Isolate Codex app-server state per agent (#74556)

* fix(codex): isolate app-server home per agent

* fix(codex): isolate native Codex assets per agent

* fix(channels): mark inbound system events untrusted

* fix(doctor): warn on personal Codex agent skills

* test(doctor): cover personal Codex agent skills warning

* fix(codex): forward auth profiles to harness runs

* fix(codex): preserve auto auth for harness runs

* fix(codex): auto-select harness auth profiles

* test(codex): type harness auth mock

* feat(codex): select migrated skills

* fix(codex): satisfy migration selection lint

* docs: add codex isolation changelog

docs/cli/doctor.md

@@ -52,6 +52,7 @@ Notes:
 - Repeat `doctor --fix` runs no longer report/apply Talk normalization when the only difference is object key order.
 - Doctor includes a memory-search readiness check and can recommend `openclaw configure --section model` when embedding credentials are missing.
 - Doctor warns when no command owner is configured. The command owner is the human operator account allowed to run owner-only commands and approve dangerous actions. DM pairing only lets someone talk to the bot; if you approved a sender before first-owner bootstrap existed, set `commands.ownerAllowFrom` explicitly.
+- Doctor warns when Codex-mode agents are configured and personal Codex CLI assets exist in the operator's Codex home. Local Codex app-server launches use isolated per-agent homes, so use `openclaw migrate codex --dry-run` to inventory assets that should be promoted deliberately.
 - If sandbox mode is enabled but Docker is unavailable, doctor reports a high-signal warning with remediation (`install Docker` or `openclaw config set agents.defaults.sandbox.mode off`).
 - If `gateway.auth.token`/`gateway.auth.password` are SecretRef-managed and unavailable in the current command path, doctor reports a read-only warning and does not write plaintext fallback credentials.
 - If channel SecretRef inspection fails in a fix path, doctor continues and reports a warning instead of exiting early.

docs/cli/migrate.md

@@ -8,7 +8,7 @@ title: "Migrate"
 
 # `openclaw migrate`
 
-Import state from another agent system through a plugin-owned migration provider. Bundled providers cover [Claude](/install/migrating-claude) and [Hermes](/install/migrating-hermes); third-party plugins can register additional providers.
+Import state from another agent system through a plugin-owned migration provider. Bundled providers cover Codex CLI state, [Claude](/install/migrating-claude), and [Hermes](/install/migrating-hermes); third-party plugins can register additional providers.
 
 <Tip>
 For user-facing walkthroughs, see [Migrating from Claude](/install/migrating-claude) and [Migrating from Hermes](/install/migrating-hermes). The [migration hub](/install/migrating) lists all paths.
@@ -19,8 +19,12 @@ For user-facing walkthroughs, see [Migrating from Claude](/install/migrating-cla
 ```bash
 openclaw migrate list
 openclaw migrate claude --dry-run
+openclaw migrate codex --dry-run
+openclaw migrate codex --skill gog-vault77-google-workspace
 openclaw migrate hermes --dry-run
 openclaw migrate hermes
+openclaw migrate apply codex --yes --skill gog-vault77-google-workspace
+openclaw migrate apply codex --yes
 openclaw migrate apply claude --yes
 openclaw migrate apply hermes --yes
 openclaw migrate apply hermes --include-secrets --yes
@@ -47,6 +51,9 @@ openclaw onboard --import-from hermes --import-source ~/.hermes
 <ParamField path="--yes" type="boolean">
   Skip the confirmation prompt. Required in non-interactive mode.
 </ParamField>
+<ParamField path="--skill <name>" type="string">
+  Select one skill copy item by skill name or item id. Repeat the flag to migrate multiple skills. When omitted, interactive Codex migrations show a checkbox selector and non-interactive migrations keep all planned skills.
+</ParamField>
 <ParamField path="--no-backup" type="boolean">
   Skip the pre-apply backup. Requires `--force` when local OpenClaw state exists.
 </ParamField>
@@ -99,6 +106,43 @@ For a user-facing walkthrough, see [Migrating from Claude](/install/migrating-cl
 
 Claude hooks, permissions, environment defaults, local memory, path-scoped rules, subagents, caches, plans, and project history are preserved in the migration report or reported as manual-review items. OpenClaw does not execute hooks, copy broad allowlists, or import OAuth/Desktop credential state automatically.
 
+## Codex provider
+
+The bundled Codex provider detects Codex CLI state at `~/.codex` by default, or
+at `CODEX_HOME` when that environment variable is set. Use `--from <path>` to
+inventory a specific Codex home.
+
+Use this provider when moving to the OpenClaw Codex harness and you want to
+promote useful personal Codex CLI assets deliberately. Local Codex app-server
+launches use per-agent `CODEX_HOME` and `HOME` directories, so they do not read
+your personal Codex CLI state by default.
+
+Running `openclaw migrate codex` in an interactive terminal previews the full
+plan, then opens a checkbox selector for skill copy items before the final
+apply confirmation. All skills start selected; uncheck any skill you do not want
+copied into this agent. For scripted or exact runs, pass `--skill <name>` once
+per skill, for example:
+
+```bash
+openclaw migrate codex --dry-run --skill gog-vault77-google-workspace
+openclaw migrate apply codex --yes --skill gog-vault77-google-workspace
+```
+
+### What Codex imports
+
+- Codex CLI skill directories under `$CODEX_HOME/skills`, excluding Codex's
+  `.system` cache.
+- Personal AgentSkills under `$HOME/.agents/skills`, copied into the current
+  OpenClaw agent workspace when you want per-agent ownership.
+
+### Manual-review Codex state
+
+Codex native plugins, `config.toml`, and native `hooks/hooks.json` are not
+activated automatically. Plugins may expose MCP servers, apps, hooks, or other
+executable behavior, so the provider reports them for review instead of loading
+them into OpenClaw. Config and hook files are copied into the migration report
+for manual review.
+
 ## Hermes provider
 
 The bundled Hermes provider detects state at `~/.hermes` by default. Use `--from <path>` when Hermes lives elsewhere.