Merge remote-tracking branch 'origin/dev/friel/tui-watchdog-and-subagent-behavior' into repair/collab-stack-clean-r2

# Conflicts:
#	codex-rs/exec/src/lib.rs

.devcontainer/Dockerfile

@@ -11,7 +11,7 @@ RUN apt-get update && \
 RUN apt-get update && \
     apt-get install -y --no-install-recommends \
     build-essential curl git ca-certificates \
-    pkg-config clang musl-tools libssl-dev just && \
+    pkg-config libcap-dev clang musl-tools libssl-dev just && \
     rm -rf /var/lib/apt/lists/*
 
 # Ubuntu 24.04 ships with user 'ubuntu' already created with UID 1000.

.github/workflows/rust-release.yml

@@ -643,6 +643,29 @@ jobs:
             exit "${publish_status}"
           done
 
+  winget:
+    name: winget
+    needs: release
+    # Only publish stable/mainline releases to WinGet; pre-releases include a
+    # '-' in the semver string (e.g., 1.2.3-alpha.1).
+    if: ${{ !contains(needs.release.outputs.version, '-') }}
+    # This job only invokes a GitHub Action to open/update the winget-pkgs PR;
+    # it does not execute Windows-only tooling, so Linux is sufficient.
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - name: Publish to WinGet
+        uses: vedantmgoyal9/winget-releaser@19e706d4c9121098010096f9c495a70a7518b30f
+        with:
+          identifier: OpenAI.Codex
+          version: ${{ needs.release.outputs.version }}
+          release-tag: ${{ needs.release.outputs.tag }}
+          fork-user: openai-oss-forks
+          installers-regex: '^codex-(?:x86_64|aarch64)-pc-windows-msvc\.exe\.zip$'
+          token: ${{ secrets.WINGET_PUBLISH_PAT }}
+
   update-branch:
     name: Update latest-alpha-cli branch
     permissions:

BUILD.bazel

@@ -28,4 +28,8 @@ alias(
     actual = "@rbe_platform",
 )
 
-exports_files(["AGENTS.md"])
+exports_files([
+    "AGENTS.md",
+    "workspace_root_test_launcher.bat.tpl",
+    "workspace_root_test_launcher.sh.tpl",
+])

codex-rs/.config/nextest.toml

@@ -11,3 +11,9 @@ slow-timeout = { period = "1m", terminate-after = 4 }
 [[profile.default.overrides]]
 filter = 'test(approval_matrix_covers_all_modes)'
 slow-timeout = { period = "30s", terminate-after = 2 }
+
+[[profile.default.overrides]]
+# Schema fixture generation can take longer than the default timeout on slower
+# Windows runners when app-server protocol fixture sets grow.
+filter = 'test(schema_fixtures_match_generated)'
+slow-timeout = { period = "1m", terminate-after = 2 }

codex-rs/Cargo.lock

@@ -1436,6 +1436,7 @@ dependencies = [
  "codex-utils-cargo-bin",
  "codex-utils-cli",
  "codex-utils-json-to-toml",
+ "codex-utils-pty",
  "core_test_support",
  "futures",
  "owo-colors",
@@ -1457,6 +1458,24 @@ dependencies = [
  "wiremock",
 ]
 
+[[package]]
+name = "codex-app-server-client"
+version = "0.0.0"
+dependencies = [
+ "codex-app-server",
+ "codex-app-server-protocol",
+ "codex-arg0",
+ "codex-core",
+ "codex-feedback",
+ "codex-protocol",
+ "pretty_assertions",
+ "serde",
+ "serde_json",
+ "tokio",
+ "toml 0.9.11+spec-1.1.0",
+ "tracing",
+]
+
 [[package]]
 name = "codex-app-server-protocol"
 version = "0.0.0"
@@ -1647,6 +1666,8 @@ dependencies = [
  "tokio",
  "toml 0.9.11+spec-1.1.0",
  "tracing",
+ "tracing-appender",
+ "tracing-subscriber",
 ]
 
 [[package]]
@@ -1896,10 +1917,13 @@ dependencies = [
  "anyhow",
  "assert_cmd",
  "clap",
+ "codex-app-server-client",
+ "codex-app-server-protocol",
  "codex-apply-patch",
  "codex-arg0",
  "codex-cloud-requirements",
  "codex-core",
+ "codex-feedback",
  "codex-otel",
  "codex-protocol",
  "codex-utils-absolute-path",
@@ -2088,6 +2112,7 @@ dependencies = [
  "codex-app-server-protocol",
  "codex-core",
  "core_test_support",
+ "pretty_assertions",
  "rand 0.9.2",
  "reqwest",
  "serde",
@@ -2096,6 +2121,7 @@ dependencies = [
  "tempfile",
  "tiny_http",
  "tokio",
+ "tracing",
  "url",
  "urlencoding",
  "webbrowser",
@@ -2302,7 +2328,9 @@ dependencies = [
  "serde_json",
  "serial_test",
  "sha2",
+ "sse-stream",
  "tempfile",
+ "thiserror 2.0.18",
  "tiny_http",
  "tokio",
  "tracing",
@@ -2388,7 +2416,6 @@ dependencies = [
  "anyhow",
  "chrono",
  "clap",
- "codex-otel",
  "codex-protocol",
  "dirs",
  "log",

codex-rs/Cargo.toml

@@ -4,6 +4,7 @@ members = [
     "ansi-escape",
     "async-utils",
     "app-server",
+    "app-server-client",
     "app-server-protocol",
     "app-server-test-client",
     "debug-client",
@@ -70,7 +71,7 @@ members = [
 resolver = "2"
 
 [workspace.package]
-version = "0.112.0"
+version = "0.0.0"
 # Track the edition for all workspace crates in one place. Individual
 # crates can still override this value, but keeping it here means new
 # crates created with `cargo new -w ...` automatically inherit the 2024
@@ -86,6 +87,7 @@ codex-api = { path = "codex-api" }
 codex-artifacts = { path = "artifacts" }
 codex-package-manager = { path = "package-manager" }
 codex-app-server = { path = "app-server" }
+codex-app-server-client = { path = "app-server-client" }
 codex-app-server-protocol = { path = "app-server-protocol" }
 codex-app-server-test-client = { path = "app-server-test-client" }
 codex-apply-patch = { path = "apply-patch" }

codex-rs/README.md

@@ -51,6 +51,7 @@ You can enable notifications by configuring a script that is run whenever the ag
 ### `codex exec` to run Codex programmatically/non-interactively
 
 To run Codex non-interactively, run `codex exec PROMPT` (you can also pass the prompt via `stdin`) and Codex will work on your task until it decides that it is done and exits. Output is printed to the terminal directly. You can set the `RUST_LOG` environment variable to see more about what's going on.
+Use `codex exec --fork <SESSION_ID> PROMPT` to fork an existing session without launching the interactive picker/UI.
 Use `codex exec --ephemeral ...` to run without persisting session rollout files to disk.
 
 ### Experimenting with the Codex Sandbox

codex-rs/app-server-client/BUILD.bazel

@@ -0,0 +1,6 @@
+load("//:defs.bzl", "codex_rust_crate")
+
+codex_rust_crate(
+    name = "app-server-client",
+    crate_name = "codex_app_server_client",
+)

codex-rs/app-server-client/Cargo.toml

@@ -0,0 +1,30 @@
+[package]
+name = "codex-app-server-client"
+version.workspace = true
+edition.workspace = true
+license.workspace = true
+
+[lib]
+name = "codex_app_server_client"
+path = "src/lib.rs"
+
+[lints]
+workspace = true
+
+[dependencies]
+codex-app-server = { workspace = true }
+codex-app-server-protocol = { workspace = true }
+codex-arg0 = { workspace = true }
+codex-core = { workspace = true }
+codex-feedback = { workspace = true }
+codex-protocol = { workspace = true }
+serde = { workspace = true }
+serde_json = { workspace = true }
+tokio = { workspace = true, features = ["sync", "time", "rt"] }
+toml = { workspace = true }
+tracing = { workspace = true }
+
+[dev-dependencies]
+pretty_assertions = { workspace = true }
+serde_json = { workspace = true }
+tokio = { workspace = true, features = ["macros", "rt-multi-thread"] }

codex-rs/app-server-client/README.md

@@ -0,0 +1,67 @@
+# codex-app-server-client
+
+Shared in-process app-server client used by conversational CLI surfaces:
+
+- `codex-exec`
+- `codex-tui`
+
+## Purpose
+
+This crate centralizes startup and lifecycle management for an in-process
+`codex-app-server` runtime, so CLI clients do not need to duplicate:
+
+- app-server bootstrap and initialize handshake
+- in-memory request/event transport wiring
+- lifecycle orchestration around caller-provided startup identity
+- graceful shutdown behavior
+
+## Startup identity
+
+Callers pass both the app-server `SessionSource` and the initialize
+`client_info.name` explicitly when starting the facade.
+
+That keeps thread metadata (for example in `thread/list` and `thread/read`)
+aligned with the originating runtime without baking TUI/exec-specific policy
+into the shared client layer.
+
+## Transport model
+
+The in-process path uses typed channels:
+
+- client -> server: `ClientRequest` / `ClientNotification`
+- server -> client: `InProcessServerEvent`
+  - `ServerRequest`
+  - `ServerNotification`
+  - `LegacyNotification`
+
+JSON serialization is still used at external transport boundaries
+(stdio/websocket), but the in-process hot path is typed.
+
+Typed requests still receive app-server responses through the JSON-RPC
+result envelope internally. That is intentional: the in-process path is
+meant to preserve app-server semantics while removing the process
+boundary, not to introduce a second response contract.
+
+## Bootstrap behavior
+
+The client facade starts an already-initialized in-process runtime, but
+thread bootstrap still follows normal app-server flow:
+
+- caller sends `thread/start` or `thread/resume`
+- app-server returns the immediate typed response
+- richer session metadata may arrive later as a `SessionConfigured`
+  legacy event
+
+Surfaces such as TUI and exec may therefore need a short bootstrap
+phase where they reconcile startup response data with later events.
+
+## Backpressure and shutdown
+
+- Queues are bounded and use `DEFAULT_IN_PROCESS_CHANNEL_CAPACITY` by default.
+- Full queues return explicit overload behavior instead of unbounded growth.
+- `shutdown()` performs a bounded graceful shutdown and then aborts if timeout
+  is exceeded.
+
+If the client falls behind on event consumption, the worker emits
+`InProcessServerEvent::Lagged` and may reject pending server requests so
+approval flows do not hang indefinitely behind a saturated queue.

