chore(deps): bump @openai/codex-sdk from 0.114.0 to 0.133.0

[dependabot]

Bumps @openai/codex-sdk from 0.114.0 to 0.133.0.

Release notes

Sourced from @​openai/codex-sdk's releases.

0.133.0

New Features

• Goals are now enabled by default, backed by dedicated storage, and track progress across active turns. (#23300, #23685, #23696, #23732)
• codex remote-control now runs like a foreground command, waits for readiness, reports machine status, and keeps explicit daemon-style start/stop commands. (#22878)
• Permission profiles gained list APIs, inheritance, managed requirements.toml support, runtime refresh behavior, and stronger Windows sandbox integration. (#22928, #23412, #22270, #23433, #22931, #23715)
• Plugin discovery is easier to inspect, with marketplace-aware list output, installed versions, visible marketplace roots, and remote collection support. (#23372, #23584, #23727, #23730)
• Extensions can observe more lifecycle events, including subagent start/stop, tool execution, turn metadata, and async approval/turn processing. (#22782, #22873, #23309, #23688, #23690, #23692)

Bug Fixes

• Fixed TUI startup choosing the wrong working directory when reusing a local app-server socket. (#23538)
• Fixed plan-mode free-form answers so modified Enter keys, like Shift+Enter, no longer submit unexpectedly. (#23536)
• Removed stale background terminal poll events after a process exits. (#23231)
• Preserved raw code-mode exec output unless an explicit output token limit is requested. (#23564)
• Made AGENTS instruction loading more reliable, including local global reads and warnings for invalid UTF-8 instead of silent drops. (#23343, #23232)
• Fixed app-server startup/shutdown races, empty resume/fork paths, plugin upgrade failures, and realtime v1 websocket compatibility. (#23516, #23578, #23400, #23356, #23771)

Documentation

• Added clearer plugin-creator guidance for updating and reinstalling local personal plugins. (#23542)
• Expanded app-server/API docs and schema coverage around managed permission profile requirements. (#23433, #23555)

Chores

• Added a canonical Codex package archive pipeline and moved installers, npm packages, DotSlash, and SDK runtimes toward that shared layout. (#23513, #23582, #23586, #23596, #23635, #23636, #23637, #23638, #23786)
• Fixed Linux Python runtime wheel tags so glibc-based systems can install the runtime artifacts. (#21812)
• Improved release and CI reliability with package-builder tests, prebuilt resource packaging, DotSlash zstd handling, platform-sharded Rust tests, and Codex Linux release runners. (#23760, #23759, #23752, #23358, #23761)

Changelog

Full Changelog: openai/codex@rust-v0.132.0...rust-v0.133.0

• #23343 codex: route global AGENTS reads through LOCAL_FS @​starr-openai
• #22380 fix: default unknown tool schemas to empty schemas @​celia-oai
• #23309 Add tool lifecycle extension contributor @​jif-oai
• #23253 Reduce rust-ci-full Windows nextest timeout flakes @​starr-openai
• #22878 Improve codex remote-control CLI UX @​owenlin0
• #21812 Publish Linux runtime wheels with glibc-compatible tags @​aibrahim-oai
• #22709 [codex] Trim unused TurnContextItem fields @​pakrym-oai
• #23353 Include plugin id in plugin MCP tool metadata @​mzeng-openai
• #22728 [codex] Move pending input into input queue @​pakrym-oai
• #23371 fix(tui): warn on unsupported iTerm2 pet versions @​fcoury-oai
• #23376 [codex-analytics] preserve user thread source for exec threads @​marksteinbrick-oai
• #23360 app-server: use profile ids in v2 permission params @​bolinfest
• #23384 [codex] Remove external websocket session resets @​pakrym-oai
• #22721 cleanup: Remove skill env var dependency prompting @​xl-openai
• #23389 Remove ToolSearch feature toggle @​sayan-oai
• #23080 [1 of 7] Add thread settings to UserInput @​etraut-openai
• #23081 [2 of 7] Remove UserInputWithTurnContext @​etraut-openai
• #23075 [3 of 7] Remove UserTurn @​etraut-openai
• #23396 [codex] Extract turn skill and plugin injections @​pakrym-oai
• #23356 fix(plugins): keep version upgrades additive @​iceweasel-oai
• #22508 [5 of 7] Replace OverrideTurnContext with ThreadSettings @​etraut-openai

... (truncated)

Commits

• 0b4f860 sdk: launch packaged Codex runtimes (#23786)
• 6941f5c [codex] preserve MCP result meta in McpToolCallItemResult (#22946)
• 83decfa [codex] Remove unused legacy shell tools (#22246)
• dee5f5e Harden package-manager install policy (#19163)
• ddfa691 Surface reasoning tokens in exec JSON usage (#19308)
• 4b8bab6 Remove OPENAI_BASE_URL config fallback (#16720)
• 2ffb32d ci: run SDK tests with a Bazel-built codex (#16046)
• 95845cf fix: disable plugins in SDK integration tests (#16036)
• 7706164 Prefer websockets when providers support them (#13592)
• 4b9d5c8 Add openai_base_url config override for built-in provider (#12031)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)