.
 # We have platform-specific tests, so we want to execute the tests on all platforms using the strongest sandboxing available on each platform.
@@ -23,5 +16,5 @@ common:macos --config=remote
 common:macos --strategy=remote
 common:macos --strategy=TestRunner=darwin-sandbox,local

-# On windows we cannot cross-build the tests but run them locally due to what appears to be a Bazel bug
-# (windows vs unix path confusion)
+common:windows --strategy=TestRunner=local
+
--- a/.github/workflows/issue-labeler.yml
+++ b/.github/workflows/issue-labeler.yml
@@ -38,10 +38,9 @@ jobs:
            - If applicable, add one of the following labels to specify which sub-product or product surface the issue relates to.
            1. CLI — the Codex command line interface.
            2. extension — VS Code (or other IDE) extension-specific issues.
-            3. app - Issues related to the Codex desktop application.
-            4. codex-web — Issues targeting the Codex web UI/Cloud experience.
-            5. github-action — Issues with the Codex GitHub action.
-            6. iOS — Issues with the Codex iOS app.
+            3. codex-web — Issues targeting the Codex web UI/Cloud experience.
+            4. github-action — Issues with the Codex GitHub action.
+            5. iOS — Issues with the Codex iOS app.

            - Additionally add zero or more of the following labels that are relevant to the issue content. Prefer a small set of precise labels over many broad ones.
            1. windows-os — Bugs or friction specific to Windows environments (always when PowerShell is mentioned, path handling, copy/paste, OS-specific auth or tooling failures).
--- a/.github/workflows/rust-ci.yml
+++ b/.github/workflows/rust-ci.yml
@@ -64,6 +64,8 @@ jobs:
          components: rustfmt
      - name: cargo fmt
        run: cargo fmt -- --config imports_granularity=Item --check
+      - name: Verify codegen for mcp-types
+        run: ./mcp-types/check_lib_rs.py

  cargo_shear:
    name: cargo shear
@@ -99,8 +101,6 @@ jobs:
      USE_SCCACHE: ${{ startsWith(matrix.runner, 'windows') && 'false' || 'true' }}
      CARGO_INCREMENTAL: "0"
      SCCACHE_CACHE_SIZE: 10G
-      # In rust-ci, representative release-profile checks use thin LTO for faster feedback.
-      CARGO_PROFILE_RELEASE_LTO: ${{ matrix.profile == 'release' && 'thin' || 'fat' }}

    strategy:
      fail-fast: false
@@ -162,12 +162,6 @@ jobs:
            runs_on:
              group: codex-runners
              labels: codex-linux-x64
-          - runner: ubuntu-24.04-arm
-            target: aarch64-unknown-linux-musl
-            profile: release
-            runs_on:
-              group: codex-runners
-              labels: codex-linux-arm64
          - runner: windows-x64
            target: x86_64-pc-windows-msvc
            profile: release
@@ -183,18 +177,14 @@ jobs:

    steps:
      - uses: actions/checkout@v6
-      - name: Install Linux build dependencies
-        if: ${{ runner.os == 'Linux' }}
+      - name: Install UBSan runtime (musl)
+        if: ${{ matrix.target == 'x86_64-unknown-linux-musl' || matrix.target == 'aarch64-unknown-linux-musl' }}
        shell: bash
        run: |
          set -euo pipefail
          if command -v apt-get >/dev/null 2>&1; then
            sudo apt-get update -y
-            packages=(pkg-config libcap-dev)
-            if [[ "${{ matrix.target }}" == 'x86_64-unknown-linux-musl' || "${{ matrix.target }}" == 'aarch64-unknown-linux-musl' ]]; then
-              packages+=(libubsan1)
-            fi
-            sudo DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends "${packages[@]}"
+            sudo DEBIAN_FRONTEND=noninteractive apt-get install -y libubsan1
          fi
      - uses: dtolnay/rust-toolchain@1.93
        with:
@@ -388,15 +378,21 @@ jobs:
          cargo chef cook --recipe-path "$RECIPE" --target ${{ matrix.target }} --release --all-features

      - name: cargo clippy
-        run: cargo clippy --target ${{ matrix.target }} --all-features --tests --profile ${{ matrix.profile }} --timings -- -D warnings
+        id: clippy
+        run: cargo clippy --target ${{ matrix.target }} --all-features --tests --profile ${{ matrix.profile }} -- -D warnings

-      - name: Upload Cargo timings (clippy)
-        if: always()
-        uses: actions/upload-artifact@v6
-        with:
-          name: cargo-timings-rust-ci-clippy-${{ matrix.target }}-${{ matrix.profile }}
-          path: codex-rs/target/**/cargo-timings/cargo-timing.html
-          if-no-files-found: warn
+      # Running `cargo build` from the workspace root builds the workspace using
+      # the union of all features from third-party crates. This can mask errors
+      # where individual crates have underspecified features. To avoid this, we
+      # run `cargo check` for each crate individually, though because this is
+      # slower, we only do this for the x86_64-unknown-linux-gnu target.
+      - name: cargo check individual crates
+        id: cargo_check_all_crates
+        if: ${{ matrix.target == 'x86_64-unknown-linux-gnu' && matrix.profile != 'release' }}
+        continue-on-error: true
+        run: |
+          find . -name Cargo.toml -mindepth 2 -maxdepth 2 -print0 \
+            | xargs -0 -n1 -I{} bash -c 'cd "$(dirname "{}")" && cargo check --profile ${{ matrix.profile }}'

      # Save caches explicitly; make non-fatal so cache packaging
      # never fails the overall job. Only save when key wasn't hit.
@@ -450,6 +446,15 @@ jobs:
            /var/cache/apt
          key: apt-${{ matrix.runner }}-${{ matrix.target }}-v1

+      # Fail the job if any of the previous steps failed.
+      - name: verify all steps passed
+        if: |
+          steps.clippy.outcome == 'failure' ||
+          steps.cargo_check_all_crates.outcome == 'failure'
+        run: |
+          echo "One or more checks failed (clippy or cargo_check_all_crates). See logs for details."
+          exit 1
+
  tests:
    name: Tests — ${{ matrix.runner }} - ${{ matrix.target }}
    runs-on: ${{ matrix.runs_on || matrix.runner }}
@@ -499,15 +504,7 @@ jobs:

    steps:
      - uses: actions/checkout@v6
-      - name: Install Linux build dependencies
-        if: ${{ runner.os == 'Linux' }}
-        shell: bash
-        run: |
-          set -euo pipefail
-          if command -v apt-get >/dev/null 2>&1; then
-            sudo apt-get update -y
-            sudo DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends pkg-config libcap-dev
-          fi
+
      # Some integration tests rely on DotSlash being installed.
      # See https://github.com/openai/codex/pull/7617.
      - name: Install DotSlash
@@ -583,19 +580,11 @@ jobs:

      - name: tests
        id: test
-        run: cargo nextest run --all-features --no-fail-fast --target ${{ matrix.target }} --cargo-profile ci-test --timings
+        run: cargo nextest run --all-features --no-fail-fast --target ${{ matrix.target }} --cargo-profile ci-test
        env:
          RUST_BACKTRACE: 1
          NEXTEST_STATUS_LEVEL: leak

-      - name: Upload Cargo timings (nextest)
-        if: always()
-        uses: actions/upload-artifact@v6
-        with:
-          name: cargo-timings-rust-ci-nextest-${{ matrix.target }}-${{ matrix.profile }}
-          path: codex-rs/target/**/cargo-timings/cargo-timing.html
-          if-no-files-found: warn
-
      - name: Save cargo home cache
        if: always() && !cancelled() && steps.cache_cargo_home_restore.outputs.cache-hit != 'true'
        continue-on-error: true
--- a/.github/workflows/rust-release-windows.yml
+++ b/.github/workflows/rust-release-windows.yml
@@ -1,264 +0,0 @@
-name: rust-release-windows
-
-on:
-  workflow_call:
-    inputs:
-      release-lto:
-        required: true
-        type: string
-    secrets:
-      AZURE_TRUSTED_SIGNING_CLIENT_ID:
-        required: true
-      AZURE_TRUSTED_SIGNING_TENANT_ID:
-        required: true
-      AZURE_TRUSTED_SIGNING_SUBSCRIPTION_ID:
-        required: true
-      AZURE_TRUSTED_SIGNING_ENDPOINT:
-        required: true
-      AZURE_TRUSTED_SIGNING_ACCOUNT_NAME:
-        required: true
-      AZURE_TRUSTED_SIGNING_CERTIFICATE_PROFILE_NAME:
-        required: true
-
-jobs:
-  build-windows-binaries:
-    name: Build Windows binaries - ${{ matrix.runner }} - ${{ matrix.target }} - ${{ matrix.bundle }}
-    runs-on: ${{ matrix.runs_on }}
-    timeout-minutes: 60
-    permissions:
-      contents: read
-    defaults:
-      run:
-        working-directory: codex-rs
-    env:
-      CARGO_PROFILE_RELEASE_LTO: ${{ inputs.release-lto }}
-
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - runner: windows-x64
-            target: x86_64-pc-windows-msvc
-            bundle: primary
-            build_args: --bin codex --bin codex-responses-api-proxy
-            runs_on:
-              group: codex-runners
-              labels: codex-windows-x64
-          - runner: windows-arm64
-            target: aarch64-pc-windows-msvc
-            bundle: primary
-            build_args: --bin codex --bin codex-responses-api-proxy
-            runs_on:
-              group: codex-runners
-              labels: codex-windows-arm64
-          - runner: windows-x64
-            target: x86_64-pc-windows-msvc
-            bundle: helpers
-            build_args: --bin codex-windows-sandbox-setup --bin codex-command-runner
-            runs_on:
-              group: codex-runners
-              labels: codex-windows-x64
-          - runner: windows-arm64
-            target: aarch64-pc-windows-msvc
-            bundle: helpers
-            build_args: --bin codex-windows-sandbox-setup --bin codex-command-runner
-            runs_on:
-              group: codex-runners
-              labels: codex-windows-arm64
-
-    steps:
-      - uses: actions/checkout@v6
-      - name: Print runner specs (Windows)
-        shell: powershell
-        run: |
-          $computer = Get-CimInstance Win32_ComputerSystem
-          $cpu = Get-CimInstance Win32_Processor | Select-Object -First 1
-          $ramGiB = [math]::Round($computer.TotalPhysicalMemory / 1GB, 1)
-          Write-Host "Runner: $env:RUNNER_NAME"
-          Write-Host "OS: $([System.Environment]::OSVersion.VersionString)"
-          Write-Host "CPU: $($cpu.Name)"
-          Write-Host "Logical CPUs: $($computer.NumberOfLogicalProcessors)"
-          Write-Host "Physical CPUs: $($computer.NumberOfProcessors)"
-          Write-Host "Total RAM: $ramGiB GiB"
-          Write-Host "Disk usage:"
-          Get-PSDrive -PSProvider FileSystem | Format-Table -AutoSize Name, @{Name='Size(GB)';Expression={[math]::Round(($_.Used + $_.Free) / 1GB, 1)}}, @{Name='Free(GB)';Expression={[math]::Round($_.Free / 1GB, 1)}}
-      - uses: dtolnay/rust-toolchain@1.93
-        with:
-          targets: ${{ matrix.target }}
-
-      - name: Cargo build (Windows binaries)
-        shell: bash
-        run: |
-          cargo build --target ${{ matrix.target }} --release --timings ${{ matrix.build_args }}
-
-      - name: Upload Cargo timings
-        uses: actions/upload-artifact@v6
-        with:
-          name: cargo-timings-rust-release-windows-${{ matrix.target }}-${{ matrix.bundle }}
-          path: codex-rs/target/**/cargo-timings/cargo-timing.html
-          if-no-files-found: warn
-
-      - name: Stage Windows binaries
-        shell: bash
-        run: |
-          output_dir="target/${{ matrix.target }}/release/staged-${{ matrix.bundle }}"
-          mkdir -p "$output_dir"
-          if [[ "${{ matrix.bundle }}" == "primary" ]]; then
-            cp target/${{ matrix.target }}/release/codex.exe "$output_dir/codex.exe"
-            cp target/${{ matrix.target }}/release/codex-responses-api-proxy.exe "$output_dir/codex-responses-api-proxy.exe"
-          else
-            cp target/${{ matrix.target }}/release/codex-windows-sandbox-setup.exe "$output_dir/codex-windows-sandbox-setup.exe"
-            cp target/${{ matrix.target }}/release/codex-command-runner.exe "$output_dir/codex-command-runner.exe"
-          fi
-
-      - name: Upload Windows binaries
-        uses: actions/upload-artifact@v6
-        with:
-          name: windows-binaries-${{ matrix.target }}-${{ matrix.bundle }}
-          path: |
-            codex-rs/target/${{ matrix.target }}/release/staged-${{ matrix.bundle }}/*
-
-  build-windows:
-    needs:
-      - build-windows-binaries
-    name: Build - ${{ matrix.runner }} - ${{ matrix.target }}
-    runs-on: ${{ matrix.runs_on }}
-    timeout-minutes: 60
-    permissions:
-      contents: read
-      id-token: write
-    defaults:
-      run:
-        working-directory: codex-rs
-
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - runner: windows-x64
-            target: x86_64-pc-windows-msvc
-            runs_on:
-              group: codex-runners
-              labels: codex-windows-x64
-          - runner: windows-arm64
-            target: aarch64-pc-windows-msvc
-            runs_on:
-              group: codex-runners
-              labels: codex-windows-arm64
-
-    steps:
-      - uses: actions/checkout@v6
-
-      - name: Download prebuilt Windows primary binaries
-        uses: actions/download-artifact@v7
-        with:
-          name: windows-binaries-${{ matrix.target }}-primary
-          path: codex-rs/target/${{ matrix.target }}/release
-
-      - name: Download prebuilt Windows helper binaries
-        uses: actions/download-artifact@v7
-        with:
-          name: windows-binaries-${{ matrix.target }}-helpers
-          path: codex-rs/target/${{ matrix.target }}/release
-
-      - name: Verify binaries
-        shell: bash
-        run: |
-          set -euo pipefail
-          ls -lh target/${{ matrix.target }}/release/codex.exe
-          ls -lh target/${{ matrix.target }}/release/codex-responses-api-proxy.exe
-          ls -lh target/${{ matrix.target }}/release/codex-windows-sandbox-setup.exe
-          ls -lh target/${{ matrix.target }}/release/codex-command-runner.exe
-
-      - name: Sign Windows binaries with Azure Trusted Signing
-        uses: ./.github/actions/windows-code-sign
-        with:
-          target: ${{ matrix.target }}
-          client-id: ${{ secrets.AZURE_TRUSTED_SIGNING_CLIENT_ID }}
-          tenant-id: ${{ secrets.AZURE_TRUSTED_SIGNING_TENANT_ID }}
-          subscription-id: ${{ secrets.AZURE_TRUSTED_SIGNING_SUBSCRIPTION_ID }}
-          endpoint: ${{ secrets.AZURE_TRUSTED_SIGNING_ENDPOINT }}
-          account-name: ${{ secrets.AZURE_TRUSTED_SIGNING_ACCOUNT_NAME }}
-          certificate-profile-name: ${{ secrets.AZURE_TRUSTED_SIGNING_CERTIFICATE_PROFILE_NAME }}
-
-      - name: Stage artifacts
-        shell: bash
-        run: |
-          dest="dist/${{ matrix.target }}"
-          mkdir -p "$dest"
-
-          cp target/${{ matrix.target }}/release/codex.exe "$dest/codex-${{ matrix.target }}.exe"
-          cp target/${{ matrix.target }}/release/codex-responses-api-proxy.exe "$dest/codex-responses-api-proxy-${{ matrix.target }}.exe"
-          cp target/${{ matrix.target }}/release/codex-windows-sandbox-setup.exe "$dest/codex-windows-sandbox-setup-${{ matrix.target }}.exe"
-          cp target/${{ matrix.target }}/release/codex-command-runner.exe "$dest/codex-command-runner-${{ matrix.target }}.exe"
-
-      - name: Install DotSlash
-        uses: facebook/install-dotslash@v2
-
-      - name: Compress artifacts
-        shell: bash
-        run: |
-          # Path that contains the uncompressed binaries for the current
-          # ${{ matrix.target }}
-          dest="dist/${{ matrix.target }}"
-          repo_root=$PWD
-
-          # For compatibility with environments that lack the `zstd` tool we
-          # additionally create a `.tar.gz` and `.zip` for every Windows binary.
-          # The end result is:
-          #   codex-<target>.zst
-          #   codex-<target>.tar.gz
-          #   codex-<target>.zip
-          for f in "$dest"/*; do
-            base="$(basename "$f")"
-            # Skip files that are already archives (shouldn't happen, but be
-            # safe).
-            if [[ "$base" == *.tar.gz || "$base" == *.zip || "$base" == *.dmg ]]; then
-              continue
-            fi
-
-            # Don't try to compress signature bundles.
-            if [[ "$base" == *.sigstore ]]; then
-              continue
-            fi
-
-            # Create per-binary tar.gz
-            tar -C "$dest" -czf "$dest/${base}.tar.gz" "$base"
-
-            # Create zip archive for Windows binaries.
-            # Must run from inside the dest dir so 7z won't embed the
-            # directory path inside the zip.
-            if [[ "$base" == "codex-${{ matrix.target }}.exe" ]]; then
-              # Bundle the sandbox helper binaries into the main codex zip so
-              # WinGet installs include the required helpers next to codex.exe.
-              # Fall back to the single-binary zip if the helpers are missing
-              # to avoid breaking releases.
-              bundle_dir="$(mktemp -d)"
-              runner_src="$dest/codex-command-runner-${{ matrix.target }}.exe"
-              setup_src="$dest/codex-windows-sandbox-setup-${{ matrix.target }}.exe"
-              if [[ -f "$runner_src" && -f "$setup_src" ]]; then
-                cp "$dest/$base" "$bundle_dir/$base"
-                cp "$runner_src" "$bundle_dir/codex-command-runner.exe"
-                cp "$setup_src" "$bundle_dir/codex-windows-sandbox-setup.exe"
-                # Use an absolute path so bundle zips land in the real dist
-                # dir even when 7z runs from a temp directory.
-                (cd "$bundle_dir" && 7z a "$repo_root/$dest/${base}.zip" .)
-              else
-                echo "warning: missing sandbox binaries; falling back to single-binary zip"
-                echo "warning: expected $runner_src and $setup_src"
-                (cd "$dest" && 7z a "${base}.zip" "$base")
-              fi
-              rm -rf "$bundle_dir"
-            else
-              (cd "$dest" && 7z a "${base}.zip" "$base")
-            fi
-
-            # Keep raw executables and produce .zst alongside them.
-            "${GITHUB_WORKSPACE}/.github/workflows/zstd" -T0 -19 "$dest/$base"
-          done
-
-      - uses: actions/upload-artifact@v6
-        with:
-          name: ${{ matrix.target }}
-          path: |
-            codex-rs/dist/${{ matrix.target }}/*
--- a/.github/workflows/rust-release.yml
+++ b/.github/workflows/rust-release.yml
@@ -45,10 +45,19 @@ jobs:
          echo "✅  Tag and Cargo.toml agree (${tag_ver})"
          echo "::endgroup::"

+      - name: Verify config schema fixture
+        shell: bash
+        working-directory: codex-rs
+        run: |
+          set -euo pipefail
+          echo "If this fails, run: just write-config-schema to overwrite fixture with intentional changes."
+          cargo run -p codex-core --bin codex-write-config-schema
+          git diff --exit-code core/config.schema.json
+
  build:
    needs: tag-check
    name: Build - ${{ matrix.runner }} - ${{ matrix.target }}
-    runs-on: ${{ matrix.runs_on || matrix.runner }}
+    runs-on: ${{ matrix.runner }}
    timeout-minutes: 60
    permissions:
      contents: read
@@ -56,8 +65,6 @@ jobs:
    defaults:
      run:
        working-directory: codex-rs
-    env:
-      CARGO_PROFILE_RELEASE_LTO: ${{ contains(github.ref_name, '-alpha') && 'thin' || 'fat' }}

    strategy:
      fail-fast: false
@@ -75,45 +82,13 @@ jobs:
            target: aarch64-unknown-linux-musl
          - runner: ubuntu-24.04-arm
            target: aarch64-unknown-linux-gnu
+          - runner: windows-latest
+            target: x86_64-pc-windows-msvc
+          - runner: windows-11-arm
+            target: aarch64-pc-windows-msvc

    steps:
      - uses: actions/checkout@v6
-      - name: Print runner specs (Linux)
-        if: ${{ runner.os == 'Linux' }}
-        shell: bash
-        run: |
-          set -euo pipefail
-          cpu_model="$(lscpu | awk -F: '/Model name/ {gsub(/^[ \t]+/, "", $2); print $2; exit}')"
-          total_ram="$(awk '/MemTotal/ {printf "%.1f GiB\n", $2 / 1024 / 1024}' /proc/meminfo)"
-          echo "Runner: ${RUNNER_NAME:-unknown}"
-          echo "OS: $(uname -a)"
-          echo "CPU model: ${cpu_model}"
-          echo "Logical CPUs: $(nproc)"
-          echo "Total RAM: ${total_ram}"
-          echo "Disk usage:"
-          df -h .
-      - name: Print runner specs (macOS)
-        if: ${{ runner.os == 'macOS' }}
-        shell: bash
-        run: |
-          set -euo pipefail
-          total_ram="$(sysctl -n hw.memsize | awk '{printf "%.1f GiB\n", $1 / 1024 / 1024 / 1024}')"
-          echo "Runner: ${RUNNER_NAME:-unknown}"
-          echo "OS: $(sw_vers -productName) $(sw_vers -productVersion)"
-          echo "Hardware model: $(sysctl -n hw.model)"
-          echo "CPU architecture: $(uname -m)"
-          echo "Logical CPUs: $(sysctl -n hw.logicalcpu)"
-          echo "Physical CPUs: $(sysctl -n hw.physicalcpu)"
-          echo "Total RAM: ${total_ram}"
-          echo "Disk usage:"
-          df -h .
-      - name: Install Linux bwrap build dependencies
-        if: ${{ runner.os == 'Linux' }}
-        shell: bash
-        run: |
-          set -euo pipefail
-          sudo apt-get update -y
-          sudo DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends pkg-config libcap-dev
      - name: Install UBSan runtime (musl)
        if: ${{ matrix.target == 'x86_64-unknown-linux-musl' || matrix.target == 'aarch64-unknown-linux-musl' }}
        shell: bash
@@ -138,6 +113,20 @@ jobs:
          echo "${cargo_home}/bin" >> "$GITHUB_PATH"
          : > "${cargo_home}/config.toml"