codex-rs/app-server-client/src/lib.rs

@@ -0,0 +1,801 @@
+//! Shared in-process app-server client facade for CLI surfaces.
+//!
+//! This crate wraps [`codex_app_server::in_process`] behind a single async API
+//! used by surfaces like TUI and exec. It centralizes:
+//!
+//! - Runtime startup and initialize-capabilities handshake.
+//! - Typed caller-provided startup identity (`SessionSource` + client name).
+//! - Typed and raw request/notification dispatch.
+//! - Server request resolution and rejection.
+//! - Event consumption with backpressure signaling ([`InProcessServerEvent::Lagged`]).
+//! - Bounded graceful shutdown with abort fallback.
+//!
+//! The facade interposes a worker task between the caller and the underlying
+//! [`InProcessClientHandle`](codex_app_server::in_process::InProcessClientHandle),
+//! bridging async `mpsc` channels on both sides. Queues are bounded so overload
+//! surfaces as channel-full errors rather than unbounded memory growth.
+
+use std::error::Error;
+use std::fmt;
+use std::io::Error as IoError;
+use std::io::ErrorKind;
+use std::io::Result as IoResult;
+use std::sync::Arc;
+use std::time::Duration;
+
+pub use codex_app_server::in_process::DEFAULT_IN_PROCESS_CHANNEL_CAPACITY;
+pub use codex_app_server::in_process::InProcessServerEvent;
+use codex_app_server::in_process::InProcessStartArgs;
+use codex_app_server_protocol::ClientInfo;
+use codex_app_server_protocol::ClientNotification;
+use codex_app_server_protocol::ClientRequest;
+use codex_app_server_protocol::ConfigWarningNotification;
+use codex_app_server_protocol::InitializeCapabilities;
+use codex_app_server_protocol::InitializeParams;
+use codex_app_server_protocol::JSONRPCErrorError;
+use codex_app_server_protocol::RequestId;
+use codex_app_server_protocol::Result as JsonRpcResult;
+use codex_arg0::Arg0DispatchPaths;
+use codex_core::config::Config;
+use codex_core::config_loader::CloudRequirementsLoader;
+use codex_core::config_loader::LoaderOverrides;
+use codex_feedback::CodexFeedback;
+use codex_protocol::protocol::SessionSource;
+use serde::de::DeserializeOwned;
+use tokio::sync::mpsc;
+use tokio::sync::oneshot;
+use tokio::time::timeout;
+use toml::Value as TomlValue;
+use tracing::warn;
+
+const SHUTDOWN_TIMEOUT: Duration = Duration::from_secs(5);
+
+/// Raw app-server request result for typed in-process requests.
+///
+/// Even on the in-process path, successful responses still travel back through
+/// the same JSON-RPC result envelope used by socket/stdio transports because
+/// `MessageProcessor` continues to produce that shape internally.
+pub type RequestResult = std::result::Result<JsonRpcResult, JSONRPCErrorError>;
+
+fn event_requires_delivery(event: &InProcessServerEvent) -> bool {
+    // These terminal events drive surface shutdown/completion state. Dropping
+    // them under backpressure can leave exec/TUI waiting forever even though
+    // the underlying turn has already ended.
+    match event {
+        InProcessServerEvent::ServerNotification(
+            codex_app_server_protocol::ServerNotification::TurnCompleted(_),
+        ) => true,
+        InProcessServerEvent::LegacyNotification(notification) => matches!(
+            notification
+                .method
+                .strip_prefix("codex/event/")
+                .unwrap_or(&notification.method),
+            "task_complete" | "turn_aborted" | "shutdown_complete"
+        ),
+        _ => false,
+    }
+}
+
+/// Layered error for [`InProcessAppServerClient::request_typed`].
+///
+/// This keeps transport failures, server-side JSON-RPC failures, and response
+/// decode failures distinct so callers can decide whether to retry, surface a
+/// server error, or treat the response as an internal request/response mismatch.
+#[derive(Debug)]
+pub enum TypedRequestError {
+    Transport {
+        method: String,
+        source: IoError,
+    },
+    Server {
+        method: String,
+        source: JSONRPCErrorError,
+    },
+    Deserialize {
+        method: String,
+        source: serde_json::Error,
+    },
+}
+
+impl fmt::Display for TypedRequestError {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        match self {
+            Self::Transport { method, source } => {
+                write!(f, "{method} transport error: {source}")
+            }
+            Self::Server { method, source } => {
+                write!(f, "{method} failed: {}", source.message)
+            }
+            Self::Deserialize { method, source } => {
+                write!(f, "{method} response decode error: {source}")
+            }
+        }
+    }
+}
+
+impl Error for TypedRequestError {
+    fn source(&self) -> Option<&(dyn Error + 'static)> {
+        match self {
+            Self::Transport { source, .. } => Some(source),
+            Self::Server { .. } => None,
+            Self::Deserialize { source, .. } => Some(source),
+        }
+    }
+}
+
+#[derive(Clone)]
+pub struct InProcessClientStartArgs {
+    /// Resolved argv0 dispatch paths used by command execution internals.
+    pub arg0_paths: Arg0DispatchPaths,
+    /// Shared config used to initialize app-server runtime.
+    pub config: Arc<Config>,
+    /// CLI config overrides that are already parsed into TOML values.
+    pub cli_overrides: Vec<(String, TomlValue)>,
+    /// Loader override knobs used by config API paths.
+    pub loader_overrides: LoaderOverrides,
+    /// Preloaded cloud requirements provider.
+    pub cloud_requirements: CloudRequirementsLoader,
+    /// Feedback sink used by app-server/core telemetry and logs.
+    pub feedback: CodexFeedback,
+    /// Startup warnings emitted after initialize succeeds.
+    pub config_warnings: Vec<ConfigWarningNotification>,
+    /// Session source recorded in app-server thread metadata.
+    pub session_source: SessionSource,
+    /// Whether auth loading should honor the `CODEX_API_KEY` environment variable.
+    pub enable_codex_api_key_env: bool,
+    /// Client name reported during initialize.
+    pub client_name: String,
+    /// Client version reported during initialize.
+    pub client_version: String,
+    /// Whether experimental APIs are requested at initialize time.
+    pub experimental_api: bool,
+    /// Notification methods this client opts out of receiving.
+    pub opt_out_notification_methods: Vec<String>,
+    /// Queue capacity for command/event channels (clamped to at least 1).
+    pub channel_capacity: usize,
+}
+
+impl InProcessClientStartArgs {
+    /// Builds initialize params from caller-provided metadata.
+    pub fn initialize_params(&self) -> InitializeParams {
+        let capabilities = InitializeCapabilities {
+            experimental_api: self.experimental_api,
+            opt_out_notification_methods: if self.opt_out_notification_methods.is_empty() {
+                None
+            } else {
+                Some(self.opt_out_notification_methods.clone())
+            },
+        };
+
+        InitializeParams {
+            client_info: ClientInfo {
+                name: self.client_name.clone(),
+                title: None,
+                version: self.client_version.clone(),
+            },
+            capabilities: Some(capabilities),
+        }
+    }
+
+    fn into_runtime_start_args(self) -> InProcessStartArgs {
+        let initialize = self.initialize_params();
+        InProcessStartArgs {
+            arg0_paths: self.arg0_paths,
+            config: self.config,
+            cli_overrides: self.cli_overrides,
+            loader_overrides: self.loader_overrides,
+            cloud_requirements: self.cloud_requirements,
+            feedback: self.feedback,
+            config_warnings: self.config_warnings,
+            session_source: self.session_source,
+            enable_codex_api_key_env: self.enable_codex_api_key_env,
+            initialize,
+            channel_capacity: self.channel_capacity,
+        }
+    }
+}
+
+/// Internal command sent from public facade methods to the worker task.
+///
+/// Each variant carries a oneshot sender so the caller can `await` the
+/// result without holding a mutable reference to the client.
+enum ClientCommand {
+    Request {
+        request: Box<ClientRequest>,
+        response_tx: oneshot::Sender<IoResult<RequestResult>>,
+    },
+    Notify {
+        notification: ClientNotification,
+        response_tx: oneshot::Sender<IoResult<()>>,
+    },
+    ResolveServerRequest {
+        request_id: RequestId,
+        result: JsonRpcResult,
+        response_tx: oneshot::Sender<IoResult<()>>,
+    },
+    RejectServerRequest {
+        request_id: RequestId,
+        error: JSONRPCErrorError,
+        response_tx: oneshot::Sender<IoResult<()>>,
+    },
+    Shutdown {
+        response_tx: oneshot::Sender<IoResult<()>>,
+    },
+}
+
+/// Async facade over the in-process app-server runtime.
+///
+/// This type owns a worker task that bridges between:
+/// - caller-facing async `mpsc` channels used by TUI/exec
+/// - [`codex_app_server::in_process::InProcessClientHandle`], which speaks to
+///   the embedded `MessageProcessor`
+///
+/// The facade intentionally preserves the server's request/notification/event
+/// model instead of exposing direct core runtime handles. That keeps in-process
+/// callers aligned with app-server behavior while still avoiding a process
+/// boundary.
+pub struct InProcessAppServerClient {
+    command_tx: mpsc::Sender<ClientCommand>,
+    event_rx: mpsc::Receiver<InProcessServerEvent>,
+    worker_handle: tokio::task::JoinHandle<()>,
+}
+
+impl InProcessAppServerClient {
+    /// Starts the in-process runtime and facade worker task.
+    ///
+    /// The returned client is ready for requests and event consumption. If the
+    /// internal event queue is saturated later, server requests are rejected
+    /// with overload error instead of being silently dropped.
+    pub async fn start(args: InProcessClientStartArgs) -> IoResult<Self> {
+        let channel_capacity = args.channel_capacity.max(1);
+        let mut handle =
+            codex_app_server::in_process::start(args.into_runtime_start_args()).await?;
+        let request_sender = handle.sender();
+        let (command_tx, mut command_rx) = mpsc::channel::<ClientCommand>(channel_capacity);
+        let (event_tx, event_rx) = mpsc::channel::<InProcessServerEvent>(channel_capacity);
+
+        let worker_handle = tokio::spawn(async move {
+            let mut event_stream_enabled = true;
+            let mut skipped_events = 0usize;
+            loop {
+                tokio::select! {
+                    command = command_rx.recv() => {
+                        match command {
+                            Some(ClientCommand::Request { request, response_tx }) => {
+                                let request_sender = request_sender.clone();
+                                // Request waits happen on a detached task so
+                                // this loop can keep draining runtime events
+                                // while the request is blocked on client input.
+                                tokio::spawn(async move {
+                                    let result = request_sender.request(*request).await;
+                                    let _ = response_tx.send(result);
+                                });
+                            }
+                            Some(ClientCommand::Notify {
+                                notification,
+                                response_tx,
+                            }) => {
+                                let result = request_sender.notify(notification);
+                                let _ = response_tx.send(result);
+                            }
+                            Some(ClientCommand::ResolveServerRequest {
+                                request_id,
+                                result,
+                                response_tx,
+                            }) => {
+                                let send_result =
+                                    request_sender.respond_to_server_request(request_id, result);
+                                let _ = response_tx.send(send_result);
+                            }
+                            Some(ClientCommand::RejectServerRequest {
+                                request_id,
+                                error,
+                                response_tx,
+                            }) => {
+                                let send_result = request_sender.fail_server_request(request_id, error);
+                                let _ = response_tx.send(send_result);
+                            }
+                            Some(ClientCommand::Shutdown { response_tx }) => {
+                                let shutdown_result = handle.shutdown().await;
+                                let _ = response_tx.send(shutdown_result);
+                                break;
+                            }
+                            None => {
+                                let _ = handle.shutdown().await;
+                                break;
+                            }
+                        }
+                    }
+                    event = handle.next_event(), if event_stream_enabled => {
+                        let Some(event) = event else {
+                            break;
+                        };
+
+                        if skipped_events > 0 {
+                            if event_requires_delivery(&event) {
+                                // Surface lag before the terminal event, but
+                                // do not let the lag marker itself cause us to
+                                // drop the completion/abort notification that
+                                // the caller is blocked on.
+                                if event_tx
+                                    .send(InProcessServerEvent::Lagged {
+                                        skipped: skipped_events,
+                                    })
+                                    .await
+                                    .is_err()
+                                {
+                                    event_stream_enabled = false;
+                                    continue;
+                                }
+                                skipped_events = 0;
+                            } else {
+                                match event_tx.try_send(InProcessServerEvent::Lagged {
+                                    skipped: skipped_events,
+                                }) {
+                                    Ok(()) => {
+                                        skipped_events = 0;
+                                    }
+                                    Err(mpsc::error::TrySendError::Full(_)) => {
+                                        skipped_events = skipped_events.saturating_add(1);
+                                        warn!(
+                                            "dropping in-process app-server event because consumer queue is full"
+                                        );
+                                        if let InProcessServerEvent::ServerRequest(request) = event {
+                                            let _ = request_sender.fail_server_request(
+                                                request.id().clone(),
+                                                JSONRPCErrorError {
+                                                    code: -32001,
+                                                    message: "in-process app-server event queue is full".to_string(),
+                                                    data: None,
+                                                },
+                                            );
+                                        }
+                                        continue;
+                                    }
+                                    Err(mpsc::error::TrySendError::Closed(_)) => {
+                                        event_stream_enabled = false;
+                                        continue;
+                                    }
+                                }
+                            }
+                        }
+
+                        if event_requires_delivery(&event) {
+                            // Block until the consumer catches up for
+                            // terminal notifications; this preserves the
+                            // completion signal even when the queue is
+                            // otherwise saturated.
+                            if event_tx.send(event).await.is_err() {
+                                event_stream_enabled = false;
+                            }
+                            continue;
+                        }
+
+                        match event_tx.try_send(event) {
+                            Ok(()) => {}
+                            Err(mpsc::error::TrySendError::Full(event)) => {
+                                skipped_events = skipped_events.saturating_add(1);
+                                warn!("dropping in-process app-server event because consumer queue is full");
+                                if let InProcessServerEvent::ServerRequest(request) = event {
+                                    let _ = request_sender.fail_server_request(
+                                        request.id().clone(),
+                                        JSONRPCErrorError {
+                                            code: -32001,
+                                            message: "in-process app-server event queue is full".to_string(),
+                                            data: None,
+                                        },
+                                    );
+                                }
+                            }
+                            Err(mpsc::error::TrySendError::Closed(_)) => {
+                                event_stream_enabled = false;
+                            }
+                        }
+                    }
+                }
+            }
+        });
+
+        Ok(Self {
+            command_tx,
+            event_rx,
+            worker_handle,
+        })
+    }
+
+    /// Sends a typed client request and returns raw JSON-RPC result.
+    ///
+    /// Callers that expect a concrete response type should usually prefer
+    /// [`request_typed`](Self::request_typed).
+    pub async fn request(&self, request: ClientRequest) -> IoResult<RequestResult> {
+        let (response_tx, response_rx) = oneshot::channel();
+        self.command_tx
+            .send(ClientCommand::Request {
+                request: Box::new(request),
+                response_tx,
+            })
+            .await
+            .map_err(|_| {
+                IoError::new(
+                    ErrorKind::BrokenPipe,
+                    "in-process app-server worker channel is closed",
+                )
+            })?;
+        response_rx.await.map_err(|_| {
+            IoError::new(
+                ErrorKind::BrokenPipe,
+                "in-process app-server request channel is closed",
+            )
+        })?
+    }
+
+    /// Sends a typed client request and decodes the successful response body.
+    ///
+    /// This still deserializes from a JSON value produced by app-server's
+    /// JSON-RPC result envelope. Because the caller chooses `T`, `Deserialize`
+    /// failures indicate an internal request/response mismatch at the call site
+    /// (or an in-process bug), not transport skew from an external client.
+    pub async fn request_typed<T>(&self, request: ClientRequest) -> Result<T, TypedRequestError>
+    where
+        T: DeserializeOwned,
+    {
+        let method = request_method_name(&request);
+        let response =
+            self.request(request)
+                .await
+                .map_err(|source| TypedRequestError::Transport {
+                    method: method.clone(),
+                    source,
+                })?;
+        let result = response.map_err(|source| TypedRequestError::Server {
+            method: method.clone(),
+            source,
+        })?;
+        serde_json::from_value(result)
+            .map_err(|source| TypedRequestError::Deserialize { method, source })
+    }
+
+    /// Sends a typed client notification.
+    pub async fn notify(&self, notification: ClientNotification) -> IoResult<()> {
+        let (response_tx, response_rx) = oneshot::channel();
+        self.command_tx
+            .send(ClientCommand::Notify {
+                notification,
+                response_tx,
+            })
+            .await
+            .map_err(|_| {
+                IoError::new(
+                    ErrorKind::BrokenPipe,
+                    "in-process app-server worker channel is closed",
+                )
+            })?;
+        response_rx.await.map_err(|_| {
+            IoError::new(
+                ErrorKind::BrokenPipe,
+                "in-process app-server notify channel is closed",
+            )
+        })?
+    }
+
+    /// Resolves a pending server request.
+    ///
+    /// This should only be called with request IDs obtained from the current
+    /// client's event stream.
+    pub async fn resolve_server_request(
+        &self,
+        request_id: RequestId,
+        result: JsonRpcResult,
+    ) -> IoResult<()> {
+        let (response_tx, response_rx) = oneshot::channel();
+        self.command_tx
+            .send(ClientCommand::ResolveServerRequest {
+                request_id,
+                result,
+                response_tx,
+            })
+            .await
+            .map_err(|_| {
+                IoError::new(
+                    ErrorKind::BrokenPipe,
+                    "in-process app-server worker channel is closed",
+                )
+            })?;
+        response_rx.await.map_err(|_| {
+            IoError::new(
+                ErrorKind::BrokenPipe,
+                "in-process app-server resolve channel is closed",
+            )
+        })?
+    }
+
+    /// Rejects a pending server request with JSON-RPC error payload.
+    pub async fn reject_server_request(
+        &self,
+        request_id: RequestId,
+        error: JSONRPCErrorError,
+    ) -> IoResult<()> {
+        let (response_tx, response_rx) = oneshot::channel();
+        self.command_tx
+            .send(ClientCommand::RejectServerRequest {
+                request_id,
+                error,
+                response_tx,
+            })
+            .await
+            .map_err(|_| {
+                IoError::new(
+                    ErrorKind::BrokenPipe,
+                    "in-process app-server worker channel is closed",
+                )
+            })?;
+        response_rx.await.map_err(|_| {
+            IoError::new(
+                ErrorKind::BrokenPipe,
+                "in-process app-server reject channel is closed",
+            )
+        })?
+    }
+
+    /// Returns the next in-process event, or `None` when worker exits.
+    ///
+    /// Callers are expected to drain this stream promptly. If they fall behind,
+    /// the worker emits [`InProcessServerEvent::Lagged`] markers and may reject
+    /// pending server requests rather than letting approval flows hang.
+    pub async fn next_event(&mut self) -> Option<InProcessServerEvent> {
+        self.event_rx.recv().await
+    }
+
+    /// Shuts down worker and in-process runtime with bounded wait.
+    ///
+    /// If graceful shutdown exceeds timeout, the worker task is aborted to
+    /// avoid leaking background tasks in embedding callers.
+    pub async fn shutdown(self) -> IoResult<()> {
+        let Self {
+            command_tx,
+            event_rx,
+            worker_handle,
+        } = self;
+        let mut worker_handle = worker_handle;
+        // Drop the caller-facing receiver before asking the worker to shut
+        // down. That unblocks any pending must-deliver `event_tx.send(..)`
+        // so the worker can reach `handle.shutdown()` instead of timing out
+        // and getting aborted with the runtime still attached.
+        drop(event_rx);
+        let (response_tx, response_rx) = oneshot::channel();
+        if command_tx
+            .send(ClientCommand::Shutdown { response_tx })
+            .await
+            .is_ok()
+            && let Ok(command_result) = timeout(SHUTDOWN_TIMEOUT, response_rx).await
+        {
+            command_result.map_err(|_| {
+                IoError::new(
+                    ErrorKind::BrokenPipe,
+                    "in-process app-server shutdown channel is closed",
+                )
+            })??;
+        }
+
+        if let Err(_elapsed) = timeout(SHUTDOWN_TIMEOUT, &mut worker_handle).await {
+            worker_handle.abort();
+            let _ = worker_handle.await;
+        }
+        Ok(())
+    }
+}
+
+/// Extracts the JSON-RPC method name for diagnostics without extending the
+/// protocol crate with in-process-only helpers.
+fn request_method_name(request: &ClientRequest) -> String {
+    serde_json::to_value(request)
+        .ok()
+        .and_then(|value| {
+            value
+                .get("method")
+                .and_then(serde_json::Value::as_str)
+                .map(ToOwned::to_owned)
+        })
+        .unwrap_or_else(|| "<unknown>".to_string())
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use codex_app_server_protocol::ConfigRequirementsReadResponse;
+    use codex_app_server_protocol::SessionSource as ApiSessionSource;
+    use codex_app_server_protocol::ThreadStartParams;
+    use codex_app_server_protocol::ThreadStartResponse;
+    use codex_core::config::ConfigBuilder;
+    use pretty_assertions::assert_eq;
+    use tokio::time::Duration;
+    use tokio::time::timeout;
+
+    async fn build_test_config() -> Config {
+        match ConfigBuilder::default().build().await {
+            Ok(config) => config,
+            Err(_) => Config::load_default_with_cli_overrides(Vec::new())
+                .expect("default config should load"),
+        }
+    }
+
+    async fn start_test_client_with_capacity(
+        session_source: SessionSource,
+        channel_capacity: usize,
+    ) -> InProcessAppServerClient {
+        InProcessAppServerClient::start(InProcessClientStartArgs {
+            arg0_paths: Arg0DispatchPaths::default(),
+            config: Arc::new(build_test_config().await),
+            cli_overrides: Vec::new(),
+            loader_overrides: LoaderOverrides::default(),
+            cloud_requirements: CloudRequirementsLoader::default(),
+            feedback: CodexFeedback::new(),
+            config_warnings: Vec::new(),
+            session_source,
+            enable_codex_api_key_env: false,
+            client_name: "codex-app-server-client-test".to_string(),
+            client_version: "0.0.0-test".to_string(),
+            experimental_api: true,
+            opt_out_notification_methods: Vec::new(),
+            channel_capacity,
+        })
+        .await
+        .expect("in-process app-server client should start")
+    }
+
+    async fn start_test_client(session_source: SessionSource) -> InProcessAppServerClient {
+        start_test_client_with_capacity(session_source, DEFAULT_IN_PROCESS_CHANNEL_CAPACITY).await
+    }
+
+    #[tokio::test]
+    async fn typed_request_roundtrip_works() {
+        let client = start_test_client(SessionSource::Exec).await;
+        let _response: ConfigRequirementsReadResponse = client
+            .request_typed(ClientRequest::ConfigRequirementsRead {
+                request_id: RequestId::Integer(1),
+                params: None,
+            })
+            .await
+            .expect("typed request should succeed");
+        client.shutdown().await.expect("shutdown should complete");
+    }
+
+    #[tokio::test]
+    async fn typed_request_reports_json_rpc_errors() {
+        let client = start_test_client(SessionSource::Exec).await;
+        let err = client
+            .request_typed::<ConfigRequirementsReadResponse>(ClientRequest::ThreadRead {
+                request_id: RequestId::Integer(99),
+                params: codex_app_server_protocol::ThreadReadParams {
+                    thread_id: "missing-thread".to_string(),
+                    include_turns: false,
+                },
+            })
+            .await
+            .expect_err("missing thread should return a JSON-RPC error");
+        assert!(
+            err.to_string().starts_with("thread/read failed:"),
+            "expected method-qualified JSON-RPC failure message"
+        );
+        client.shutdown().await.expect("shutdown should complete");
+    }
+
+    #[tokio::test]
+    async fn caller_provided_session_source_is_applied() {
+        for (session_source, expected_source) in [
+            (SessionSource::Exec, ApiSessionSource::Exec),
+            (SessionSource::Cli, ApiSessionSource::Cli),
+        ] {
+            let client = start_test_client(session_source).await;
+            let parsed: ThreadStartResponse = client
+                .request_typed(ClientRequest::ThreadStart {
+                    request_id: RequestId::Integer(2),
+                    params: ThreadStartParams {
+                        ephemeral: Some(true),
+                        ..ThreadStartParams::default()
+                    },
+                })
+                .await
+                .expect("thread/start should succeed");
+            assert_eq!(parsed.thread.source, expected_source);
+            client.shutdown().await.expect("shutdown should complete");
+        }
+    }
+
+    #[tokio::test]
+    async fn tiny_channel_capacity_still_supports_request_roundtrip() {
+        let client = start_test_client_with_capacity(SessionSource::Exec, 1).await;
+        let _response: ConfigRequirementsReadResponse = client
+            .request_typed(ClientRequest::ConfigRequirementsRead {
+                request_id: RequestId::Integer(1),
+                params: None,
+            })
+            .await
+            .expect("typed request should succeed");
+        client.shutdown().await.expect("shutdown should complete");
+    }
+
+    #[test]
+    fn typed_request_error_exposes_sources() {
+        let transport = TypedRequestError::Transport {
+            method: "config/read".to_string(),
+            source: IoError::new(ErrorKind::BrokenPipe, "closed"),
+        };
+        assert_eq!(std::error::Error::source(&transport).is_some(), true);
+
+        let server = TypedRequestError::Server {
+            method: "thread/read".to_string(),
+            source: JSONRPCErrorError {
+                code: -32603,
+                data: None,
+                message: "internal".to_string(),
+            },
+        };
+        assert_eq!(std::error::Error::source(&server).is_some(), false);
+
+        let deserialize = TypedRequestError::Deserialize {
+            method: "thread/start".to_string(),
+            source: serde_json::from_str::<u32>("\"nope\"")
+                .expect_err("invalid integer should return deserialize error"),
+        };
+        assert_eq!(std::error::Error::source(&deserialize).is_some(), true);
+    }
+
+    #[tokio::test]
+    async fn next_event_surfaces_lagged_markers() {
+        let (command_tx, _command_rx) = mpsc::channel(1);
+        let (event_tx, event_rx) = mpsc::channel(1);
+        let worker_handle = tokio::spawn(async {});
+        event_tx
+            .send(InProcessServerEvent::Lagged { skipped: 3 })
+            .await
+            .expect("lagged marker should enqueue");
+        drop(event_tx);
+
+        let mut client = InProcessAppServerClient {
+            command_tx,
+            event_rx,
+            worker_handle,
+        };
+
+        let event = timeout(Duration::from_secs(2), client.next_event())
+            .await
+            .expect("lagged marker should arrive before timeout");
+        assert!(matches!(
+            event,
+            Some(InProcessServerEvent::Lagged { skipped: 3 })
+        ));
+
+        client.shutdown().await.expect("shutdown should complete");
+    }
+
+    #[test]
+    fn event_requires_delivery_marks_terminal_events() {
+        assert!(event_requires_delivery(
+            &InProcessServerEvent::ServerNotification(
+                codex_app_server_protocol::ServerNotification::TurnCompleted(
+                    codex_app_server_protocol::TurnCompletedNotification {
+                        thread_id: "thread".to_string(),
+                        turn: codex_app_server_protocol::Turn {
+                            id: "turn".to_string(),
+                            items: Vec::new(),
+                            status: codex_app_server_protocol::TurnStatus::Completed,
+                            error: None,
+                        },
+                    }
+                )
+            )
+        ));
+        assert!(event_requires_delivery(
+            &InProcessServerEvent::LegacyNotification(
+                codex_app_server_protocol::JSONRPCNotification {
+                    method: "codex/event/turn_aborted".to_string(),
+                    params: None,
+                }
+            )
+        ));
+        assert!(!event_requires_delivery(&InProcessServerEvent::Lagged {
+            skipped: 1
+        }));
+    }
+}

