build(deps): bump @openai/codex-sdk from 0.91.0 to 0.92.0 in /core

[dependabot]

Bumps @openai/codex-sdk from 0.91.0 to 0.92.0.

Release notes

Sourced from @​openai/codex-sdk's releases.

0.92.0

New Features

• API v2 threads can now inject dynamic tools at startup and route their calls/responses end-to-end through the server and core tool pipeline. (#9539)
• Added filtering on the thread list in the app server to make large thread sets easier to browse. (#9897)
• Introduced a thread/unarchive RPC to restore archived rollouts back into active sessions. (#9843)
• MCP servers can now define OAuth scopes in config.toml, reducing the need to pass --scopes on each login. (#9647)
• Multi-agent collaboration is more capable and safer, with an explorer role, better collab event mapping, and max-depth guardrails. (#9817, #9818, #9918, #9899)
• Cached web_search is now the default client behavior. (#9974)

Bug Fixes

• Fixed a TUI deadlock/freeze under high streaming throughput by avoiding blocking sends on the main Tokio thread. (#9951)
• The web_search tool now handles and displays all action types, and shows in-progress activity instead of appearing stuck. (#9960)
• Reduced high CPU usage in collaboration flows by eliminating busy-waiting on subagents. (#9776)
• Fixed codex resume --last --json so prompts parse correctly without conflicting argument errors. (#9475)
• Windows sandbox logging now handles UTF-8 safely, preventing failures when truncating multibyte content. (#8647)
• request_user_input is now rejected outside Plan/Pair modes to prevent invalid tool calls. (#9955)

Documentation

• Updated the contribution guidelines for clearer onboarding and workflow expectations. (#9933)
• Refreshed protocol/MCP docs to reflect thread/unarchive and the updated request_user_input question shape. (#9843, #9890)

Chores

• Self-update via Homebrew now uses an explicit cask upgrade command to avoid warnings and ambiguity. (#9823)
• Release packaging now consistently writes the bundle zip to dist/. (#9934)
• Updated key dependencies in the Rust workspace (including axum, tracing, globset, and tokio-test). (#9880, #9882, #9883, #9884)
• Aligned feature stage naming with public maturity stages and added clearer warnings for underdevelopment features. (#9929, #9954)

Changelog

Full Changelog: openai/codex@rust-v0.91.0...rust-v0.92.0

• #9850 chore: remove extra newline in println @​SohailRaoufi
• #9868 Adjust modes masks @​aibrahim-oai
• #9874 Prompt @​aibrahim-oai
• #9877 Plan prompt @​aibrahim-oai
• #9718 feat(tui) /personality @​dylan-hurd-oai
• #9871 chore(core) move model_instructions_template config @​dylan-hurd-oai
• #9539 feat: dynamic tools injection @​jif-oai
• #9818 feat: rebase multi-agent tui on config_snapshot @​jif-oai
• #9789 Fix flakey resume test @​gt-oai
• #9784 Fix flakey conversation flow test @​gt-oai
• #9918 feat: explorer collab @​jif-oai
• #9899 feat: disable collab at max depth @​jif-oai
• #9916 Fix up config disabled err msg @​gt-oai
• #9890 Feat: add isOther to question returned by request user input tool @​shijie-oai
• #9817 feat: codex exec mapping of collab tools @​jif-oai
• #9919 Fix flakey shell snapshot test @​gt-oai
• #9776 fix: attempt to reduce high cpu usage when using collab @​eugeneoden
• #9928 prompt @​aibrahim-oai
• #9925 chore: update interrupt message @​jif-oai

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[dependabot]

Superseded by #465.