+      - uses: actions/cache@v5
+        with:
+          path: |
+            ~/.cargo/bin/
+            ~/.cargo/registry/index/
+            ~/.cargo/registry/cache/
+            ~/.cargo/git/db/
+            ${{ github.workspace }}/.cargo-home/bin/
+            ${{ github.workspace }}/.cargo-home/registry/index/
+            ${{ github.workspace }}/.cargo-home/registry/cache/
+            ${{ github.workspace }}/.cargo-home/git/db/
+            ${{ github.workspace }}/codex-rs/target/
+          key: cargo-${{ matrix.runner }}-${{ matrix.target }}-release-${{ hashFiles('**/Cargo.lock') }}
+
      - if: ${{ matrix.target == 'x86_64-unknown-linux-musl' || matrix.target == 'aarch64-unknown-linux-musl'}}
        name: Install Zig
        uses: mlugg/setup-zig@v2
@@ -205,14 +194,11 @@ jobs:
      - name: Cargo build
        shell: bash
        run: |
-          cargo build --target ${{ matrix.target }} --release --timings --bin codex --bin codex-responses-api-proxy
-
-      - name: Upload Cargo timings
-        uses: actions/upload-artifact@v6
-        with:
-          name: cargo-timings-rust-release-${{ matrix.target }}
-          path: codex-rs/target/**/cargo-timings/cargo-timing.html
-          if-no-files-found: warn
+          if [[ "${{ contains(matrix.target, 'windows') }}" == 'true' ]]; then
+            cargo build --target ${{ matrix.target }} --release --bin codex --bin codex-responses-api-proxy --bin codex-windows-sandbox-setup --bin codex-command-runner
+          else
+            cargo build --target ${{ matrix.target }} --release --bin codex --bin codex-responses-api-proxy
+          fi

      - if: ${{ contains(matrix.target, 'linux') }}
        name: Cosign Linux artifacts
@@ -221,6 +207,18 @@ jobs:
          target: ${{ matrix.target }}
          artifacts-dir: ${{ github.workspace }}/codex-rs/target/${{ matrix.target }}/release

+      - if: ${{ contains(matrix.target, 'windows') }}
+        name: Sign Windows binaries with Azure Trusted Signing
+        uses: ./.github/actions/windows-code-sign
+        with:
+          target: ${{ matrix.target }}
+          client-id: ${{ secrets.AZURE_TRUSTED_SIGNING_CLIENT_ID }}
+          tenant-id: ${{ secrets.AZURE_TRUSTED_SIGNING_TENANT_ID }}
+          subscription-id: ${{ secrets.AZURE_TRUSTED_SIGNING_SUBSCRIPTION_ID }}
+          endpoint: ${{ secrets.AZURE_TRUSTED_SIGNING_ENDPOINT }}
+          account-name: ${{ secrets.AZURE_TRUSTED_SIGNING_ACCOUNT_NAME }}
+          certificate-profile-name: ${{ secrets.AZURE_TRUSTED_SIGNING_CERTIFICATE_PROFILE_NAME }}
+
      - if: ${{ runner.os == 'macOS' }}
        name: MacOS code signing (binaries)
        uses: ./.github/actions/macos-code-sign
@@ -299,8 +297,15 @@ jobs:
          dest="dist/${{ matrix.target }}"
          mkdir -p "$dest"

-          cp target/${{ matrix.target }}/release/codex "$dest/codex-${{ matrix.target }}"
-          cp target/${{ matrix.target }}/release/codex-responses-api-proxy "$dest/codex-responses-api-proxy-${{ matrix.target }}"
+          if [[ "${{ matrix.runner }}" == windows* ]]; then
+            cp target/${{ matrix.target }}/release/codex.exe "$dest/codex-${{ matrix.target }}.exe"
+            cp target/${{ matrix.target }}/release/codex-responses-api-proxy.exe "$dest/codex-responses-api-proxy-${{ matrix.target }}.exe"
+            cp target/${{ matrix.target }}/release/codex-windows-sandbox-setup.exe "$dest/codex-windows-sandbox-setup-${{ matrix.target }}.exe"
+            cp target/${{ matrix.target }}/release/codex-command-runner.exe "$dest/codex-command-runner-${{ matrix.target }}.exe"
+          else
+            cp target/${{ matrix.target }}/release/codex "$dest/codex-${{ matrix.target }}"
+            cp target/${{ matrix.target }}/release/codex-responses-api-proxy "$dest/codex-responses-api-proxy-${{ matrix.target }}"
+          fi

          if [[ "${{ matrix.target }}" == *linux* ]]; then
            cp target/${{ matrix.target }}/release/codex.sigstore "$dest/codex-${{ matrix.target }}.sigstore"
@@ -311,18 +316,34 @@ jobs:
            cp target/${{ matrix.target }}/release/codex-${{ matrix.target }}.dmg "$dest/codex-${{ matrix.target }}.dmg"
          fi

+      - if: ${{ matrix.runner == 'windows-11-arm' }}
+        name: Install zstd
+        shell: powershell
+        run: choco install -y zstandard
+
      - name: Compress artifacts
        shell: bash
        run: |
          # Path that contains the uncompressed binaries for the current
          # ${{ matrix.target }}
          dest="dist/${{ matrix.target }}"
+          repo_root=$PWD
+
+          # We want to ship the raw Windows executables in the GitHub Release
+          # in addition to the compressed archives. Keep the originals for
+          # Windows targets; remove them elsewhere to limit the number of
+          # artifacts that end up in the GitHub Release.
+          keep_originals=false
+          if [[ "${{ matrix.runner }}" == windows* ]]; then
+            keep_originals=true
+          fi

          # For compatibility with environments that lack the `zstd` tool we
-          # additionally create a `.tar.gz` alongside every binary we publish.
-          # The end result is:
+          # additionally create a `.tar.gz` for all platforms and `.zip` for
+          # Windows alongside every single binary that we publish. The end result is:
          #   codex-<target>.zst          (existing)
          #   codex-<target>.tar.gz       (new)
+          #   codex-<target>.zip          (only for Windows)

          # 1. Produce a .tar.gz for every file in the directory *before* we
          #    run `zstd --rm`, because that flag deletes the original files.
@@ -342,9 +363,43 @@ jobs:
            # Create per-binary tar.gz
            tar -C "$dest" -czf "$dest/${base}.tar.gz" "$base"

-            # Also create .zst and remove the uncompressed binaries to keep
-            # non-Windows artifact directories small.
-            zstd -T0 -19 --rm "$dest/$base"
+            # Create zip archive for Windows binaries
+            # Must run from inside the dest dir so 7z won't
+            # embed the directory path inside the zip.
+            if [[ "${{ matrix.runner }}" == windows* ]]; then
+              if [[ "$base" == "codex-${{ matrix.target }}.exe" ]]; then
+                # Bundle the sandbox helper binaries into the main codex zip so
+                # WinGet installs include the required helpers next to codex.exe.
+                # Fall back to the single-binary zip if the helpers are missing
+                # to avoid breaking releases.
+                bundle_dir="$(mktemp -d)"
+                runner_src="$dest/codex-command-runner-${{ matrix.target }}.exe"
+                setup_src="$dest/codex-windows-sandbox-setup-${{ matrix.target }}.exe"
+                if [[ -f "$runner_src" && -f "$setup_src" ]]; then
+                  cp "$dest/$base" "$bundle_dir/$base"
+                  cp "$runner_src" "$bundle_dir/codex-command-runner.exe"
+                  cp "$setup_src" "$bundle_dir/codex-windows-sandbox-setup.exe"
+                  # Use an absolute path so bundle zips land in the real dist
+                  # dir even when 7z runs from a temp directory.
+                  (cd "$bundle_dir" && 7z a "$repo_root/$dest/${base}.zip" .)
+                else
+                  echo "warning: missing sandbox binaries; falling back to single-binary zip"
+                  echo "warning: expected $runner_src and $setup_src"
+                  (cd "$dest" && 7z a "${base}.zip" "$base")
+                fi
+                rm -rf "$bundle_dir"
+              else
+                (cd "$dest" && 7z a "${base}.zip" "$base")
+              fi
+            fi
+
+            # Also create .zst (existing behaviour) *and* remove the original
+            # uncompressed binary to keep the directory small.
+            zstd_args=(-T0 -19)
+            if [[ "${keep_originals}" == false ]]; then
+              zstd_args+=(--rm)
+            fi
+            zstd "${zstd_args[@]}" "$dest/$base"
          done

      - uses: actions/upload-artifact@v6
@@ -355,13 +410,6 @@ jobs:
          path: |
            codex-rs/dist/${{ matrix.target }}/*

-  build-windows:
-    needs: tag-check
-    uses: ./.github/workflows/rust-release-windows.yml
-    with:
-      release-lto: ${{ contains(github.ref_name, '-alpha') && 'thin' || 'fat' }}
-    secrets: inherit
-
  shell-tool-mcp:
    name: shell-tool-mcp
    needs: tag-check
@@ -374,7 +422,6 @@ jobs:
  release:
    needs:
      - build
-      - build-windows
      - shell-tool-mcp
    name: release
    runs-on: ubuntu-latest
@@ -423,12 +470,6 @@ jobs:
      - name: Delete entries from dist/ that should not go in the release
        run: |
          rm -rf dist/shell-tool-mcp*
-          rm -rf dist/windows-binaries*
-          # cargo-timing.html appears under multiple target-specific directories.
-          # If included in files: dist/**, release upload races on duplicate
-          # asset names and can fail with 404s.
-          find dist -type f -name 'cargo-timing.html' -delete
-          find dist -type d -empty -delete

          ls -R dist/

@@ -552,20 +593,18 @@ jobs:
          version="${{ needs.release.outputs.version }}"
          tag="${{ needs.release.outputs.tag }}"
          mkdir -p dist/npm
-          patterns=(
-            "codex-npm-${version}.tgz"
-            "codex-npm-linux-*-${version}.tgz"
-            "codex-npm-darwin-*-${version}.tgz"
-            "codex-npm-win32-*-${version}.tgz"
-            "codex-responses-api-proxy-npm-${version}.tgz"
-            "codex-sdk-npm-${version}.tgz"
-          )
-          for pattern in "${patterns[@]}"; do
-            gh release download "$tag" \
-              --repo "${GITHUB_REPOSITORY}" \
-              --pattern "$pattern" \
-              --dir dist/npm
-          done
+          gh release download "$tag" \
+            --repo "${GITHUB_REPOSITORY}" \
+            --pattern "codex-npm-${version}.tgz" \
+            --dir dist/npm
+          gh release download "$tag" \
+            --repo "${GITHUB_REPOSITORY}" \
+            --pattern "codex-responses-api-proxy-npm-${version}.tgz" \
+            --dir dist/npm
+          gh release download "$tag" \
+            --repo "${GITHUB_REPOSITORY}" \
+            --pattern "codex-sdk-npm-${version}.tgz" \
+            --dir dist/npm

      # No NODE_AUTH_TOKEN needed because we use OIDC.
      - name: Publish to npm
@@ -574,44 +613,19 @@ jobs:
          NPM_TAG: ${{ needs.release.outputs.npm_tag }}
        run: |
          set -euo pipefail
-          prefix=""
+          tag_args=()
          if [[ -n "${NPM_TAG}" ]]; then
-            prefix="${NPM_TAG}-"
+            tag_args+=(--tag "${NPM_TAG}")
          fi

-          shopt -s nullglob
-          tarballs=(dist/npm/*-"${VERSION}".tgz)
-          if [[ ${#tarballs[@]} -eq 0 ]]; then
-            echo "No npm tarballs found in dist/npm for version ${VERSION}"
-            exit 1
-          fi
+          tarballs=(
+            "codex-npm-${VERSION}.tgz"
+            "codex-responses-api-proxy-npm-${VERSION}.tgz"
+            "codex-sdk-npm-${VERSION}.tgz"
+          )

          for tarball in "${tarballs[@]}"; do
-            filename="$(basename "${tarball}")"
-            tag=""
-
-            case "${filename}" in
-              codex-npm-linux-*-"${VERSION}".tgz|codex-npm-darwin-*-"${VERSION}".tgz|codex-npm-win32-*-"${VERSION}".tgz)
-                platform="${filename#codex-npm-}"
-                platform="${platform%-${VERSION}.tgz}"
-                tag="${prefix}${platform}"
-                ;;
-              codex-npm-"${VERSION}".tgz|codex-responses-api-proxy-npm-"${VERSION}".tgz|codex-sdk-npm-"${VERSION}".tgz)
-                tag="${NPM_TAG}"
-                ;;
-              *)
-                echo "Unexpected npm tarball: ${filename}"
-                exit 1
-                ;;
-            esac
-
-            publish_cmd=(npm publish "${GITHUB_WORKSPACE}/${tarball}")
-            if [[ -n "${tag}" ]]; then
-              publish_cmd+=(--tag "${tag}")
-            fi
-
-            echo "+ ${publish_cmd[*]}"
-            "${publish_cmd[@]}"
+            npm publish "${GITHUB_WORKSPACE}/dist/npm/${tarball}" "${tag_args[@]}"
          done

  update-branch:
--- a/.github/workflows/sdk.yml
+++ b/.github/workflows/sdk.yml
@@ -13,13 +13,6 @@ jobs:
      - name: Checkout repository
        uses: actions/checkout@v6

-      - name: Install Linux bwrap build dependencies
-        shell: bash
-        run: |
-          set -euo pipefail
-          sudo apt-get update -y
-          sudo DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends pkg-config libcap-dev
-
      - name: Setup pnpm
        uses: pnpm/action-setup@v4
        with:
--- a/.github/workflows/shell-tool-mcp.yml
+++ b/.github/workflows/shell-tool-mcp.yml
@@ -72,8 +72,6 @@ jobs:
    needs: metadata
    runs-on: ${{ matrix.runner }}
    timeout-minutes: 30
-    env:
-      CARGO_PROFILE_RELEASE_LTO: ${{ contains(needs.metadata.outputs.version, '-alpha') && 'thin' || 'fat' }}
    defaults:
      run:
        working-directory: codex-rs
--- a/.github/workflows/zstd
+++ b/.github/workflows/zstd
@@ -1,46 +0,0 @@
-#!/usr/bin/env dotslash
-
-// This DotSlash file wraps zstd for Windows runners.
-// The upstream release provides win32/win64 binaries; for windows-aarch64 we
-// use the win64 artifact via Windows x64 emulation.
-{
-  "name": "zstd",
-  "platforms": {
-    "windows-x86_64": {
-      "size": 1747181,
-      "hash": "sha256",
-      "digest": "acb4e8111511749dc7a3ebedca9b04190e37a17afeb73f55d4425dbf0b90fad9",
-      "format": "zip",
-      "path": "zstd-v1.5.7-win64/zstd.exe",
-      "providers": [
-        {
-          "url": "https://github.com/facebook/zstd/releases/download/v1.5.7/zstd-v1.5.7-win64.zip"
-        },
-        {
-          "type": "github-release",
-          "repo": "facebook/zstd",
-          "tag": "v1.5.7",
-          "name": "zstd-v1.5.7-win64.zip"
-        }
-      ]
-    },
-    "windows-aarch64": {
-      "size": 1747181,
-      "hash": "sha256",
-      "digest": "acb4e8111511749dc7a3ebedca9b04190e37a17afeb73f55d4425dbf0b90fad9",
-      "format": "zip",
-      "path": "zstd-v1.5.7-win64/zstd.exe",
-      "providers": [
-        {
-          "url": "https://github.com/facebook/zstd/releases/download/v1.5.7/zstd-v1.5.7-win64.zip"
-        },
-        {
-          "type": "github-release",
-          "repo": "facebook/zstd",
-          "tag": "v1.5.7",
-          "name": "zstd-v1.5.7-win64.zip"
-        }
-      ]
-    }
-  }
-}
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -15,14 +15,13 @@ In the codex-rs folder where the rust code lives:
 - When writing tests, prefer comparing the equality of entire objects over fields one by one.
 - When making a change that adds or changes an API, ensure that the documentation in the `docs/` folder is up to date if applicable.
 - If you change `ConfigToml` or nested config types, run `just write-config-schema` to update `codex-rs/core/config.schema.json`.
- Do not create small helper methods that are referenced only once.

 Run `just fmt` (in `codex-rs` directory) automatically after you have finished making Rust code changes; do not ask for approval to run it. Additionally, run the tests:

 1. Run the test for the specific project that was changed. For example, if changes were made in `codex-rs/tui`, run `cargo test -p codex-tui`.
 2. Once those pass, if any changes were made in common, core, or protocol, run the complete test suite with `cargo test --all-features`. project-specific or individual tests can be run without asking the user, but do ask the user before running the complete test suite.

-Before finalizing a large change to `codex-rs`, run `just fix -p <project>` (in `codex-rs` directory) to fix any linter issues in the code. Prefer scoping with `-p` to avoid slow workspace‑wide Clippy builds; only run `just fix` without `-p` if you changed shared crates. Do not re-run tests after running `fix` or `fmt`.
+Before finalizing a large change to `codex-rs`, run `just fix -p <project>` (in `codex-rs` directory) to fix any linter issues in the code. Prefer scoping with `-p` to avoid slow workspace‑wide Clippy builds; only run `just fix` without `-p` if you changed shared crates.