codex-rs/app-server-protocol/schema/json/ClientRequest.json

@@ -148,14 +148,54 @@
       "type": "object"
     },
     "CommandExecParams": {
+      "description": "Run a standalone command (argv vector) in the server sandbox without creating a thread or turn.\n\nThe final `command/exec` response is deferred until the process exits and is sent only after all `command/exec/outputDelta` notifications for that connection have been emitted.",
       "properties": {
         "command": {
+          "description": "Command argv vector. Empty arrays are rejected.",
           "items": {
             "type": "string"
           },
           "type": "array"
         },
         "cwd": {
+          "description": "Optional working directory. Defaults to the server cwd.",
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "disableOutputCap": {
+          "description": "Disable stdout/stderr capture truncation for this request.\n\nCannot be combined with `outputBytesCap`.",
+          "type": "boolean"
+        },
+        "disableTimeout": {
+          "description": "Disable the timeout entirely for this request.\n\nCannot be combined with `timeoutMs`.",
+          "type": "boolean"
+        },
+        "env": {
+          "additionalProperties": {
+            "type": [
+              "string",
+              "null"
+            ]
+          },
+          "description": "Optional environment overrides merged into the server-computed environment.\n\nMatching names override inherited values. Set a key to `null` to unset an inherited variable.",
+          "type": [
+            "object",
+            "null"
+          ]
+        },
+        "outputBytesCap": {
+          "description": "Optional per-stream stdout/stderr capture cap in bytes.\n\nWhen omitted, the server default applies. Cannot be combined with `disableOutputCap`.",
+          "format": "uint",
+          "minimum": 0.0,
+          "type": [
+            "integer",
+            "null"
+          ]
+        },
+        "processId": {
+          "description": "Optional client-supplied, connection-scoped process id.\n\nRequired for `tty`, `streamStdin`, `streamStdoutStderr`, and follow-up `command/exec/write`, `command/exec/resize`, and `command/exec/terminate` calls. When omitted, buffered execution gets an internal id that is not exposed to the client.",
           "type": [
             "string",
             "null"
@@ -169,14 +209,39 @@
             {
               "type": "null"
             }
-          ]
+          ],
+          "description": "Optional sandbox policy for this command.\n\nUses the same shape as thread/turn execution sandbox configuration and defaults to the user's configured policy when omitted."
+        },
+        "size": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/CommandExecTerminalSize"
+            },
+            {
+              "type": "null"
+            }
+          ],
+          "description": "Optional initial PTY size in character cells. Only valid when `tty` is true."
+        },
+        "streamStdin": {
+          "description": "Allow follow-up `command/exec/write` requests to write stdin bytes.\n\nRequires a client-supplied `processId`.",
+          "type": "boolean"
+        },
+        "streamStdoutStderr": {
+          "description": "Stream stdout/stderr via `command/exec/outputDelta` notifications.\n\nStreamed bytes are not duplicated into the final response and require a client-supplied `processId`.",
+          "type": "boolean"
         },
         "timeoutMs": {
+          "description": "Optional timeout in milliseconds.\n\nWhen omitted, the server default applies. Cannot be combined with `disableTimeout`.",
           "format": "int64",
           "type": [
             "integer",
             "null"
           ]
+        },
+        "tty": {
+          "description": "Enable PTY mode.\n\nThis implies `streamStdin` and `streamStdoutStderr`.",
+          "type": "boolean"
         }
       },
       "required": [
@@ -184,6 +249,87 @@
       ],
       "type": "object"
     },
+    "CommandExecResizeParams": {
+      "description": "Resize a running PTY-backed `command/exec` session.",
+      "properties": {
+        "processId": {
+          "description": "Client-supplied, connection-scoped `processId` from the original `command/exec` request.",
+          "type": "string"
+        },
+        "size": {
+          "allOf": [
+            {
+              "$ref": "#/definitions/CommandExecTerminalSize"
+            }
+          ],
+          "description": "New PTY size in character cells."
+        }
+      },
+      "required": [
+        "processId",
+        "size"
+      ],
+      "type": "object"
+    },
+    "CommandExecTerminalSize": {
+      "description": "PTY size in character cells for `command/exec` PTY sessions.",
+      "properties": {
+        "cols": {
+          "description": "Terminal width in character cells.",
+          "format": "uint16",
+          "minimum": 0.0,
+          "type": "integer"
+        },
+        "rows": {
+          "description": "Terminal height in character cells.",
+          "format": "uint16",
+          "minimum": 0.0,
+          "type": "integer"
+        }
+      },
+      "required": [
+        "cols",
+        "rows"
+      ],
+      "type": "object"
+    },
+    "CommandExecTerminateParams": {
+      "description": "Terminate a running `command/exec` session.",
+      "properties": {
+        "processId": {
+          "description": "Client-supplied, connection-scoped `processId` from the original `command/exec` request.",
+          "type": "string"
+        }
+      },
+      "required": [
+        "processId"
+      ],
+      "type": "object"
+    },
+    "CommandExecWriteParams": {
+      "description": "Write stdin bytes to a running `command/exec` session, close stdin, or both.",
+      "properties": {
+        "closeStdin": {
+          "description": "Close stdin after writing `deltaBase64`, if present.",
+          "type": "boolean"
+        },
+        "deltaBase64": {
+          "description": "Optional base64-encoded stdin bytes to write.",
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "processId": {
+          "description": "Client-supplied, connection-scoped `processId` from the original `command/exec` request.",
+          "type": "string"
+        }
+      },
+      "required": [
+        "processId"
+      ],
+      "type": "object"
+    },
     "ConfigBatchWriteParams": {
       "properties": {
         "edits": {
@@ -204,6 +350,10 @@
             "string",
             "null"
           ]
+        },
+        "reloadUserConfig": {
+          "description": "When true, hot-reload the updated user config into all loaded threads after writing.",
+          "type": "boolean"
         }
       },
       "required": [
@@ -953,25 +1103,34 @@
     },
     "PluginInstallParams": {
       "properties": {
-        "cwd": {
-          "type": [
-            "string",
-            "null"
-          ]
-        },
-        "marketplaceName": {
-          "type": "string"
+        "marketplacePath": {
+          "$ref": "#/definitions/AbsolutePathBuf"
         },
         "pluginName": {
           "type": "string"
         }
       },
       "required": [
-        "marketplaceName",
+        "marketplacePath",
         "pluginName"
       ],
       "type": "object"
     },
+    "PluginListParams": {
+      "properties": {
+        "cwds": {
+          "description": "Optional working directories used to discover repo marketplaces. When omitted, only home-scoped marketplaces and the official curated marketplace are considered.",
+          "items": {
+            "$ref": "#/definitions/AbsolutePathBuf"
+          },
+          "type": [
+            "array",
+            "null"
+          ]
+        }
+      },
+      "type": "object"
+    },
     "ProductSurface": {
       "enum": [
         "chatgpt",
@@ -1403,7 +1562,7 @@
             "action": {
               "anyOf": [
                 {
-                  "$ref": "#/definitions/WebSearchAction"
+                  "$ref": "#/definitions/ResponsesApiWebSearchAction"
                 },
                 {
                   "type": "null"
@@ -1529,6 +1688,107 @@
         }
       ]
     },
+    "ResponsesApiWebSearchAction": {
+      "oneOf": [
+        {
+          "properties": {
+            "queries": {
+              "items": {
+                "type": "string"
+              },
+              "type": [
+                "array",
+                "null"
+              ]
+            },
+            "query": {
+              "type": [
+                "string",
+                "null"
+              ]
+            },
+            "type": {
+              "enum": [
+                "search"
+              ],
+              "title": "SearchResponsesApiWebSearchActionType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "SearchResponsesApiWebSearchAction",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "open_page"
+              ],
+              "title": "OpenPageResponsesApiWebSearchActionType",
+              "type": "string"
+            },
+            "url": {
+              "type": [
+                "string",
+                "null"
+              ]
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "OpenPageResponsesApiWebSearchAction",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "pattern": {
+              "type": [
+                "string",
+                "null"
+              ]
+            },
+            "type": {
+              "enum": [
+                "find_in_page"
+              ],
+              "title": "FindInPageResponsesApiWebSearchActionType",
+              "type": "string"
+            },
+            "url": {
+              "type": [
+                "string",
+                "null"
+              ]
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "FindInPageResponsesApiWebSearchAction",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "other"
+              ],
+              "title": "OtherResponsesApiWebSearchActionType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "OtherResponsesApiWebSearchAction",
+          "type": "object"
+        }
+      ]
+    },
     "ReviewDelivery": {
       "enum": [
         "inline",
@@ -2775,107 +3035,6 @@
         }
       ]
     },
-    "WebSearchAction": {
-      "oneOf": [
-        {
-          "properties": {
-            "queries": {
-              "items": {
-                "type": "string"
-              },
-              "type": [
-                "array",
-                "null"
-              ]
-            },
-            "query": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "search"
-              ],
-              "title": "SearchWebSearchActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "SearchWebSearchAction",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "type": {
-              "enum": [
-                "open_page"
-              ],
-              "title": "OpenPageWebSearchActionType",
-              "type": "string"
-            },
-            "url": {
-              "type": [
-                "string",
-                "null"
-              ]
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "OpenPageWebSearchAction",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "pattern": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "find_in_page"
-              ],
-              "title": "FindInPageWebSearchActionType",
-              "type": "string"
-            },
-            "url": {
-              "type": [
-                "string",
-                "null"
-              ]
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "FindInPageWebSearchAction",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "type": {
-              "enum": [
-                "other"
-              ],
-              "title": "OtherWebSearchActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "OtherWebSearchAction",
-          "type": "object"
-        }
-      ]
-    },
     "WindowsSandboxSetupMode": {
       "enum": [
         "elevated",
@@ -2886,9 +3045,13 @@
     "WindowsSandboxSetupStartParams": {
       "properties": {
         "cwd": {
-          "type": [
-            "string",
-            "null"
+          "anyOf": [
+            {
+              "$ref": "#/definitions/AbsolutePathBuf"
+            },
+            {
+              "type": "null"
+            }
           ]
         },
         "mode": {
@@ -3264,6 +3427,30 @@
       "title": "Skills/listRequest",
       "type": "object"
     },
+    {
+      "properties": {
+        "id": {
+          "$ref": "#/definitions/RequestId"
+        },
+        "method": {
+          "enum": [
+            "plugin/list"
+          ],
+          "title": "Plugin/listRequestMethod",
+          "type": "string"
+        },
+        "params": {
+          "$ref": "#/definitions/PluginListParams"
+        }
+      },
+      "required": [
+        "id",
+        "method",
+        "params"
+      ],
+      "title": "Plugin/listRequest",
+      "type": "object"
+    },
     {
       "properties": {
         "id": {
@@ -3742,7 +3929,7 @@
       "type": "object"
     },
     {
-      "description": "Execute a command (argv vector) under the server's sandbox.",
+      "description": "Execute a standalone command (argv vector) under the server's sandbox.",
       "properties": {
         "id": {
           "$ref": "#/definitions/RequestId"
@@ -3766,6 +3953,81 @@
       "title": "Command/execRequest",
       "type": "object"
     },
+    {
+      "description": "Write stdin bytes to a running `command/exec` session or close stdin.",
+      "properties": {
+        "id": {
+          "$ref": "#/definitions/RequestId"
+        },
+        "method": {
+          "enum": [
+            "command/exec/write"
+          ],
+          "title": "Command/exec/writeRequestMethod",
+          "type": "string"
+        },
+        "params": {
+          "$ref": "#/definitions/CommandExecWriteParams"
+        }
+      },
+      "required": [
+        "id",
+        "method",
+        "params"
+      ],
+      "title": "Command/exec/writeRequest",
+      "type": "object"
+    },
+    {
+      "description": "Terminate a running `command/exec` session by client-supplied `processId`.",
+      "properties": {
+        "id": {
+          "$ref": "#/definitions/RequestId"
+        },
+        "method": {
+          "enum": [
+            "command/exec/terminate"
+          ],
+          "title": "Command/exec/terminateRequestMethod",
+          "type": "string"
+        },
+        "params": {
+          "$ref": "#/definitions/CommandExecTerminateParams"
+        }
+      },
+      "required": [
+        "id",
+        "method",
+        "params"
+      ],
+      "title": "Command/exec/terminateRequest",
+      "type": "object"
+    },
+    {
+      "description": "Resize a running PTY-backed `command/exec` session by client-supplied `processId`.",
+      "properties": {
+        "id": {
+          "$ref": "#/definitions/RequestId"
+        },
+        "method": {
+          "enum": [
+            "command/exec/resize"
+          ],
+          "title": "Command/exec/resizeRequestMethod",
+          "type": "string"
+        },
+        "params": {
+          "$ref": "#/definitions/CommandExecResizeParams"
+        }
+      },
+      "required": [
+        "id",
+        "method",
+        "params"
+      ],
+      "title": "Command/exec/resizeRequest",
+      "type": "object"
+    },
     {
       "properties": {
         "id": {

codex-rs/app-server-protocol/schema/json/CommandExecutionRequestApprovalParams.json

@@ -286,6 +286,17 @@
         }
       ]
     },
+    "CommandExecutionRequestApprovalSkillMetadata": {
+      "properties": {
+        "pathToSkillsMd": {
+          "type": "string"
+        }
+      },
+      "required": [
+        "pathToSkillsMd"
+      ],
+      "type": "object"
+    },
     "MacOsAutomationPermission": {
       "oneOf": [
         {

codex-rs/app-server-protocol/schema/json/EventMsg.json

@@ -29,6 +29,14 @@
         }
       ]
     },
+    "AgentSpawnMode": {
+      "enum": [
+        "spawn",
+        "fork",
+        "watchdog"
+      ],
+      "type": "string"
+    },
     "AgentStatus": {
       "description": "Agent lifecycle status, derived from emitted events.",
       "oneOf": [
@@ -548,6 +556,7 @@
       "oneOf": [
         {
           "properties": {
+            "_meta": true,
             "message": {
               "type": "string"
             },
@@ -568,6 +577,7 @@
         },
         {
           "properties": {
+            "_meta": true,
             "elicitation_id": {
               "type": "string"
             },
@@ -1412,7 +1422,7 @@
         {
           "properties": {
             "action": {
-              "$ref": "#/definitions/WebSearchAction"
+              "$ref": "#/definitions/ResponsesApiWebSearchAction"
             },
             "call_id": {
               "type": "string"
@@ -1471,6 +1481,12 @@
                 "null"
               ]
             },
+            "saved_path": {
+              "type": [
+                "string",
+                "null"
+              ]
+            },
             "status": {
               "type": "string"
             },
@@ -1858,6 +1874,17 @@
                 "null"
               ]
             },
+            "skill_metadata": {
+              "anyOf": [
+                {
+                  "$ref": "#/definitions/ExecApprovalRequestSkillMetadata"
+                },
+                {
+                  "type": "null"
+                }
+              ],
+              "description": "Optional skill metadata when the approval was triggered by a skill script."
+            },
             "turn_id": {
               "default": "",
               "description": "Turn ID that this command belongs to. Uses `#[serde(default)]` for backwards compatibility.",
@@ -1881,6 +1908,42 @@
           "title": "ExecApprovalRequestEventMsg",
           "type": "object"
         },
+        {
+          "properties": {
+            "call_id": {
+              "description": "Responses API call id for the associated tool call, if available.",
+              "type": "string"
+            },
+            "permissions": {
+              "$ref": "#/definitions/PermissionProfile"
+            },
+            "reason": {
+              "type": [
+                "string",
+                "null"
+              ]
+            },
+            "turn_id": {
+              "default": "",
+              "description": "Turn ID that this request belongs to. Uses `#[serde(default)]` for backwards compatibility.",
+              "type": "string"
+            },
+            "type": {
+              "enum": [
+                "request_permissions"
+              ],
+              "title": "RequestPermissionsEventMsgType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "call_id",
+            "permissions",
+            "type"
+          ],
+          "title": "RequestPermissionsEventMsg",
+          "type": "object"
+        },
         {
           "properties": {
             "call_id": {
@@ -2019,6 +2082,13 @@
             "server_name": {
               "type": "string"
             },
+            "turn_id": {
+              "description": "Turn ID that this elicitation belongs to, when known.",
+              "type": [
+                "string",
+                "null"
+              ]
+            },
             "type": {
               "enum": [
                 "elicitation_request"
@@ -2974,6 +3044,15 @@
               ],
               "description": "Thread ID of the sender."
             },
+            "spawn_mode": {
+              "allOf": [
+                {
+                  "$ref": "#/definitions/AgentSpawnMode"
+                }
+              ],
+              "default": "spawn",
+              "description": "Spawn mode used for this agent."
+            },
             "status": {
               "allOf": [
                 {
@@ -3427,6 +3506,17 @@
         }
       ]
     },
+    "ExecApprovalRequestSkillMetadata": {
+      "properties": {
+        "path_to_skills_md": {
+          "type": "string"
+        }
+      },
+      "required": [
+        "path_to_skills_md"
+      ],
+      "type": "object"
+    },
     "ExecCommandSource": {
       "enum": [
         "agent",
@@ -3794,24 +3884,30 @@
     "MacOsSeatbeltProfileExtensions": {
       "properties": {
         "macos_accessibility": {
+          "default": false,
           "type": "boolean"
         },
         "macos_automation": {
-          "$ref": "#/definitions/MacOsAutomationPermission"
+          "allOf": [
+            {
+              "$ref": "#/definitions/MacOsAutomationPermission"
+            }
+          ],
+          "default": "none"
         },
         "macos_calendar": {
+          "default": false,
           "type": "boolean"
         },
         "macos_preferences": {
-          "$ref": "#/definitions/MacOsPreferencesPermission"
+          "allOf": [
+            {
+              "$ref": "#/definitions/MacOsPreferencesPermission"
+            }
+          ],
+          "default": "read_only"
         }
       },
-      "required": [
-        "macos_accessibility",
-        "macos_automation",
-        "macos_calendar",
-        "macos_preferences"
-      ],
       "type": "object"
     },
     "McpAuthStatus": {
@@ -5051,7 +5147,7 @@
             "action": {
               "anyOf": [
                 {
-                  "$ref": "#/definitions/WebSearchAction"
+                  "$ref": "#/definitions/ResponsesApiWebSearchAction"
                 },
                 {
                   "type": "null"
@@ -5177,6 +5273,107 @@
         }
       ]
     },
+    "ResponsesApiWebSearchAction": {
+      "oneOf": [
+        {
+          "properties": {
+            "queries": {
+              "items": {
+                "type": "string"
+              },
+              "type": [
+                "array",
+                "null"
+              ]
+            },
+            "query": {
+              "type": [
+                "string",
+                "null"
+              ]
+            },
+            "type": {
+              "enum": [
+                "search"
+              ],
+              "title": "SearchResponsesApiWebSearchActionType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "SearchResponsesApiWebSearchAction",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "open_page"
+              ],
+              "title": "OpenPageResponsesApiWebSearchActionType",
+              "type": "string"
+            },
+            "url": {
+              "type": [
+                "string",
+                "null"
+              ]
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "OpenPageResponsesApiWebSearchAction",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "pattern": {
+              "type": [
+                "string",
+                "null"
+              ]
+            },
+            "type": {
+              "enum": [
+                "find_in_page"
+              ],
+              "title": "FindInPageResponsesApiWebSearchActionType",
+              "type": "string"
+            },
+            "url": {
+              "type": [
+                "string",
+                "null"
+              ]
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "FindInPageResponsesApiWebSearchAction",
+          "type": "object"
+        },
+        {
+          "properties": {
+            "type": {
+              "enum": [
+                "other"
+              ],
+              "title": "OtherResponsesApiWebSearchActionType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "type"
+          ],
+          "title": "OtherResponsesApiWebSearchAction",
+          "type": "object"
+        }
+      ]
+    },
     "Result_of_CallToolResult_or_String": {
       "oneOf": [
         {
@@ -5603,9 +5800,6 @@
     },
     "SessionNetworkProxyRuntime": {
       "properties": {
-        "admin_addr": {
-          "type": "string"
-        },
         "http_addr": {
           "type": "string"
         },
@@ -5614,7 +5808,6 @@
         }
       },
       "required": [
-        "admin_addr",
         "http_addr",
         "socks_addr"
       ],
@@ -6078,7 +6271,7 @@
         {
           "properties": {
             "action": {
-              "$ref": "#/definitions/WebSearchAction"
+              "$ref": "#/definitions/ResponsesApiWebSearchAction"
             },
             "id": {
               "type": "string"
@@ -6117,6 +6310,12 @@
                 "null"
               ]
             },
+            "saved_path": {
+              "type": [
+                "string",
+                "null"
+              ]
+            },
             "status": {
               "type": "string"
             },
@@ -6258,7 +6457,7 @@
           "type": "object"
         },
         {
-          "description": "Explicit mention selected by the user (name + app://connector id).",
+          "description": "Explicit structured mention selected by the user.\n\n`path` identifies the exact mention target, for example `app://<connector-id>` or `plugin://<plugin-name>@<marketplace-name>`.",
           "properties": {
             "name": {
               "type": "string"
@@ -6283,107 +6482,6 @@
           "type": "object"
         }
       ]
-    },
-    "WebSearchAction": {
-      "oneOf": [
-        {
-          "properties": {
-            "queries": {
-              "items": {
-                "type": "string"
-              },
-              "type": [
-                "array",
-                "null"
-              ]
-            },
-            "query": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "search"
-              ],
-              "title": "SearchWebSearchActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "SearchWebSearchAction",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "type": {
-              "enum": [
-                "open_page"
-              ],
-              "title": "OpenPageWebSearchActionType",
-              "type": "string"
-            },
-            "url": {
-              "type": [
-                "string",
-                "null"
-              ]
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "OpenPageWebSearchAction",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "pattern": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "find_in_page"
-              ],
-              "title": "FindInPageWebSearchActionType",
-              "type": "string"
-            },
-            "url": {
-              "type": [
-                "string",
-                "null"
-              ]
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "FindInPageWebSearchAction",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "type": {
-              "enum": [
-                "other"
-              ],
-              "title": "OtherWebSearchActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "type"
-          ],
-          "title": "OtherWebSearchAction",
-          "type": "object"
-        }
-      ]
     }
   },
   "description": "Response event from the agent NOTE: Make sure none of these values have optional types, as it will mess up the extension code-gen.",
@@ -7203,7 +7301,7 @@
     {
       "properties": {
         "action": {
-          "$ref": "#/definitions/WebSearchAction"
+          "$ref": "#/definitions/ResponsesApiWebSearchAction"
         },
         "call_id": {
           "type": "string"
@@ -7262,6 +7360,12 @@
             "null"
           ]
         },
+        "saved_path": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
         "status": {
           "type": "string"
         },
@@ -7649,6 +7753,17 @@
             "null"
           ]
         },
+        "skill_metadata": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/ExecApprovalRequestSkillMetadata"
+            },
+            {
+              "type": "null"
+            }
+          ],
+          "description": "Optional skill metadata when the approval was triggered by a skill script."
+        },
         "turn_id": {
           "default": "",
           "description": "Turn ID that this command belongs to. Uses `#[serde(default)]` for backwards compatibility.",
@@ -7672,6 +7787,42 @@
       "title": "ExecApprovalRequestEventMsg",
       "type": "object"
     },
+    {
+      "properties": {
+        "call_id": {
+          "description": "Responses API call id for the associated tool call, if available.",
+          "type": "string"
+        },
+        "permissions": {
+          "$ref": "#/definitions/PermissionProfile"
+        },
+        "reason": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "turn_id": {
+          "default": "",
+          "description": "Turn ID that this request belongs to. Uses `#[serde(default)]` for backwards compatibility.",
+          "type": "string"
+        },
+        "type": {
+          "enum": [
+            "request_permissions"
+          ],
+          "title": "RequestPermissionsEventMsgType",
+          "type": "string"
+        }
+      },
+      "required": [
+        "call_id",
+        "permissions",
+        "type"
+      ],
+      "title": "RequestPermissionsEventMsg",
+      "type": "object"
+    },
     {
       "properties": {
         "call_id": {
@@ -7810,6 +7961,13 @@
         "server_name": {
           "type": "string"
         },
+        "turn_id": {
+          "description": "Turn ID that this elicitation belongs to, when known.",
+          "type": [
+            "string",
+            "null"
+          ]
+        },
         "type": {
           "enum": [
             "elicitation_request"
@@ -8765,6 +8923,15 @@
           ],
           "description": "Thread ID of the sender."
         },
+        "spawn_mode": {
+          "allOf": [
+            {
+              "$ref": "#/definitions/AgentSpawnMode"
+            }
+          ],
+          "default": "spawn",
+          "description": "Spawn mode used for this agent."
+        },
         "status": {
           "allOf": [
             {

