Add exec-server sandbox launch intent

[starr-openai]

Summary

• add a backward-compatible process/start launch intent envelope and exec-server capability bit
• let remote direct unified exec send pre-transform command plus sandbox intent when the exec-server advertises support and managed network does not need core realization
• materialize the concrete executor platform sandbox and helper paths inside exec-server, then return the realized sandbox for denial classification
• keep legacy materialized requests as the default and do not advertise the new capability on Windows executors yet

Validation

• just fmt
• ssh dev-4 'cd /home/dev-user/code/codex-worktrees/exec-sandbox-intent-c4 && export PATH=$HOME/code/openai/project/dotslash-gen/bin:$HOME/.local/bin:$PATH && ./scripts/check-module-bazel-lock.sh'
• /Users/starr/dotfiles/skills/codex-applied-devbox/scripts/sync-worktree-and-run --host dev-4 --command 'cd codex-rs && export PATH=$HOME/code/openai/project/dotslash-gen/bin:$HOME/.local/bin:$PATH && bazel test --bes_backend= --bes_results_url= --test_filter="materialized_exec_params_omit_launch|exec_response_defaults_missing_sandbox|platform_sandbox_intent_uses_executor_platform|materializes_sandbox_intent_with_executor_runtime_paths|exec_server_materializes_process_sandbox_intent|exec_server_materializes_platform_process_sandbox_intent|exec_server_starts_process_over_websocket" //codex-rs/exec-server:exec-server-unit-tests //codex-rs/exec-server:exec-server-process-test' /Users/starr/code/codex-worktrees/exec-sandbox-intent-c4
• ssh dev-4 'cd /home/dev-user/code/codex-worktrees/exec-sandbox-intent-c4/codex-rs && export PATH=$HOME/code/openai/project/dotslash-gen/bin:$HOME/.local/bin:$PATH && bazel test --bes_backend= --bes_results_url= --test_filter="direct_remote_exec_server_uses_sandbox_intent_only_when_network_stays_executor_local|exec_server_sandbox_intent_params_keep_pre_transform_command" //codex-rs/core:core-unit-tests'
• ssh dev-4 'cd /home/dev-user/code/codex-worktrees/exec-sandbox-intent-c4/codex-rs && export PATH=$HOME/code/openai/project/dotslash-gen/bin:$HOME/.local/bin:$PATH && bazel build --bes_backend= --bes_results_url= //codex-rs/rmcp-client:rmcp-client'
• /Users/starr/dotfiles/skills/codex-applied-devbox/scripts/sync-worktree-and-run --host dev-4 --command 'cd codex-rs && export PATH=$HOME/code/openai/project/dotslash-gen/bin:$HOME/.local/bin:$PATH && bazel build --bes_backend= --bes_results_url= --config=clippy //codex-rs/exec-server:exec-server-unit-tests-bin //codex-rs/core:core-unit-tests-bin' /Users/starr/code/codex-worktrees/exec-sandbox-intent-c4

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: d4e859d76b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Ignore unknown exec-server capabilities

When a newer exec-server adds another capability to the capabilities array, clients built from this commit will fail to deserialize InitializeResponse because any unknown ExecServerCapability value is an error. That breaks the forward-compatibility property capability negotiation is meant to provide; the client should tolerate and ignore unknown capability strings instead of failing the whole initialize handshake.

Useful? React with 👍 / 👎.