 ## TUI style conventions

@@ -113,48 +112,3 @@ If you don’t have the tool:
  let request = mock.single_request();
  // assert using request.function_call_output(call_id) or request.json_body() or other helpers.
  ```
-
-## App-server API Development Best Practices
-
-These guidelines apply to app-server protocol work in `codex-rs`, especially:
-
- `app-server-protocol/src/protocol/common.rs`
- `app-server-protocol/src/protocol/v2.rs`
- `app-server/README.md`
-
-### Core Rules
-
- All active API development should happen in app-server v2. Do not add new API surface area to v1.
- Follow payload naming consistently:
-  `*Params` for request payloads, `*Response` for responses, and `*Notification` for notifications.
- Expose RPC methods as `<resource>/<method>` and keep `<resource>` singular (for example, `thread/read`, `app/list`).
- Always expose fields as camelCase on the wire with `#[serde(rename_all = "camelCase")]` unless a tagged union or explicit compatibility requirement needs a targeted rename.
- Exception: config RPC payloads are expected to use snake_case to mirror config.toml keys (see the config read/write/list APIs in `app-server-protocol/src/protocol/v2.rs`).
- Always set `#[ts(export_to = "v2/")]` on v2 request/response/notification types so generated TypeScript lands in the correct namespace.
- Never use `#[serde(skip_serializing_if = "Option::is_none")]` for v2 API payload fields.
-  Exception: client->server requests that intentionally have no params may use:
-  `params: #[ts(type = "undefined")] #[serde(skip_serializing_if = "Option::is_none")] Option<()>`.
- Keep Rust and TS wire renames aligned. If a field or variant uses `#[serde(rename = "...")]`, add matching `#[ts(rename = "...")]`.
- For discriminated unions, use explicit tagging in both serializers:
-  `#[serde(tag = "type", ...)]` and `#[ts(tag = "type", ...)]`.
- Prefer plain `String` IDs at the API boundary (do UUID parsing/conversion internally if needed).
- Timestamps should be integer Unix seconds (`i64`) and named `*_at` (for example, `created_at`, `updated_at`, `resets_at`).
- For experimental API surface area:
-  use `#[experimental("method/or/field")]`, derive `ExperimentalApi` when field-level gating is needed, and use `inspect_params: true` in `common.rs` when only some fields of a method are experimental.
-
-### Client->server request payloads (`*Params`)
-
- Every optional field must be annotated with `#[ts(optional = nullable)]`. Do not use `#[ts(optional = nullable)]` outside client->server request payloads (`*Params`).
- Optional collection fields (for example `Vec`, `HashMap`) must use `Option<...>` + `#[ts(optional = nullable)]`. Do not use `#[serde(default)]` to model optional collections, and do not use `skip_serializing_if` on v2 payload fields.
- When you want omission to mean `false` for boolean fields, use `#[serde(default, skip_serializing_if = "std::ops::Not::not")] pub field: bool` over `Option<bool>`.
- For new list methods, implement cursor pagination by default:
-  request fields `pub cursor: Option<String>` and `pub limit: Option<u32>`,
-  response fields `pub data: Vec<...>` and `pub next_cursor: Option<String>`.
-
-### Development Workflow
-
- Update docs/examples when API behavior changes (at minimum `app-server/README.md`).
- Regenerate schema fixtures when API shapes change:
-  `just write-app-server-schema`
-  (and `just write-app-server-schema --experimental` when experimental API fixtures are affected).
- Validate with `cargo test -p codex-app-server-protocol`.
--- a/BUILD.bazel
+++ b/BUILD.bazel
@@ -6,21 +6,13 @@ xcode_config(name = "disable_xcode")
 # TODO(zbarsky): Upstream a better libc constraint into rules_rust.
 # We only enable this on linux though for sanity, and because it breaks remote execution.
 platform(
-    name = "local_linux",
+    name = "local",
    constraint_values = [
-        # We mark the local platform as glibc-compatible because musl-built rust cannot dlopen proc macros.
        "@toolchains_llvm_bootstrapped//constraints/libc:gnu.2.28",
    ],
-    parents = ["@platforms//host"],
-)
-
-platform(
-    name = "local_windows",
-    constraint_values = [
-        # We just need to pick one of the ABIs. Do the same one we target.
-        "@rules_rs//rs/experimental/platforms/constraints:windows_gnullvm",
+    parents = [
+        "@platforms//host",
    ],
-    parents = ["@platforms//host"],
 )

 alias(
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -1,14 +1,13 @@
 bazel_dep(name = "platforms", version = "1.0.0")
-bazel_dep(name = "toolchains_llvm_bootstrapped", version = "0.5.3")
-single_version_override(
+bazel_dep(name = "toolchains_llvm_bootstrapped", version = "0.3.1")
+archive_override(
    module_name = "toolchains_llvm_bootstrapped",
-    patch_strip = 1,
-    patches = [
-        "//patches:toolchains_llvm_bootstrapped_resource_dir.patch",
-    ],
+    integrity = "sha256-4/2h4tYSUSptxFVI9G50yJxWGOwHSeTeOGBlaLQBV8g=",
+    strip_prefix = "toolchains_llvm_bootstrapped-d20baf67e04d8e2887e3779022890d1dc5e6b948",
+    urls = ["https://github.com/cerisier/toolchains_llvm_bootstrapped/archive/d20baf67e04d8e2887e3779022890d1dc5e6b948.tar.gz"],
 )

-osx = use_extension("@toolchains_llvm_bootstrapped//extensions:osx.bzl", "osx")
+osx = use_extension("@toolchains_llvm_bootstrapped//toolchain/extension:osx.bzl", "osx")
 osx.framework(name = "ApplicationServices")
 osx.framework(name = "AppKit")
 osx.framework(name = "ColorSync")
@@ -17,7 +16,6 @@ osx.framework(name = "CoreGraphics")
 osx.framework(name = "CoreServices")
 osx.framework(name = "CoreText")
 osx.framework(name = "CFNetwork")
-osx.framework(name = "FontServices")
 osx.framework(name = "Foundation")
 osx.framework(name = "ImageIO")
 osx.framework(name = "Kernel")
@@ -33,93 +31,48 @@ register_toolchains(
 bazel_dep(name = "apple_support", version = "2.1.0")
 bazel_dep(name = "rules_cc", version = "0.2.16")
 bazel_dep(name = "rules_platform", version = "0.1.0")
-bazel_dep(name = "rules_rs", version = "0.0.23")
-
-# Special toolchains branch
-archive_override(
-    module_name = "rules_rs",
-    integrity = "sha256-YbDRjZos4UmfIPY98znK1BgBWRQ1/ui3CtL6RqxE30I=",
-    strip_prefix = "rules_rs-6cf3d940fdc48baf3ebd6c37daf8e0be8fc73ecb",
-    url = "https://github.com/dzbarsky/rules_rs/archive/6cf3d940fdc48baf3ebd6c37daf8e0be8fc73ecb.tar.gz",
+bazel_dep(name = "rules_rust", version = "0.68.1")
+single_version_override(
+    module_name = "rules_rust",
+    patch_strip = 1,
+    patches = [
+        "//patches:rules_rust.patch",
+        "//patches:rules_rust_windows_gnu.patch",
+        "//patches:rules_rust_musl.patch",
+    ],
 )

-rules_rust = use_extension("@rules_rs//rs/experimental:rules_rust.bzl", "rules_rust")
-use_repo(rules_rust, "rules_rust")
+RUST_TRIPLES = [
+    "aarch64-unknown-linux-musl",
+    "aarch64-apple-darwin",
+    "aarch64-pc-windows-gnullvm",
+    "x86_64-unknown-linux-musl",
+    "x86_64-apple-darwin",
+    "x86_64-pc-windows-gnullvm",
+]

-toolchains = use_extension("@rules_rs//rs/experimental/toolchains:module_extension.bzl", "toolchains")
-toolchains.toolchain(
+rust = use_extension("@rules_rust//rust:extensions.bzl", "rust")
+rust.toolchain(
    edition = "2024",
-    version = "1.93.0",
-)
-use_repo(
-    toolchains,
-    "experimental_rust_toolchains_1_93_0",
-    "rust_toolchain_artifacts_macos_aarch64_1_93_0",
+    extra_target_triples = RUST_TRIPLES,
+    versions = ["1.93.0"],
 )
+use_repo(rust, "rust_toolchains")

-register_toolchains("@experimental_rust_toolchains_1_93_0//:all")
+register_toolchains("@rust_toolchains//:all")
+
+bazel_dep(name = "rules_rs", version = "0.0.23")

 crate = use_extension("@rules_rs//rs:extensions.bzl", "crate")
 crate.from_cargo(
    cargo_lock = "//codex-rs:Cargo.lock",
    cargo_toml = "//codex-rs:Cargo.toml",
-    platform_triples = [
-        "aarch64-unknown-linux-gnu",
-        "aarch64-unknown-linux-musl",
-        "aarch64-apple-darwin",
-        "aarch64-pc-windows-gnullvm",
-        "x86_64-unknown-linux-gnu",
-        "x86_64-unknown-linux-musl",
-        "x86_64-apple-darwin",
-        "x86_64-pc-windows-gnullvm",
-    ],
-)
-
-bazel_dep(name = "zstd", version = "1.5.7")
-
-crate.annotation(
-    crate = "zstd-sys",
-    gen_build_script = "off",
-    deps = ["@zstd"],
+    platform_triples = RUST_TRIPLES,
 )
 crate.annotation(
-    build_script_env = {
-        "AWS_LC_SYS_NO_JITTER_ENTROPY": "1",
-    },
-    crate = "aws-lc-sys",
-    patch_args = ["-p1"],
-    patches = [
-        "//patches:aws-lc-sys_memcmp_check.patch",
-    ],
-)
-
-inject_repo(crate, "zstd")
-
-bazel_dep(name = "bzip2", version = "1.0.8.bcr.3")
-bazel_dep(name = "libcap", version = "2.27.bcr.1")
-
-crate.annotation(
-    crate = "bzip2-sys",
-    gen_build_script = "off",
-    deps = ["@bzip2//:bz2"],
-)
-
-inject_repo(crate, "bzip2")
-
-bazel_dep(name = "zlib", version = "1.3.1.bcr.8")
-
-crate.annotation(
-    crate = "libz-sys",
-    gen_build_script = "off",
-    deps = ["@zlib"],
-)
-
-inject_repo(crate, "zlib")
-
-# TODO(zbarsky): Enable annotation after fixing windows arm64 builds.
-crate.annotation(
-    crate = "lzma-sys",
-    gen_build_script = "on",
+    crate = "nucleo-matcher",
+    strip_prefix = "matcher",
+    version = "0.3.1",
 )

 bazel_dep(name = "openssl", version = "3.5.4.bcr.0")
--- a/MODULE.bazel.lock
+++ b/MODULE.bazel.lock
--- a/3
+++ b/3
@@ -4,6 +4,3 @@ Copyright 2025 OpenAI
 This project includes code derived from [Ratatui](https://github.com/ratatui/ratatui), licensed under the MIT license.
 Copyright (c) 2016-2022 Florian Dehau
 Copyright (c) 2023-2025 The Ratatui Developers
-
-This project includes Meriyah parser assets from [meriyah](https://github.com/meriyah/meriyah), licensed under the ISC license.
-Copyright (c) 2019 and later, KFlash and others.
--- a/announcement_tip.toml
+++ b/announcement_tip.toml
@@ -15,9 +15,3 @@ target_app = "cli"
 content = "This is a test announcement"
 version_regex = "^0\\.0\\.0$"
 to_date = "2026-05-10"
-
-[[announcements]]
-content = "**BREAKING NEWS**: `gpt-5.3-codex` is out! Upgrade to `0.98.0` for a faster, smarter, more steerable agent."
-from_date = "2026-02-01"
-to_date = "2026-02-16"
-version_regex = "^0\\.(?:[0-9]|[1-8][0-9]|9[0-7])\\."
--- a/codex-cli/bin/codex.js
+++ b/codex-cli/bin/codex.js
@@ -3,23 +3,12 @@

 import { spawn } from "node:child_process";
 import { existsSync } from "fs";
-import { createRequire } from "node:module";
 import path from "path";
 import { fileURLToPath } from "url";

 // __dirname equivalent in ESM
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
-const require = createRequire(import.meta.url);
-
-const PLATFORM_PACKAGE_BY_TARGET = {
-  "x86_64-unknown-linux-musl": "@openai/codex-linux-x64",
-  "aarch64-unknown-linux-musl": "@openai/codex-linux-arm64",
-  "x86_64-apple-darwin": "@openai/codex-darwin-x64",
-  "aarch64-apple-darwin": "@openai/codex-darwin-arm64",
-  "x86_64-pc-windows-msvc": "@openai/codex-win32-x64",
-  "aarch64-pc-windows-msvc": "@openai/codex-win32-arm64",
-};

 const { platform, arch } = process;

@@ -70,51 +59,9 @@ if (!targetTriple) {
  throw new Error(`Unsupported platform: ${platform} (${arch})`);
 }

-const platformPackage = PLATFORM_PACKAGE_BY_TARGET[targetTriple];
-if (!platformPackage) {
-  throw new Error(`Unsupported target triple: ${targetTriple}`);
-}
-
-const codexBinaryName = process.platform === "win32" ? "codex.exe" : "codex";
-const localVendorRoot = path.join(__dirname, "..", "vendor");
-const localBinaryPath = path.join(
-  localVendorRoot,
-  targetTriple,
-  "codex",
-  codexBinaryName,
-);
-
-let vendorRoot;
-try {
-  const packageJsonPath = require.resolve(`${platformPackage}/package.json`);
-  vendorRoot = path.join(path.dirname(packageJsonPath), "vendor");
-} catch {
-  if (existsSync(localBinaryPath)) {
-    vendorRoot = localVendorRoot;
-  } else {
-    const packageManager = detectPackageManager();
-    const updateCommand =
-      packageManager === "bun"
-        ? "bun install -g @openai/codex@latest"
-        : "npm install -g @openai/codex@latest";
-    throw new Error(
-      `Missing optional dependency ${platformPackage}. Reinstall Codex: ${updateCommand}`,
-    );
-  }
-}
-
-if (!vendorRoot) {
-  const packageManager = detectPackageManager();
-  const updateCommand =
-    packageManager === "bun"
-      ? "bun install -g @openai/codex@latest"
-      : "npm install -g @openai/codex@latest";
-  throw new Error(
-    `Missing optional dependency ${platformPackage}. Reinstall Codex: ${updateCommand}`,
-  );
-}
-
+const vendorRoot = path.join(__dirname, "..", "vendor");
 const archRoot = path.join(vendorRoot, targetTriple);
+const codexBinaryName = process.platform === "win32" ? "codex.exe" : "codex";
 const binaryPath = path.join(archRoot, "codex", codexBinaryName);

 // Use an asynchronous spawn instead of spawnSync so that Node is able to
--- a/codex-cli/scripts/README.md
+++ b/codex-cli/scripts/README.md
@@ -14,10 +14,6 @@ example, to stage the CLI, responses proxy, and SDK packages for version `0.6.0`
 This downloads the native artifacts once, hydrates `vendor/` for each package, and writes
 tarballs to `dist/npm/`.

-When `--package codex` is provided, the staging helper builds the lightweight
-`@openai/codex` meta package plus all platform-native `@openai/codex` variants
-that are later published under platform-specific dist-tags.
-
 If you need to invoke `build_npm_package.py` directly, run
 `codex-cli/scripts/install_native_deps.py` first and pass `--vendor-src` pointing to the
 directory that contains the populated `vendor/` tree.
--- a/codex-cli/scripts/build_npm_package.py
+++ b/codex-cli/scripts/build_npm_package.py
@@ -14,78 +14,15 @@ CODEX_CLI_ROOT = SCRIPT_DIR.parent
 REPO_ROOT = CODEX_CLI_ROOT.parent
 RESPONSES_API_PROXY_NPM_ROOT = REPO_ROOT / "codex-rs" / "responses-api-proxy" / "npm"
 CODEX_SDK_ROOT = REPO_ROOT / "sdk" / "typescript"
-CODEX_NPM_NAME = "@openai/codex"
-
-# `npm_name` is the local optional-dependency alias consumed by `bin/codex.js`.
-# The underlying package published to npm is always `@openai/codex`.
-CODEX_PLATFORM_PACKAGES: dict[str, dict[str, str]] = {
-    "codex-linux-x64": {
-        "npm_name": "@openai/codex-linux-x64",
-        "npm_tag": "linux-x64",
-        "target_triple": "x86_64-unknown-linux-musl",
-        "os": "linux",
-        "cpu": "x64",
-    },
-    "codex-linux-arm64": {
-        "npm_name": "@openai/codex-linux-arm64",
-        "npm_tag": "linux-arm64",
-        "target_triple": "aarch64-unknown-linux-musl",
-        "os": "linux",
-        "cpu": "arm64",
-    },
-    "codex-darwin-x64": {
-        "npm_name": "@openai/codex-darwin-x64",
-        "npm_tag": "darwin-x64",
-        "target_triple": "x86_64-apple-darwin",
-        "os": "darwin",
-        "cpu": "x64",
-    },
-    "codex-darwin-arm64": {
-        "npm_name": "@openai/codex-darwin-arm64",
-        "npm_tag": "darwin-arm64",
-        "target_triple": "aarch64-apple-darwin",
-        "os": "darwin",
-        "cpu": "arm64",
-    },
-    "codex-win32-x64": {
-        "npm_name": "@openai/codex-win32-x64",
-        "npm_tag": "win32-x64",
-        "target_triple": "x86_64-pc-windows-msvc",
-        "os": "win32",
-        "cpu": "x64",
-    },
-    "codex-win32-arm64": {
-        "npm_name": "@openai/codex-win32-arm64",
-        "npm_tag": "win32-arm64",
-        "target_triple": "aarch64-pc-windows-msvc",
-        "os": "win32",
-        "cpu": "arm64",
-    },
-}
-
-PACKAGE_EXPANSIONS: dict[str, list[str]] = {
-    "codex": ["codex", *CODEX_PLATFORM_PACKAGES],
-}

 PACKAGE_NATIVE_COMPONENTS: dict[str, list[str]] = {
-    "codex": [],
-    "codex-linux-x64": ["codex", "rg"],
-    "codex-linux-arm64": ["codex", "rg"],
-    "codex-darwin-x64": ["codex", "rg"],
-    "codex-darwin-arm64": ["codex", "rg"],
-    "codex-win32-x64": ["codex", "rg", "codex-windows-sandbox-setup", "codex-command-runner"],
-    "codex-win32-arm64": ["codex", "rg", "codex-windows-sandbox-setup", "codex-command-runner"],
+    "codex": ["codex", "rg"],
    "codex-responses-api-proxy": ["codex-responses-api-proxy"],
-    "codex-sdk": [],
+    "codex-sdk": ["codex"],
 }
-
-PACKAGE_TARGET_FILTERS: dict[str, str] = {
-    package_name: package_config["target_triple"]
-    for package_name, package_config in CODEX_PLATFORM_PACKAGES.items()
+WINDOWS_ONLY_COMPONENTS: dict[str, list[str]] = {
+    "codex": ["codex-windows-sandbox-setup", "codex-command-runner"],
 }
-
-PACKAGE_CHOICES = tuple(PACKAGE_NATIVE_COMPONENTS)
-
 COMPONENT_DEST_DIR: dict[str, str] = {
    "codex": "codex",
    "codex-responses-api-proxy": "codex-responses-api-proxy",
@@ -99,7 +36,7 @@ def parse_args() -> argparse.Namespace:
    parser = argparse.ArgumentParser(description="Build or stage the Codex CLI npm package.")
    parser.add_argument(
        "--package",
-        choices=PACKAGE_CHOICES,
+        choices=("codex", "codex-responses-api-proxy", "codex-sdk"),
        default="codex",
        help="Which npm package to stage (default: codex).",
    )
@@ -161,7 +98,6 @@ def main() -> int:

        vendor_src = args.vendor_src.resolve() if args.vendor_src else None
        native_components = PACKAGE_NATIVE_COMPONENTS.get(package, [])
-        target_filter = PACKAGE_TARGET_FILTERS.get(package)

        if native_components:
            if vendor_src is None:
@@ -172,12 +108,7 @@ def main() -> int:
                    "pointing to a directory containing pre-installed binaries."
                )

-            copy_native_binaries(
-                vendor_src,
-                staging_dir,
-                native_components,
-                target_filter={target_filter} if target_filter else None,
-            )
+            copy_native_binaries(vendor_src, staging_dir, package, native_components)

        if release_version:
            staging_dir_str = str(staging_dir)
@@ -194,17 +125,12 @@ def main() -> int:
                    "Verify the responses API proxy:\n"
                    f"    node {staging_dir_str}/bin/codex-responses-api-proxy.js --help\n\n"
                )
-            elif package in CODEX_PLATFORM_PACKAGES:
-                print(
-                    f"Staged version {version} for release in {staging_dir_str}\n\n"
-                    "Verify native payload contents:\n"
-                    f"    ls {staging_dir_str}/vendor\n\n"
-                )
            else:
                print(
                    f"Staged version {version} for release in {staging_dir_str}\n\n"
                    "Verify the SDK contents:\n"
                    f"    ls {staging_dir_str}/dist\n"
+                    f"    ls {staging_dir_str}/vendor\n"
                    "    node -e \"import('./dist/index.js').then(() => console.log('ok'))\"\n\n"
                )
        else:
@@ -234,9 +160,6 @@ def prepare_staging_dir(staging_dir: Path | None) -> tuple[Path, bool]:


 def stage_sources(staging_dir: Path, version: str, package: str) -> None:
-    package_json: dict
-    package_json_path: Path | None = None
-
    if package == "codex":
        bin_dir = staging_dir / "bin"
        bin_dir.mkdir(parents=True, exist_ok=True)
@@ -250,35 +173,6 @@ def stage_sources(staging_dir: Path, version: str, package: str) -> None:
            shutil.copy2(readme_src, staging_dir / "README.md")

        package_json_path = CODEX_CLI_ROOT / "package.json"
-    elif package in CODEX_PLATFORM_PACKAGES:
-        platform_package = CODEX_PLATFORM_PACKAGES[package]
-        platform_npm_tag = platform_package["npm_tag"]
-        platform_version = compute_platform_package_version(version, platform_npm_tag)
-
-        readme_src = REPO_ROOT / "README.md"
-        if readme_src.exists():
-            shutil.copy2(readme_src, staging_dir / "README.md")
-
-        with open(CODEX_CLI_ROOT / "package.json", "r", encoding="utf-8") as fh:
-            codex_package_json = json.load(fh)
-
-        package_json = {
-            "name": CODEX_NPM_NAME,
-            "version": platform_version,
-            "license": codex_package_json.get("license", "Apache-2.0"),
-            "os": [platform_package["os"]],
-            "cpu": [platform_package["cpu"]],
-            "files": ["vendor"],
-            "repository": codex_package_json.get("repository"),
-        }
-
-        engines = codex_package_json.get("engines")
-        if isinstance(engines, dict):
-            package_json["engines"] = engines
-
-        package_manager = codex_package_json.get("packageManager")
-        if isinstance(package_manager, str):
-            package_json["packageManager"] = package_manager
    elif package == "codex-responses-api-proxy":
        bin_dir = staging_dir / "bin"
        bin_dir.mkdir(parents=True, exist_ok=True)
@@ -296,44 +190,27 @@ def stage_sources(staging_dir: Path, version: str, package: str) -> None:
    else:
        raise RuntimeError(f"Unknown package '{package}'.")

-    if package_json_path is not None:
-        with open(package_json_path, "r", encoding="utf-8") as fh:
-            package_json = json.load(fh)
-        package_json["version"] = version
+    with open(package_json_path, "r", encoding="utf-8") as fh:
+        package_json = json.load(fh)
+    package_json["version"] = version

-    if package == "codex":
-        package_json["files"] = ["bin"]
-        package_json["optionalDependencies"] = {
-            CODEX_PLATFORM_PACKAGES[platform_package]["npm_name"]: (
-                f"npm:{CODEX_NPM_NAME}@"
-                f"{compute_platform_package_version(version, CODEX_PLATFORM_PACKAGES[platform_package]['npm_tag'])}"
-            )
-            for platform_package in PACKAGE_EXPANSIONS["codex"]
-            if platform_package != "codex"
-        }
-
-    elif package == "codex-sdk":
+    if package == "codex-sdk":
        scripts = package_json.get("scripts")
        if isinstance(scripts, dict):
            scripts.pop("prepare", None)

-        dependencies = package_json.get("dependencies")
-        if not isinstance(dependencies, dict):
-            dependencies = {}
-        dependencies[CODEX_NPM_NAME] = version
-        package_json["dependencies"] = dependencies
+        files = package_json.get("files")
+        if isinstance(files, list):
+            if "vendor" not in files:
+                files.append("vendor")
+        else:
+            package_json["files"] = ["dist", "vendor"]

    with open(staging_dir / "package.json", "w", encoding="utf-8") as out:
        json.dump(package_json, out, indent=2)
        out.write("\n")


-def compute_platform_package_version(version: str, platform_tag: str) -> str:
-    # npm forbids republishing the same package name/version, so each
-    # platform-specific tarball needs a unique version string.
-    return f"{version}-{platform_tag}"
-
-
 def run_command(cmd: list[str], cwd: Path | None = None) -> None:
    print("+", " ".join(cmd))
    subprocess.run(cmd, cwd=cwd, check=True)
@@ -363,8 +240,8 @@ def stage_codex_sdk_sources(staging_dir: Path) -> None:
 def copy_native_binaries(
    vendor_src: Path,
    staging_dir: Path,
+    package: str,
    components: list[str],
-    target_filter: set[str] | None = None,
 ) -> None:
    vendor_src = vendor_src.resolve()
    if not vendor_src.exists():
@@ -379,18 +256,15 @@ def copy_native_binaries(
        shutil.rmtree(vendor_dest)
    vendor_dest.mkdir(parents=True, exist_ok=True)

-    copied_targets: set[str] = set()
-
    for target_dir in vendor_src.iterdir():
        if not target_dir.is_dir():
            continue

-        if target_filter is not None and target_dir.name not in target_filter:
-            continue
+        if "windows" in target_dir.name:
+            components_set.update(WINDOWS_ONLY_COMPONENTS.get(package, []))

        dest_target_dir = vendor_dest / target_dir.name
        dest_target_dir.mkdir(parents=True, exist_ok=True)
-        copied_targets.add(target_dir.name)

        for component in components_set:
            dest_dir_name = COMPONENT_DEST_DIR.get(component)
@@ -408,12 +282,6 @@ def copy_native_binaries(
                shutil.rmtree(dest_component_dir)
            shutil.copytree(src_component_dir, dest_component_dir)

-    if target_filter is not None:
-        missing_targets = sorted(target_filter - copied_targets)
-        if missing_targets:
-            missing_list = ", ".join(missing_targets)
-            raise RuntimeError(f"Missing target directories in vendor source: {missing_list}")
-

 def run_npm_pack(staging_dir: Path, output_path: Path) -> Path:
    output_path = output_path.resolve()
--- a/codex-rs/BUILD.bazel
+++ b/codex-rs/BUILD.bazel
@@ -1,3 +1 @@
-exports_files([
-    "node-version.txt",
-])
+
--- a/codex-rs/Cargo.lock
+++ b/codex-rs/Cargo.lock
--- a/codex-rs/Cargo.toml
+++ b/codex-rs/Cargo.toml
@@ -15,11 +15,8 @@ members = [
    "cloud-tasks",
    "cloud-tasks-client",
    "cli",
-    "config",
-    "shell-command",
+    "common",
    "core",
-    "hooks",
-    "secrets",
    "exec",
    "exec-server",
    "execpolicy",
@@ -30,6 +27,7 @@ members = [
    "lmstudio",
    "login",
    "mcp-server",
+    "mcp-types",
    "network-proxy",
    "ollama",
    "process-hardening",
@@ -48,19 +46,10 @@ members = [
    "utils/home-dir",
    "utils/pty",
    "utils/readiness",
-    "utils/rustls-provider",
    "utils/string",
-    "utils/cli",
-    "utils/elapsed",
-    "utils/sandbox-summary",
-    "utils/sanitizer",
-    "utils/approval-presets",
-    "utils/oss",
-    "utils/fuzzy-match",
    "codex-client",
    "codex-api",
    "state",