codex-rs/app-server-protocol/schema/json/McpServerElicitationRequestParams.json

@@ -1,8 +1,542 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
+  "definitions": {
+    "McpElicitationArrayType": {
+      "enum": [
+        "array"
+      ],
+      "type": "string"
+    },
+    "McpElicitationBooleanSchema": {
+      "additionalProperties": false,
+      "properties": {
+        "default": {
+          "type": [
+            "boolean",
+            "null"
+          ]
+        },
+        "description": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "title": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "type": {
+          "$ref": "#/definitions/McpElicitationBooleanType"
+        }
+      },
+      "required": [
+        "type"
+      ],
+      "type": "object"
+    },
+    "McpElicitationBooleanType": {
+      "enum": [
+        "boolean"
+      ],
+      "type": "string"
+    },
+    "McpElicitationConstOption": {
+      "additionalProperties": false,
+      "properties": {
+        "const": {
+          "type": "string"
+        },
+        "title": {
+          "type": "string"
+        }
+      },
+      "required": [
+        "const",
+        "title"
+      ],
+      "type": "object"
+    },
+    "McpElicitationEnumSchema": {
+      "anyOf": [
+        {
+          "$ref": "#/definitions/McpElicitationSingleSelectEnumSchema"
+        },
+        {
+          "$ref": "#/definitions/McpElicitationMultiSelectEnumSchema"
+        },
+        {
+          "$ref": "#/definitions/McpElicitationLegacyTitledEnumSchema"
+        }
+      ]
+    },
+    "McpElicitationLegacyTitledEnumSchema": {
+      "additionalProperties": false,
+      "properties": {
+        "default": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "description": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "enum": {
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "enumNames": {
+          "items": {
+            "type": "string"
+          },
+          "type": [
+            "array",
+            "null"
+          ]
+        },
+        "title": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "type": {
+          "$ref": "#/definitions/McpElicitationStringType"
+        }
+      },
+      "required": [
+        "enum",
+        "type"
+      ],
+      "type": "object"
+    },
+    "McpElicitationMultiSelectEnumSchema": {
+      "anyOf": [
+        {
+          "$ref": "#/definitions/McpElicitationUntitledMultiSelectEnumSchema"
+        },
+        {
+          "$ref": "#/definitions/McpElicitationTitledMultiSelectEnumSchema"
+        }
+      ]
+    },
+    "McpElicitationNumberSchema": {
+      "additionalProperties": false,
+      "properties": {
+        "default": {
+          "format": "double",
+          "type": [
+            "number",
+            "null"
+          ]
+        },
+        "description": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "maximum": {
+          "format": "double",
+          "type": [
+            "number",
+            "null"
+          ]
+        },
+        "minimum": {
+          "format": "double",
+          "type": [
+            "number",
+            "null"
+          ]
+        },
+        "title": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "type": {
+          "$ref": "#/definitions/McpElicitationNumberType"
+        }
+      },
+      "required": [
+        "type"
+      ],
+      "type": "object"
+    },
+    "McpElicitationNumberType": {
+      "enum": [
+        "number",
+        "integer"
+      ],
+      "type": "string"
+    },
+    "McpElicitationObjectType": {
+      "enum": [
+        "object"
+      ],
+      "type": "string"
+    },
+    "McpElicitationPrimitiveSchema": {
+      "anyOf": [
+        {
+          "$ref": "#/definitions/McpElicitationEnumSchema"
+        },
+        {
+          "$ref": "#/definitions/McpElicitationStringSchema"
+        },
+        {
+          "$ref": "#/definitions/McpElicitationNumberSchema"
+        },
+        {
+          "$ref": "#/definitions/McpElicitationBooleanSchema"
+        }
+      ]
+    },
+    "McpElicitationSchema": {
+      "additionalProperties": false,
+      "description": "Typed form schema for MCP `elicitation/create` requests.\n\nThis matches the `requestedSchema` shape from the MCP 2025-11-25 `ElicitRequestFormParams` schema.",
+      "properties": {
+        "$schema": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "properties": {
+          "additionalProperties": {
+            "$ref": "#/definitions/McpElicitationPrimitiveSchema"
+          },
+          "type": "object"
+        },
+        "required": {
+          "items": {
+            "type": "string"
+          },
+          "type": [
+            "array",
+            "null"
+          ]
+        },
+        "type": {
+          "$ref": "#/definitions/McpElicitationObjectType"
+        }
+      },
+      "required": [
+        "properties",
+        "type"
+      ],
+      "type": "object"
+    },
+    "McpElicitationSingleSelectEnumSchema": {
+      "anyOf": [
+        {
+          "$ref": "#/definitions/McpElicitationUntitledSingleSelectEnumSchema"
+        },
+        {
+          "$ref": "#/definitions/McpElicitationTitledSingleSelectEnumSchema"
+        }
+      ]
+    },
+    "McpElicitationStringFormat": {
+      "enum": [
+        "email",
+        "uri",
+        "date",
+        "date-time"
+      ],
+      "type": "string"
+    },
+    "McpElicitationStringSchema": {
+      "additionalProperties": false,
+      "properties": {
+        "default": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "description": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "format": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/McpElicitationStringFormat"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "maxLength": {
+          "format": "uint32",
+          "minimum": 0.0,
+          "type": [
+            "integer",
+            "null"
+          ]
+        },
+        "minLength": {
+          "format": "uint32",
+          "minimum": 0.0,
+          "type": [
+            "integer",
+            "null"
+          ]
+        },
+        "title": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "type": {
+          "$ref": "#/definitions/McpElicitationStringType"
+        }
+      },
+      "required": [
+        "type"
+      ],
+      "type": "object"
+    },
+    "McpElicitationStringType": {
+      "enum": [
+        "string"
+      ],
+      "type": "string"
+    },
+    "McpElicitationTitledEnumItems": {
+      "additionalProperties": false,
+      "properties": {
+        "anyOf": {
+          "items": {
+            "$ref": "#/definitions/McpElicitationConstOption"
+          },
+          "type": "array"
+        }
+      },
+      "required": [
+        "anyOf"
+      ],
+      "type": "object"
+    },
+    "McpElicitationTitledMultiSelectEnumSchema": {
+      "additionalProperties": false,
+      "properties": {
+        "default": {
+          "items": {
+            "type": "string"
+          },
+          "type": [
+            "array",
+            "null"
+          ]
+        },
+        "description": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "items": {
+          "$ref": "#/definitions/McpElicitationTitledEnumItems"
+        },
+        "maxItems": {
+          "format": "uint64",
+          "minimum": 0.0,
+          "type": [
+            "integer",
+            "null"
+          ]
+        },
+        "minItems": {
+          "format": "uint64",
+          "minimum": 0.0,
+          "type": [
+            "integer",
+            "null"
+          ]
+        },
+        "title": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "type": {
+          "$ref": "#/definitions/McpElicitationArrayType"
+        }
+      },
+      "required": [
+        "items",
+        "type"
+      ],
+      "type": "object"
+    },
+    "McpElicitationTitledSingleSelectEnumSchema": {
+      "additionalProperties": false,
+      "properties": {
+        "default": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "description": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "oneOf": {
+          "items": {
+            "$ref": "#/definitions/McpElicitationConstOption"
+          },
+          "type": "array"
+        },
+        "title": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "type": {
+          "$ref": "#/definitions/McpElicitationStringType"
+        }
+      },
+      "required": [
+        "oneOf",
+        "type"
+      ],
+      "type": "object"
+    },
+    "McpElicitationUntitledEnumItems": {
+      "additionalProperties": false,
+      "properties": {
+        "enum": {
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "type": {
+          "$ref": "#/definitions/McpElicitationStringType"
+        }
+      },
+      "required": [
+        "enum",
+        "type"
+      ],
+      "type": "object"
+    },
+    "McpElicitationUntitledMultiSelectEnumSchema": {
+      "additionalProperties": false,
+      "properties": {
+        "default": {
+          "items": {
+            "type": "string"
+          },
+          "type": [
+            "array",
+            "null"
+          ]
+        },
+        "description": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "items": {
+          "$ref": "#/definitions/McpElicitationUntitledEnumItems"
+        },
+        "maxItems": {
+          "format": "uint64",
+          "minimum": 0.0,
+          "type": [
+            "integer",
+            "null"
+          ]
+        },
+        "minItems": {
+          "format": "uint64",
+          "minimum": 0.0,
+          "type": [
+            "integer",
+            "null"
+          ]
+        },
+        "title": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "type": {
+          "$ref": "#/definitions/McpElicitationArrayType"
+        }
+      },
+      "required": [
+        "items",
+        "type"
+      ],
+      "type": "object"
+    },
+    "McpElicitationUntitledSingleSelectEnumSchema": {
+      "additionalProperties": false,
+      "properties": {
+        "default": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "description": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "enum": {
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "title": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "type": {
+          "$ref": "#/definitions/McpElicitationStringType"
+        }
+      },
+      "required": [
+        "enum",
+        "type"
+      ],
+      "type": "object"
+    }
+  },
   "oneOf": [
     {
       "properties": {
+        "_meta": true,
         "message": {
           "type": "string"
         },
@@ -12,7 +546,9 @@
           ],
           "type": "string"
         },
-        "requestedSchema": true
+        "requestedSchema": {
+          "$ref": "#/definitions/McpElicitationSchema"
+        }
       },
       "required": [
         "message",
@@ -23,6 +559,7 @@
     },
     {
       "properties": {
+        "_meta": true,
         "elicitationId": {
           "type": "string"
         },

codex-rs/app-server-protocol/schema/json/McpServerElicitationRequestResponse.json

@@ -11,6 +11,9 @@
     }
   },
   "properties": {
+    "_meta": {
+      "description": "Optional client metadata for form-mode action handling."
+    },
     "action": {
       "$ref": "#/definitions/McpServerElicitationAction"
     },

codex-rs/app-server-protocol/schema/json/PermissionsRequestApprovalParams.json

@@ -0,0 +1,164 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "definitions": {
+    "AbsolutePathBuf": {
+      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
+      "type": "string"
+    },
+    "AdditionalFileSystemPermissions": {
+      "properties": {
+        "read": {
+          "items": {
+            "$ref": "#/definitions/AbsolutePathBuf"
+          },
+          "type": [
+            "array",
+            "null"
+          ]
+        },
+        "write": {
+          "items": {
+            "$ref": "#/definitions/AbsolutePathBuf"
+          },
+          "type": [
+            "array",
+            "null"
+          ]
+        }
+      },
+      "type": "object"
+    },
+    "AdditionalMacOsPermissions": {
+      "properties": {
+        "accessibility": {
+          "type": "boolean"
+        },
+        "automations": {
+          "$ref": "#/definitions/MacOsAutomationPermission"
+        },
+        "calendar": {
+          "type": "boolean"
+        },
+        "preferences": {
+          "$ref": "#/definitions/MacOsPreferencesPermission"
+        }
+      },
+      "required": [
+        "accessibility",
+        "automations",
+        "calendar",
+        "preferences"
+      ],
+      "type": "object"
+    },
+    "AdditionalNetworkPermissions": {
+      "properties": {
+        "enabled": {
+          "type": [
+            "boolean",
+            "null"
+          ]
+        }
+      },
+      "type": "object"
+    },
+    "AdditionalPermissionProfile": {
+      "properties": {
+        "fileSystem": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/AdditionalFileSystemPermissions"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "macos": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/AdditionalMacOsPermissions"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "network": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/AdditionalNetworkPermissions"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        }
+      },
+      "type": "object"
+    },
+    "MacOsAutomationPermission": {
+      "oneOf": [
+        {
+          "enum": [
+            "none",
+            "all"
+          ],
+          "type": "string"
+        },
+        {
+          "additionalProperties": false,
+          "properties": {
+            "bundle_ids": {
+              "items": {
+                "type": "string"
+              },
+              "type": "array"
+            }
+          },
+          "required": [
+            "bundle_ids"
+          ],
+          "title": "BundleIdsMacOsAutomationPermission",
+          "type": "object"
+        }
+      ]
+    },
+    "MacOsPreferencesPermission": {
+      "enum": [
+        "none",
+        "read_only",
+        "read_write"
+      ],
+      "type": "string"
+    }
+  },
+  "properties": {
+    "itemId": {
+      "type": "string"
+    },
+    "permissions": {
+      "$ref": "#/definitions/AdditionalPermissionProfile"
+    },
+    "reason": {
+      "type": [
+        "string",
+        "null"
+      ]
+    },
+    "threadId": {
+      "type": "string"
+    },
+    "turnId": {
+      "type": "string"
+    }
+  },
+  "required": [
+    "itemId",
+    "permissions",
+    "threadId",
+    "turnId"
+  ],
+  "title": "PermissionsRequestApprovalParams",
+  "type": "object"
+}

codex-rs/app-server-protocol/schema/json/PermissionsRequestApprovalResponse.json

@@ -0,0 +1,160 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "definitions": {
+    "AbsolutePathBuf": {
+      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
+      "type": "string"
+    },
+    "AdditionalFileSystemPermissions": {
+      "properties": {
+        "read": {
+          "items": {
+            "$ref": "#/definitions/AbsolutePathBuf"
+          },
+          "type": [
+            "array",
+            "null"
+          ]
+        },
+        "write": {
+          "items": {
+            "$ref": "#/definitions/AbsolutePathBuf"
+          },
+          "type": [
+            "array",
+            "null"
+          ]
+        }
+      },
+      "type": "object"
+    },
+    "AdditionalNetworkPermissions": {
+      "properties": {
+        "enabled": {
+          "type": [
+            "boolean",
+            "null"
+          ]
+        }
+      },
+      "type": "object"
+    },
+    "GrantedMacOsPermissions": {
+      "properties": {
+        "accessibility": {
+          "type": [
+            "boolean",
+            "null"
+          ]
+        },
+        "automations": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/MacOsAutomationPermission"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "calendar": {
+          "type": [
+            "boolean",
+            "null"
+          ]
+        },
+        "preferences": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/MacOsPreferencesPermission"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        }
+      },
+      "type": "object"
+    },
+    "GrantedPermissionProfile": {
+      "properties": {
+        "fileSystem": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/AdditionalFileSystemPermissions"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "macos": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/GrantedMacOsPermissions"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "network": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/AdditionalNetworkPermissions"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        }
+      },
+      "type": "object"
+    },
+    "MacOsAutomationPermission": {
+      "oneOf": [
+        {
+          "enum": [
+            "none",
+            "all"
+          ],
+          "type": "string"
+        },
+        {
+          "additionalProperties": false,
+          "properties": {
+            "bundle_ids": {
+              "items": {
+                "type": "string"
+              },
+              "type": "array"
+            }
+          },
+          "required": [
+            "bundle_ids"
+          ],
+          "title": "BundleIdsMacOsAutomationPermission",
+          "type": "object"
+        }
+      ]
+    },
+    "MacOsPreferencesPermission": {
+      "enum": [
+        "none",
+        "read_only",
+        "read_write"
+      ],
+      "type": "string"
+    }
+  },
+  "properties": {
+    "permissions": {
+      "$ref": "#/definitions/GrantedPermissionProfile"
+    }
+  },
+  "required": [
+    "permissions"
+  ],
+  "title": "PermissionsRequestApprovalResponse",
+  "type": "object"
+}

codex-rs/app-server-protocol/schema/json/ServerNotification.json

@@ -670,6 +670,57 @@
         }
       ]
     },
+    "CommandExecOutputDeltaNotification": {
+      "description": "Base64-encoded output chunk emitted for a streaming `command/exec` request.\n\nThese notifications are connection-scoped. If the originating connection closes, the server terminates the process.",
+      "properties": {
+        "capReached": {
+          "description": "`true` on the final streamed chunk for a stream when `outputBytesCap` truncated later output on that stream.",
+          "type": "boolean"
+        },
+        "deltaBase64": {
+          "description": "Base64-encoded output bytes.",
+          "type": "string"
+        },
+        "processId": {
+          "description": "Client-supplied, connection-scoped `processId` from the original `command/exec` request.",
+          "type": "string"
+        },
+        "stream": {
+          "allOf": [
+            {
+              "$ref": "#/definitions/CommandExecOutputStream"
+            }
+          ],
+          "description": "Output stream for this chunk."
+        }
+      },
+      "required": [
+        "capReached",
+        "deltaBase64",
+        "processId",
+        "stream"
+      ],
+      "type": "object"
+    },
+    "CommandExecOutputStream": {
+      "description": "Stream label for `command/exec/outputDelta` notifications.",
+      "oneOf": [
+        {
+          "description": "stdout stream. PTY mode multiplexes terminal output here.",
+          "enum": [
+            "stdout"
+          ],
+          "type": "string"
+        },
+        {
+          "description": "stderr stream.",
+          "enum": [
+            "stderr"
+          ],
+          "type": "string"
+        }
+      ]
+    },
     "CommandExecutionOutputDeltaNotification": {
       "properties": {
         "delta": {
@@ -3468,6 +3519,27 @@
       "title": "Item/plan/deltaNotification",
       "type": "object"
     },
+    {
+      "description": "Stream base64-encoded stdout/stderr chunks for a running `command/exec` session.",
+      "properties": {
+        "method": {
+          "enum": [
+            "command/exec/outputDelta"
+          ],
+          "title": "Command/exec/outputDeltaNotificationMethod",
+          "type": "string"
+        },
+        "params": {
+          "$ref": "#/definitions/CommandExecOutputDeltaNotification"
+        }
+      },
+      "required": [
+        "method",
+        "params"
+      ],
+      "title": "Command/exec/outputDeltaNotification",
+      "type": "object"
+    },
     {
       "properties": {
         "method": {

codex-rs/app-server-protocol/schema/json/ServerRequest.json

@@ -440,6 +440,17 @@
       ],
       "type": "object"
     },
+    "CommandExecutionRequestApprovalSkillMetadata": {
+      "properties": {
+        "pathToSkillsMd": {
+          "type": "string"
+        }
+      },
+      "required": [
+        "pathToSkillsMd"
+      ],
+      "type": "object"
+    },
     "DynamicToolCallParams": {
       "properties": {
         "arguments": true,
@@ -650,10 +661,542 @@
       ],
       "type": "string"
     },
+    "McpElicitationArrayType": {
+      "enum": [
+        "array"
+      ],
+      "type": "string"
+    },
+    "McpElicitationBooleanSchema": {
+      "additionalProperties": false,
+      "properties": {
+        "default": {
+          "type": [
+            "boolean",
+            "null"
+          ]
+        },
+        "description": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "title": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "type": {
+          "$ref": "#/definitions/McpElicitationBooleanType"
+        }
+      },
+      "required": [
+        "type"
+      ],
+      "type": "object"
+    },
+    "McpElicitationBooleanType": {
+      "enum": [
+        "boolean"
+      ],
+      "type": "string"
+    },
+    "McpElicitationConstOption": {
+      "additionalProperties": false,
+      "properties": {
+        "const": {
+          "type": "string"
+        },
+        "title": {
+          "type": "string"
+        }
+      },
+      "required": [
+        "const",
+        "title"
+      ],
+      "type": "object"
+    },
+    "McpElicitationEnumSchema": {
+      "anyOf": [
+        {
+          "$ref": "#/definitions/McpElicitationSingleSelectEnumSchema"
+        },
+        {
+          "$ref": "#/definitions/McpElicitationMultiSelectEnumSchema"
+        },
+        {
+          "$ref": "#/definitions/McpElicitationLegacyTitledEnumSchema"
+        }
+      ]
+    },
+    "McpElicitationLegacyTitledEnumSchema": {
+      "additionalProperties": false,
+      "properties": {
+        "default": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "description": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "enum": {
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "enumNames": {
+          "items": {
+            "type": "string"
+          },
+          "type": [
+            "array",
+            "null"
+          ]
+        },
+        "title": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "type": {
+          "$ref": "#/definitions/McpElicitationStringType"
+        }
+      },
+      "required": [
+        "enum",
+        "type"
+      ],
+      "type": "object"
+    },
+    "McpElicitationMultiSelectEnumSchema": {
+      "anyOf": [
+        {
+          "$ref": "#/definitions/McpElicitationUntitledMultiSelectEnumSchema"
+        },
+        {
+          "$ref": "#/definitions/McpElicitationTitledMultiSelectEnumSchema"
+        }
+      ]
+    },
+    "McpElicitationNumberSchema": {
+      "additionalProperties": false,
+      "properties": {
+        "default": {
+          "format": "double",
+          "type": [
+            "number",
+            "null"
+          ]
+        },
+        "description": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "maximum": {
+          "format": "double",
+          "type": [
+            "number",
+            "null"
+          ]
+        },
+        "minimum": {
+          "format": "double",
+          "type": [
+            "number",
+            "null"
+          ]
+        },
+        "title": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "type": {
+          "$ref": "#/definitions/McpElicitationNumberType"
+        }
+      },
+      "required": [
+        "type"
+      ],
+      "type": "object"
+    },
+    "McpElicitationNumberType": {
+      "enum": [
+        "number",
+        "integer"
+      ],
+      "type": "string"
+    },
+    "McpElicitationObjectType": {
+      "enum": [
+        "object"
+      ],
+      "type": "string"
+    },
+    "McpElicitationPrimitiveSchema": {
+      "anyOf": [
+        {
+          "$ref": "#/definitions/McpElicitationEnumSchema"
+        },
+        {
+          "$ref": "#/definitions/McpElicitationStringSchema"
+        },
+        {
+          "$ref": "#/definitions/McpElicitationNumberSchema"
+        },
+        {
+          "$ref": "#/definitions/McpElicitationBooleanSchema"
+        }
+      ]
+    },
+    "McpElicitationSchema": {
+      "additionalProperties": false,
+      "description": "Typed form schema for MCP `elicitation/create` requests.\n\nThis matches the `requestedSchema` shape from the MCP 2025-11-25 `ElicitRequestFormParams` schema.",
+      "properties": {
+        "$schema": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "properties": {
+          "additionalProperties": {
+            "$ref": "#/definitions/McpElicitationPrimitiveSchema"
+          },
+          "type": "object"
+        },
+        "required": {
+          "items": {
+            "type": "string"
+          },
+          "type": [
+            "array",
+            "null"
+          ]
+        },
+        "type": {
+          "$ref": "#/definitions/McpElicitationObjectType"
+        }
+      },
+      "required": [
+        "properties",
+        "type"
+      ],
+      "type": "object"
+    },
+    "McpElicitationSingleSelectEnumSchema": {
+      "anyOf": [
+        {
+          "$ref": "#/definitions/McpElicitationUntitledSingleSelectEnumSchema"
+        },
+        {
+          "$ref": "#/definitions/McpElicitationTitledSingleSelectEnumSchema"
+        }
+      ]
+    },
+    "McpElicitationStringFormat": {
+      "enum": [
+        "email",
+        "uri",
+        "date",
+        "date-time"
+      ],
+      "type": "string"
+    },
+    "McpElicitationStringSchema": {
+      "additionalProperties": false,
+      "properties": {
+        "default": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "description": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "format": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/McpElicitationStringFormat"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "maxLength": {
+          "format": "uint32",
+          "minimum": 0.0,
+          "type": [
+            "integer",
+            "null"
+          ]
+        },
+        "minLength": {
+          "format": "uint32",
+          "minimum": 0.0,
+          "type": [
+            "integer",
+            "null"
+          ]
+        },
+        "title": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "type": {
+          "$ref": "#/definitions/McpElicitationStringType"
+        }
+      },
+      "required": [
+        "type"
+      ],
+      "type": "object"
+    },
+    "McpElicitationStringType": {
+      "enum": [
+        "string"
+      ],
+      "type": "string"
+    },
+    "McpElicitationTitledEnumItems": {
+      "additionalProperties": false,
+      "properties": {
+        "anyOf": {
+          "items": {
+            "$ref": "#/definitions/McpElicitationConstOption"
+          },
+          "type": "array"
+        }
+      },
+      "required": [
+        "anyOf"
+      ],
+      "type": "object"
+    },
+    "McpElicitationTitledMultiSelectEnumSchema": {
+      "additionalProperties": false,
+      "properties": {
+        "default": {
+          "items": {
+            "type": "string"
+          },
+          "type": [
+            "array",
+            "null"
+          ]
+        },
+        "description": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "items": {
+          "$ref": "#/definitions/McpElicitationTitledEnumItems"
+        },
+        "maxItems": {
+          "format": "uint64",
+          "minimum": 0.0,
+          "type": [
+            "integer",
+            "null"
+          ]
+        },
+        "minItems": {
+          "format": "uint64",
+          "minimum": 0.0,
+          "type": [
+            "integer",
+            "null"
+          ]
+        },
+        "title": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "type": {
+          "$ref": "#/definitions/McpElicitationArrayType"
+        }
+      },
+      "required": [
+        "items",
+        "type"
+      ],
+      "type": "object"
+    },
+    "McpElicitationTitledSingleSelectEnumSchema": {
+      "additionalProperties": false,
+      "properties": {
+        "default": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "description": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "oneOf": {
+          "items": {
+            "$ref": "#/definitions/McpElicitationConstOption"
+          },
+          "type": "array"
+        },
+        "title": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "type": {
+          "$ref": "#/definitions/McpElicitationStringType"
+        }
+      },
+      "required": [
+        "oneOf",
+        "type"
+      ],
+      "type": "object"
+    },
+    "McpElicitationUntitledEnumItems": {
+      "additionalProperties": false,
+      "properties": {
+        "enum": {
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "type": {
+          "$ref": "#/definitions/McpElicitationStringType"
+        }
+      },
+      "required": [
+        "enum",
+        "type"
+      ],
+      "type": "object"
+    },
+    "McpElicitationUntitledMultiSelectEnumSchema": {
+      "additionalProperties": false,
+      "properties": {
+        "default": {
+          "items": {
+            "type": "string"
+          },
+          "type": [
+            "array",
+            "null"
+          ]
+        },
+        "description": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "items": {
+          "$ref": "#/definitions/McpElicitationUntitledEnumItems"
+        },
+        "maxItems": {
+          "format": "uint64",
+          "minimum": 0.0,
+          "type": [
+            "integer",
+            "null"
+          ]
+        },
+        "minItems": {
+          "format": "uint64",
+          "minimum": 0.0,
+          "type": [
+            "integer",
+            "null"
+          ]
+        },
+        "title": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "type": {
+          "$ref": "#/definitions/McpElicitationArrayType"
+        }
+      },
+      "required": [
+        "items",
+        "type"
+      ],
+      "type": "object"
+    },
+    "McpElicitationUntitledSingleSelectEnumSchema": {
+      "additionalProperties": false,
+      "properties": {
+        "default": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "description": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "enum": {
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "title": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "type": {
+          "$ref": "#/definitions/McpElicitationStringType"
+        }
+      },
+      "required": [
+        "enum",
+        "type"
+      ],
+      "type": "object"
+    },
     "McpServerElicitationRequestParams": {
       "oneOf": [
         {
           "properties": {
+            "_meta": true,
             "message": {
               "type": "string"
             },
@@ -663,7 +1206,9 @@
               ],
               "type": "string"
             },
-            "requestedSchema": true
+            "requestedSchema": {
+              "$ref": "#/definitions/McpElicitationSchema"
+            }
           },
           "required": [
             "message",
@@ -674,6 +1219,7 @@
         },
         {
           "properties": {
+            "_meta": true,
             "elicitationId": {
               "type": "string"
             },
@@ -877,6 +1423,35 @@
         }
       ]
     },
+    "PermissionsRequestApprovalParams": {
+      "properties": {
+        "itemId": {
+          "type": "string"
+        },
+        "permissions": {
+          "$ref": "#/definitions/AdditionalPermissionProfile"
+        },
+        "reason": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "threadId": {
+          "type": "string"
+        },
+        "turnId": {
+          "type": "string"
+        }
+      },
+      "required": [
+        "itemId",
+        "permissions",
+        "threadId",
+        "turnId"
+      ],
+      "type": "object"
+    },
     "RequestId": {
       "anyOf": [
         {
@@ -1074,6 +1649,31 @@
       "title": "McpServer/elicitation/requestRequest",
       "type": "object"
     },
+    {
+      "description": "Request approval for additional permissions from the user.",
+      "properties": {
+        "id": {
+          "$ref": "#/definitions/RequestId"
+        },
+        "method": {
+          "enum": [
+            "item/permissions/requestApproval"
+          ],
+          "title": "Item/permissions/requestApprovalRequestMethod",
+          "type": "string"
+        },
+        "params": {
+          "$ref": "#/definitions/PermissionsRequestApprovalParams"
+        }
+      },
+      "required": [
+        "id",
+        "method",
+        "params"
+      ],
+      "title": "Item/permissions/requestApprovalRequest",
+      "type": "object"
+    },
     {
       "description": "Execute a dynamic tool call on the client.",
       "properties": {

