build(deps): bump @openai/codex-sdk from 0.91.0 to 0.97.0 in /core

[dependabot]

Bumps @openai/codex-sdk from 0.91.0 to 0.97.0.

Release notes

Sourced from @​openai/codex-sdk's releases.

0.97.0

New Features

• Added a session-scoped “Allow and remember” option for MCP/App tool approvals, so repeated calls to the same tool can be auto-approved during the session. (#10584)
• Added live skill update detection, so skill file changes are picked up without restarting. (#10478)
• Added support for mixed text and image content in dynamic tool outputs for app-server integrations. (#10567)
• Added a new /debug-config slash command in the TUI to inspect effective configuration. (#10642)
• Introduced initial memory plumbing (API client + local persistence) to support thread memory summaries. (#10629, #10634)
• Added configurable log_dir so logs can be redirected (including via -c overrides) more easily. (#10678)

Bug Fixes

• Fixed jitter in the TUI apps/connectors picker by stabilizing description-column rendering. (#10593)
• Restored and stabilized the TUI “working” status indicator/shimmer during preamble and early exec flows. (#10700, #10701)
• Improved cloud requirements reliability with higher timeouts, retries, and corrected precedence over MDM settings. (#10631, #10633, #10659)
• Persisted pending-input user events more consistently for mid-turn injected input handling. (#10656)

Documentation

• Documented how to opt in to the experimental app-server API. (#10667)
• Updated docs/schema coverage for new log_dir configuration behavior. (#10678)

Chores

• Added a gated Bubblewrap (bwrap) Linux sandbox path to improve filesystem isolation options. (#9938)
• Refactored model client lifecycle to be session-scoped and reduced implicit client state. (#10595, #10664)
• Added caching for MCP actions from apps to reduce repeated load latency for users with many installed apps. (#10662)
• Added a none personality option in protocol/config surfaces. (#10688)

Changelog

Full Changelog: openai/codex@rust-v0.96.0...rust-v0.97.0

• #10595 Stop client from being state carrier @​pakrym-oai
• #10584 Add option to approve and remember MCP/Apps tool usage @​canvrno-oai
• #10644 fix: flaky test @​jif-oai
• #10629 feat: add phase 1 mem client @​jif-oai
• #10633 Cloud Requirements: take precedence over MDM @​gt-oai
• #10659 Increase cloud req timeout @​gt-oai
• #9938 feat(linux-sandbox): add bwrap support @​viyatb-oai
• #10656 Persist pending input user events @​aibrahim-oai
• #10634 feat: add phase 1 mem db @​jif-oai
• #10593 Fix jitter in TUI apps/connectors picker @​canvrno-oai
• #10662 [apps] Cache MCP actions from apps. @​mzeng-openai
• #10649 Fix test_shell_command_interruption flake @​gt-oai
• #10642 Add /debug-config slash command @​gt-oai
• #10478 Added support for live updates to skills @​etraut-openai
• #10688 add none personality option @​aibrahim-oai
• #10567 feat(app-server, core): allow text + image content items for dynamic tool outputs @​owenlin0
• #10667 chore(app-server): document experimental API opt-in @​owenlin0
• #10664 Session-level model client @​pakrym-oai
• #10678 feat(core): add configurable log_dir @​joshka-oai
• #10631 Cloud Requirements: increase timeout and retries @​gt-oai
• #10650 chore(core) personality migration tests @​dylan-hurd-oai

... (truncated)

Commits

• 9327e99 Fix minor typos in comments and documentation (#10287)
• 4d9ae3a fix: remove references to corepack (#10138)
• 894923e feat: make it possible to specify --config flags in the SDK (#10003)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #478.