-    "codex-experimental-api-macros",
 ]
 resolver = "2"

@@ -80,70 +69,55 @@ codex-ansi-escape = { path = "ansi-escape" }
 codex-api = { path = "codex-api" }
 codex-app-server = { path = "app-server" }
 codex-app-server-protocol = { path = "app-server-protocol" }
-codex-app-server-test-client = { path = "app-server-test-client" }
 codex-apply-patch = { path = "apply-patch" }
 codex-arg0 = { path = "arg0" }
 codex-async-utils = { path = "async-utils" }
 codex-backend-client = { path = "backend-client" }
-codex-chatgpt = { path = "chatgpt" }
-codex-cli = { path = "cli" }
-codex-client = { path = "codex-client" }
 codex-cloud-requirements = { path = "cloud-requirements" }
-codex-config = { path = "config" }
+codex-chatgpt = { path = "chatgpt" }
+codex-cli = { path = "cli"}
+codex-client = { path = "codex-client" }
+codex-common = { path = "common" }
 codex-core = { path = "core" }
 codex-exec = { path = "exec" }
 codex-execpolicy = { path = "execpolicy" }
-codex-experimental-api-macros = { path = "codex-experimental-api-macros" }
 codex-feedback = { path = "feedback" }
 codex-file-search = { path = "file-search" }
 codex-git = { path = "utils/git" }
-codex-hooks = { path = "hooks" }
 codex-keyring-store = { path = "keyring-store" }
 codex-linux-sandbox = { path = "linux-sandbox" }
 codex-lmstudio = { path = "lmstudio" }
 codex-login = { path = "login" }
 codex-mcp-server = { path = "mcp-server" }
-codex-network-proxy = { path = "network-proxy" }
 codex-ollama = { path = "ollama" }
 codex-otel = { path = "otel" }
 codex-process-hardening = { path = "process-hardening" }
 codex-protocol = { path = "protocol" }
 codex-responses-api-proxy = { path = "responses-api-proxy" }
 codex-rmcp-client = { path = "rmcp-client" }
-codex-secrets = { path = "secrets" }
-codex-shell-command = { path = "shell-command" }
 codex-state = { path = "state" }
 codex-stdio-to-uds = { path = "stdio-to-uds" }
 codex-tui = { path = "tui" }
 codex-utils-absolute-path = { path = "utils/absolute-path" }
-codex-utils-approval-presets = { path = "utils/approval-presets" }
 codex-utils-cache = { path = "utils/cache" }
 codex-utils-cargo-bin = { path = "utils/cargo-bin" }
-codex-utils-cli = { path = "utils/cli" }
-codex-utils-elapsed = { path = "utils/elapsed" }
-codex-utils-fuzzy-match = { path = "utils/fuzzy-match" }
-codex-utils-home-dir = { path = "utils/home-dir" }
 codex-utils-image = { path = "utils/image" }
 codex-utils-json-to-toml = { path = "utils/json-to-toml" }
-codex-utils-oss = { path = "utils/oss" }
+codex-utils-home-dir = { path = "utils/home-dir" }
 codex-utils-pty = { path = "utils/pty" }
 codex-utils-readiness = { path = "utils/readiness" }
-codex-utils-rustls-provider = { path = "utils/rustls-provider" }
-codex-utils-sandbox-summary = { path = "utils/sandbox-summary" }
-codex-utils-sanitizer = { path = "utils/sanitizer" }
 codex-utils-string = { path = "utils/string" }
 codex-windows-sandbox = { path = "windows-sandbox-rs" }
 core_test_support = { path = "core/tests/common" }
 exec_server_test_support = { path = "exec-server/tests/common" }
+mcp-types = { path = "mcp-types" }
 mcp_test_support = { path = "mcp-server/tests/common" }

 # External
-age = "0.11.1"
 allocative = "0.3.3"
 ansi-to-tui = "7.0.0"
 anyhow = "1"
 arboard = { version = "3", features = ["wayland-data-control"] }
-askama = "0.15.4"
 assert_cmd = "2"
 assert_matches = "1.5.0"
 async-channel = "2.3.1"
@@ -151,15 +125,14 @@ async-stream = "0.3.6"
 async-trait = "0.1.89"
 axum = { version = "0.8", default-features = false }
 base64 = "0.22.1"
-bm25 = "2.3.2"
 bytes = "1.10.1"
 chardetng = "0.1.17"
 chrono = "0.4.43"
 clap = "4"
 clap_complete = "4"
 color-eyre = "0.6.3"
-crossbeam-channel = "0.5.15"
 crossterm = "0.28.1"
+crossbeam-channel = "0.5.15"
 ctor = "0.6.3"
 derive_more = "2"
 diffy = "0.4.2"
@@ -177,12 +150,11 @@ icu_decimal = "2.1"
 icu_locale_core = "2.1"
 icu_provider = { version = "2.1", features = ["sync"] }
 ignore = "0.4.23"
+indoc = "2.0"
 image = { version = "^0.25.9", default-features = false }
 include_dir = "0.7.4"
 indexmap = "2.12.0"
-indoc = "2.0"
-insta = "1.46.3"
-inventory = "0.3.19"
+insta = "1.46.0"
 itertools = "0.14.0"
 keyring = { version = "3.6", default-features = false }
 landlock = "0.4.4"
@@ -202,6 +174,7 @@ opentelemetry-appender-tracing = "0.31.0"
 opentelemetry-otlp = "0.31.0"
 opentelemetry-semantic-conventions = "0.31.0"
 opentelemetry_sdk = "0.31.0"
+tracing-opentelemetry = "0.32.0"
 os_info = "3.12.0"
 owo-colors = "4.2.0"
 path-absolutize = "3.1.1"
@@ -213,18 +186,13 @@ pulldown-cmark = "0.10"
 rand = "0.9"
 ratatui = "0.29.0"
 ratatui-macros = "0.6.0"
-regex = "1.12.3"
+regex = "1.12.2"
 regex-lite = "0.1.8"
 reqwest = "0.12"
-rmcp = { version = "0.15.0", default-features = false }
+rmcp = { version = "0.12.0", default-features = false }
 runfiles = { git = "https://github.com/dzbarsky/rules_rust", rev = "b56cbaa8465e74127f1ea216f813cd377295ad81" }
-rustls = { version = "0.23", default-features = false, features = [
-    "ring",
-    "std",
-] }
 schemars = "0.8.22"
 seccompiler = "0.5.0"
-semver = "1.0"
 sentry = "0.46.0"
 serde = "1"
 serde_json = "1"
@@ -234,19 +202,11 @@ serde_yaml = "0.9"
 serial_test = "3.2.0"
 sha1 = "0.10.6"
 sha2 = "0.10"
+semver = "1.0"
 shlex = "1.3.0"
 similar = "2.7.0"
 socket2 = "0.6.1"
-sqlx = { version = "0.8.6", default-features = false, features = [
-    "chrono",
-    "json",
-    "macros",
-    "migrate",
-    "runtime-tokio-rustls",
-    "sqlite",
-    "time",
-    "uuid",
-] }
+sqlx = { version = "0.8.6", default-features = false, features = ["chrono", "json", "macros", "migrate", "runtime-tokio-rustls", "sqlite", "time", "uuid"] }
 starlark = "0.13.0"
 strum = "0.27.2"
 strum_macros = "0.27.2"
@@ -256,28 +216,24 @@ tempfile = "3.23.0"
 test-log = "0.2.19"
 textwrap = "0.16.2"
 thiserror = "2.0.17"
-time = "0.3.47"
+time = "0.3"
 tiny_http = "0.12"
 tokio = "1"
 tokio-stream = "0.1.18"
 tokio-test = "0.4"
-tokio-tungstenite = { version = "0.28.0", features = [
-    "proxy",
-    "rustls-tls-native-roots",
-] }
+tokio-tungstenite = { version = "0.28.0", features = ["proxy", "rustls-tls-native-roots"] }
 tokio-util = "0.7.18"
 toml = "0.9.5"
 toml_edit = "0.24.0"
 tracing = "0.1.44"
 tracing-appender = "0.2.3"
-tracing-opentelemetry = "0.32.0"
 tracing-subscriber = "0.3.22"
 tracing-test = "0.2.5"
 tree-sitter = "0.25.10"
 tree-sitter-bash = "0.25"
+zstd = "0.13"
 tree-sitter-highlight = "0.25.10"
 ts-rs = "11"
-tungstenite = { version = "0.27.0", features = ["deflate", "proxy"] }
 uds_windows = "1.1.0"
 unicode-segmentation = "1.12.0"
 unicode-width = "0.2"
@@ -289,8 +245,6 @@ walkdir = "2.5.0"
 webbrowser = "1.0"
 which = "8"
 wildmatch = "2.6.1"
-zip = "2.4.2"
-zstd = "0.13"

 wiremock = "0.6"
 zeroize = "1.8.2"
@@ -336,13 +290,7 @@ unwrap_used = "deny"
 # cargo-shear cannot see the platform-specific openssl-sys usage, so we
 # silence the false positive here instead of deleting a real dependency.
 [workspace.metadata.cargo-shear]
-ignored = [
-    "icu_provider",
-    "openssl-sys",
-    "codex-utils-readiness",
-    "codex-utils-sanitizer",
-    "codex-secrets",
-]
+ignored = ["icu_provider", "openssl-sys", "codex-utils-readiness"]

 [profile.release]
 lto = "fat"
@@ -363,11 +311,10 @@ opt-level = 0
 # ratatui = { path = "../../ratatui" }
 crossterm = { git = "https://github.com/nornagon/crossterm", branch = "nornagon/color-query" }
 ratatui = { git = "https://github.com/nornagon/ratatui", branch = "nornagon-v0.29.0-patch" }
-tokio-tungstenite = { git = "https://github.com/openai-oss-forks/tokio-tungstenite", rev = "132f5b39c862e3a970f731d709608b3e6276d5f6" }
-tungstenite = { git = "https://github.com/openai-oss-forks/tungstenite-rs", rev = "9200079d3b54a1ff51072e24d81fd354f085156f" }
+tokio-tungstenite = { git = "https://github.com/JakkuSakura/tokio-tungstenite", rev = "2ae536b0de793f3ddf31fc2f22d445bf1ef2023d" }

 # Uncomment to debug local changes.
 # rmcp = { path = "../../rust-sdk/crates/rmcp" }

-[patch."ssh://git@github.com/openai-oss-forks/tungstenite-rs.git"]
-tungstenite = { git = "https://github.com/openai-oss-forks/tungstenite-rs", rev = "9200079d3b54a1ff51072e24d81fd354f085156f" }
+[patch."ssh://git@github.com/JakkuSakura/tungstenite-rs.git"]
+tungstenite = { git = "https://github.com/JakkuSakura/tungstenite-rs", rev = "f514de8644821113e5d18a027d6d28a5c8cc0a6e" }
--- a/codex-rs/README.md
+++ b/codex-rs/README.md
@@ -51,7 +51,6 @@ You can enable notifications by configuring a script that is run whenever the ag
 ### `codex exec` to run Codex programmatically/non-interactively

 To run Codex non-interactively, run `codex exec PROMPT` (you can also pass the prompt via `stdin`) and Codex will work on your task until it decides that it is done and exits. Output is printed to the terminal directly. You can set the `RUST_LOG` environment variable to see more about what's going on.
-Use `codex exec --ephemeral ...` to run without persisting session rollout files to disk.

 ### Experimenting with the Codex Sandbox

@@ -97,5 +96,3 @@ This folder is the root of a Cargo workspace. It contains quite a bit of experim
 - [`exec/`](./exec) "headless" CLI for use in automation.
 - [`tui/`](./tui) CLI that launches a fullscreen TUI built with [Ratatui](https://ratatui.rs/).
 - [`cli/`](./cli) CLI multitool that provides the aforementioned CLIs via subcommands.
-
-If you want to contribute or inspect behavior in detail, start by reading the module-level `README.md` files under each crate and run the project workspace from the top-level `codex-rs` directory so shared config, features, and build scripts stay aligned.
--- a/codex-rs/app-server-protocol/BUILD.bazel
+++ b/codex-rs/app-server-protocol/BUILD.bazel
@@ -3,5 +3,4 @@ load("//:defs.bzl", "codex_rust_crate")
 codex_rust_crate(
    name = "app-server-protocol",
    crate_name = "codex_app_server_protocol",
-    test_data_extra = glob(["schema/**"], allow_empty = True),
 )
--- a/codex-rs/app-server-protocol/Cargo.toml
+++ b/codex-rs/app-server-protocol/Cargo.toml
@@ -15,20 +15,16 @@ workspace = true
 anyhow = { workspace = true }
 clap = { workspace = true, features = ["derive"] }
 codex-protocol = { workspace = true }
-codex-experimental-api-macros = { workspace = true }
 codex-utils-absolute-path = { workspace = true }
+mcp-types = { workspace = true }
 schemars = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true }
 strum_macros = { workspace = true }
 thiserror = { workspace = true }
 ts-rs = { workspace = true }
-inventory = { workspace = true }
 uuid = { workspace = true, features = ["serde", "v7"] }

 [dev-dependencies]
 anyhow = { workspace = true }
-codex-utils-cargo-bin = { workspace = true }
 pretty_assertions = { workspace = true }
-similar = { workspace = true }
-tempfile = { workspace = true }
--- a/codex-rs/app-server-protocol/schema/json/ApplyPatchApprovalParams.json
+++ b/codex-rs/app-server-protocol/schema/json/ApplyPatchApprovalParams.json
@@ -1,114 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "FileChange": {
-      "oneOf": [
-        {
-          "properties": {
-            "content": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "add"
-              ],
-              "title": "AddFileChangeType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "content",
-            "type"
-          ],
-          "title": "AddFileChange",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "content": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "delete"
-              ],
-              "title": "DeleteFileChangeType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "content",
-            "type"
-          ],
-          "title": "DeleteFileChange",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "move_path": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "update"
-              ],
-              "title": "UpdateFileChangeType",
-              "type": "string"
-            },
-            "unified_diff": {
-              "type": "string"
-            }
-          },
-          "required": [
-            "type",
-            "unified_diff"
-          ],
-          "title": "UpdateFileChange",
-          "type": "object"
-        }
-      ]
-    },
-    "ThreadId": {
-      "type": "string"
-    }
-  },
-  "properties": {
-    "callId": {
-      "description": "Use to correlate this with [codex_core::protocol::PatchApplyBeginEvent] and [codex_core::protocol::PatchApplyEndEvent].",
-      "type": "string"
-    },
-    "conversationId": {
-      "$ref": "#/definitions/ThreadId"
-    },
-    "fileChanges": {
-      "additionalProperties": {
-        "$ref": "#/definitions/FileChange"
-      },
-      "type": "object"
-    },
-    "grantRoot": {
-      "description": "When set, the agent is asking the user to allow writes under this root for the remainder of the session (unclear if this is honored today).",
-      "type": [
-        "string",
-        "null"
-      ]
-    },
-    "reason": {
-      "description": "Optional explanatory reason (e.g. request for extra write access).",
-      "type": [
-        "string",
-        "null"
-      ]
-    }
-  },
-  "required": [
-    "callId",
-    "conversationId",
-    "fileChanges"
-  ],
-  "title": "ApplyPatchApprovalParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/ApplyPatchApprovalResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/ApplyPatchApprovalResponse.json
@@ -1,73 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "ReviewDecision": {
-      "description": "User's decision in response to an ExecApprovalRequest.",
-      "oneOf": [
-        {
-          "description": "User has approved this command and the agent should execute it.",
-          "enum": [
-            "approved"
-          ],
-          "type": "string"
-        },
-        {
-          "additionalProperties": false,
-          "description": "User has approved this command and wants to apply the proposed execpolicy amendment so future matching commands are permitted.",
-          "properties": {
-            "approved_execpolicy_amendment": {
-              "properties": {
-                "proposed_execpolicy_amendment": {
-                  "items": {
-                    "type": "string"
-                  },
-                  "type": "array"
-                }
-              },
-              "required": [
-                "proposed_execpolicy_amendment"
-              ],
-              "type": "object"
-            }
-          },
-          "required": [
-            "approved_execpolicy_amendment"
-          ],
-          "title": "ApprovedExecpolicyAmendmentReviewDecision",
-          "type": "object"
-        },
-        {
-          "description": "User has approved this command and wants to automatically approve any future identical instances (`command` and `cwd` match exactly) for the remainder of the session.",
-          "enum": [
-            "approved_for_session"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "User has denied this command and the agent should not execute it, but it should continue the session and try something else.",
-          "enum": [
-            "denied"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "User has denied this command and the agent should not do anything until the user's next command.",
-          "enum": [
-            "abort"
-          ],
-          "type": "string"
-        }
-      ]
-    }
-  },
-  "properties": {
-    "decision": {
-      "$ref": "#/definitions/ReviewDecision"
-    }
-  },
-  "required": [
-    "decision"
-  ],
-  "title": "ApplyPatchApprovalResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/ChatgptAuthTokensRefreshParams.json
+++ b/codex-rs/app-server-protocol/schema/json/ChatgptAuthTokensRefreshParams.json
@@ -1,33 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "ChatgptAuthTokensRefreshReason": {
-      "oneOf": [
-        {
-          "description": "Codex attempted a backend request and received `401 Unauthorized`.",
-          "enum": [
-            "unauthorized"
-          ],
-          "type": "string"
-        }
-      ]
-    }
-  },
-  "properties": {
-    "previousAccountId": {
-      "description": "Workspace/account identifier that Codex was previously using.\n\nClients that manage multiple accounts/workspaces can use this as a hint to refresh the token for the correct workspace.\n\nThis may be `null` when the prior auth state did not include a workspace identifier (`chatgpt_account_id`).",
-      "type": [
-        "string",
-        "null"
-      ]
-    },
-    "reason": {
-      "$ref": "#/definitions/ChatgptAuthTokensRefreshReason"
-    }
-  },
-  "required": [
-    "reason"
-  ],
-  "title": "ChatgptAuthTokensRefreshParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/ChatgptAuthTokensRefreshResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/ChatgptAuthTokensRefreshResponse.json
@@ -1,23 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "accessToken": {
-      "type": "string"
-    },
-    "chatgptAccountId": {
-      "type": "string"
-    },
-    "chatgptPlanType": {
-      "type": [
-        "string",
-        "null"
-      ]
-    }
-  },
-  "required": [
-    "accessToken",
-    "chatgptAccountId"
-  ],
-  "title": "ChatgptAuthTokensRefreshResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/ClientNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/ClientNotification.json
@@ -1,22 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "oneOf": [
-    {
-      "properties": {
-        "method": {
-          "enum": [
-            "initialized"
-          ],
-          "title": "InitializedNotificationMethod",
-          "type": "string"
-        }
-      },
-      "required": [
-        "method"
-      ],
-      "title": "InitializedNotification",
-      "type": "object"
-    }
-  ],
-  "title": "ClientNotification"
-}
--- a/codex-rs/app-server-protocol/schema/json/ClientRequest.json
+++ b/codex-rs/app-server-protocol/schema/json/ClientRequest.json
--- a/codex-rs/app-server-protocol/schema/json/CommandExecutionRequestApprovalParams.json
+++ b/codex-rs/app-server-protocol/schema/json/CommandExecutionRequestApprovalParams.json
@@ -1,174 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "CommandAction": {
-      "oneOf": [
-        {
-          "properties": {
-            "command": {
-              "type": "string"
-            },
-            "name": {
-              "type": "string"
-            },
-            "path": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "read"
-              ],
-              "title": "ReadCommandActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "command",
-            "name",
-            "path",
-            "type"
-          ],
-          "title": "ReadCommandAction",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "command": {
-              "type": "string"
-            },
-            "path": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "listFiles"
-              ],
-              "title": "ListFilesCommandActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "command",
-            "type"
-          ],
-          "title": "ListFilesCommandAction",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "command": {
-              "type": "string"
-            },
-            "path": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "query": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "search"
-              ],
-              "title": "SearchCommandActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "command",
-            "type"
-          ],
-          "title": "SearchCommandAction",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "command": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "unknown"
-              ],
-              "title": "UnknownCommandActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "command",
-            "type"
-          ],
-          "title": "UnknownCommandAction",
-          "type": "object"
-        }
-      ]
-    }
-  },
-  "properties": {
-    "command": {
-      "description": "The command to be executed.",
-      "type": [
-        "string",
-        "null"
-      ]
-    },
-    "commandActions": {
-      "description": "Best-effort parsed command actions for friendly display.",
-      "items": {
-        "$ref": "#/definitions/CommandAction"
-      },
-      "type": [
-        "array",
-        "null"
-      ]
-    },
-    "cwd": {
-      "description": "The command's working directory.",
-      "type": [
-        "string",
-        "null"
-      ]
-    },
-    "itemId": {
-      "type": "string"
-    },
-    "proposedExecpolicyAmendment": {
-      "description": "Optional proposed execpolicy amendment to allow similar commands without prompting.",
-      "items": {
-        "type": "string"
-      },
-      "type": [
-        "array",
-        "null"
-      ]
-    },
-    "reason": {
-      "description": "Optional explanatory reason (e.g. request for network access).",
-      "type": [
-        "string",
-        "null"
-      ]
-    },
-    "threadId": {
-      "type": "string"
-    },
-    "turnId": {
-      "type": "string"
-    }
-  },
-  "required": [
-    "itemId",
-    "threadId",
-    "turnId"
-  ],
-  "title": "CommandExecutionRequestApprovalParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/CommandExecutionRequestApprovalResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/CommandExecutionRequestApprovalResponse.json
@@ -1,72 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "CommandExecutionApprovalDecision": {
-      "oneOf": [
-        {
-          "description": "User approved the command.",
-          "enum": [
-            "accept"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "User approved the command and future identical commands should run without prompting.",
-          "enum": [
-            "acceptForSession"
-          ],
-          "type": "string"
-        },
-        {
-          "additionalProperties": false,
-          "description": "User approved the command, and wants to apply the proposed execpolicy amendment so future matching commands can run without prompting.",
-          "properties": {
-            "acceptWithExecpolicyAmendment": {
-              "properties": {
-                "execpolicy_amendment": {
-                  "items": {
-                    "type": "string"
-                  },
-                  "type": "array"
-                }
-              },
-              "required": [
-                "execpolicy_amendment"
-              ],
-              "type": "object"
-            }
-          },
-          "required": [
-            "acceptWithExecpolicyAmendment"
-          ],
-          "title": "AcceptWithExecpolicyAmendmentCommandExecutionApprovalDecision",
-          "type": "object"
-        },
-        {
-          "description": "User denied the command. The agent will continue the turn.",
-          "enum": [
-            "decline"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "User denied the command. The turn will also be immediately interrupted.",
-          "enum": [
-            "cancel"
-          ],
-          "type": "string"
-        }
-      ]
-    }
-  },
-  "properties": {
-    "decision": {
-      "$ref": "#/definitions/CommandExecutionApprovalDecision"
-    }
-  },
-  "required": [
-    "decision"
-  ],
-  "title": "CommandExecutionRequestApprovalResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/DynamicToolCallParams.json
+++ b/codex-rs/app-server-protocol/schema/json/DynamicToolCallParams.json
@@ -1,27 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "arguments": true,
-    "callId": {
-      "type": "string"
-    },
-    "threadId": {
-      "type": "string"
-    },
-    "tool": {
-      "type": "string"
-    },
-    "turnId": {
-      "type": "string"
-    }
-  },
-  "required": [
-    "arguments",
-    "callId",
-    "threadId",
-    "tool",
-    "turnId"
-  ],
-  "title": "DynamicToolCallParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/DynamicToolCallResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/DynamicToolCallResponse.json
@@ -1,66 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "DynamicToolCallOutputContentItem": {
-      "oneOf": [
-        {
-          "properties": {
-            "text": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "inputText"
-              ],
-              "title": "InputTextDynamicToolCallOutputContentItemType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "text",
-            "type"
-          ],
-          "title": "InputTextDynamicToolCallOutputContentItem",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "imageUrl": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "inputImage"
-              ],
-              "title": "InputImageDynamicToolCallOutputContentItemType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "imageUrl",
-            "type"
-          ],
-          "title": "InputImageDynamicToolCallOutputContentItem",
-          "type": "object"
-        }
-      ]
-    }
-  },
-  "properties": {
-    "contentItems": {
-      "items": {
-        "$ref": "#/definitions/DynamicToolCallOutputContentItem"
-      },
-      "type": "array"
-    },
-    "success": {
-      "type": "boolean"
-    }
-  },
-  "required": [
-    "contentItems",
-    "success"
-  ],
-  "title": "DynamicToolCallResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/EventMsg.json
+++ b/codex-rs/app-server-protocol/schema/json/EventMsg.json