codex-rs/app-server-protocol/schema/json/v2/CommandExecOutputDeltaNotification.json

@@ -0,0 +1,55 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "definitions": {
+    "CommandExecOutputStream": {
+      "description": "Stream label for `command/exec/outputDelta` notifications.",
+      "oneOf": [
+        {
+          "description": "stdout stream. PTY mode multiplexes terminal output here.",
+          "enum": [
+            "stdout"
+          ],
+          "type": "string"
+        },
+        {
+          "description": "stderr stream.",
+          "enum": [
+            "stderr"
+          ],
+          "type": "string"
+        }
+      ]
+    }
+  },
+  "description": "Base64-encoded output chunk emitted for a streaming `command/exec` request.\n\nThese notifications are connection-scoped. If the originating connection closes, the server terminates the process.",
+  "properties": {
+    "capReached": {
+      "description": "`true` on the final streamed chunk for a stream when `outputBytesCap` truncated later output on that stream.",
+      "type": "boolean"
+    },
+    "deltaBase64": {
+      "description": "Base64-encoded output bytes.",
+      "type": "string"
+    },
+    "processId": {
+      "description": "Client-supplied, connection-scoped `processId` from the original `command/exec` request.",
+      "type": "string"
+    },
+    "stream": {
+      "allOf": [
+        {
+          "$ref": "#/definitions/CommandExecOutputStream"
+        }
+      ],
+      "description": "Output stream for this chunk."
+    }
+  },
+  "required": [
+    "capReached",
+    "deltaBase64",
+    "processId",
+    "stream"
+  ],
+  "title": "CommandExecOutputDeltaNotification",
+  "type": "object"
+}

codex-rs/app-server-protocol/schema/json/v2/CommandExecParams.json

@@ -5,6 +5,28 @@
       "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
       "type": "string"
     },
+    "CommandExecTerminalSize": {
+      "description": "PTY size in character cells for `command/exec` PTY sessions.",
+      "properties": {
+        "cols": {
+          "description": "Terminal width in character cells.",
+          "format": "uint16",
+          "minimum": 0.0,
+          "type": "integer"
+        },
+        "rows": {
+          "description": "Terminal height in character cells.",
+          "format": "uint16",
+          "minimum": 0.0,
+          "type": "integer"
+        }
+      },
+      "required": [
+        "cols",
+        "rows"
+      ],
+      "type": "object"
+    },
     "NetworkAccess": {
       "enum": [
         "restricted",
@@ -179,14 +201,54 @@
       ]
     }
   },
+  "description": "Run a standalone command (argv vector) in the server sandbox without creating a thread or turn.\n\nThe final `command/exec` response is deferred until the process exits and is sent only after all `command/exec/outputDelta` notifications for that connection have been emitted.",
   "properties": {
     "command": {
+      "description": "Command argv vector. Empty arrays are rejected.",
       "items": {
         "type": "string"
       },
       "type": "array"
     },
     "cwd": {
+      "description": "Optional working directory. Defaults to the server cwd.",
+      "type": [
+        "string",
+        "null"
+      ]
+    },
+    "disableOutputCap": {
+      "description": "Disable stdout/stderr capture truncation for this request.\n\nCannot be combined with `outputBytesCap`.",
+      "type": "boolean"
+    },
+    "disableTimeout": {
+      "description": "Disable the timeout entirely for this request.\n\nCannot be combined with `timeoutMs`.",
+      "type": "boolean"
+    },
+    "env": {
+      "additionalProperties": {
+        "type": [
+          "string",
+          "null"
+        ]
+      },
+      "description": "Optional environment overrides merged into the server-computed environment.\n\nMatching names override inherited values. Set a key to `null` to unset an inherited variable.",
+      "type": [
+        "object",
+        "null"
+      ]
+    },
+    "outputBytesCap": {
+      "description": "Optional per-stream stdout/stderr capture cap in bytes.\n\nWhen omitted, the server default applies. Cannot be combined with `disableOutputCap`.",
+      "format": "uint",
+      "minimum": 0.0,
+      "type": [
+        "integer",
+        "null"
+      ]
+    },
+    "processId": {
+      "description": "Optional client-supplied, connection-scoped process id.\n\nRequired for `tty`, `streamStdin`, `streamStdoutStderr`, and follow-up `command/exec/write`, `command/exec/resize`, and `command/exec/terminate` calls. When omitted, buffered execution gets an internal id that is not exposed to the client.",
       "type": [
         "string",
         "null"
@@ -200,14 +262,39 @@
         {
           "type": "null"
         }
-      ]
+      ],
+      "description": "Optional sandbox policy for this command.\n\nUses the same shape as thread/turn execution sandbox configuration and defaults to the user's configured policy when omitted."
+    },
+    "size": {
+      "anyOf": [
+        {
+          "$ref": "#/definitions/CommandExecTerminalSize"
+        },
+        {
+          "type": "null"
+        }
+      ],
+      "description": "Optional initial PTY size in character cells. Only valid when `tty` is true."
+    },
+    "streamStdin": {
+      "description": "Allow follow-up `command/exec/write` requests to write stdin bytes.\n\nRequires a client-supplied `processId`.",
+      "type": "boolean"
+    },
+    "streamStdoutStderr": {
+      "description": "Stream stdout/stderr via `command/exec/outputDelta` notifications.\n\nStreamed bytes are not duplicated into the final response and require a client-supplied `processId`.",
+      "type": "boolean"
     },
     "timeoutMs": {
+      "description": "Optional timeout in milliseconds.\n\nWhen omitted, the server default applies. Cannot be combined with `disableTimeout`.",
       "format": "int64",
       "type": [
         "integer",
         "null"
       ]
+    },
+    "tty": {
+      "description": "Enable PTY mode.\n\nThis implies `streamStdin` and `streamStdoutStderr`.",
+      "type": "boolean"
     }
   },
   "required": [

codex-rs/app-server-protocol/schema/json/v2/CommandExecResizeParams.json

@@ -0,0 +1,48 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "definitions": {
+    "CommandExecTerminalSize": {
+      "description": "PTY size in character cells for `command/exec` PTY sessions.",
+      "properties": {
+        "cols": {
+          "description": "Terminal width in character cells.",
+          "format": "uint16",
+          "minimum": 0.0,
+          "type": "integer"
+        },
+        "rows": {
+          "description": "Terminal height in character cells.",
+          "format": "uint16",
+          "minimum": 0.0,
+          "type": "integer"
+        }
+      },
+      "required": [
+        "cols",
+        "rows"
+      ],
+      "type": "object"
+    }
+  },
+  "description": "Resize a running PTY-backed `command/exec` session.",
+  "properties": {
+    "processId": {
+      "description": "Client-supplied, connection-scoped `processId` from the original `command/exec` request.",
+      "type": "string"
+    },
+    "size": {
+      "allOf": [
+        {
+          "$ref": "#/definitions/CommandExecTerminalSize"
+        }
+      ],
+      "description": "New PTY size in character cells."
+    }
+  },
+  "required": [
+    "processId",
+    "size"
+  ],
+  "title": "CommandExecResizeParams",
+  "type": "object"
+}

codex-rs/app-server-protocol/schema/json/v2/CommandExecResizeResponse.json

@@ -0,0 +1,6 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "description": "Empty success response for `command/exec/resize`.",
+  "title": "CommandExecResizeResponse",
+  "type": "object"
+}

codex-rs/app-server-protocol/schema/json/v2/CommandExecResponse.json

@@ -1,14 +1,18 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
+  "description": "Final buffered result for `command/exec`.",
   "properties": {
     "exitCode": {
+      "description": "Process exit code.",
       "format": "int32",
       "type": "integer"
     },
     "stderr": {
+      "description": "Buffered stderr capture.\n\nEmpty when stderr was streamed via `command/exec/outputDelta`.",
       "type": "string"
     },
     "stdout": {
+      "description": "Buffered stdout capture.\n\nEmpty when stdout was streamed via `command/exec/outputDelta`.",
       "type": "string"
     }
   },

codex-rs/app-server-protocol/schema/json/v2/CommandExecTerminateParams.json

@@ -0,0 +1,15 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "description": "Terminate a running `command/exec` session.",
+  "properties": {
+    "processId": {
+      "description": "Client-supplied, connection-scoped `processId` from the original `command/exec` request.",
+      "type": "string"
+    }
+  },
+  "required": [
+    "processId"
+  ],
+  "title": "CommandExecTerminateParams",
+  "type": "object"
+}

codex-rs/app-server-protocol/schema/json/v2/CommandExecTerminateResponse.json

@@ -0,0 +1,6 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "description": "Empty success response for `command/exec/terminate`.",
+  "title": "CommandExecTerminateResponse",
+  "type": "object"
+}

codex-rs/app-server-protocol/schema/json/v2/CommandExecWriteParams.json

@@ -0,0 +1,26 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "description": "Write stdin bytes to a running `command/exec` session, close stdin, or both.",
+  "properties": {
+    "closeStdin": {
+      "description": "Close stdin after writing `deltaBase64`, if present.",
+      "type": "boolean"
+    },
+    "deltaBase64": {
+      "description": "Optional base64-encoded stdin bytes to write.",
+      "type": [
+        "string",
+        "null"
+      ]
+    },
+    "processId": {
+      "description": "Client-supplied, connection-scoped `processId` from the original `command/exec` request.",
+      "type": "string"
+    }
+  },
+  "required": [
+    "processId"
+  ],
+  "title": "CommandExecWriteParams",
+  "type": "object"
+}

codex-rs/app-server-protocol/schema/json/v2/CommandExecWriteResponse.json

@@ -0,0 +1,6 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "description": "Empty success response for `command/exec/write`.",
+  "title": "CommandExecWriteResponse",
+  "type": "object"
+}

codex-rs/app-server-protocol/schema/json/v2/ConfigBatchWriteParams.json

@@ -45,6 +45,10 @@
         "string",
         "null"
       ]
+    },
+    "reloadUserConfig": {
+      "description": "When true, hot-reload the updated user config into all loaded threads after writing.",
+      "type": "boolean"
     }
   },
   "required": [

codex-rs/app-server-protocol/schema/json/v2/ConfigReadResponse.json

@@ -628,6 +628,16 @@
             }
           ]
         },
+        "tools": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/ToolsV2"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        },
         "web_search": {
           "anyOf": [
             {
@@ -721,9 +731,13 @@
           ]
         },
         "web_search": {
-          "type": [
-            "boolean",
-            "null"
+          "anyOf": [
+            {
+              "$ref": "#/definitions/WebSearchToolConfig"
+            },
+            {
+              "type": "null"
+            }
           ]
         }
       },
@@ -738,6 +752,44 @@
       ],
       "type": "string"
     },
+    "WebSearchContextSize": {
+      "enum": [
+        "low",
+        "medium",
+        "high"
+      ],
+      "type": "string"
+    },
+    "WebSearchLocation": {
+      "additionalProperties": false,
+      "properties": {
+        "city": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "country": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "region": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "timezone": {
+          "type": [
+            "string",
+            "null"
+          ]
+        }
+      },
+      "type": "object"
+    },
     "WebSearchMode": {
       "enum": [
         "disabled",
@@ -745,6 +797,41 @@
         "live"
       ],
       "type": "string"
+    },
+    "WebSearchToolConfig": {
+      "additionalProperties": false,
+      "properties": {
+        "allowed_domains": {
+          "items": {
+            "type": "string"
+          },
+          "type": [
+            "array",
+            "null"
+          ]
+        },
+        "context_size": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/WebSearchContextSize"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "location": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/WebSearchLocation"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        }
+      },
+      "type": "object"
     }
   },
   "properties": {

codex-rs/app-server-protocol/schema/json/v2/ConfigRequirementsReadResponse.json

@@ -132,12 +132,6 @@
             "null"
           ]
         },
-        "dangerouslyAllowNonLoopbackAdmin": {
-          "type": [
-            "boolean",
-            "null"
-          ]
-        },
         "dangerouslyAllowNonLoopbackProxy": {
           "type": [
             "boolean",

codex-rs/app-server-protocol/schema/json/v2/PluginInstallParams.json

@@ -1,21 +1,21 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "cwd": {
-      "type": [
-        "string",
-        "null"
-      ]
-    },
-    "marketplaceName": {
+  "definitions": {
+    "AbsolutePathBuf": {
+      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
       "type": "string"
+    }
+  },
+  "properties": {
+    "marketplacePath": {
+      "$ref": "#/definitions/AbsolutePathBuf"
     },
     "pluginName": {
       "type": "string"
     }
   },
   "required": [
-    "marketplaceName",
+    "marketplacePath",
     "pluginName"
   ],
   "title": "PluginInstallParams",

codex-rs/app-server-protocol/schema/json/v2/PluginInstallResponse.json

@@ -1,5 +1,46 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
+  "definitions": {
+    "AppSummary": {
+      "description": "EXPERIMENTAL - app metadata summary for plugin-install responses.",
+      "properties": {
+        "description": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "id": {
+          "type": "string"
+        },
+        "installUrl": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "name": {
+          "type": "string"
+        }
+      },
+      "required": [
+        "id",
+        "name"
+      ],
+      "type": "object"
+    }
+  },
+  "properties": {
+    "appsNeedingAuth": {
+      "items": {
+        "$ref": "#/definitions/AppSummary"
+      },
+      "type": "array"
+    }
+  },
+  "required": [
+    "appsNeedingAuth"
+  ],
   "title": "PluginInstallResponse",
   "type": "object"
 }

codex-rs/app-server-protocol/schema/json/v2/PluginListParams.json

@@ -0,0 +1,23 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "definitions": {
+    "AbsolutePathBuf": {
+      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
+      "type": "string"
+    }
+  },
+  "properties": {
+    "cwds": {
+      "description": "Optional working directories used to discover repo marketplaces. When omitted, only home-scoped marketplaces and the official curated marketplace are considered.",
+      "items": {
+        "$ref": "#/definitions/AbsolutePathBuf"
+      },
+      "type": [
+        "array",
+        "null"
+      ]
+    }
+  },
+  "title": "PluginListParams",
+  "type": "object"
+}

codex-rs/app-server-protocol/schema/json/v2/PluginListResponse.json

@@ -0,0 +1,206 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "definitions": {
+    "AbsolutePathBuf": {
+      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
+      "type": "string"
+    },
+    "PluginInterface": {
+      "properties": {
+        "brandColor": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "capabilities": {
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
+        "category": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "composerIcon": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/AbsolutePathBuf"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "defaultPrompt": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "developerName": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "displayName": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "logo": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/AbsolutePathBuf"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "longDescription": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "privacyPolicyUrl": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "screenshots": {
+          "items": {
+            "$ref": "#/definitions/AbsolutePathBuf"
+          },
+          "type": "array"
+        },
+        "shortDescription": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "termsOfServiceUrl": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "websiteUrl": {
+          "type": [
+            "string",
+            "null"
+          ]
+        }
+      },
+      "required": [
+        "capabilities",
+        "screenshots"
+      ],
+      "type": "object"
+    },
+    "PluginMarketplaceEntry": {
+      "properties": {
+        "name": {
+          "type": "string"
+        },
+        "path": {
+          "$ref": "#/definitions/AbsolutePathBuf"
+        },
+        "plugins": {
+          "items": {
+            "$ref": "#/definitions/PluginSummary"
+          },
+          "type": "array"
+        }
+      },
+      "required": [
+        "name",
+        "path",
+        "plugins"
+      ],
+      "type": "object"
+    },
+    "PluginSource": {
+      "oneOf": [
+        {
+          "properties": {
+            "path": {
+              "$ref": "#/definitions/AbsolutePathBuf"
+            },
+            "type": {
+              "enum": [
+                "local"
+              ],
+              "title": "LocalPluginSourceType",
+              "type": "string"
+            }
+          },
+          "required": [
+            "path",
+            "type"
+          ],
+          "title": "LocalPluginSource",
+          "type": "object"
+        }
+      ]
+    },
+    "PluginSummary": {
+      "properties": {
+        "enabled": {
+          "type": "boolean"
+        },
+        "id": {
+          "type": "string"
+        },
+        "installed": {
+          "type": "boolean"
+        },
+        "interface": {
+          "anyOf": [
+            {
+              "$ref": "#/definitions/PluginInterface"
+            },
+            {
+              "type": "null"
+            }
+          ]
+        },
+        "name": {
+          "type": "string"
+        },
+        "source": {
+          "$ref": "#/definitions/PluginSource"
+        }
+      },
+      "required": [
+        "enabled",
+        "id",
+        "installed",
+        "name",
+        "source"
+      ],
+      "type": "object"
+    }
+  },
+  "properties": {
+    "marketplaces": {
+      "items": {
+        "$ref": "#/definitions/PluginMarketplaceEntry"
+      },
+      "type": "array"
+    }
+  },
+  "required": [
+    "marketplaces"
+  ],
+  "title": "PluginListResponse",
+  "type": "object"
+}

codex-rs/app-server-protocol/schema/json/v2/RawResponseItemCompletedNotification.json