--- a/codex-rs/app-server-protocol/schema/json/ExecCommandApprovalParams.json
+++ b/codex-rs/app-server-protocol/schema/json/ExecCommandApprovalParams.json
@@ -1,158 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "ParsedCommand": {
-      "oneOf": [
-        {
-          "properties": {
-            "cmd": {
-              "type": "string"
-            },
-            "name": {
-              "type": "string"
-            },
-            "path": {
-              "description": "(Best effort) Path to the file being read by the command. When possible, this is an absolute path, though when relative, it should be resolved against the `cwd`` that will be used to run the command to derive the absolute path.",
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "read"
-              ],
-              "title": "ReadParsedCommandType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "cmd",
-            "name",
-            "path",
-            "type"
-          ],
-          "title": "ReadParsedCommand",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "cmd": {
-              "type": "string"
-            },
-            "path": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "list_files"
-              ],
-              "title": "ListFilesParsedCommandType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "cmd",
-            "type"
-          ],
-          "title": "ListFilesParsedCommand",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "cmd": {
-              "type": "string"
-            },
-            "path": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "query": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "search"
-              ],
-              "title": "SearchParsedCommandType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "cmd",
-            "type"
-          ],
-          "title": "SearchParsedCommand",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "cmd": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "unknown"
-              ],
-              "title": "UnknownParsedCommandType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "cmd",
-            "type"
-          ],
-          "title": "UnknownParsedCommand",
-          "type": "object"
-        }
-      ]
-    },
-    "ThreadId": {
-      "type": "string"
-    }
-  },
-  "properties": {
-    "callId": {
-      "description": "Use to correlate this with [codex_core::protocol::ExecCommandBeginEvent] and [codex_core::protocol::ExecCommandEndEvent].",
-      "type": "string"
-    },
-    "command": {
-      "items": {
-        "type": "string"
-      },
-      "type": "array"
-    },
-    "conversationId": {
-      "$ref": "#/definitions/ThreadId"
-    },
-    "cwd": {
-      "type": "string"
-    },
-    "parsedCmd": {
-      "items": {
-        "$ref": "#/definitions/ParsedCommand"
-      },
-      "type": "array"
-    },
-    "reason": {
-      "type": [
-        "string",
-        "null"
-      ]
-    }
-  },
-  "required": [
-    "callId",
-    "command",
-    "conversationId",
-    "cwd",
-    "parsedCmd"
-  ],
-  "title": "ExecCommandApprovalParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/ExecCommandApprovalResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/ExecCommandApprovalResponse.json
@@ -1,73 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "ReviewDecision": {
-      "description": "User's decision in response to an ExecApprovalRequest.",
-      "oneOf": [
-        {
-          "description": "User has approved this command and the agent should execute it.",
-          "enum": [
-            "approved"
-          ],
-          "type": "string"
-        },
-        {
-          "additionalProperties": false,
-          "description": "User has approved this command and wants to apply the proposed execpolicy amendment so future matching commands are permitted.",
-          "properties": {
-            "approved_execpolicy_amendment": {
-              "properties": {
-                "proposed_execpolicy_amendment": {
-                  "items": {
-                    "type": "string"
-                  },
-                  "type": "array"
-                }
-              },
-              "required": [
-                "proposed_execpolicy_amendment"
-              ],
-              "type": "object"
-            }
-          },
-          "required": [
-            "approved_execpolicy_amendment"
-          ],
-          "title": "ApprovedExecpolicyAmendmentReviewDecision",
-          "type": "object"
-        },
-        {
-          "description": "User has approved this command and wants to automatically approve any future identical instances (`command` and `cwd` match exactly) for the remainder of the session.",
-          "enum": [
-            "approved_for_session"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "User has denied this command and the agent should not execute it, but it should continue the session and try something else.",
-          "enum": [
-            "denied"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "User has denied this command and the agent should not do anything until the user's next command.",
-          "enum": [
-            "abort"
-          ],
-          "type": "string"
-        }
-      ]
-    }
-  },
-  "properties": {
-    "decision": {
-      "$ref": "#/definitions/ReviewDecision"
-    }
-  },
-  "required": [
-    "decision"
-  ],
-  "title": "ExecCommandApprovalResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/FileChangeRequestApprovalParams.json
+++ b/codex-rs/app-server-protocol/schema/json/FileChangeRequestApprovalParams.json
@@ -1,35 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "grantRoot": {
-      "description": "[UNSTABLE] When set, the agent is asking the user to allow writes under this root for the remainder of the session (unclear if this is honored today).",
-      "type": [
-        "string",
-        "null"
-      ]
-    },
-    "itemId": {
-      "type": "string"
-    },
-    "reason": {
-      "description": "Optional explanatory reason (e.g. request for extra write access).",
-      "type": [
-        "string",
-        "null"
-      ]
-    },
-    "threadId": {
-      "type": "string"
-    },
-    "turnId": {
-      "type": "string"
-    }
-  },
-  "required": [
-    "itemId",
-    "threadId",
-    "turnId"
-  ],
-  "title": "FileChangeRequestApprovalParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/FileChangeRequestApprovalResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/FileChangeRequestApprovalResponse.json
@@ -1,47 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "FileChangeApprovalDecision": {
-      "oneOf": [
-        {
-          "description": "User approved the file changes.",
-          "enum": [
-            "accept"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "User approved the file changes and future changes to the same files should run without prompting.",
-          "enum": [
-            "acceptForSession"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "User denied the file changes. The agent will continue the turn.",
-          "enum": [
-            "decline"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "User denied the file changes. The turn will also be immediately interrupted.",
-          "enum": [
-            "cancel"
-          ],
-          "type": "string"
-        }
-      ]
-    }
-  },
-  "properties": {
-    "decision": {
-      "$ref": "#/definitions/FileChangeApprovalDecision"
-    }
-  },
-  "required": [
-    "decision"
-  ],
-  "title": "FileChangeRequestApprovalResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/FuzzyFileSearchParams.json
+++ b/codex-rs/app-server-protocol/schema/json/FuzzyFileSearchParams.json
@@ -1,26 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "cancellationToken": {
-      "type": [
-        "string",
-        "null"
-      ]
-    },
-    "query": {
-      "type": "string"
-    },
-    "roots": {
-      "items": {
-        "type": "string"
-      },
-      "type": "array"
-    }
-  },
-  "required": [
-    "query",
-    "roots"
-  ],
-  "title": "FuzzyFileSearchParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/FuzzyFileSearchResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/FuzzyFileSearchResponse.json
@@ -1,55 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "FuzzyFileSearchResult": {
-      "description": "Superset of [`codex_file_search::FileMatch`]",
-      "properties": {
-        "file_name": {
-          "type": "string"
-        },
-        "indices": {
-          "items": {
-            "format": "uint32",
-            "minimum": 0.0,
-            "type": "integer"
-          },
-          "type": [
-            "array",
-            "null"
-          ]
-        },
-        "path": {
-          "type": "string"
-        },
-        "root": {
-          "type": "string"
-        },
-        "score": {
-          "format": "uint32",
-          "minimum": 0.0,
-          "type": "integer"
-        }
-      },
-      "required": [
-        "file_name",
-        "path",
-        "root",
-        "score"
-      ],
-      "type": "object"
-    }
-  },
-  "properties": {
-    "files": {
-      "items": {
-        "$ref": "#/definitions/FuzzyFileSearchResult"
-      },
-      "type": "array"
-    }
-  },
-  "required": [
-    "files"
-  ],
-  "title": "FuzzyFileSearchResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/JSONRPCError.json
+++ b/codex-rs/app-server-protocol/schema/json/JSONRPCError.json
@@ -1,48 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "JSONRPCErrorError": {
-      "properties": {
-        "code": {
-          "format": "int64",
-          "type": "integer"
-        },
-        "data": true,
-        "message": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "code",
-        "message"
-      ],
-      "type": "object"
-    },
-    "RequestId": {
-      "anyOf": [
-        {
-          "type": "string"
-        },
-        {
-          "format": "int64",
-          "type": "integer"
-        }
-      ]
-    }
-  },
-  "description": "A response to a request that indicates an error occurred.",
-  "properties": {
-    "error": {
-      "$ref": "#/definitions/JSONRPCErrorError"
-    },
-    "id": {
-      "$ref": "#/definitions/RequestId"
-    }
-  },
-  "required": [
-    "error",
-    "id"
-  ],
-  "title": "JSONRPCError",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/JSONRPCErrorError.json
+++ b/codex-rs/app-server-protocol/schema/json/JSONRPCErrorError.json
@@ -1,19 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "code": {
-      "format": "int64",
-      "type": "integer"
-    },
-    "data": true,
-    "message": {
-      "type": "string"
-    }
-  },
-  "required": [
-    "code",
-    "message"
-  ],
-  "title": "JSONRPCErrorError",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/JSONRPCMessage.json
+++ b/codex-rs/app-server-protocol/schema/json/JSONRPCMessage.json
@@ -1,109 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "anyOf": [
-    {
-      "$ref": "#/definitions/JSONRPCRequest"
-    },
-    {
-      "$ref": "#/definitions/JSONRPCNotification"
-    },
-    {
-      "$ref": "#/definitions/JSONRPCResponse"
-    },
-    {
-      "$ref": "#/definitions/JSONRPCError"
-    }
-  ],
-  "definitions": {
-    "JSONRPCError": {
-      "description": "A response to a request that indicates an error occurred.",
-      "properties": {
-        "error": {
-          "$ref": "#/definitions/JSONRPCErrorError"
-        },
-        "id": {
-          "$ref": "#/definitions/RequestId"
-        }
-      },
-      "required": [
-        "error",
-        "id"
-      ],
-      "type": "object"
-    },
-    "JSONRPCErrorError": {
-      "properties": {
-        "code": {
-          "format": "int64",
-          "type": "integer"
-        },
-        "data": true,
-        "message": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "code",
-        "message"
-      ],
-      "type": "object"
-    },
-    "JSONRPCNotification": {
-      "description": "A notification which does not expect a response.",
-      "properties": {
-        "method": {
-          "type": "string"
-        },
-        "params": true
-      },
-      "required": [
-        "method"
-      ],
-      "type": "object"
-    },
-    "JSONRPCRequest": {
-      "description": "A request that expects a response.",
-      "properties": {
-        "id": {
-          "$ref": "#/definitions/RequestId"
-        },
-        "method": {
-          "type": "string"
-        },
-        "params": true
-      },
-      "required": [
-        "id",
-        "method"
-      ],
-      "type": "object"
-    },
-    "JSONRPCResponse": {
-      "description": "A successful (non-error) response to a request.",
-      "properties": {
-        "id": {
-          "$ref": "#/definitions/RequestId"
-        },
-        "result": true
-      },
-      "required": [
-        "id",
-        "result"
-      ],
-      "type": "object"
-    },
-    "RequestId": {
-      "anyOf": [
-        {
-          "type": "string"
-        },
-        {
-          "format": "int64",
-          "type": "integer"
-        }
-      ]
-    }
-  },
-  "description": "Refers to any valid JSON-RPC object that can be decoded off the wire, or encoded to be sent.",
-  "title": "JSONRPCMessage"
-}
--- a/codex-rs/app-server-protocol/schema/json/JSONRPCNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/JSONRPCNotification.json
@@ -1,15 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "description": "A notification which does not expect a response.",
-  "properties": {
-    "method": {
-      "type": "string"
-    },
-    "params": true
-  },
-  "required": [
-    "method"
-  ],
-  "title": "JSONRPCNotification",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/JSONRPCRequest.json
+++ b/codex-rs/app-server-protocol/schema/json/JSONRPCRequest.json
@@ -1,32 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "RequestId": {
-      "anyOf": [
-        {
-          "type": "string"
-        },
-        {
-          "format": "int64",
-          "type": "integer"
-        }
-      ]
-    }
-  },
-  "description": "A request that expects a response.",
-  "properties": {
-    "id": {
-      "$ref": "#/definitions/RequestId"
-    },
-    "method": {
-      "type": "string"
-    },
-    "params": true
-  },
-  "required": [
-    "id",
-    "method"
-  ],
-  "title": "JSONRPCRequest",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/JSONRPCResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/JSONRPCResponse.json
@@ -1,29 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "RequestId": {
-      "anyOf": [
-        {
-          "type": "string"
-        },
-        {
-          "format": "int64",
-          "type": "integer"
-        }
-      ]
-    }
-  },
-  "description": "A successful (non-error) response to a request.",
-  "properties": {
-    "id": {
-      "$ref": "#/definitions/RequestId"
-    },
-    "result": true
-  },
-  "required": [
-    "id",
-    "result"
-  ],
-  "title": "JSONRPCResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/RequestId.json
+++ b/codex-rs/app-server-protocol/schema/json/RequestId.json
@@ -1,13 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "anyOf": [
-    {
-      "type": "string"
-    },
-    {
-      "format": "int64",
-      "type": "integer"
-    }
-  ],
-  "title": "RequestId"
-}
--- a/codex-rs/app-server-protocol/schema/json/ServerNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/ServerNotification.json
--- a/codex-rs/app-server-protocol/schema/json/ServerRequest.json
+++ b/codex-rs/app-server-protocol/schema/json/ServerRequest.json
@@ -1,792 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "ApplyPatchApprovalParams": {
-      "properties": {
-        "callId": {
-          "description": "Use to correlate this with [codex_core::protocol::PatchApplyBeginEvent] and [codex_core::protocol::PatchApplyEndEvent].",
-          "type": "string"
-        },
-        "conversationId": {
-          "$ref": "#/definitions/ThreadId"
-        },
-        "fileChanges": {
-          "additionalProperties": {
-            "$ref": "#/definitions/FileChange"
-          },
-          "type": "object"
-        },
-        "grantRoot": {
-          "description": "When set, the agent is asking the user to allow writes under this root for the remainder of the session (unclear if this is honored today).",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "reason": {
-          "description": "Optional explanatory reason (e.g. request for extra write access).",
-          "type": [
-            "string",
-            "null"
-          ]
-        }
-      },
-      "required": [
-        "callId",
-        "conversationId",
-        "fileChanges"
-      ],
-      "type": "object"
-    },
-    "ChatgptAuthTokensRefreshParams": {
-      "properties": {
-        "previousAccountId": {
-          "description": "Workspace/account identifier that Codex was previously using.\n\nClients that manage multiple accounts/workspaces can use this as a hint to refresh the token for the correct workspace.\n\nThis may be `null` when the prior auth state did not include a workspace identifier (`chatgpt_account_id`).",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "reason": {
-          "$ref": "#/definitions/ChatgptAuthTokensRefreshReason"
-        }
-      },
-      "required": [
-        "reason"
-      ],
-      "type": "object"
-    },
-    "ChatgptAuthTokensRefreshReason": {
-      "oneOf": [
-        {
-          "description": "Codex attempted a backend request and received `401 Unauthorized`.",
-          "enum": [
-            "unauthorized"
-          ],
-          "type": "string"
-        }
-      ]
-    },
-    "CommandAction": {
-      "oneOf": [
-        {
-          "properties": {
-            "command": {
-              "type": "string"
-            },
-            "name": {
-              "type": "string"
-            },
-            "path": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "read"
-              ],
-              "title": "ReadCommandActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "command",
-            "name",
-            "path",
-            "type"
-          ],
-          "title": "ReadCommandAction",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "command": {
-              "type": "string"
-            },
-            "path": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "listFiles"
-              ],
-              "title": "ListFilesCommandActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "command",
-            "type"
-          ],
-          "title": "ListFilesCommandAction",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "command": {
-              "type": "string"
-            },
-            "path": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "query": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "search"
-              ],
-              "title": "SearchCommandActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "command",
-            "type"
-          ],
-          "title": "SearchCommandAction",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "command": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "unknown"
-              ],
-              "title": "UnknownCommandActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "command",
-            "type"
-          ],
-          "title": "UnknownCommandAction",
-          "type": "object"
-        }
-      ]
-    },
-    "CommandExecutionRequestApprovalParams": {
-      "properties": {
-        "command": {
-          "description": "The command to be executed.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "commandActions": {
-          "description": "Best-effort parsed command actions for friendly display.",
-          "items": {
-            "$ref": "#/definitions/CommandAction"
-          },
-          "type": [
-            "array",
-            "null"
-          ]
-        },
-        "cwd": {
-          "description": "The command's working directory.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "itemId": {
-          "type": "string"
-        },
-        "proposedExecpolicyAmendment": {
-          "description": "Optional proposed execpolicy amendment to allow similar commands without prompting.",
-          "items": {
-            "type": "string"
-          },
-          "type": [
-            "array",
-            "null"
-          ]
-        },
-        "reason": {
-          "description": "Optional explanatory reason (e.g. request for network access).",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "threadId": {
-          "type": "string"
-        },
-        "turnId": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "itemId",
-        "threadId",
-        "turnId"
-      ],
-      "type": "object"
-    },
-    "DynamicToolCallParams": {
-      "properties": {
-        "arguments": true,
-        "callId": {
-          "type": "string"
-        },
-        "threadId": {
-          "type": "string"
-        },
-        "tool": {
-          "type": "string"
-        },
-        "turnId": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "arguments",
-        "callId",
-        "threadId",
-        "tool",
-        "turnId"
-      ],
-      "type": "object"
-    },
-    "ExecCommandApprovalParams": {
-      "properties": {
-        "callId": {
-          "description": "Use to correlate this with [codex_core::protocol::ExecCommandBeginEvent] and [codex_core::protocol::ExecCommandEndEvent].",
-          "type": "string"
-        },
-        "command": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "conversationId": {
-          "$ref": "#/definitions/ThreadId"
-        },
-        "cwd": {
-          "type": "string"
-        },
-        "parsedCmd": {
-          "items": {
-            "$ref": "#/definitions/ParsedCommand"
-          },
-          "type": "array"
-        },
-        "reason": {
-          "type": [
-            "string",
-            "null"
-          ]
-        }
-      },
-      "required": [
-        "callId",
-        "command",
-        "conversationId",
-        "cwd",
-        "parsedCmd"
-      ],
-      "type": "object"
-    },
-    "FileChange": {
-      "oneOf": [
-        {
-          "properties": {
-            "content": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "add"
-              ],
-              "title": "AddFileChangeType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "content",
-            "type"
-          ],
-          "title": "AddFileChange",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "content": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "delete"
-              ],
-              "title": "DeleteFileChangeType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "content",
-            "type"
-          ],
-          "title": "DeleteFileChange",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "move_path": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "update"
-              ],
-              "title": "UpdateFileChangeType",
-              "type": "string"
-            },
-            "unified_diff": {
-              "type": "string"
-            }
-          },
-          "required": [
-            "type",
-            "unified_diff"
-          ],
-          "title": "UpdateFileChange",
-          "type": "object"
-        }
-      ]
-    },
-    "FileChangeRequestApprovalParams": {
-      "properties": {
-        "grantRoot": {
-          "description": "[UNSTABLE] When set, the agent is asking the user to allow writes under this root for the remainder of the session (unclear if this is honored today).",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "itemId": {
-          "type": "string"
-        },
-        "reason": {
-          "description": "Optional explanatory reason (e.g. request for extra write access).",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "threadId": {
-          "type": "string"
-        },
-        "turnId": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "itemId",
-        "threadId",
-        "turnId"
-      ],
-      "type": "object"
-    },
-    "ParsedCommand": {
-      "oneOf": [
-        {
-          "properties": {
-            "cmd": {
-              "type": "string"
-            },
-            "name": {
-              "type": "string"
-            },
-            "path": {
-              "description": "(Best effort) Path to the file being read by the command. When possible, this is an absolute path, though when relative, it should be resolved against the `cwd`` that will be used to run the command to derive the absolute path.",
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "read"
-              ],
-              "title": "ReadParsedCommandType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "cmd",
-            "name",
-            "path",
-            "type"
-          ],
-          "title": "ReadParsedCommand",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "cmd": {
-              "type": "string"
-            },
-            "path": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "list_files"
-              ],
-              "title": "ListFilesParsedCommandType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "cmd",
-            "type"
-          ],
-          "title": "ListFilesParsedCommand",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "cmd": {
-              "type": "string"
-            },