@@ -607,7 +607,7 @@
             "action": {
               "anyOf": [
                 {
-                  "$ref": "#/definitions/WebSearchAction"
+                  "$ref": "#/definitions/ResponsesApiWebSearchAction"
                 },
                 {
                   "type": "null"
@@ -733,7 +733,7 @@
         }
       ]
     },
-    "WebSearchAction": {
+    "ResponsesApiWebSearchAction": {
       "oneOf": [
         {
           "properties": {
@@ -756,14 +756,14 @@
               "enum": [
                 "search"
               ],
-              "title": "SearchWebSearchActionType",
+              "title": "SearchResponsesApiWebSearchActionType",
               "type": "string"
             }
           },
           "required": [
             "type"
           ],
-          "title": "SearchWebSearchAction",
+          "title": "SearchResponsesApiWebSearchAction",
           "type": "object"
         },
         {
@@ -772,7 +772,7 @@
               "enum": [
                 "open_page"
               ],
-              "title": "OpenPageWebSearchActionType",
+              "title": "OpenPageResponsesApiWebSearchActionType",
               "type": "string"
             },
             "url": {
@@ -785,7 +785,7 @@
           "required": [
             "type"
           ],
-          "title": "OpenPageWebSearchAction",
+          "title": "OpenPageResponsesApiWebSearchAction",
           "type": "object"
         },
         {
@@ -800,7 +800,7 @@
               "enum": [
                 "find_in_page"
               ],
-              "title": "FindInPageWebSearchActionType",
+              "title": "FindInPageResponsesApiWebSearchActionType",
               "type": "string"
             },
             "url": {
@@ -813,7 +813,7 @@
           "required": [
             "type"
           ],
-          "title": "FindInPageWebSearchAction",
+          "title": "FindInPageResponsesApiWebSearchAction",
           "type": "object"
         },
         {
@@ -822,14 +822,14 @@
               "enum": [
                 "other"
               ],
-              "title": "OtherWebSearchActionType",
+              "title": "OtherResponsesApiWebSearchActionType",
               "type": "string"
             }
           },
           "required": [
             "type"
           ],
-          "title": "OtherWebSearchAction",
+          "title": "OtherResponsesApiWebSearchAction",
           "type": "object"
         }
       ]

codex-rs/app-server-protocol/schema/json/v2/ThreadResumeParams.json

@@ -657,7 +657,7 @@
             "action": {
               "anyOf": [
                 {
-                  "$ref": "#/definitions/WebSearchAction"
+                  "$ref": "#/definitions/ResponsesApiWebSearchAction"
                 },
                 {
                   "type": "null"
@@ -783,22 +783,7 @@
         }
       ]
     },
-    "SandboxMode": {
-      "enum": [
-        "read-only",
-        "workspace-write",
-        "danger-full-access"
-      ],
-      "type": "string"
-    },
-    "ServiceTier": {
-      "enum": [
-        "fast",
-        "flex"
-      ],
-      "type": "string"
-    },
-    "WebSearchAction": {
+    "ResponsesApiWebSearchAction": {
       "oneOf": [
         {
           "properties": {
@@ -821,14 +806,14 @@
               "enum": [
                 "search"
               ],
-              "title": "SearchWebSearchActionType",
+              "title": "SearchResponsesApiWebSearchActionType",
               "type": "string"
             }
           },
           "required": [
             "type"
           ],
-          "title": "SearchWebSearchAction",
+          "title": "SearchResponsesApiWebSearchAction",
           "type": "object"
         },
         {
@@ -837,7 +822,7 @@
               "enum": [
                 "open_page"
               ],
-              "title": "OpenPageWebSearchActionType",
+              "title": "OpenPageResponsesApiWebSearchActionType",
               "type": "string"
             },
             "url": {
@@ -850,7 +835,7 @@
           "required": [
             "type"
           ],
-          "title": "OpenPageWebSearchAction",
+          "title": "OpenPageResponsesApiWebSearchAction",
           "type": "object"
         },
         {
@@ -865,7 +850,7 @@
               "enum": [
                 "find_in_page"
               ],
-              "title": "FindInPageWebSearchActionType",
+              "title": "FindInPageResponsesApiWebSearchActionType",
               "type": "string"
             },
             "url": {
@@ -878,7 +863,7 @@
           "required": [
             "type"
           ],
-          "title": "FindInPageWebSearchAction",
+          "title": "FindInPageResponsesApiWebSearchAction",
           "type": "object"
         },
         {
@@ -887,17 +872,32 @@
               "enum": [
                 "other"
               ],
-              "title": "OtherWebSearchActionType",
+              "title": "OtherResponsesApiWebSearchActionType",
               "type": "string"
             }
           },
           "required": [
             "type"
           ],
-          "title": "OtherWebSearchAction",
+          "title": "OtherResponsesApiWebSearchAction",
           "type": "object"
         }
       ]
+    },
+    "SandboxMode": {
+      "enum": [
+        "read-only",
+        "workspace-write",
+        "danger-full-access"
+      ],
+      "type": "string"
+    },
+    "ServiceTier": {
+      "enum": [
+        "fast",
+        "flex"
+      ],
+      "type": "string"
     }
   },
   "description": "There are three ways to resume a thread: 1. By thread_id: load the thread from disk by thread_id and resume it. 2. By history: instantiate the thread from memory and resume it. 3. By path: load the thread from disk by path and resume it.\n\nThe precedence is: history > path > thread_id. If using history or path, the thread_id param will be ignored.\n\nPrefer using thread_id whenever possible.",

codex-rs/app-server-protocol/schema/json/v2/WindowsSandboxSetupStartParams.json

@@ -1,6 +1,10 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
   "definitions": {
+    "AbsolutePathBuf": {
+      "description": "A path that is guaranteed to be absolute and normalized (though it is not guaranteed to be canonicalized or exist on the filesystem).\n\nIMPORTANT: When deserializing an `AbsolutePathBuf`, a base path must be set using [AbsolutePathBufGuard::new]. If no base path is set, the deserialization will fail unless the path being deserialized is already absolute.",
+      "type": "string"
+    },
     "WindowsSandboxSetupMode": {
       "enum": [
         "elevated",
@@ -11,9 +15,13 @@
   },
   "properties": {
     "cwd": {
-      "type": [
-        "string",
-        "null"
+      "anyOf": [
+        {
+          "$ref": "#/definitions/AbsolutePathBuf"
+        },
+        {
+          "type": "null"
+        }
       ]
     },
     "mode": {

codex-rs/app-server-protocol/schema/typescript/AgentSpawnMode.ts

@@ -0,0 +1,5 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type AgentSpawnMode = "spawn" | "fork" | "watchdog";

codex-rs/app-server-protocol/schema/typescript/ClientRequest.ts

@@ -10,6 +10,9 @@ import type { RequestId } from "./RequestId";
 import type { AppsListParams } from "./v2/AppsListParams";
 import type { CancelLoginAccountParams } from "./v2/CancelLoginAccountParams";
 import type { CommandExecParams } from "./v2/CommandExecParams";
+import type { CommandExecResizeParams } from "./v2/CommandExecResizeParams";
+import type { CommandExecTerminateParams } from "./v2/CommandExecTerminateParams";
+import type { CommandExecWriteParams } from "./v2/CommandExecWriteParams";
 import type { ConfigBatchWriteParams } from "./v2/ConfigBatchWriteParams";
 import type { ConfigReadParams } from "./v2/ConfigReadParams";
 import type { ConfigValueWriteParams } from "./v2/ConfigValueWriteParams";
@@ -23,6 +26,7 @@ import type { LoginAccountParams } from "./v2/LoginAccountParams";
 import type { McpServerOauthLoginParams } from "./v2/McpServerOauthLoginParams";
 import type { ModelListParams } from "./v2/ModelListParams";
 import type { PluginInstallParams } from "./v2/PluginInstallParams";
+import type { PluginListParams } from "./v2/PluginListParams";
 import type { ReviewStartParams } from "./v2/ReviewStartParams";
 import type { SkillsConfigWriteParams } from "./v2/SkillsConfigWriteParams";
 import type { SkillsListParams } from "./v2/SkillsListParams";
@@ -49,4 +53,4 @@ import type { WindowsSandboxSetupStartParams } from "./v2/WindowsSandboxSetupSta
 /**
  * Request from the client to the server.
  */
-export type ClientRequest ={ "method": "initialize", id: RequestId, params: InitializeParams, } | { "method": "thread/start", id: RequestId, params: ThreadStartParams, } | { "method": "thread/resume", id: RequestId, params: ThreadResumeParams, } | { "method": "thread/fork", id: RequestId, params: ThreadForkParams, } | { "method": "thread/archive", id: RequestId, params: ThreadArchiveParams, } | { "method": "thread/unsubscribe", id: RequestId, params: ThreadUnsubscribeParams, } | { "method": "thread/name/set", id: RequestId, params: ThreadSetNameParams, } | { "method": "thread/metadata/update", id: RequestId, params: ThreadMetadataUpdateParams, } | { "method": "thread/unarchive", id: RequestId, params: ThreadUnarchiveParams, } | { "method": "thread/compact/start", id: RequestId, params: ThreadCompactStartParams, } | { "method": "thread/rollback", id: RequestId, params: ThreadRollbackParams, } | { "method": "thread/list", id: RequestId, params: ThreadListParams, } | { "method": "thread/loaded/list", id: RequestId, params: ThreadLoadedListParams, } | { "method": "thread/read", id: RequestId, params: ThreadReadParams, } | { "method": "skills/list", id: RequestId, params: SkillsListParams, } | { "method": "skills/remote/list", id: RequestId, params: SkillsRemoteReadParams, } | { "method": "skills/remote/export", id: RequestId, params: SkillsRemoteWriteParams, } | { "method": "app/list", id: RequestId, params: AppsListParams, } | { "method": "skills/config/write", id: RequestId, params: SkillsConfigWriteParams, } | { "method": "plugin/install", id: RequestId, params: PluginInstallParams, } | { "method": "turn/start", id: RequestId, params: TurnStartParams, } | { "method": "turn/steer", id: RequestId, params: TurnSteerParams, } | { "method": "turn/interrupt", id: RequestId, params: TurnInterruptParams, } | { "method": "review/start", id: RequestId, params: ReviewStartParams, } | { "method": "model/list", id: RequestId, params: ModelListParams, } | { "method": "experimentalFeature/list", id: RequestId, params: ExperimentalFeatureListParams, } | { "method": "mcpServer/oauth/login", id: RequestId, params: McpServerOauthLoginParams, } | { "method": "config/mcpServer/reload", id: RequestId, params: undefined, } | { "method": "mcpServerStatus/list", id: RequestId, params: ListMcpServerStatusParams, } | { "method": "windowsSandbox/setupStart", id: RequestId, params: WindowsSandboxSetupStartParams, } | { "method": "account/login/start", id: RequestId, params: LoginAccountParams, } | { "method": "account/login/cancel", id: RequestId, params: CancelLoginAccountParams, } | { "method": "account/logout", id: RequestId, params: undefined, } | { "method": "account/rateLimits/read", id: RequestId, params: undefined, } | { "method": "feedback/upload", id: RequestId, params: FeedbackUploadParams, } | { "method": "command/exec", id: RequestId, params: CommandExecParams, } | { "method": "config/read", id: RequestId, params: ConfigReadParams, } | { "method": "externalAgentConfig/detect", id: RequestId, params: ExternalAgentConfigDetectParams, } | { "method": "externalAgentConfig/import", id: RequestId, params: ExternalAgentConfigImportParams, } | { "method": "config/value/write", id: RequestId, params: ConfigValueWriteParams, } | { "method": "config/batchWrite", id: RequestId, params: ConfigBatchWriteParams, } | { "method": "configRequirements/read", id: RequestId, params: undefined, } | { "method": "account/read", id: RequestId, params: GetAccountParams, } | { "method": "getConversationSummary", id: RequestId, params: GetConversationSummaryParams, } | { "method": "gitDiffToRemote", id: RequestId, params: GitDiffToRemoteParams, } | { "method": "getAuthStatus", id: RequestId, params: GetAuthStatusParams, } | { "method": "fuzzyFileSearch", id: RequestId, params: FuzzyFileSearchParams, };
+export type ClientRequest ={ "method": "initialize", id: RequestId, params: InitializeParams, } | { "method": "thread/start", id: RequestId, params: ThreadStartParams, } | { "method": "thread/resume", id: RequestId, params: ThreadResumeParams, } | { "method": "thread/fork", id: RequestId, params: ThreadForkParams, } | { "method": "thread/archive", id: RequestId, params: ThreadArchiveParams, } | { "method": "thread/unsubscribe", id: RequestId, params: ThreadUnsubscribeParams, } | { "method": "thread/name/set", id: RequestId, params: ThreadSetNameParams, } | { "method": "thread/metadata/update", id: RequestId, params: ThreadMetadataUpdateParams, } | { "method": "thread/unarchive", id: RequestId, params: ThreadUnarchiveParams, } | { "method": "thread/compact/start", id: RequestId, params: ThreadCompactStartParams, } | { "method": "thread/rollback", id: RequestId, params: ThreadRollbackParams, } | { "method": "thread/list", id: RequestId, params: ThreadListParams, } | { "method": "thread/loaded/list", id: RequestId, params: ThreadLoadedListParams, } | { "method": "thread/read", id: RequestId, params: ThreadReadParams, } | { "method": "skills/list", id: RequestId, params: SkillsListParams, } | { "method": "plugin/list", id: RequestId, params: PluginListParams, } | { "method": "skills/remote/list", id: RequestId, params: SkillsRemoteReadParams, } | { "method": "skills/remote/export", id: RequestId, params: SkillsRemoteWriteParams, } | { "method": "app/list", id: RequestId, params: AppsListParams, } | { "method": "skills/config/write", id: RequestId, params: SkillsConfigWriteParams, } | { "method": "plugin/install", id: RequestId, params: PluginInstallParams, } | { "method": "turn/start", id: RequestId, params: TurnStartParams, } | { "method": "turn/steer", id: RequestId, params: TurnSteerParams, } | { "method": "turn/interrupt", id: RequestId, params: TurnInterruptParams, } | { "method": "review/start", id: RequestId, params: ReviewStartParams, } | { "method": "model/list", id: RequestId, params: ModelListParams, } | { "method": "experimentalFeature/list", id: RequestId, params: ExperimentalFeatureListParams, } | { "method": "mcpServer/oauth/login", id: RequestId, params: McpServerOauthLoginParams, } | { "method": "config/mcpServer/reload", id: RequestId, params: undefined, } | { "method": "mcpServerStatus/list", id: RequestId, params: ListMcpServerStatusParams, } | { "method": "windowsSandbox/setupStart", id: RequestId, params: WindowsSandboxSetupStartParams, } | { "method": "account/login/start", id: RequestId, params: LoginAccountParams, } | { "method": "account/login/cancel", id: RequestId, params: CancelLoginAccountParams, } | { "method": "account/logout", id: RequestId, params: undefined, } | { "method": "account/rateLimits/read", id: RequestId, params: undefined, } | { "method": "feedback/upload", id: RequestId, params: FeedbackUploadParams, } | { "method": "command/exec", id: RequestId, params: CommandExecParams, } | { "method": "command/exec/write", id: RequestId, params: CommandExecWriteParams, } | { "method": "command/exec/terminate", id: RequestId, params: CommandExecTerminateParams, } | { "method": "command/exec/resize", id: RequestId, params: CommandExecResizeParams, } | { "method": "config/read", id: RequestId, params: ConfigReadParams, } | { "method": "externalAgentConfig/detect", id: RequestId, params: ExternalAgentConfigDetectParams, } | { "method": "externalAgentConfig/import", id: RequestId, params: ExternalAgentConfigImportParams, } | { "method": "config/value/write", id: RequestId, params: ConfigValueWriteParams, } | { "method": "config/batchWrite", id: RequestId, params: ConfigBatchWriteParams, } | { "method": "configRequirements/read", id: RequestId, params: undefined, } | { "method": "account/read", id: RequestId, params: GetAccountParams, } | { "method": "getConversationSummary", id: RequestId, params: GetConversationSummaryParams, } | { "method": "gitDiffToRemote", id: RequestId, params: GitDiffToRemoteParams, } | { "method": "getAuthStatus", id: RequestId, params: GetAuthStatusParams, } | { "method": "fuzzyFileSearch", id: RequestId, params: FuzzyFileSearchParams, };

codex-rs/app-server-protocol/schema/typescript/CollabAgentSpawnEndEvent.ts

@@ -1,6 +1,7 @@
 // GENERATED CODE! DO NOT MODIFY BY HAND!
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { AgentSpawnMode } from "./AgentSpawnMode";
 import type { AgentStatus } from "./AgentStatus";
 import type { ThreadId } from "./ThreadId";
 
@@ -30,6 +31,10 @@ new_agent_role?: string | null,
  * beginning.
  */
 prompt: string, 
+/**
+ * Spawn mode used for this agent.
+ */
+spawn_mode: AgentSpawnMode, 
 /**
  * Last known status of the new agent reported to the sender agent.
  */

codex-rs/app-server-protocol/schema/typescript/ElicitationRequest.ts

@@ -3,4 +3,4 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { JsonValue } from "./serde_json/JsonValue";
 
-export type ElicitationRequest = { "mode": "form", message: string, requested_schema: JsonValue, } | { "mode": "url", message: string, url: string, elicitation_id: string, };
+export type ElicitationRequest = { "mode": "form", _meta?: JsonValue, message: string, requested_schema: JsonValue, } | { "mode": "url", _meta?: JsonValue, message: string, url: string, elicitation_id: string, };

codex-rs/app-server-protocol/schema/typescript/ElicitationRequestEvent.ts

@@ -3,4 +3,8 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { ElicitationRequest } from "./ElicitationRequest";
 
-export type ElicitationRequestEvent = { server_name: string, id: string | number, request: ElicitationRequest, };
+export type ElicitationRequestEvent = { 
+/**
+ * Turn ID that this elicitation belongs to, when known.
+ */
+turn_id?: string, server_name: string, id: string | number, request: ElicitationRequest, };