-            "path": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "query": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "search"
-              ],
-              "title": "SearchParsedCommandType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "cmd",
-            "type"
-          ],
-          "title": "SearchParsedCommand",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "cmd": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "unknown"
-              ],
-              "title": "UnknownParsedCommandType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "cmd",
-            "type"
-          ],
-          "title": "UnknownParsedCommand",
-          "type": "object"
-        }
-      ]
-    },
-    "RequestId": {
-      "anyOf": [
-        {
-          "type": "string"
-        },
-        {
-          "format": "int64",
-          "type": "integer"
-        }
-      ]
-    },
-    "ThreadId": {
-      "type": "string"
-    },
-    "ToolRequestUserInputOption": {
-      "description": "EXPERIMENTAL. Defines a single selectable option for request_user_input.",
-      "properties": {
-        "description": {
-          "type": "string"
-        },
-        "label": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "description",
-        "label"
-      ],
-      "type": "object"
-    },
-    "ToolRequestUserInputParams": {
-      "description": "EXPERIMENTAL. Params sent with a request_user_input event.",
-      "properties": {
-        "itemId": {
-          "type": "string"
-        },
-        "questions": {
-          "items": {
-            "$ref": "#/definitions/ToolRequestUserInputQuestion"
-          },
-          "type": "array"
-        },
-        "threadId": {
-          "type": "string"
-        },
-        "turnId": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "itemId",
-        "questions",
-        "threadId",
-        "turnId"
-      ],
-      "type": "object"
-    },
-    "ToolRequestUserInputQuestion": {
-      "description": "EXPERIMENTAL. Represents one request_user_input question and its required options.",
-      "properties": {
-        "header": {
-          "type": "string"
-        },
-        "id": {
-          "type": "string"
-        },
-        "isOther": {
-          "default": false,
-          "type": "boolean"
-        },
-        "isSecret": {
-          "default": false,
-          "type": "boolean"
-        },
-        "options": {
-          "items": {
-            "$ref": "#/definitions/ToolRequestUserInputOption"
-          },
-          "type": [
-            "array",
-            "null"
-          ]
-        },
-        "question": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "header",
-        "id",
-        "question"
-      ],
-      "type": "object"
-    }
-  },
-  "description": "Request initiated from the server and sent to the client.",
-  "oneOf": [
-    {
-      "description": "NEW APIs Sent when approval is requested for a specific command execution. This request is used for Turns started via turn/start.",
-      "properties": {
-        "id": {
-          "$ref": "#/definitions/RequestId"
-        },
-        "method": {
-          "enum": [
-            "item/commandExecution/requestApproval"
-          ],
-          "title": "Item/commandExecution/requestApprovalRequestMethod",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "#/definitions/CommandExecutionRequestApprovalParams"
-        }
-      },
-      "required": [
-        "id",
-        "method",
-        "params"
-      ],
-      "title": "Item/commandExecution/requestApprovalRequest",
-      "type": "object"
-    },
-    {
-      "description": "Sent when approval is requested for a specific file change. This request is used for Turns started via turn/start.",
-      "properties": {
-        "id": {
-          "$ref": "#/definitions/RequestId"
-        },
-        "method": {
-          "enum": [
-            "item/fileChange/requestApproval"
-          ],
-          "title": "Item/fileChange/requestApprovalRequestMethod",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "#/definitions/FileChangeRequestApprovalParams"
-        }
-      },
-      "required": [
-        "id",
-        "method",
-        "params"
-      ],
-      "title": "Item/fileChange/requestApprovalRequest",
-      "type": "object"
-    },
-    {
-      "description": "EXPERIMENTAL - Request input from the user for a tool call.",
-      "properties": {
-        "id": {
-          "$ref": "#/definitions/RequestId"
-        },
-        "method": {
-          "enum": [
-            "item/tool/requestUserInput"
-          ],
-          "title": "Item/tool/requestUserInputRequestMethod",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "#/definitions/ToolRequestUserInputParams"
-        }
-      },
-      "required": [
-        "id",
-        "method",
-        "params"
-      ],
-      "title": "Item/tool/requestUserInputRequest",
-      "type": "object"
-    },
-    {
-      "description": "Execute a dynamic tool call on the client.",
-      "properties": {
-        "id": {
-          "$ref": "#/definitions/RequestId"
-        },
-        "method": {
-          "enum": [
-            "item/tool/call"
-          ],
-          "title": "Item/tool/callRequestMethod",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "#/definitions/DynamicToolCallParams"
-        }
-      },
-      "required": [
-        "id",
-        "method",
-        "params"
-      ],
-      "title": "Item/tool/callRequest",
-      "type": "object"
-    },
-    {
-      "properties": {
-        "id": {
-          "$ref": "#/definitions/RequestId"
-        },
-        "method": {
-          "enum": [
-            "account/chatgptAuthTokens/refresh"
-          ],
-          "title": "Account/chatgptAuthTokens/refreshRequestMethod",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "#/definitions/ChatgptAuthTokensRefreshParams"
-        }
-      },
-      "required": [
-        "id",
-        "method",
-        "params"
-      ],
-      "title": "Account/chatgptAuthTokens/refreshRequest",
-      "type": "object"
-    },
-    {
-      "description": "DEPRECATED APIs below Request to approve a patch. This request is used for Turns started via the legacy APIs (i.e. SendUserTurn, SendUserMessage).",
-      "properties": {
-        "id": {
-          "$ref": "#/definitions/RequestId"
-        },
-        "method": {
-          "enum": [
-            "applyPatchApproval"
-          ],
-          "title": "ApplyPatchApprovalRequestMethod",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "#/definitions/ApplyPatchApprovalParams"
-        }
-      },
-      "required": [
-        "id",
-        "method",
-        "params"
-      ],
-      "title": "ApplyPatchApprovalRequest",
-      "type": "object"
-    },
-    {
-      "description": "Request to exec a command. This request is used for Turns started via the legacy APIs (i.e. SendUserTurn, SendUserMessage).",
-      "properties": {
-        "id": {
-          "$ref": "#/definitions/RequestId"
-        },
-        "method": {
-          "enum": [
-            "execCommandApproval"
-          ],
-          "title": "ExecCommandApprovalRequestMethod",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "#/definitions/ExecCommandApprovalParams"
-        }
-      },
-      "required": [
-        "id",
-        "method",
-        "params"
-      ],
-      "title": "ExecCommandApprovalRequest",
-      "type": "object"
-    }
-  ],
-  "title": "ServerRequest"
-}
--- a/codex-rs/app-server-protocol/schema/json/ToolRequestUserInputParams.json
+++ b/codex-rs/app-server-protocol/schema/json/ToolRequestUserInputParams.json
@@ -1,84 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "ToolRequestUserInputOption": {
-      "description": "EXPERIMENTAL. Defines a single selectable option for request_user_input.",
-      "properties": {
-        "description": {
-          "type": "string"
-        },
-        "label": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "description",
-        "label"
-      ],
-      "type": "object"
-    },
-    "ToolRequestUserInputQuestion": {
-      "description": "EXPERIMENTAL. Represents one request_user_input question and its required options.",
-      "properties": {
-        "header": {
-          "type": "string"
-        },
-        "id": {
-          "type": "string"
-        },
-        "isOther": {
-          "default": false,
-          "type": "boolean"
-        },
-        "isSecret": {
-          "default": false,
-          "type": "boolean"
-        },
-        "options": {
-          "items": {
-            "$ref": "#/definitions/ToolRequestUserInputOption"
-          },
-          "type": [
-            "array",
-            "null"
-          ]
-        },
-        "question": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "header",
-        "id",
-        "question"
-      ],
-      "type": "object"
-    }
-  },
-  "description": "EXPERIMENTAL. Params sent with a request_user_input event.",
-  "properties": {
-    "itemId": {
-      "type": "string"
-    },
-    "questions": {
-      "items": {
-        "$ref": "#/definitions/ToolRequestUserInputQuestion"
-      },
-      "type": "array"
-    },
-    "threadId": {
-      "type": "string"
-    },
-    "turnId": {
-      "type": "string"
-    }
-  },
-  "required": [
-    "itemId",
-    "questions",
-    "threadId",
-    "turnId"
-  ],
-  "title": "ToolRequestUserInputParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/ToolRequestUserInputResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/ToolRequestUserInputResponse.json
@@ -1,34 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "ToolRequestUserInputAnswer": {
-      "description": "EXPERIMENTAL. Captures a user's answer to a request_user_input question.",
-      "properties": {
-        "answers": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "required": [
-        "answers"
-      ],
-      "type": "object"
-    }
-  },
-  "description": "EXPERIMENTAL. Response payload mapping question ids to answers.",
-  "properties": {
-    "answers": {
-      "additionalProperties": {
-        "$ref": "#/definitions/ToolRequestUserInputAnswer"
-      },
-      "type": "object"
-    }
-  },
-  "required": [
-    "answers"
-  ],
-  "title": "ToolRequestUserInputResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.schemas.json
+++ b/codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.schemas.json
--- a/codex-rs/app-server-protocol/schema/json/v1/AddConversationListenerParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/AddConversationListenerParams.json
@@ -1,22 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "ThreadId": {
-      "type": "string"
-    }
-  },
-  "properties": {
-    "conversationId": {
-      "$ref": "#/definitions/ThreadId"
-    },
-    "experimentalRawEvents": {
-      "default": false,
-      "type": "boolean"
-    }
-  },
-  "required": [
-    "conversationId"
-  ],
-  "title": "AddConversationListenerParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/AddConversationSubscriptionResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/AddConversationSubscriptionResponse.json
@@ -1,13 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "subscriptionId": {
-      "type": "string"
-    }
-  },
-  "required": [
-    "subscriptionId"
-  ],
-  "title": "AddConversationSubscriptionResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/ArchiveConversationParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/ArchiveConversationParams.json
@@ -1,22 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "ThreadId": {
-      "type": "string"
-    }
-  },
-  "properties": {
-    "conversationId": {
-      "$ref": "#/definitions/ThreadId"
-    },
-    "rolloutPath": {
-      "type": "string"
-    }
-  },
-  "required": [
-    "conversationId",
-    "rolloutPath"
-  ],
-  "title": "ArchiveConversationParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/ArchiveConversationResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/ArchiveConversationResponse.json
@@ -1,5 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "title": "ArchiveConversationResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/AuthStatusChangeNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/AuthStatusChangeNotification.json
@@ -1,46 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "AuthMode": {
-      "description": "Authentication mode for OpenAI-backed providers.",
-      "oneOf": [
-        {
-          "description": "OpenAI API key provided by the caller and stored by Codex.",
-          "enum": [
-            "apikey"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "ChatGPT OAuth managed by Codex (tokens persisted and refreshed by Codex).",
-          "enum": [
-            "chatgpt"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "[UNSTABLE] FOR OPENAI INTERNAL USE ONLY - DO NOT USE.\n\nChatGPT auth tokens are supplied by an external host app and are only stored in memory. Token refresh must be handled by the external host app.",
-          "enum": [
-            "chatgptAuthTokens"
-          ],
-          "type": "string"
-        }
-      ]
-    }
-  },
-  "description": "Deprecated notification. Use AccountUpdatedNotification instead.",
-  "properties": {
-    "authMethod": {
-      "anyOf": [
-        {
-          "$ref": "#/definitions/AuthMode"
-        },
-        {
-          "type": "null"
-        }
-      ]
-    }
-  },
-  "title": "AuthStatusChangeNotification",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/CancelLoginChatGptParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/CancelLoginChatGptParams.json
@@ -1,13 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "loginId": {
-      "type": "string"
-    }
-  },
-  "required": [
-    "loginId"
-  ],
-  "title": "CancelLoginChatGptParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/CancelLoginChatGptResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/CancelLoginChatGptResponse.json
@@ -1,5 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "title": "CancelLoginChatGptResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/ExecOneOffCommandParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/ExecOneOffCommandParams.json
@@ -1,225 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "AbsolutePathBuf": {
-      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
-      "type": "string"
-    },
-    "NetworkAccess": {
-      "description": "Represents whether outbound network access is available to the agent.",
-      "enum": [
-        "restricted",
-        "enabled"
-      ],
-      "type": "string"
-    },
-    "ReadOnlyAccess": {
-      "description": "Determines how read-only file access is granted inside a restricted sandbox.",
-      "oneOf": [
-        {
-          "description": "Restrict reads to an explicit set of roots.\n\nWhen `include_platform_defaults` is `true`, platform defaults required for basic execution are included in addition to `readable_roots`.",
-          "properties": {
-            "include_platform_defaults": {
-              "default": true,
-              "description": "Include built-in platform read roots required for basic process execution.",
-              "type": "boolean"
-            },
-            "readable_roots": {
-              "description": "Additional absolute roots that should be readable.",
-              "items": {
-                "$ref": "#/definitions/AbsolutePathBuf"
-              },
-              "type": "array"
-            },
-            "type": {
-              "enum": [
-                "restricted"
-              ],
-              "title": "RestrictedReadOnlyAccessType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "RestrictedReadOnlyAccess",
-          "type": "object"
-        },
-        {
-          "description": "Allow unrestricted file reads.",
-          "properties": {
-            "type": {
-              "enum": [
-                "full-access"
-              ],
-              "title": "FullAccessReadOnlyAccessType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "FullAccessReadOnlyAccess",
-          "type": "object"
-        }
-      ]
-    },
-    "SandboxPolicy": {
-      "description": "Determines execution restrictions for model shell commands.",
-      "oneOf": [
-        {
-          "description": "No restrictions whatsoever. Use with caution.",
-          "properties": {
-            "type": {
-              "enum": [
-                "danger-full-access"
-              ],
-              "title": "DangerFullAccessSandboxPolicyType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "DangerFullAccessSandboxPolicy",
-          "type": "object"
-        },
-        {
-          "description": "Read-only access configuration.",
-          "properties": {
-            "access": {
-              "allOf": [
-                {
-                  "$ref": "#/definitions/ReadOnlyAccess"
-                }
-              ],
-              "description": "Read access granted while running under this policy."
-            },
-            "type": {
-              "enum": [
-                "read-only"
-              ],
-              "title": "ReadOnlySandboxPolicyType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "ReadOnlySandboxPolicy",
-          "type": "object"
-        },
-        {
-          "description": "Indicates the process is already in an external sandbox. Allows full disk access while honoring the provided network setting.",
-          "properties": {
-            "network_access": {
-              "allOf": [
-                {
-                  "$ref": "#/definitions/NetworkAccess"
-                }
-              ],
-              "default": "restricted",
-              "description": "Whether the external sandbox permits outbound network traffic."
-            },
-            "type": {
-              "enum": [
-                "external-sandbox"
-              ],
-              "title": "ExternalSandboxSandboxPolicyType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "ExternalSandboxSandboxPolicy",
-          "type": "object"
-        },
-        {
-          "description": "Same as `ReadOnly` but additionally grants write access to the current working directory (\"workspace\").",
-          "properties": {
-            "exclude_slash_tmp": {
-              "default": false,
-              "description": "When set to `true`, will NOT include the `/tmp` among the default writable roots on UNIX. Defaults to `false`.",
-              "type": "boolean"
-            },
-            "exclude_tmpdir_env_var": {
-              "default": false,
-              "description": "When set to `true`, will NOT include the per-user `TMPDIR` environment variable among the default writable roots. Defaults to `false`.",
-              "type": "boolean"
-            },
-            "network_access": {
-              "default": false,
-              "description": "When set to `true`, outbound network access is allowed. `false` by default.",
-              "type": "boolean"
-            },
-            "read_only_access": {
-              "allOf": [
-                {
-                  "$ref": "#/definitions/ReadOnlyAccess"
-                }
-              ],
-              "description": "Read access granted while running under this policy."
-            },
-            "type": {
-              "enum": [
-                "workspace-write"
-              ],
-              "title": "WorkspaceWriteSandboxPolicyType",
-              "type": "string"
-            },
-            "writable_roots": {
-              "description": "Additional folders (beyond cwd and possibly TMPDIR) that should be writable from within the sandbox.",
-              "items": {
-                "$ref": "#/definitions/AbsolutePathBuf"
-              },
-              "type": "array"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "WorkspaceWriteSandboxPolicy",
-          "type": "object"
-        }
-      ]
-    }
-  },
-  "properties": {
-    "command": {
-      "items": {
-        "type": "string"
-      },
-      "type": "array"
-    },
-    "cwd": {
-      "type": [
-        "string",
-        "null"
-      ]
-    },
-    "sandboxPolicy": {
-      "anyOf": [
-        {
-          "$ref": "#/definitions/SandboxPolicy"
-        },
-        {
-          "type": "null"
-        }
-      ]
-    },
-    "timeoutMs": {
-      "format": "uint64",
-      "minimum": 0.0,
-      "type": [
-        "integer",
-        "null"
-      ]
-    }
-  },
-  "required": [
-    "command"
-  ],
-  "title": "ExecOneOffCommandParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/ExecOneOffCommandResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/ExecOneOffCommandResponse.json
@@ -1,22 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "exitCode": {
-      "format": "int32",
-      "type": "integer"
-    },
-    "stderr": {
-      "type": "string"
-    },
-    "stdout": {
-      "type": "string"
-    }
-  },
-  "required": [
-    "exitCode",
-    "stderr",
-    "stdout"
-  ],
-  "title": "ExecOneOffCommandResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/ForkConversationParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/ForkConversationParams.json
@@ -1,159 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "AskForApproval": {
-      "description": "Determines the conditions under which the user is consulted to approve running the command proposed by Codex.",
-      "oneOf": [
-        {
-          "description": "Under this policy, only \"known safe\" commands—as determined by `is_safe_command()`—that **only read files** are auto‑approved. Everything else will ask the user to approve.",
-          "enum": [
-            "untrusted"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "*All* commands are auto‑approved, but they are expected to run inside a sandbox where network access is disabled and writes are confined to a specific set of paths. If the command fails, it will be escalated to the user to approve execution without a sandbox.",
-          "enum": [
-            "on-failure"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "The model decides when to ask the user for approval.",
-          "enum": [
-            "on-request"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "Never ask the user to approve commands. Failures are immediately returned to the model, and never escalated to the user for approval.",
-          "enum": [
-            "never"
-          ],
-          "type": "string"
-        }
-      ]
-    },
-    "NewConversationParams": {
-      "properties": {
-        "approvalPolicy": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/AskForApproval"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
-        "baseInstructions": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "compactPrompt": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "config": {
-          "additionalProperties": true,
-          "type": [
-            "object",
-            "null"
-          ]
-        },
-        "cwd": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "developerInstructions": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "includeApplyPatchTool": {
-          "type": [
-            "boolean",
-            "null"
-          ]
-        },
-        "model": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "modelProvider": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "profile": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "sandbox": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/SandboxMode"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        }
-      },
-      "type": "object"
-    },
-    "SandboxMode": {
-      "enum": [
-        "read-only",
-        "workspace-write",
-        "danger-full-access"
-      ],
-      "type": "string"
-    },
-    "ThreadId": {
-      "type": "string"
-    }
-  },
-  "properties": {
-    "conversationId": {
-      "anyOf": [
-        {
-          "$ref": "#/definitions/ThreadId"
-        },
-        {
-          "type": "null"
-        }
-      ]
-    },
-    "overrides": {
-      "anyOf": [
-        {
-          "$ref": "#/definitions/NewConversationParams"
-        },
-        {
-          "type": "null"
-        }
-      ]
-    },
-    "path": {
-      "type": [
-        "string",
-        "null"
-      ]
-    }
-  },
-  "title": "ForkConversationParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/ForkConversationResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/ForkConversationResponse.json
--- a/codex-rs/app-server-protocol/schema/json/v1/GetAuthStatusParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/GetAuthStatusParams.json
@@ -1,19 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "includeToken": {
-      "type": [
-        "boolean",
-        "null"
-      ]
-    },
-    "refreshToken": {
-      "type": [
-        "boolean",
-        "null"
-      ]
-    }
-  },
-  "title": "GetAuthStatusParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/GetAuthStatusResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/GetAuthStatusResponse.json
@@ -1,57 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "AuthMode": {
-      "description": "Authentication mode for OpenAI-backed providers.",
-      "oneOf": [
-        {
-          "description": "OpenAI API key provided by the caller and stored by Codex.",
-          "enum": [
-            "apikey"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "ChatGPT OAuth managed by Codex (tokens persisted and refreshed by Codex).",
-          "enum": [
-            "chatgpt"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "[UNSTABLE] FOR OPENAI INTERNAL USE ONLY - DO NOT USE.\n\nChatGPT auth tokens are supplied by an external host app and are only stored in memory. Token refresh must be handled by the external host app.",
-          "enum": [
-            "chatgptAuthTokens"
-          ],
-          "type": "string"
-        }
-      ]
-    }
-  },
-  "properties": {
-    "authMethod": {
-      "anyOf": [
-        {
-          "$ref": "#/definitions/AuthMode"
-        },
-        {
-          "type": "null"
-        }
-      ]
-    },
-    "authToken": {
-      "type": [
-        "string",
-        "null"
-      ]
-    },
-    "requiresOpenaiAuth": {
-      "type": [
-        "boolean",
-        "null"
-      ]
-    }
-  },
-  "title": "GetAuthStatusResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/GetConversationSummaryParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/GetConversationSummaryParams.json
@@ -1,35 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "anyOf": [
-    {
-      "properties": {
-        "rolloutPath": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "rolloutPath"
-      ],
-      "title": "RolloutPathv1::GetConversationSummaryParams",
-      "type": "object"
-    },
-    {
-      "properties": {
-        "conversationId": {
-          "$ref": "#/definitions/ThreadId"
-        }
-      },
-      "required": [
-        "conversationId"
-      ],
-      "title": "ConversationIdv1::GetConversationSummaryParams",
-      "type": "object"
-    }
-  ],
-  "definitions": {
-    "ThreadId": {
-      "type": "string"
-    }
-  },
-  "title": "GetConversationSummaryParams"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/GetConversationSummaryResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/GetConversationSummaryResponse.json
@@ -1,175 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "ConversationGitInfo": {
-      "properties": {
-        "branch": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "origin_url": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "sha": {
-          "type": [
-            "string",
-            "null"
-          ]
-        }
-      },
-      "type": "object"
-    },
-    "ConversationSummary": {
-      "properties": {
-        "cliVersion": {
-          "type": "string"
-        },
-        "conversationId": {
-          "$ref": "#/definitions/ThreadId"
-        },
-        "cwd": {
-          "type": "string"
-        },
-        "gitInfo": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/ConversationGitInfo"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
-        "modelProvider": {
-          "type": "string"
-        },
-        "path": {
-          "type": "string"
-        },
-        "preview": {
-          "type": "string"
-        },
-        "source": {
-          "$ref": "#/definitions/SessionSource"
-        },
-        "timestamp": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "updatedAt": {
-          "type": [
-            "string",
-            "null"
-          ]
-        }
-      },
-      "required": [
-        "cliVersion",
-        "conversationId",
-        "cwd",
-        "modelProvider",
-        "path",
-        "preview",
-        "source"
-      ],
-      "type": "object"
-    },
-    "SessionSource": {
-      "oneOf": [
-        {
-          "enum": [
-            "cli",
-            "vscode",
-            "exec",
-            "mcp",
-            "unknown"
-          ],
-          "type": "string"
-        },
-        {
-          "additionalProperties": false,
-          "properties": {
-            "subagent": {
-              "$ref": "#/definitions/SubAgentSource"
-            }
-          },
-          "required": [
-            "subagent"
-          ],
-          "title": "SubagentSessionSource",
-          "type": "object"
-        }
-      ]
-    },
-    "SubAgentSource": {
-      "oneOf": [
-        {
-          "enum": [
-            "review",
-            "compact"
-          ],
-          "type": "string"
-        },
-        {
-          "additionalProperties": false,
-          "properties": {
-            "thread_spawn": {
-              "properties": {
-                "depth": {
-                  "format": "int32",
-                  "type": "integer"
-                },
-                "parent_thread_id": {
-                  "$ref": "#/definitions/ThreadId"
-                }
-              },
-              "required": [
-                "depth",
-                "parent_thread_id"
-              ],
-              "type": "object"
-            }
-          },
-          "required": [
-            "thread_spawn"
-          ],
-          "title": "ThreadSpawnSubAgentSource",
-          "type": "object"
-        },
-        {
-          "additionalProperties": false,
-          "properties": {
-            "other": {
-              "type": "string"
-            }
-          },
-          "required": [
-            "other"
-          ],
-          "title": "OtherSubAgentSource",
-          "type": "object"
-        }
-      ]
-    },
-    "ThreadId": {
-      "type": "string"
-    }
-  },
-  "properties": {
-    "summary": {
-      "$ref": "#/definitions/ConversationSummary"
-    }
-  },
-  "required": [
-    "summary"
-  ],
-  "title": "GetConversationSummaryResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/GetUserAgentResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/GetUserAgentResponse.json
@@ -1,13 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "userAgent": {
-      "type": "string"
-    }
-  },
-  "required": [
-    "userAgent"
-  ],
-  "title": "GetUserAgentResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/GetUserSavedConfigResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/GetUserSavedConfigResponse.json
@@ -1,330 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "AbsolutePathBuf": {
-      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
-      "type": "string"
-    },
-    "AskForApproval": {
-      "description": "Determines the conditions under which the user is consulted to approve running the command proposed by Codex.",
-      "oneOf": [
-        {
-          "description": "Under this policy, only \"known safe\" commands—as determined by `is_safe_command()`—that **only read files** are auto‑approved. Everything else will ask the user to approve.",
-          "enum": [
-            "untrusted"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "*All* commands are auto‑approved, but they are expected to run inside a sandbox where network access is disabled and writes are confined to a specific set of paths. If the command fails, it will be escalated to the user to approve execution without a sandbox.",
-          "enum": [
-            "on-failure"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "The model decides when to ask the user for approval.",
-          "enum": [
-            "on-request"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "Never ask the user to approve commands. Failures are immediately returned to the model, and never escalated to the user for approval.",
-          "enum": [
-            "never"
-          ],
-          "type": "string"
-        }
-      ]
-    },
-    "ForcedLoginMethod": {
-      "enum": [
-        "chatgpt",
-        "api"
-      ],
-      "type": "string"
-    },
-    "Profile": {
-      "properties": {
-        "approvalPolicy": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/AskForApproval"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
-        "chatgptBaseUrl": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "model": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "modelProvider": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "modelReasoningEffort": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/ReasoningEffort"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
-        "modelReasoningSummary": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/ReasoningSummary"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
-        "modelVerbosity": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/Verbosity"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        }
-      },
-      "type": "object"
-    },
-    "ReasoningEffort": {
-      "description": "See https://platform.openai.com/docs/guides/reasoning?api-mode=responses#get-started-with-reasoning",
-      "enum": [
-        "none",
-        "minimal",
-        "low",
-        "medium",
-        "high",
-        "xhigh"
-      ],
-      "type": "string"
-    },
-    "ReasoningSummary": {
-      "description": "A summary of the reasoning performed by the model. This can be useful for debugging and understanding the model's reasoning process. See https://platform.openai.com/docs/guides/reasoning?api-mode=responses#reasoning-summaries",
-      "oneOf": [
-        {
-          "enum": [
-            "auto",
-            "concise",
-            "detailed"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "Option to disable reasoning summaries.",
-          "enum": [
-            "none"
-          ],
-          "type": "string"
-        }
-      ]
-    },
-    "SandboxMode": {
-      "enum": [
-        "read-only",
-        "workspace-write",
-        "danger-full-access"
-      ],
-      "type": "string"
-    },
-    "SandboxSettings": {
-      "properties": {
-        "excludeSlashTmp": {
-          "type": [
-            "boolean",
-            "null"
-          ]
-        },
-        "excludeTmpdirEnvVar": {
-          "type": [
-            "boolean",
-            "null"
-          ]
-        },
-        "networkAccess": {
-          "type": [
-            "boolean",
-            "null"
-          ]
-        },
-        "writableRoots": {
-          "default": [],
-          "items": {
-            "$ref": "#/definitions/AbsolutePathBuf"
-          },
-          "type": "array"
-        }
-      },
-      "type": "object"
-    },
-    "Tools": {
-      "properties": {
-        "viewImage": {
-          "type": [
-            "boolean",
-            "null"
-          ]
-        },
-        "webSearch": {
-          "type": [
-            "boolean",
-            "null"
-          ]
-        }
-      },
-      "type": "object"
-    },
-    "UserSavedConfig": {
-      "properties": {
-        "approvalPolicy": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/AskForApproval"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
-        "forcedChatgptWorkspaceId": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "forcedLoginMethod": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/ForcedLoginMethod"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
-        "model": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "modelReasoningEffort": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/ReasoningEffort"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
-        "modelReasoningSummary": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/ReasoningSummary"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
-        "modelVerbosity": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/Verbosity"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
-        "profile": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "profiles": {
-          "additionalProperties": {
-            "$ref": "#/definitions/Profile"
-          },
-          "type": "object"
-        },
-        "sandboxMode": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/SandboxMode"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
-        "sandboxSettings": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/SandboxSettings"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
-        "tools": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/Tools"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        }
-      },
-      "required": [
-        "profiles"
-      ],
-      "type": "object"
-    },
-    "Verbosity": {
-      "description": "Controls output length/detail on GPT-5 models via the Responses API. Serialized with lowercase values to match the OpenAI API.",
-      "enum": [
-        "low",
-        "medium",
-        "high"
-      ],
-      "type": "string"
-    }
-  },
-  "properties": {
-    "config": {
-      "$ref": "#/definitions/UserSavedConfig"
-    }
-  },
-  "required": [
-    "config"
-  ],
-  "title": "GetUserSavedConfigResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/GitDiffToRemoteParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/GitDiffToRemoteParams.json
@@ -1,13 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "cwd": {
-      "type": "string"
-    }
-  },
-  "required": [
-    "cwd"
-  ],
-  "title": "GitDiffToRemoteParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/GitDiffToRemoteResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/GitDiffToRemoteResponse.json
@@ -1,22 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "GitSha": {
-      "type": "string"
-    }
-  },
-  "properties": {
-    "diff": {
-      "type": "string"
-    },
-    "sha": {
-      "$ref": "#/definitions/GitSha"
-    }
-  },
-  "required": [
-    "diff",
-    "sha"
-  ],
-  "title": "GitDiffToRemoteResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/InitializeParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/InitializeParams.json
@@ -1,67 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "ClientInfo": {
-      "properties": {
-        "name": {
-          "type": "string"
-        },
-        "title": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "version": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "name",
-        "version"
-      ],
-      "type": "object"
-    },
-    "InitializeCapabilities": {
-      "description": "Client-declared capabilities negotiated during initialize.",
-      "properties": {
-        "experimentalApi": {
-          "default": false,
-          "description": "Opt into receiving experimental API methods and fields.",
-          "type": "boolean"
-        },
-        "optOutNotificationMethods": {
-          "description": "Exact notification method names that should be suppressed for this connection (for example `codex/event/session_configured`).",
-          "items": {
-            "type": "string"
-          },
-          "type": [
-            "array",
-            "null"
-          ]
-        }
-      },
-      "type": "object"
-    }
-  },
-  "properties": {
-    "capabilities": {
-      "anyOf": [
-        {
-          "$ref": "#/definitions/InitializeCapabilities"
-        },
-        {
-          "type": "null"
-        }
-      ]
-    },
-    "clientInfo": {
-      "$ref": "#/definitions/ClientInfo"
-    }
-  },
-  "required": [
-    "clientInfo"
-  ],
-  "title": "InitializeParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/InitializeResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/InitializeResponse.json
@@ -1,13 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "userAgent": {
-      "type": "string"
-    }
-  },
-  "required": [
-    "userAgent"
-  ],
-  "title": "InitializeResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/InterruptConversationParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/InterruptConversationParams.json
@@ -1,18 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "ThreadId": {
-      "type": "string"
-    }
-  },
-  "properties": {
-    "conversationId": {
-      "$ref": "#/definitions/ThreadId"
-    }
-  },
-  "required": [
-    "conversationId"
-  ],
-  "title": "InterruptConversationParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/InterruptConversationResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/InterruptConversationResponse.json
@@ -1,23 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "TurnAbortReason": {
-      "enum": [
-        "interrupted",
-        "replaced",
-        "review_ended"
-      ],
-      "type": "string"
-    }
-  },
-  "properties": {
-    "abortReason": {
-      "$ref": "#/definitions/TurnAbortReason"
-    }
-  },
-  "required": [
-    "abortReason"
-  ],
-  "title": "InterruptConversationResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/ListConversationsParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/ListConversationsParams.json
@@ -1,30 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "cursor": {
-      "type": [
-        "string",
-        "null"
-      ]
-    },
-    "modelProviders": {
-      "items": {
-        "type": "string"
-      },
-      "type": [
-        "array",
-        "null"
-      ]
-    },
-    "pageSize": {
-      "format": "uint",
-      "minimum": 0.0,
-      "type": [
-        "integer",
-        "null"
-      ]
-    }
-  },
-  "title": "ListConversationsParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/ListConversationsResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/ListConversationsResponse.json
@@ -1,184 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "ConversationGitInfo": {
-      "properties": {
-        "branch": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "origin_url": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "sha": {
-          "type": [
-            "string",
-            "null"
-          ]
-        }
-      },
-      "type": "object"
-    },
-    "ConversationSummary": {
-      "properties": {
-        "cliVersion": {
-          "type": "string"
-        },
-        "conversationId": {
-          "$ref": "#/definitions/ThreadId"
-        },
-        "cwd": {
-          "type": "string"
-        },
-        "gitInfo": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/ConversationGitInfo"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
-        "modelProvider": {
-          "type": "string"
-        },
-        "path": {
-          "type": "string"
-        },
-        "preview": {
-          "type": "string"
-        },
-        "source": {
-          "$ref": "#/definitions/SessionSource"
-        },
-        "timestamp": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "updatedAt": {
-          "type": [
-            "string",
-            "null"
-          ]
-        }
-      },
-      "required": [
-        "cliVersion",
-        "conversationId",
-        "cwd",
-        "modelProvider",
-        "path",
-        "preview",
-        "source"
-      ],
-      "type": "object"
-    },
-    "SessionSource": {
-      "oneOf": [
-        {
-          "enum": [
-            "cli",
-            "vscode",
-            "exec",
-            "mcp",
-            "unknown"
-          ],
-          "type": "string"
-        },
-        {
-          "additionalProperties": false,
-          "properties": {
-            "subagent": {
-              "$ref": "#/definitions/SubAgentSource"
-            }
-          },
-          "required": [
-            "subagent"
-          ],
-          "title": "SubagentSessionSource",
-          "type": "object"
-        }
-      ]
-    },
-    "SubAgentSource": {
-      "oneOf": [
-        {
-          "enum": [
-            "review",
-            "compact"
-          ],
-          "type": "string"
-        },
-        {
-          "additionalProperties": false,
-          "properties": {
-            "thread_spawn": {
-              "properties": {
-                "depth": {
-                  "format": "int32",
-                  "type": "integer"
-                },
-                "parent_thread_id": {
-                  "$ref": "#/definitions/ThreadId"
-                }
-              },
-              "required": [
-                "depth",
-                "parent_thread_id"
-              ],
-              "type": "object"
-            }
-          },
-          "required": [
-            "thread_spawn"
-          ],
-          "title": "ThreadSpawnSubAgentSource",
-          "type": "object"
-        },
-        {
-          "additionalProperties": false,
-          "properties": {
-            "other": {
-              "type": "string"
-            }
-          },
-          "required": [
-            "other"
-          ],
-          "title": "OtherSubAgentSource",
-          "type": "object"
-        }
-      ]
-    },
-    "ThreadId": {
-      "type": "string"
-    }
-  },
-  "properties": {
-    "items": {
-      "items": {
-        "$ref": "#/definitions/ConversationSummary"
-      },
-      "type": "array"
-    },
-    "nextCursor": {
-      "type": [
-        "string",
-        "null"
-      ]
-    }
-  },
-  "required": [
-    "items"
-  ],
-  "title": "ListConversationsResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/LoginApiKeyParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/LoginApiKeyParams.json
@@ -1,13 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "apiKey": {
-      "type": "string"
-    }
-  },
-  "required": [
-    "apiKey"
-  ],
-  "title": "LoginApiKeyParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/LoginApiKeyResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/LoginApiKeyResponse.json
@@ -1,5 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "title": "LoginApiKeyResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/LoginChatGptCompleteNotification.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/LoginChatGptCompleteNotification.json
@@ -1,24 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "description": "Deprecated in favor of AccountLoginCompletedNotification.",
-  "properties": {
-    "error": {
-      "type": [
-        "string",
-        "null"
-      ]
-    },
-    "loginId": {
-      "type": "string"
-    },
-    "success": {
-      "type": "boolean"
-    }
-  },
-  "required": [
-    "loginId",
-    "success"
-  ],
-  "title": "LoginChatGptCompleteNotification",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/LoginChatGptResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/LoginChatGptResponse.json
@@ -1,17 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "authUrl": {
-      "type": "string"
-    },
-    "loginId": {
-      "type": "string"
-    }
-  },
-  "required": [
-    "authUrl",
-    "loginId"
-  ],
-  "title": "LoginChatGptResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/LogoutChatGptResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/LogoutChatGptResponse.json
@@ -1,5 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "title": "LogoutChatGptResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/NewConversationParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/NewConversationParams.json
@@ -1,125 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "AskForApproval": {
-      "description": "Determines the conditions under which the user is consulted to approve running the command proposed by Codex.",
-      "oneOf": [
-        {
-          "description": "Under this policy, only \"known safe\" commands—as determined by `is_safe_command()`—that **only read files** are auto‑approved. Everything else will ask the user to approve.",
-          "enum": [
-            "untrusted"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "*All* commands are auto‑approved, but they are expected to run inside a sandbox where network access is disabled and writes are confined to a specific set of paths. If the command fails, it will be escalated to the user to approve execution without a sandbox.",
-          "enum": [
-            "on-failure"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "The model decides when to ask the user for approval.",
-          "enum": [
-            "on-request"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "Never ask the user to approve commands. Failures are immediately returned to the model, and never escalated to the user for approval.",
-          "enum": [
-            "never"
-          ],
-          "type": "string"
-        }
-      ]
-    },
-    "SandboxMode": {
-      "enum": [
-        "read-only",
-        "workspace-write",
-        "danger-full-access"
-      ],
-      "type": "string"
-    }
-  },
-  "properties": {
-    "approvalPolicy": {
-      "anyOf": [
-        {
-          "$ref": "#/definitions/AskForApproval"
-        },
-        {
-          "type": "null"
-        }
-      ]
-    },
-    "baseInstructions": {
-      "type": [
-        "string",
-        "null"
-      ]
-    },
-    "compactPrompt": {
-      "type": [
-        "string",
-        "null"
-      ]
-    },
-    "config": {
-      "additionalProperties": true,
-      "type": [
-        "object",
-        "null"
-      ]
-    },
-    "cwd": {
-      "type": [
-        "string",
-        "null"
-      ]
-    },
-    "developerInstructions": {
-      "type": [
-        "string",
-        "null"
-      ]
-    },
-    "includeApplyPatchTool": {
-      "type": [
-        "boolean",
-        "null"
-      ]
-    },
-    "model": {
-      "type": [
-        "string",
-        "null"
-      ]
-    },
-    "modelProvider": {
-      "type": [
-        "string",
-        "null"
-      ]
-    },
-    "profile": {
-      "type": [
-        "string",
-        "null"
-      ]
-    },
-    "sandbox": {
-      "anyOf": [
-        {
-          "$ref": "#/definitions/SandboxMode"
-        },
-        {
-          "type": "null"
-        }
-      ]
-    }
-  },