codex-rs/app-server-protocol/schema/typescript/EventMsg.ts

@@ -56,6 +56,7 @@ import type { RealtimeConversationStartedEvent } from "./RealtimeConversationSta
 import type { ReasoningContentDeltaEvent } from "./ReasoningContentDeltaEvent";
 import type { ReasoningRawContentDeltaEvent } from "./ReasoningRawContentDeltaEvent";
 import type { RemoteSkillDownloadedEvent } from "./RemoteSkillDownloadedEvent";
+import type { RequestPermissionsEvent } from "./RequestPermissionsEvent";
 import type { RequestUserInputEvent } from "./RequestUserInputEvent";
 import type { ReviewRequest } from "./ReviewRequest";
 import type { SessionConfiguredEvent } from "./SessionConfiguredEvent";
@@ -81,4 +82,4 @@ import type { WebSearchEndEvent } from "./WebSearchEndEvent";
  * Response event from the agent
  * NOTE: Make sure none of these values have optional types, as it will mess up the extension code-gen.
  */
-export type EventMsg = { "type": "error" } & ErrorEvent | { "type": "warning" } & WarningEvent | { "type": "realtime_conversation_started" } & RealtimeConversationStartedEvent | { "type": "realtime_conversation_realtime" } & RealtimeConversationRealtimeEvent | { "type": "realtime_conversation_closed" } & RealtimeConversationClosedEvent | { "type": "model_reroute" } & ModelRerouteEvent | { "type": "context_compacted" } & ContextCompactedEvent | { "type": "thread_rolled_back" } & ThreadRolledBackEvent | { "type": "task_started" } & TurnStartedEvent | { "type": "task_complete" } & TurnCompleteEvent | { "type": "token_count" } & TokenCountEvent | { "type": "agent_message" } & AgentMessageEvent | { "type": "user_message" } & UserMessageEvent | { "type": "agent_message_delta" } & AgentMessageDeltaEvent | { "type": "agent_reasoning" } & AgentReasoningEvent | { "type": "agent_reasoning_delta" } & AgentReasoningDeltaEvent | { "type": "agent_reasoning_raw_content" } & AgentReasoningRawContentEvent | { "type": "agent_reasoning_raw_content_delta" } & AgentReasoningRawContentDeltaEvent | { "type": "agent_reasoning_section_break" } & AgentReasoningSectionBreakEvent | { "type": "session_configured" } & SessionConfiguredEvent | { "type": "thread_name_updated" } & ThreadNameUpdatedEvent | { "type": "mcp_startup_update" } & McpStartupUpdateEvent | { "type": "mcp_startup_complete" } & McpStartupCompleteEvent | { "type": "mcp_tool_call_begin" } & McpToolCallBeginEvent | { "type": "mcp_tool_call_end" } & McpToolCallEndEvent | { "type": "web_search_begin" } & WebSearchBeginEvent | { "type": "web_search_end" } & WebSearchEndEvent | { "type": "image_generation_begin" } & ImageGenerationBeginEvent | { "type": "image_generation_end" } & ImageGenerationEndEvent | { "type": "exec_command_begin" } & ExecCommandBeginEvent | { "type": "exec_command_output_delta" } & ExecCommandOutputDeltaEvent | { "type": "terminal_interaction" } & TerminalInteractionEvent | { "type": "exec_command_end" } & ExecCommandEndEvent | { "type": "view_image_tool_call" } & ViewImageToolCallEvent | { "type": "exec_approval_request" } & ExecApprovalRequestEvent | { "type": "request_user_input" } & RequestUserInputEvent | { "type": "dynamic_tool_call_request" } & DynamicToolCallRequest | { "type": "dynamic_tool_call_response" } & DynamicToolCallResponseEvent | { "type": "elicitation_request" } & ElicitationRequestEvent | { "type": "apply_patch_approval_request" } & ApplyPatchApprovalRequestEvent | { "type": "deprecation_notice" } & DeprecationNoticeEvent | { "type": "background_event" } & BackgroundEventEvent | { "type": "undo_started" } & UndoStartedEvent | { "type": "undo_completed" } & UndoCompletedEvent | { "type": "stream_error" } & StreamErrorEvent | { "type": "patch_apply_begin" } & PatchApplyBeginEvent | { "type": "patch_apply_end" } & PatchApplyEndEvent | { "type": "turn_diff" } & TurnDiffEvent | { "type": "get_history_entry_response" } & GetHistoryEntryResponseEvent | { "type": "mcp_list_tools_response" } & McpListToolsResponseEvent | { "type": "list_custom_prompts_response" } & ListCustomPromptsResponseEvent | { "type": "list_skills_response" } & ListSkillsResponseEvent | { "type": "list_remote_skills_response" } & ListRemoteSkillsResponseEvent | { "type": "remote_skill_downloaded" } & RemoteSkillDownloadedEvent | { "type": "skills_update_available" } | { "type": "plan_update" } & UpdatePlanArgs | { "type": "turn_aborted" } & TurnAbortedEvent | { "type": "shutdown_complete" } | { "type": "entered_review_mode" } & ReviewRequest | { "type": "exited_review_mode" } & ExitedReviewModeEvent | { "type": "raw_response_item" } & RawResponseItemEvent | { "type": "item_started" } & ItemStartedEvent | { "type": "item_completed" } & ItemCompletedEvent | { "type": "agent_message_content_delta" } & AgentMessageContentDeltaEvent | { "type": "plan_delta" } & PlanDeltaEvent | { "type": "reasoning_content_delta" } & ReasoningContentDeltaEvent | { "type": "reasoning_raw_content_delta" } & ReasoningRawContentDeltaEvent | { "type": "collab_agent_spawn_begin" } & CollabAgentSpawnBeginEvent | { "type": "collab_agent_spawn_end" } & CollabAgentSpawnEndEvent | { "type": "collab_agent_interaction_begin" } & CollabAgentInteractionBeginEvent | { "type": "collab_agent_interaction_end" } & CollabAgentInteractionEndEvent | { "type": "collab_waiting_begin" } & CollabWaitingBeginEvent | { "type": "collab_waiting_end" } & CollabWaitingEndEvent | { "type": "collab_close_begin" } & CollabCloseBeginEvent | { "type": "collab_close_end" } & CollabCloseEndEvent | { "type": "collab_resume_begin" } & CollabResumeBeginEvent | { "type": "collab_resume_end" } & CollabResumeEndEvent;
+export type EventMsg = { "type": "error" } & ErrorEvent | { "type": "warning" } & WarningEvent | { "type": "realtime_conversation_started" } & RealtimeConversationStartedEvent | { "type": "realtime_conversation_realtime" } & RealtimeConversationRealtimeEvent | { "type": "realtime_conversation_closed" } & RealtimeConversationClosedEvent | { "type": "model_reroute" } & ModelRerouteEvent | { "type": "context_compacted" } & ContextCompactedEvent | { "type": "thread_rolled_back" } & ThreadRolledBackEvent | { "type": "task_started" } & TurnStartedEvent | { "type": "task_complete" } & TurnCompleteEvent | { "type": "token_count" } & TokenCountEvent | { "type": "agent_message" } & AgentMessageEvent | { "type": "user_message" } & UserMessageEvent | { "type": "agent_message_delta" } & AgentMessageDeltaEvent | { "type": "agent_reasoning" } & AgentReasoningEvent | { "type": "agent_reasoning_delta" } & AgentReasoningDeltaEvent | { "type": "agent_reasoning_raw_content" } & AgentReasoningRawContentEvent | { "type": "agent_reasoning_raw_content_delta" } & AgentReasoningRawContentDeltaEvent | { "type": "agent_reasoning_section_break" } & AgentReasoningSectionBreakEvent | { "type": "session_configured" } & SessionConfiguredEvent | { "type": "thread_name_updated" } & ThreadNameUpdatedEvent | { "type": "mcp_startup_update" } & McpStartupUpdateEvent | { "type": "mcp_startup_complete" } & McpStartupCompleteEvent | { "type": "mcp_tool_call_begin" } & McpToolCallBeginEvent | { "type": "mcp_tool_call_end" } & McpToolCallEndEvent | { "type": "web_search_begin" } & WebSearchBeginEvent | { "type": "web_search_end" } & WebSearchEndEvent | { "type": "image_generation_begin" } & ImageGenerationBeginEvent | { "type": "image_generation_end" } & ImageGenerationEndEvent | { "type": "exec_command_begin" } & ExecCommandBeginEvent | { "type": "exec_command_output_delta" } & ExecCommandOutputDeltaEvent | { "type": "terminal_interaction" } & TerminalInteractionEvent | { "type": "exec_command_end" } & ExecCommandEndEvent | { "type": "view_image_tool_call" } & ViewImageToolCallEvent | { "type": "exec_approval_request" } & ExecApprovalRequestEvent | { "type": "request_permissions" } & RequestPermissionsEvent | { "type": "request_user_input" } & RequestUserInputEvent | { "type": "dynamic_tool_call_request" } & DynamicToolCallRequest | { "type": "dynamic_tool_call_response" } & DynamicToolCallResponseEvent | { "type": "elicitation_request" } & ElicitationRequestEvent | { "type": "apply_patch_approval_request" } & ApplyPatchApprovalRequestEvent | { "type": "deprecation_notice" } & DeprecationNoticeEvent | { "type": "background_event" } & BackgroundEventEvent | { "type": "undo_started" } & UndoStartedEvent | { "type": "undo_completed" } & UndoCompletedEvent | { "type": "stream_error" } & StreamErrorEvent | { "type": "patch_apply_begin" } & PatchApplyBeginEvent | { "type": "patch_apply_end" } & PatchApplyEndEvent | { "type": "turn_diff" } & TurnDiffEvent | { "type": "get_history_entry_response" } & GetHistoryEntryResponseEvent | { "type": "mcp_list_tools_response" } & McpListToolsResponseEvent | { "type": "list_custom_prompts_response" } & ListCustomPromptsResponseEvent | { "type": "list_skills_response" } & ListSkillsResponseEvent | { "type": "list_remote_skills_response" } & ListRemoteSkillsResponseEvent | { "type": "remote_skill_downloaded" } & RemoteSkillDownloadedEvent | { "type": "skills_update_available" } | { "type": "plan_update" } & UpdatePlanArgs | { "type": "turn_aborted" } & TurnAbortedEvent | { "type": "shutdown_complete" } | { "type": "entered_review_mode" } & ReviewRequest | { "type": "exited_review_mode" } & ExitedReviewModeEvent | { "type": "raw_response_item" } & RawResponseItemEvent | { "type": "item_started" } & ItemStartedEvent | { "type": "item_completed" } & ItemCompletedEvent | { "type": "agent_message_content_delta" } & AgentMessageContentDeltaEvent | { "type": "plan_delta" } & PlanDeltaEvent | { "type": "reasoning_content_delta" } & ReasoningContentDeltaEvent | { "type": "reasoning_raw_content_delta" } & ReasoningRawContentDeltaEvent | { "type": "collab_agent_spawn_begin" } & CollabAgentSpawnBeginEvent | { "type": "collab_agent_spawn_end" } & CollabAgentSpawnEndEvent | { "type": "collab_agent_interaction_begin" } & CollabAgentInteractionBeginEvent | { "type": "collab_agent_interaction_end" } & CollabAgentInteractionEndEvent | { "type": "collab_waiting_begin" } & CollabWaitingBeginEvent | { "type": "collab_waiting_end" } & CollabWaitingEndEvent | { "type": "collab_close_begin" } & CollabCloseBeginEvent | { "type": "collab_close_end" } & CollabCloseEndEvent | { "type": "collab_resume_begin" } & CollabResumeBeginEvent | { "type": "collab_resume_end" } & CollabResumeEndEvent;

codex-rs/app-server-protocol/schema/typescript/ExecApprovalRequestEvent.ts

@@ -1,6 +1,7 @@
 // GENERATED CODE! DO NOT MODIFY BY HAND!
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { ExecApprovalRequestSkillMetadata } from "./ExecApprovalRequestSkillMetadata";
 import type { ExecPolicyAmendment } from "./ExecPolicyAmendment";
 import type { NetworkApprovalContext } from "./NetworkApprovalContext";
 import type { NetworkPolicyAmendment } from "./NetworkPolicyAmendment";
@@ -53,6 +54,10 @@ proposed_network_policy_amendments?: Array<NetworkPolicyAmendment>,
  * Optional additional filesystem permissions requested for this command.
  */
 additional_permissions?: PermissionProfile, 
+/**
+ * Optional skill metadata when the approval was triggered by a skill script.
+ */
+skill_metadata?: ExecApprovalRequestSkillMetadata, 
 /**
  * Ordered list of decisions the client may present for this prompt.
  *

codex-rs/app-server-protocol/schema/typescript/ExecApprovalRequestSkillMetadata.ts

@@ -0,0 +1,5 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type ExecApprovalRequestSkillMetadata = { path_to_skills_md: string, };

codex-rs/app-server-protocol/schema/typescript/ImageGenerationEndEvent.ts

@@ -2,4 +2,4 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type ImageGenerationEndEvent = { call_id: string, status: string, revised_prompt?: string, result: string, };
+export type ImageGenerationEndEvent = { call_id: string, status: string, revised_prompt?: string, result: string, saved_path?: string, };

codex-rs/app-server-protocol/schema/typescript/ImageGenerationItem.ts

@@ -2,4 +2,4 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type ImageGenerationItem = { id: string, status: string, revised_prompt?: string, result: string, };
+export type ImageGenerationItem = { id: string, status: string, revised_prompt?: string, result: string, saved_path?: string, };

codex-rs/app-server-protocol/schema/typescript/RequestPermissionsEvent.ts

@@ -0,0 +1,15 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { PermissionProfile } from "./PermissionProfile";
+
+export type RequestPermissionsEvent = { 
+/**
+ * Responses API call id for the associated tool call, if available.
+ */
+call_id: string, 
+/**
+ * Turn ID that this request belongs to.
+ * Uses `#[serde(default)]` for backwards compatibility.
+ */
+turn_id: string, reason: string | null, permissions: PermissionProfile, };

codex-rs/app-server-protocol/schema/typescript/ServerNotification.ts

@@ -8,6 +8,7 @@ import type { AccountRateLimitsUpdatedNotification } from "./v2/AccountRateLimit
 import type { AccountUpdatedNotification } from "./v2/AccountUpdatedNotification";
 import type { AgentMessageDeltaNotification } from "./v2/AgentMessageDeltaNotification";
 import type { AppListUpdatedNotification } from "./v2/AppListUpdatedNotification";
+import type { CommandExecOutputDeltaNotification } from "./v2/CommandExecOutputDeltaNotification";
 import type { CommandExecutionOutputDeltaNotification } from "./v2/CommandExecutionOutputDeltaNotification";
 import type { ConfigWarningNotification } from "./v2/ConfigWarningNotification";
 import type { ContextCompactedNotification } from "./v2/ContextCompactedNotification";
@@ -49,4 +50,4 @@ import type { WindowsWorldWritableWarningNotification } from "./v2/WindowsWorldW
 /**
  * Notification sent from the server to the client.
  */
-export type ServerNotification = { "method": "error", "params": ErrorNotification } | { "method": "thread/started", "params": ThreadStartedNotification } | { "method": "thread/status/changed", "params": ThreadStatusChangedNotification } | { "method": "thread/archived", "params": ThreadArchivedNotification } | { "method": "thread/unarchived", "params": ThreadUnarchivedNotification } | { "method": "thread/closed", "params": ThreadClosedNotification } | { "method": "skills/changed", "params": SkillsChangedNotification } | { "method": "thread/name/updated", "params": ThreadNameUpdatedNotification } | { "method": "thread/tokenUsage/updated", "params": ThreadTokenUsageUpdatedNotification } | { "method": "turn/started", "params": TurnStartedNotification } | { "method": "turn/completed", "params": TurnCompletedNotification } | { "method": "turn/diff/updated", "params": TurnDiffUpdatedNotification } | { "method": "turn/plan/updated", "params": TurnPlanUpdatedNotification } | { "method": "item/started", "params": ItemStartedNotification } | { "method": "item/completed", "params": ItemCompletedNotification } | { "method": "rawResponseItem/completed", "params": RawResponseItemCompletedNotification } | { "method": "item/agentMessage/delta", "params": AgentMessageDeltaNotification } | { "method": "item/plan/delta", "params": PlanDeltaNotification } | { "method": "item/commandExecution/outputDelta", "params": CommandExecutionOutputDeltaNotification } | { "method": "item/commandExecution/terminalInteraction", "params": TerminalInteractionNotification } | { "method": "item/fileChange/outputDelta", "params": FileChangeOutputDeltaNotification } | { "method": "serverRequest/resolved", "params": ServerRequestResolvedNotification } | { "method": "item/mcpToolCall/progress", "params": McpToolCallProgressNotification } | { "method": "mcpServer/oauthLogin/completed", "params": McpServerOauthLoginCompletedNotification } | { "method": "account/updated", "params": AccountUpdatedNotification } | { "method": "account/rateLimits/updated", "params": AccountRateLimitsUpdatedNotification } | { "method": "app/list/updated", "params": AppListUpdatedNotification } | { "method": "item/reasoning/summaryTextDelta", "params": ReasoningSummaryTextDeltaNotification } | { "method": "item/reasoning/summaryPartAdded", "params": ReasoningSummaryPartAddedNotification } | { "method": "item/reasoning/textDelta", "params": ReasoningTextDeltaNotification } | { "method": "thread/compacted", "params": ContextCompactedNotification } | { "method": "model/rerouted", "params": ModelReroutedNotification } | { "method": "deprecationNotice", "params": DeprecationNoticeNotification } | { "method": "configWarning", "params": ConfigWarningNotification } | { "method": "fuzzyFileSearch/sessionUpdated", "params": FuzzyFileSearchSessionUpdatedNotification } | { "method": "fuzzyFileSearch/sessionCompleted", "params": FuzzyFileSearchSessionCompletedNotification } | { "method": "thread/realtime/started", "params": ThreadRealtimeStartedNotification } | { "method": "thread/realtime/itemAdded", "params": ThreadRealtimeItemAddedNotification } | { "method": "thread/realtime/outputAudio/delta", "params": ThreadRealtimeOutputAudioDeltaNotification } | { "method": "thread/realtime/error", "params": ThreadRealtimeErrorNotification } | { "method": "thread/realtime/closed", "params": ThreadRealtimeClosedNotification } | { "method": "windows/worldWritableWarning", "params": WindowsWorldWritableWarningNotification } | { "method": "windowsSandbox/setupCompleted", "params": WindowsSandboxSetupCompletedNotification } | { "method": "account/login/completed", "params": AccountLoginCompletedNotification };
+export type ServerNotification = { "method": "error", "params": ErrorNotification } | { "method": "thread/started", "params": ThreadStartedNotification } | { "method": "thread/status/changed", "params": ThreadStatusChangedNotification } | { "method": "thread/archived", "params": ThreadArchivedNotification } | { "method": "thread/unarchived", "params": ThreadUnarchivedNotification } | { "method": "thread/closed", "params": ThreadClosedNotification } | { "method": "skills/changed", "params": SkillsChangedNotification } | { "method": "thread/name/updated", "params": ThreadNameUpdatedNotification } | { "method": "thread/tokenUsage/updated", "params": ThreadTokenUsageUpdatedNotification } | { "method": "turn/started", "params": TurnStartedNotification } | { "method": "turn/completed", "params": TurnCompletedNotification } | { "method": "turn/diff/updated", "params": TurnDiffUpdatedNotification } | { "method": "turn/plan/updated", "params": TurnPlanUpdatedNotification } | { "method": "item/started", "params": ItemStartedNotification } | { "method": "item/completed", "params": ItemCompletedNotification } | { "method": "rawResponseItem/completed", "params": RawResponseItemCompletedNotification } | { "method": "item/agentMessage/delta", "params": AgentMessageDeltaNotification } | { "method": "item/plan/delta", "params": PlanDeltaNotification } | { "method": "command/exec/outputDelta", "params": CommandExecOutputDeltaNotification } | { "method": "item/commandExecution/outputDelta", "params": CommandExecutionOutputDeltaNotification } | { "method": "item/commandExecution/terminalInteraction", "params": TerminalInteractionNotification } | { "method": "item/fileChange/outputDelta", "params": FileChangeOutputDeltaNotification } | { "method": "serverRequest/resolved", "params": ServerRequestResolvedNotification } | { "method": "item/mcpToolCall/progress", "params": McpToolCallProgressNotification } | { "method": "mcpServer/oauthLogin/completed", "params": McpServerOauthLoginCompletedNotification } | { "method": "account/updated", "params": AccountUpdatedNotification } | { "method": "account/rateLimits/updated", "params": AccountRateLimitsUpdatedNotification } | { "method": "app/list/updated", "params": AppListUpdatedNotification } | { "method": "item/reasoning/summaryTextDelta", "params": ReasoningSummaryTextDeltaNotification } | { "method": "item/reasoning/summaryPartAdded", "params": ReasoningSummaryPartAddedNotification } | { "method": "item/reasoning/textDelta", "params": ReasoningTextDeltaNotification } | { "method": "thread/compacted", "params": ContextCompactedNotification } | { "method": "model/rerouted", "params": ModelReroutedNotification } | { "method": "deprecationNotice", "params": DeprecationNoticeNotification } | { "method": "configWarning", "params": ConfigWarningNotification } | { "method": "fuzzyFileSearch/sessionUpdated", "params": FuzzyFileSearchSessionUpdatedNotification } | { "method": "fuzzyFileSearch/sessionCompleted", "params": FuzzyFileSearchSessionCompletedNotification } | { "method": "thread/realtime/started", "params": ThreadRealtimeStartedNotification } | { "method": "thread/realtime/itemAdded", "params": ThreadRealtimeItemAddedNotification } | { "method": "thread/realtime/outputAudio/delta", "params": ThreadRealtimeOutputAudioDeltaNotification } | { "method": "thread/realtime/error", "params": ThreadRealtimeErrorNotification } | { "method": "thread/realtime/closed", "params": ThreadRealtimeClosedNotification } | { "method": "windows/worldWritableWarning", "params": WindowsWorldWritableWarningNotification } | { "method": "windowsSandbox/setupCompleted", "params": WindowsSandboxSetupCompletedNotification } | { "method": "account/login/completed", "params": AccountLoginCompletedNotification };

codex-rs/app-server-protocol/schema/typescript/ServerRequest.ts

@@ -9,9 +9,10 @@ import type { CommandExecutionRequestApprovalParams } from "./v2/CommandExecutio
 import type { DynamicToolCallParams } from "./v2/DynamicToolCallParams";
 import type { FileChangeRequestApprovalParams } from "./v2/FileChangeRequestApprovalParams";
 import type { McpServerElicitationRequestParams } from "./v2/McpServerElicitationRequestParams";
+import type { PermissionsRequestApprovalParams } from "./v2/PermissionsRequestApprovalParams";
 import type { ToolRequestUserInputParams } from "./v2/ToolRequestUserInputParams";
 
 /**
  * Request initiated from the server and sent to the client.
  */
-export type ServerRequest = { "method": "item/commandExecution/requestApproval", id: RequestId, params: CommandExecutionRequestApprovalParams, } | { "method": "item/fileChange/requestApproval", id: RequestId, params: FileChangeRequestApprovalParams, } | { "method": "item/tool/requestUserInput", id: RequestId, params: ToolRequestUserInputParams, } | { "method": "mcpServer/elicitation/request", id: RequestId, params: McpServerElicitationRequestParams, } | { "method": "item/tool/call", id: RequestId, params: DynamicToolCallParams, } | { "method": "account/chatgptAuthTokens/refresh", id: RequestId, params: ChatgptAuthTokensRefreshParams, } | { "method": "applyPatchApproval", id: RequestId, params: ApplyPatchApprovalParams, } | { "method": "execCommandApproval", id: RequestId, params: ExecCommandApprovalParams, };
+export type ServerRequest = { "method": "item/commandExecution/requestApproval", id: RequestId, params: CommandExecutionRequestApprovalParams, } | { "method": "item/fileChange/requestApproval", id: RequestId, params: FileChangeRequestApprovalParams, } | { "method": "item/tool/requestUserInput", id: RequestId, params: ToolRequestUserInputParams, } | { "method": "mcpServer/elicitation/request", id: RequestId, params: McpServerElicitationRequestParams, } | { "method": "item/permissions/requestApproval", id: RequestId, params: PermissionsRequestApprovalParams, } | { "method": "item/tool/call", id: RequestId, params: DynamicToolCallParams, } | { "method": "account/chatgptAuthTokens/refresh", id: RequestId, params: ChatgptAuthTokensRefreshParams, } | { "method": "applyPatchApproval", id: RequestId, params: ApplyPatchApprovalParams, } | { "method": "execCommandApproval", id: RequestId, params: ExecCommandApprovalParams, };

codex-rs/app-server-protocol/schema/typescript/SessionNetworkProxyRuntime.ts

@@ -2,4 +2,4 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type SessionNetworkProxyRuntime = { http_addr: string, socks_addr: string, admin_addr: string, };
+export type SessionNetworkProxyRuntime = { http_addr: string, socks_addr: string, };

codex-rs/app-server-protocol/schema/typescript/WebSearchContextSize.ts

@@ -0,0 +1,5 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type WebSearchContextSize = "low" | "medium" | "high";

codex-rs/app-server-protocol/schema/typescript/WebSearchLocation.ts

@@ -0,0 +1,5 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type WebSearchLocation = { country: string | null, region: string | null, city: string | null, timezone: string | null, };

codex-rs/app-server-protocol/schema/typescript/WebSearchToolConfig.ts

@@ -0,0 +1,7 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { WebSearchContextSize } from "./WebSearchContextSize";
+import type { WebSearchLocation } from "./WebSearchLocation";
+
+export type WebSearchToolConfig = { context_size: WebSearchContextSize | null, allowed_domains: Array<string> | null, location: WebSearchLocation | null, };

codex-rs/app-server-protocol/schema/typescript/index.ts

@@ -11,6 +11,7 @@ export type { AgentReasoningEvent } from "./AgentReasoningEvent";
 export type { AgentReasoningRawContentDeltaEvent } from "./AgentReasoningRawContentDeltaEvent";
 export type { AgentReasoningRawContentEvent } from "./AgentReasoningRawContentEvent";
 export type { AgentReasoningSectionBreakEvent } from "./AgentReasoningSectionBreakEvent";
+export type { AgentSpawnMode } from "./AgentSpawnMode";
 export type { AgentStatus } from "./AgentStatus";
 export type { ApplyPatchApprovalParams } from "./ApplyPatchApprovalParams";
 export type { ApplyPatchApprovalRequestEvent } from "./ApplyPatchApprovalRequestEvent";
@@ -53,6 +54,7 @@ export type { ElicitationRequestEvent } from "./ElicitationRequestEvent";
 export type { ErrorEvent } from "./ErrorEvent";
 export type { EventMsg } from "./EventMsg";
 export type { ExecApprovalRequestEvent } from "./ExecApprovalRequestEvent";
+export type { ExecApprovalRequestSkillMetadata } from "./ExecApprovalRequestSkillMetadata";
 export type { ExecCommandApprovalParams } from "./ExecCommandApprovalParams";
 export type { ExecCommandApprovalResponse } from "./ExecCommandApprovalResponse";
 export type { ExecCommandBeginEvent } from "./ExecCommandBeginEvent";
@@ -154,6 +156,7 @@ export type { RejectConfig } from "./RejectConfig";
 export type { RemoteSkillDownloadedEvent } from "./RemoteSkillDownloadedEvent";
 export type { RemoteSkillSummary } from "./RemoteSkillSummary";
 export type { RequestId } from "./RequestId";
+export type { RequestPermissionsEvent } from "./RequestPermissionsEvent";
 export type { RequestUserInputEvent } from "./RequestUserInputEvent";
 export type { RequestUserInputQuestion } from "./RequestUserInputQuestion";
 export type { RequestUserInputQuestionOption } from "./RequestUserInputQuestionOption";
@@ -211,7 +214,10 @@ export type { ViewImageToolCallEvent } from "./ViewImageToolCallEvent";
 export type { WarningEvent } from "./WarningEvent";
 export type { WebSearchAction } from "./WebSearchAction";
 export type { WebSearchBeginEvent } from "./WebSearchBeginEvent";
+export type { WebSearchContextSize } from "./WebSearchContextSize";
 export type { WebSearchEndEvent } from "./WebSearchEndEvent";
 export type { WebSearchItem } from "./WebSearchItem";
+export type { WebSearchLocation } from "./WebSearchLocation";
 export type { WebSearchMode } from "./WebSearchMode";
+export type { WebSearchToolConfig } from "./WebSearchToolConfig";
 export * as v2 from "./v2";

codex-rs/app-server-protocol/schema/typescript/v2/AppSummary.ts

@@ -0,0 +1,8 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+/**
+ * EXPERIMENTAL - app metadata summary for plugin-install responses.
+ */
+export type AppSummary = { id: string, name: string, description: string | null, installUrl: string | null, };

codex-rs/app-server-protocol/schema/typescript/v2/CommandExecOutputDeltaNotification.ts

@@ -0,0 +1,30 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { CommandExecOutputStream } from "./CommandExecOutputStream";
+
+/**
+ * Base64-encoded output chunk emitted for a streaming `command/exec` request.
+ *
+ * These notifications are connection-scoped. If the originating connection
+ * closes, the server terminates the process.
+ */
+export type CommandExecOutputDeltaNotification = { 
+/**
+ * Client-supplied, connection-scoped `processId` from the original
+ * `command/exec` request.
+ */
+processId: string, 
+/**
+ * Output stream for this chunk.
+ */
+stream: CommandExecOutputStream, 
+/**
+ * Base64-encoded output bytes.
+ */
+deltaBase64: string, 
+/**
+ * `true` on the final streamed chunk for a stream when `outputBytesCap`
+ * truncated later output on that stream.
+ */
+capReached: boolean, };

codex-rs/app-server-protocol/schema/typescript/v2/CommandExecOutputStream.ts

@@ -0,0 +1,8 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+/**
+ * Stream label for `command/exec/outputDelta` notifications.
+ */
+export type CommandExecOutputStream = "stdout" | "stderr";

codex-rs/app-server-protocol/schema/typescript/v2/CommandExecParams.ts

@@ -1,6 +1,97 @@
 // GENERATED CODE! DO NOT MODIFY BY HAND!
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { CommandExecTerminalSize } from "./CommandExecTerminalSize";
 import type { SandboxPolicy } from "./SandboxPolicy";
 
-export type CommandExecParams = { command: Array<string>, timeoutMs?: number | null, cwd?: string | null, sandboxPolicy?: SandboxPolicy | null, };
+/**
+ * Run a standalone command (argv vector) in the server sandbox without
+ * creating a thread or turn.
+ *
+ * The final `command/exec` response is deferred until the process exits and is
+ * sent only after all `command/exec/outputDelta` notifications for that
+ * connection have been emitted.
+ */
+export type CommandExecParams = { 
+/**
+ * Command argv vector. Empty arrays are rejected.
+ */
+command: Array<string>, 
+/**
+ * Optional client-supplied, connection-scoped process id.
+ *
+ * Required for `tty`, `streamStdin`, `streamStdoutStderr`, and follow-up
+ * `command/exec/write`, `command/exec/resize`, and
+ * `command/exec/terminate` calls. When omitted, buffered execution gets an
+ * internal id that is not exposed to the client.
+ */
+processId?: string | null, 
+/**
+ * Enable PTY mode.
+ *
+ * This implies `streamStdin` and `streamStdoutStderr`.
+ */
+tty?: boolean, 
+/**
+ * Allow follow-up `command/exec/write` requests to write stdin bytes.
+ *
+ * Requires a client-supplied `processId`.
+ */
+streamStdin?: boolean, 
+/**
+ * Stream stdout/stderr via `command/exec/outputDelta` notifications.
+ *
+ * Streamed bytes are not duplicated into the final response and require a
+ * client-supplied `processId`.
+ */
+streamStdoutStderr?: boolean, 
+/**
+ * Optional per-stream stdout/stderr capture cap in bytes.
+ *
+ * When omitted, the server default applies. Cannot be combined with
+ * `disableOutputCap`.
+ */
+outputBytesCap?: number | null, 
+/**
+ * Disable stdout/stderr capture truncation for this request.
+ *
+ * Cannot be combined with `outputBytesCap`.
+ */
+disableOutputCap?: boolean, 
+/**
+ * Disable the timeout entirely for this request.
+ *
+ * Cannot be combined with `timeoutMs`.
+ */
+disableTimeout?: boolean, 
+/**
+ * Optional timeout in milliseconds.
+ *
+ * When omitted, the server default applies. Cannot be combined with
+ * `disableTimeout`.
+ */
+timeoutMs?: number | null, 
+/**
+ * Optional working directory. Defaults to the server cwd.
+ */
+cwd?: string | null, 
+/**
+ * Optional environment overrides merged into the server-computed
+ * environment.
+ *
+ * Matching names override inherited values. Set a key to `null` to unset
+ * an inherited variable.
+ */
+env?: { [key in string]?: string | null } | null, 
+/**
+ * Optional initial PTY size in character cells. Only valid when `tty` is
+ * true.
+ */
+size?: CommandExecTerminalSize | null, 
+/**
+ * Optional sandbox policy for this command.
+ *
+ * Uses the same shape as thread/turn execution sandbox configuration and
+ * defaults to the user's configured policy when omitted.
+ */
+sandboxPolicy?: SandboxPolicy | null, };

codex-rs/app-server-protocol/schema/typescript/v2/CommandExecResizeParams.ts

@@ -0,0 +1,18 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { CommandExecTerminalSize } from "./CommandExecTerminalSize";
+
+/**
+ * Resize a running PTY-backed `command/exec` session.
+ */
+export type CommandExecResizeParams = { 
+/**
+ * Client-supplied, connection-scoped `processId` from the original
+ * `command/exec` request.
+ */
+processId: string, 
+/**
+ * New PTY size in character cells.
+ */
+size: CommandExecTerminalSize, };

codex-rs/app-server-protocol/schema/typescript/v2/CommandExecResizeResponse.ts

@@ -0,0 +1,8 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+/**
+ * Empty success response for `command/exec/resize`.
+ */
+export type CommandExecResizeResponse = Record<string, never>;

codex-rs/app-server-protocol/schema/typescript/v2/CommandExecResponse.ts

@@ -2,4 +2,23 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type CommandExecResponse = { exitCode: number, stdout: string, stderr: string, };
+/**
+ * Final buffered result for `command/exec`.
+ */
+export type CommandExecResponse = { 
+/**
+ * Process exit code.
+ */
+exitCode: number, 
+/**
+ * Buffered stdout capture.
+ *
+ * Empty when stdout was streamed via `command/exec/outputDelta`.
+ */
+stdout: string, 
+/**
+ * Buffered stderr capture.
+ *
+ * Empty when stderr was streamed via `command/exec/outputDelta`.
+ */
+stderr: string, };

codex-rs/app-server-protocol/schema/typescript/v2/CommandExecTerminalSize.ts

@@ -0,0 +1,16 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+/**
+ * PTY size in character cells for `command/exec` PTY sessions.
+ */
+export type CommandExecTerminalSize = { 
+/**
+ * Terminal height in character cells.
+ */
+rows: number, 
+/**
+ * Terminal width in character cells.
+ */
+cols: number, };

codex-rs/app-server-protocol/schema/typescript/v2/CommandExecTerminateParams.ts

@@ -0,0 +1,13 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+/**
+ * Terminate a running `command/exec` session.
+ */
+export type CommandExecTerminateParams = { 
+/**
+ * Client-supplied, connection-scoped `processId` from the original
+ * `command/exec` request.
+ */
+processId: string, };

codex-rs/app-server-protocol/schema/typescript/v2/CommandExecTerminateResponse.ts

@@ -0,0 +1,8 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+/**
+ * Empty success response for `command/exec/terminate`.
+ */
+export type CommandExecTerminateResponse = Record<string, never>;

codex-rs/app-server-protocol/schema/typescript/v2/CommandExecWriteParams.ts

@@ -0,0 +1,22 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+/**
+ * Write stdin bytes to a running `command/exec` session, close stdin, or
+ * both.
+ */
+export type CommandExecWriteParams = { 
+/**
+ * Client-supplied, connection-scoped `processId` from the original
+ * `command/exec` request.
+ */
+processId: string, 
+/**
+ * Optional base64-encoded stdin bytes to write.
+ */
+deltaBase64?: string | null, 
+/**
+ * Close stdin after writing `deltaBase64`, if present.
+ */
+closeStdin?: boolean, };

codex-rs/app-server-protocol/schema/typescript/v2/CommandExecWriteResponse.ts

@@ -0,0 +1,8 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+/**
+ * Empty success response for `command/exec/write`.
+ */
+export type CommandExecWriteResponse = Record<string, never>;

codex-rs/app-server-protocol/schema/typescript/v2/CommandExecutionRequestApprovalParams.ts

@@ -4,6 +4,7 @@
 import type { AdditionalPermissionProfile } from "./AdditionalPermissionProfile";
 import type { CommandAction } from "./CommandAction";
 import type { CommandExecutionApprovalDecision } from "./CommandExecutionApprovalDecision";
+import type { CommandExecutionRequestApprovalSkillMetadata } from "./CommandExecutionRequestApprovalSkillMetadata";
 import type { ExecPolicyAmendment } from "./ExecPolicyAmendment";
 import type { NetworkApprovalContext } from "./NetworkApprovalContext";
 import type { NetworkPolicyAmendment } from "./NetworkPolicyAmendment";
@@ -43,6 +44,10 @@ commandActions?: Array<CommandAction> | null,
  * Optional additional permissions requested for this command.
  */
 additionalPermissions?: AdditionalPermissionProfile | null, 
+/**
+ * Optional skill metadata when the approval was triggered by a skill script.
+ */
+skillMetadata?: CommandExecutionRequestApprovalSkillMetadata | null, 
 /**
  * Optional proposed execpolicy amendment to allow similar commands without prompting.
  */

codex-rs/app-server-protocol/schema/typescript/v2/CommandExecutionRequestApprovalSkillMetadata.ts

@@ -0,0 +1,5 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type CommandExecutionRequestApprovalSkillMetadata = { pathToSkillsMd: string, };

codex-rs/app-server-protocol/schema/typescript/v2/ConfigBatchWriteParams.ts

@@ -7,4 +7,8 @@ export type ConfigBatchWriteParams = { edits: Array<ConfigEdit>,
 /**
  * Path to the config file to write; defaults to the user's `config.toml` when omitted.
  */
-filePath?: string | null, expectedVersion?: string | null, };
+filePath?: string | null, expectedVersion?: string | null, 
+/**
+ * When true, hot-reload the updated user config into all loaded threads after writing.
+ */
+reloadUserConfig?: boolean, };

codex-rs/app-server-protocol/schema/typescript/v2/GrantedMacOsPermissions.ts

@@ -0,0 +1,7 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { MacOsAutomationPermission } from "../MacOsAutomationPermission";
+import type { MacOsPreferencesPermission } from "../MacOsPreferencesPermission";
+
+export type GrantedMacOsPermissions = { preferences?: MacOsPreferencesPermission, automations?: MacOsAutomationPermission, accessibility?: boolean, calendar?: boolean, };

codex-rs/app-server-protocol/schema/typescript/v2/GrantedPermissionProfile.ts

@@ -0,0 +1,8 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { AdditionalFileSystemPermissions } from "./AdditionalFileSystemPermissions";
+import type { AdditionalNetworkPermissions } from "./AdditionalNetworkPermissions";
+import type { GrantedMacOsPermissions } from "./GrantedMacOsPermissions";
+
+export type GrantedPermissionProfile = { network?: AdditionalNetworkPermissions, fileSystem?: AdditionalFileSystemPermissions, macos?: GrantedMacOsPermissions, };

codex-rs/app-server-protocol/schema/typescript/v2/McpElicitationArrayType.ts

@@ -0,0 +1,5 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type McpElicitationArrayType = "array";

codex-rs/app-server-protocol/schema/typescript/v2/McpElicitationBooleanSchema.ts

@@ -0,0 +1,6 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { McpElicitationBooleanType } from "./McpElicitationBooleanType";
+
+export type McpElicitationBooleanSchema = { type: McpElicitationBooleanType, title?: string, description?: string, default?: boolean, };

codex-rs/app-server-protocol/schema/typescript/v2/McpElicitationBooleanType.ts

@@ -0,0 +1,5 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type McpElicitationBooleanType = "boolean";

codex-rs/app-server-protocol/schema/typescript/v2/McpElicitationConstOption.ts

@@ -0,0 +1,5 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type McpElicitationConstOption = { const: string, title: string, };

codex-rs/app-server-protocol/schema/typescript/v2/McpElicitationEnumSchema.ts

@@ -0,0 +1,8 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { McpElicitationLegacyTitledEnumSchema } from "./McpElicitationLegacyTitledEnumSchema";
+import type { McpElicitationMultiSelectEnumSchema } from "./McpElicitationMultiSelectEnumSchema";
+import type { McpElicitationSingleSelectEnumSchema } from "./McpElicitationSingleSelectEnumSchema";
+
+export type McpElicitationEnumSchema = McpElicitationSingleSelectEnumSchema | McpElicitationMultiSelectEnumSchema | McpElicitationLegacyTitledEnumSchema;

codex-rs/app-server-protocol/schema/typescript/v2/McpElicitationLegacyTitledEnumSchema.ts

@@ -0,0 +1,6 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { McpElicitationStringType } from "./McpElicitationStringType";
+
+export type McpElicitationLegacyTitledEnumSchema = { type: McpElicitationStringType, title?: string, description?: string, enum: Array<string>, enumNames?: Array<string>, default?: string, };

codex-rs/app-server-protocol/schema/typescript/v2/McpElicitationMultiSelectEnumSchema.ts

@@ -0,0 +1,7 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { McpElicitationTitledMultiSelectEnumSchema } from "./McpElicitationTitledMultiSelectEnumSchema";
+import type { McpElicitationUntitledMultiSelectEnumSchema } from "./McpElicitationUntitledMultiSelectEnumSchema";
+
+export type McpElicitationMultiSelectEnumSchema = McpElicitationUntitledMultiSelectEnumSchema | McpElicitationTitledMultiSelectEnumSchema;

codex-rs/app-server-protocol/schema/typescript/v2/McpElicitationNumberSchema.ts

@@ -0,0 +1,6 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { McpElicitationNumberType } from "./McpElicitationNumberType";
+
+export type McpElicitationNumberSchema = { type: McpElicitationNumberType, title?: string, description?: string, minimum?: number, maximum?: number, default?: number, };

codex-rs/app-server-protocol/schema/typescript/v2/McpElicitationNumberType.ts

@@ -0,0 +1,5 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type McpElicitationNumberType = "number" | "integer";

codex-rs/app-server-protocol/schema/typescript/v2/McpElicitationObjectType.ts

@@ -0,0 +1,5 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type McpElicitationObjectType = "object";

codex-rs/app-server-protocol/schema/typescript/v2/McpElicitationPrimitiveSchema.ts

@@ -0,0 +1,9 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { McpElicitationBooleanSchema } from "./McpElicitationBooleanSchema";
+import type { McpElicitationEnumSchema } from "./McpElicitationEnumSchema";
+import type { McpElicitationNumberSchema } from "./McpElicitationNumberSchema";
+import type { McpElicitationStringSchema } from "./McpElicitationStringSchema";
+
+export type McpElicitationPrimitiveSchema = McpElicitationEnumSchema | McpElicitationStringSchema | McpElicitationNumberSchema | McpElicitationBooleanSchema;

codex-rs/app-server-protocol/schema/typescript/v2/McpElicitationSchema.ts

@@ -0,0 +1,13 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { McpElicitationObjectType } from "./McpElicitationObjectType";
+import type { McpElicitationPrimitiveSchema } from "./McpElicitationPrimitiveSchema";
+
+/**
+ * Typed form schema for MCP `elicitation/create` requests.
+ *
+ * This matches the `requestedSchema` shape from the MCP 2025-11-25
+ * `ElicitRequestFormParams` schema.
+ */
+export type McpElicitationSchema = { $schema?: string, type: McpElicitationObjectType, properties: { [key in string]?: McpElicitationPrimitiveSchema }, required?: Array<string>, };

codex-rs/app-server-protocol/schema/typescript/v2/McpElicitationSingleSelectEnumSchema.ts

@@ -0,0 +1,7 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { McpElicitationTitledSingleSelectEnumSchema } from "./McpElicitationTitledSingleSelectEnumSchema";
+import type { McpElicitationUntitledSingleSelectEnumSchema } from "./McpElicitationUntitledSingleSelectEnumSchema";
+
+export type McpElicitationSingleSelectEnumSchema = McpElicitationUntitledSingleSelectEnumSchema | McpElicitationTitledSingleSelectEnumSchema;

codex-rs/app-server-protocol/schema/typescript/v2/McpElicitationStringFormat.ts

@@ -0,0 +1,5 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type McpElicitationStringFormat = "email" | "uri" | "date" | "date-time";

codex-rs/app-server-protocol/schema/typescript/v2/McpElicitationStringSchema.ts

@@ -0,0 +1,7 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { McpElicitationStringFormat } from "./McpElicitationStringFormat";
+import type { McpElicitationStringType } from "./McpElicitationStringType";
+
+export type McpElicitationStringSchema = { type: McpElicitationStringType, title?: string, description?: string, minLength?: number, maxLength?: number, format?: McpElicitationStringFormat, default?: string, };

codex-rs/app-server-protocol/schema/typescript/v2/McpElicitationStringType.ts

@@ -0,0 +1,5 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type McpElicitationStringType = "string";

codex-rs/app-server-protocol/schema/typescript/v2/McpElicitationTitledEnumItems.ts

@@ -0,0 +1,6 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { McpElicitationConstOption } from "./McpElicitationConstOption";
+
+export type McpElicitationTitledEnumItems = { anyOf: Array<McpElicitationConstOption>, };

codex-rs/app-server-protocol/schema/typescript/v2/McpElicitationTitledMultiSelectEnumSchema.ts

@@ -0,0 +1,7 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { McpElicitationArrayType } from "./McpElicitationArrayType";
+import type { McpElicitationTitledEnumItems } from "./McpElicitationTitledEnumItems";
+
+export type McpElicitationTitledMultiSelectEnumSchema = { type: McpElicitationArrayType, title?: string, description?: string, minItems?: bigint, maxItems?: bigint, items: McpElicitationTitledEnumItems, default?: Array<string>, };

codex-rs/app-server-protocol/schema/typescript/v2/McpElicitationTitledSingleSelectEnumSchema.ts

@@ -0,0 +1,7 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { McpElicitationConstOption } from "./McpElicitationConstOption";
+import type { McpElicitationStringType } from "./McpElicitationStringType";
+
+export type McpElicitationTitledSingleSelectEnumSchema = { type: McpElicitationStringType, title?: string, description?: string, oneOf: Array<McpElicitationConstOption>, default?: string, };

codex-rs/app-server-protocol/schema/typescript/v2/McpElicitationUntitledEnumItems.ts

@@ -0,0 +1,6 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { McpElicitationStringType } from "./McpElicitationStringType";
+
+export type McpElicitationUntitledEnumItems = { type: McpElicitationStringType, enum: Array<string>, };

codex-rs/app-server-protocol/schema/typescript/v2/McpElicitationUntitledMultiSelectEnumSchema.ts

@@ -0,0 +1,7 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { McpElicitationArrayType } from "./McpElicitationArrayType";
+import type { McpElicitationUntitledEnumItems } from "./McpElicitationUntitledEnumItems";
+
+export type McpElicitationUntitledMultiSelectEnumSchema = { type: McpElicitationArrayType, title?: string, description?: string, minItems?: bigint, maxItems?: bigint, items: McpElicitationUntitledEnumItems, default?: Array<string>, };

codex-rs/app-server-protocol/schema/typescript/v2/McpElicitationUntitledSingleSelectEnumSchema.ts

@@ -0,0 +1,6 @@
+// GENERATED CODE! DO NOT MODIFY BY HAND!
+
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { McpElicitationStringType } from "./McpElicitationStringType";
+
+export type McpElicitationUntitledSingleSelectEnumSchema = { type: McpElicitationStringType, title?: string, description?: string, enum: Array<string>, default?: string, };

codex-rs/app-server-protocol/schema/typescript/v2/McpServerElicitationRequestParams.ts

@@ -2,6 +2,7 @@
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { JsonValue } from "../serde_json/JsonValue";
+import type { McpElicitationSchema } from "./McpElicitationSchema";
 
 export type McpServerElicitationRequestParams = { threadId: string, 
 /**
@@ -12,4 +13,4 @@ export type McpServerElicitationRequestParams = { threadId: string,
  * context is app-server correlation rather than part of the protocol identity of the
  * elicitation itself.
  */
-turnId: string | null, serverName: string, } & ({ "mode": "form", message: string, requestedSchema: JsonValue, } | { "mode": "url", message: string, url: string, elicitationId: string, });
+turnId: string | null, serverName: string, } & ({ "mode": "form", _meta: JsonValue | null, message: string, requestedSchema: McpElicitationSchema, } | { "mode": "url", _meta: JsonValue | null, message: string, url: string, elicitationId: string, });

codex-rs/app-server-protocol/schema/typescript/v2/McpServerElicitationRequestResponse.ts

@@ -10,4 +10,8 @@ export type McpServerElicitationRequestResponse = { action: McpServerElicitation
  *
  * This is nullable because decline/cancel responses have no content.
  */
-content: JsonValue | null, };
+content: JsonValue | null, 
+/**
+ * Optional client metadata for form-mode action handling.
+ */
+_meta: JsonValue | null, };