-  "title": "NewConversationParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/NewConversationResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/NewConversationResponse.json
@@ -1,48 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "ReasoningEffort": {
-      "description": "See https://platform.openai.com/docs/guides/reasoning?api-mode=responses#get-started-with-reasoning",
-      "enum": [
-        "none",
-        "minimal",
-        "low",
-        "medium",
-        "high",
-        "xhigh"
-      ],
-      "type": "string"
-    },
-    "ThreadId": {
-      "type": "string"
-    }
-  },
-  "properties": {
-    "conversationId": {
-      "$ref": "#/definitions/ThreadId"
-    },
-    "model": {
-      "type": "string"
-    },
-    "reasoningEffort": {
-      "anyOf": [
-        {
-          "$ref": "#/definitions/ReasoningEffort"
-        },
-        {
-          "type": "null"
-        }
-      ]
-    },
-    "rolloutPath": {
-      "type": "string"
-    }
-  },
-  "required": [
-    "conversationId",
-    "model",
-    "rolloutPath"
-  ],
-  "title": "NewConversationResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/RemoveConversationListenerParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/RemoveConversationListenerParams.json
@@ -1,13 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "subscriptionId": {
-      "type": "string"
-    }
-  },
-  "required": [
-    "subscriptionId"
-  ],
-  "title": "RemoveConversationListenerParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/RemoveConversationSubscriptionResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/RemoveConversationSubscriptionResponse.json
@@ -1,5 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "title": "RemoveConversationSubscriptionResponse",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/ResumeConversationParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/ResumeConversationParams.json
@@ -1,948 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "AskForApproval": {
-      "description": "Determines the conditions under which the user is consulted to approve running the command proposed by Codex.",
-      "oneOf": [
-        {
-          "description": "Under this policy, only \"known safe\" commands—as determined by `is_safe_command()`—that **only read files** are auto‑approved. Everything else will ask the user to approve.",
-          "enum": [
-            "untrusted"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "*All* commands are auto‑approved, but they are expected to run inside a sandbox where network access is disabled and writes are confined to a specific set of paths. If the command fails, it will be escalated to the user to approve execution without a sandbox.",
-          "enum": [
-            "on-failure"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "The model decides when to ask the user for approval.",
-          "enum": [
-            "on-request"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "Never ask the user to approve commands. Failures are immediately returned to the model, and never escalated to the user for approval.",
-          "enum": [
-            "never"
-          ],
-          "type": "string"
-        }
-      ]
-    },
-    "ContentItem": {
-      "oneOf": [
-        {
-          "properties": {
-            "text": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "input_text"
-              ],
-              "title": "InputTextContentItemType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "text",
-            "type"
-          ],
-          "title": "InputTextContentItem",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "image_url": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "input_image"
-              ],
-              "title": "InputImageContentItemType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "image_url",
-            "type"
-          ],
-          "title": "InputImageContentItem",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "text": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "output_text"
-              ],
-              "title": "OutputTextContentItemType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "text",
-            "type"
-          ],
-          "title": "OutputTextContentItem",
-          "type": "object"
-        }
-      ]
-    },
-    "FunctionCallOutputBody": {
-      "anyOf": [
-        {
-          "type": "string"
-        },
-        {
-          "items": {
-            "$ref": "#/definitions/FunctionCallOutputContentItem"
-          },
-          "type": "array"
-        }
-      ]
-    },
-    "FunctionCallOutputContentItem": {
-      "description": "Responses API compatible content items that can be returned by a tool call. This is a subset of ContentItem with the types we support as function call outputs.",
-      "oneOf": [
-        {
-          "properties": {
-            "text": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "input_text"
-              ],
-              "title": "InputTextFunctionCallOutputContentItemType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "text",
-            "type"
-          ],
-          "title": "InputTextFunctionCallOutputContentItem",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "image_url": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "input_image"
-              ],
-              "title": "InputImageFunctionCallOutputContentItemType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "image_url",
-            "type"
-          ],
-          "title": "InputImageFunctionCallOutputContentItem",
-          "type": "object"
-        }
-      ]
-    },
-    "FunctionCallOutputPayload": {
-      "description": "The payload we send back to OpenAI when reporting a tool call result.\n\n`body` serializes directly as the wire value for `function_call_output.output`. `success` remains internal metadata for downstream handling.",
-      "properties": {
-        "body": {
-          "$ref": "#/definitions/FunctionCallOutputBody"
-        },
-        "success": {
-          "type": [
-            "boolean",
-            "null"
-          ]
-        }
-      },
-      "required": [
-        "body"
-      ],
-      "type": "object"
-    },
-    "GhostCommit": {
-      "description": "Details of a ghost commit created from a repository state.",
-      "properties": {
-        "id": {
-          "type": "string"
-        },
-        "parent": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "preexisting_untracked_dirs": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        },
-        "preexisting_untracked_files": {
-          "items": {
-            "type": "string"
-          },
-          "type": "array"
-        }
-      },
-      "required": [
-        "id",
-        "preexisting_untracked_dirs",
-        "preexisting_untracked_files"
-      ],
-      "type": "object"
-    },
-    "LocalShellAction": {
-      "oneOf": [
-        {
-          "properties": {
-            "command": {
-              "items": {
-                "type": "string"
-              },
-              "type": "array"
-            },
-            "env": {
-              "additionalProperties": {
-                "type": "string"
-              },
-              "type": [
-                "object",
-                "null"
-              ]
-            },
-            "timeout_ms": {
-              "format": "uint64",
-              "minimum": 0.0,
-              "type": [
-                "integer",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "exec"
-              ],
-              "title": "ExecLocalShellActionType",
-              "type": "string"
-            },
-            "user": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "working_directory": {
-              "type": [
-                "string",
-                "null"
-              ]
-            }
-          },
-          "required": [
-            "command",
-            "type"
-          ],
-          "title": "ExecLocalShellAction",
-          "type": "object"
-        }
-      ]
-    },
-    "LocalShellStatus": {
-      "enum": [
-        "completed",
-        "in_progress",
-        "incomplete"
-      ],
-      "type": "string"
-    },
-    "MessagePhase": {
-      "description": "Classifies an assistant message as interim commentary or final answer text.\n\nProviders do not emit this consistently, so callers must treat `None` as \"phase unknown\" and keep compatibility behavior for legacy models.",
-      "oneOf": [
-        {
-          "description": "Mid-turn assistant text (for example preamble/progress narration).\n\nAdditional tool calls or assistant output may follow before turn completion.",
-          "enum": [
-            "commentary"
-          ],
-          "type": "string"
-        },
-        {
-          "description": "The assistant's terminal answer text for the current turn.",
-          "enum": [
-            "final_answer"
-          ],
-          "type": "string"
-        }
-      ]
-    },
-    "NewConversationParams": {
-      "properties": {
-        "approvalPolicy": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/AskForApproval"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        },
-        "baseInstructions": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "compactPrompt": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "config": {
-          "additionalProperties": true,
-          "type": [
-            "object",
-            "null"
-          ]
-        },
-        "cwd": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "developerInstructions": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "includeApplyPatchTool": {
-          "type": [
-            "boolean",
-            "null"
-          ]
-        },
-        "model": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "modelProvider": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "profile": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "sandbox": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/SandboxMode"
-            },
-            {
-              "type": "null"
-            }
-          ]
-        }
-      },
-      "type": "object"
-    },
-    "ReasoningItemContent": {
-      "oneOf": [
-        {
-          "properties": {
-            "text": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "reasoning_text"
-              ],
-              "title": "ReasoningTextReasoningItemContentType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "text",
-            "type"
-          ],
-          "title": "ReasoningTextReasoningItemContent",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "text": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "text"
-              ],
-              "title": "TextReasoningItemContentType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "text",
-            "type"
-          ],
-          "title": "TextReasoningItemContent",
-          "type": "object"
-        }
-      ]
-    },
-    "ReasoningItemReasoningSummary": {
-      "oneOf": [
-        {
-          "properties": {
-            "text": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "summary_text"
-              ],
-              "title": "SummaryTextReasoningItemReasoningSummaryType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "text",
-            "type"
-          ],
-          "title": "SummaryTextReasoningItemReasoningSummary",
-          "type": "object"
-        }
-      ]
-    },
-    "ResponseItem": {
-      "oneOf": [
-        {
-          "properties": {
-            "content": {
-              "items": {
-                "$ref": "#/definitions/ContentItem"
-              },
-              "type": "array"
-            },
-            "end_turn": {
-              "type": [
-                "boolean",
-                "null"
-              ]
-            },
-            "id": {
-              "type": [
-                "string",
-                "null"
-              ],
-              "writeOnly": true
-            },
-            "phase": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/MessagePhase"
-                },
-                {
-                  "type": "null"
-                }
-              ]
-            },
-            "role": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "message"
-              ],
-              "title": "MessageResponseItemType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "content",
-            "role",
-            "type"
-          ],
-          "title": "MessageResponseItem",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "content": {
-              "default": null,
-              "items": {
-                "$ref": "#/definitions/ReasoningItemContent"
-              },
-              "type": [
-                "array",
-                "null"
-              ]
-            },
-            "encrypted_content": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "id": {
-              "type": "string",
-              "writeOnly": true
-            },
-            "summary": {
-              "items": {
-                "$ref": "#/definitions/ReasoningItemReasoningSummary"
-              },
-              "type": "array"
-            },
-            "type": {
-              "enum": [
-                "reasoning"
-              ],
-              "title": "ReasoningResponseItemType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "id",
-            "summary",
-            "type"
-          ],
-          "title": "ReasoningResponseItem",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "action": {
-              "$ref": "#/definitions/LocalShellAction"
-            },
-            "call_id": {
-              "description": "Set when using the Responses API.",
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "id": {
-              "description": "Legacy id field retained for compatibility with older payloads.",
-              "type": [
-                "string",
-                "null"
-              ],
-              "writeOnly": true
-            },
-            "status": {
-              "$ref": "#/definitions/LocalShellStatus"
-            },
-            "type": {
-              "enum": [
-                "local_shell_call"
-              ],
-              "title": "LocalShellCallResponseItemType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "action",
-            "status",
-            "type"
-          ],
-          "title": "LocalShellCallResponseItem",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "arguments": {
-              "type": "string"
-            },
-            "call_id": {
-              "type": "string"
-            },
-            "id": {
-              "type": [
-                "string",
-                "null"
-              ],
-              "writeOnly": true
-            },
-            "name": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "function_call"
-              ],
-              "title": "FunctionCallResponseItemType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "arguments",
-            "call_id",
-            "name",
-            "type"
-          ],
-          "title": "FunctionCallResponseItem",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "call_id": {
-              "type": "string"
-            },
-            "output": {
-              "$ref": "#/definitions/FunctionCallOutputPayload"
-            },
-            "type": {
-              "enum": [
-                "function_call_output"
-              ],
-              "title": "FunctionCallOutputResponseItemType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "call_id",
-            "output",
-            "type"
-          ],
-          "title": "FunctionCallOutputResponseItem",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "call_id": {
-              "type": "string"
-            },
-            "id": {
-              "type": [
-                "string",
-                "null"
-              ],
-              "writeOnly": true
-            },
-            "input": {
-              "type": "string"
-            },
-            "name": {
-              "type": "string"
-            },
-            "status": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "custom_tool_call"
-              ],
-              "title": "CustomToolCallResponseItemType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "call_id",
-            "input",
-            "name",
-            "type"
-          ],
-          "title": "CustomToolCallResponseItem",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "call_id": {
-              "type": "string"
-            },
-            "output": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "custom_tool_call_output"
-              ],
-              "title": "CustomToolCallOutputResponseItemType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "call_id",
-            "output",
-            "type"
-          ],
-          "title": "CustomToolCallOutputResponseItem",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "action": {
-              "anyOf": [
-                {
-                  "$ref": "#/definitions/WebSearchAction"
-                },
-                {
-                  "type": "null"
-                }
-              ]
-            },
-            "id": {
-              "type": [
-                "string",
-                "null"
-              ],
-              "writeOnly": true
-            },
-            "status": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "web_search_call"
-              ],
-              "title": "WebSearchCallResponseItemType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "WebSearchCallResponseItem",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "ghost_commit": {
-              "$ref": "#/definitions/GhostCommit"
-            },
-            "type": {
-              "enum": [
-                "ghost_snapshot"
-              ],
-              "title": "GhostSnapshotResponseItemType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "ghost_commit",
-            "type"
-          ],
-          "title": "GhostSnapshotResponseItem",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "encrypted_content": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "compaction"
-              ],
-              "title": "CompactionResponseItemType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "encrypted_content",
-            "type"
-          ],
-          "title": "CompactionResponseItem",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "type": {
-              "enum": [
-                "other"
-              ],
-              "title": "OtherResponseItemType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "OtherResponseItem",
-          "type": "object"
-        }
-      ]
-    },
-    "SandboxMode": {
-      "enum": [
-        "read-only",
-        "workspace-write",
-        "danger-full-access"
-      ],
-      "type": "string"
-    },
-    "ThreadId": {
-      "type": "string"
-    },
-    "WebSearchAction": {
-      "oneOf": [
-        {
-          "properties": {
-            "queries": {
-              "items": {
-                "type": "string"
-              },
-              "type": [
-                "array",
-                "null"
-              ]
-            },
-            "query": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "search"
-              ],
-              "title": "SearchWebSearchActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "SearchWebSearchAction",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "type": {
-              "enum": [
-                "open_page"
-              ],
-              "title": "OpenPageWebSearchActionType",
-              "type": "string"
-            },
-            "url": {
-              "type": [
-                "string",
-                "null"
-              ]
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "OpenPageWebSearchAction",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "pattern": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "find_in_page"
-              ],
-              "title": "FindInPageWebSearchActionType",
-              "type": "string"
-            },
-            "url": {
-              "type": [
-                "string",
-                "null"
-              ]
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "FindInPageWebSearchAction",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "type": {
-              "enum": [
-                "other"
-              ],
-              "title": "OtherWebSearchActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "OtherWebSearchAction",
-          "type": "object"
-        }
-      ]
-    }
-  },
-  "properties": {
-    "conversationId": {
-      "anyOf": [
-        {
-          "$ref": "#/definitions/ThreadId"
-        },
-        {
-          "type": "null"
-        }
-      ]
-    },
-    "history": {
-      "items": {
-        "$ref": "#/definitions/ResponseItem"
-      },
-      "type": [
-        "array",
-        "null"
-      ]
-    },
-    "overrides": {
-      "anyOf": [
-        {
-          "$ref": "#/definitions/NewConversationParams"
-        },
-        {
-          "type": "null"
-        }
-      ]
-    },
-    "path": {
-      "type": [
-        "string",
-        "null"
-      ]
-    }
-  },
-  "title": "ResumeConversationParams",
-  "type": "object"
-}
--- a/codex-rs/app-server-protocol/schema/json/v1/ResumeConversationResponse.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/ResumeConversationResponse.json
--- a/codex-rs/app-server-protocol/schema/json/v1/SendUserMessageParams.json
+++ b/codex-rs/app-server-protocol/schema/json/v1/SendUserMessageParams.json
@@ -1,165 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "InputItem": {
-      "oneOf": [
-        {
-          "properties": {
-            "data": {
-              "properties": {
-                "text": {
-                  "type": "string"
-                },
-                "text_elements": {
-                  "default": [],
-                  "description": "UI-defined spans within `text` used to render or persist special elements.",
-                  "items": {
-                    "$ref": "#/definitions/V1TextElement"
-                  },
-                  "type": "array"
-                }
-              },
-              "required": [
-                "text"
-              ],
-              "type": "object"
-            },
-            "type": {
-              "enum": [
-                "text"
-              ],
-              "title": "TextInputItemType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "data",
-            "type"
-          ],
-          "title": "TextInputItem",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "data": {
-              "properties": {
-                "image_url": {
-                  "type": "string"
-                }
-              },
-              "required": [
-                "image_url"
-              ],
-              "type": "object"
-            },
-            "type": {
-              "enum": [
-                "image"
-              ],
-              "title": "ImageInputItemType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "data",
-            "type"
-          ],
-          "title": "ImageInputItem",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "data": {
-              "properties": {
-                "path": {
-                  "type": "string"
-                }
-              },
-              "required": [
-                "path"
-              ],
-              "type": "object"
-            },
-            "type": {
-              "enum": [
-                "localImage"
-              ],
-              "title": "LocalImageInputItemType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "data",
-            "type"
-          ],
-          "title": "LocalImageInputItem",
-          "type": "object"
-        }
-      ]
-    },
-    "ThreadId": {
-      "type": "string"
-    },
-    "V1ByteRange": {
-      "properties": {
-        "end": {
-          "description": "End byte offset (exclusive) within the UTF-8 text buffer.",
-          "format": "uint",
-          "minimum": 0.0,
-          "type": "integer"
-        },
-        "start": {
-          "description": "Start byte offset (inclusive) within the UTF-8 text buffer.",
-          "format": "uint",
-          "minimum": 0.0,
-          "type": "integer"
-        }
-      },
-      "required": [
-        "end",
-        "start"
-      ],
-      "type": "object"
-    },
-    "V1TextElement": {
-      "properties": {
-        "byteRange": {
-          "allOf": [
-            {
-              "$ref": "#/definitions/V1ByteRange"
-            }
-          ],
-          "description": "Byte range in the parent `text` buffer that this element occupies."
-        },
-        "placeholder": {
-          "description": "Optional human-readable placeholder for the element, displayed in the UI.",
-          "type": [
-            "string",
-            "null"
-          ]
-        }
-      },
-      "required": [
-        "byteRange"
-      ],
-      "type": "object"
-    }
-  },
-  "properties": {
-    "conversationId": {
-      "$ref": "#/definitions/ThreadId"
-    },
-    "items": {
-      "items": {
-        "$ref": "#/definitions/InputItem"
-      },
-      "type": "array"
-    }
-  },
-  "required": [
-    "conversationId",
-    "items"
-  ],
-  "title": "SendUserMessageParams",
-  "type": "object"
-}
--- a/Show More
+++ b/Show More