Improve Codex happy path prompt snapshots

[pashpashpash]

This builds on the prompt snapshot work by making the Codex happy-path fixtures show the part we actually care about during audits: the model-bound layer stack, not just the OpenClaw app-server payload.

Before this, the snapshots showed selected thread and turn params, OpenClaw developer instructions, user input, and dynamic tools. That was useful, but it left the most important upstream layer implicit: the Codex gpt-5.5 model instructions that Codex resolves from its model catalog or models_cache.json.

This PR pins a pragmatic gpt-5.5 Codex prompt fixture generated from Codex's runtime model cache shape, records source metadata, and renders it into the Telegram direct, Discord group, and heartbeat happy-path snapshots alongside the Codex permission developer text, OpenClaw developer instructions, user input, dynamic tool references, and rough layer token estimates. The snapshots still call out the remaining runtime-owned gap clearly: this is a deterministic reconstructed layer view, not a byte-for-byte raw OpenAI request capture from Codex core.

I also added pnpm prompt:snapshots:sync-codex-model so maintainers can refresh the pinned Codex prompt from Codex's normal $CODEX_HOME/models_cache.json location, from the default ~/.codex/models_cache.json, or from an explicit local Codex checkout/catalog path. If none of those default sources exist, the command now exits cleanly without changing the committed fixture, because most contributors should not need a Codex checkout just to work in this repo.

The prompt snapshot drift check now runs inside CI's additional boundary shard. That means a PR that changes prompt composition or the pinned Codex prompt fixture has to carry the regenerated snapshots with it, instead of letting the committed audit artifacts silently drift.

While running the widened local changed gate, the Docker E2E boundary guard exposed an existing mismatch for live-codex-npm-plugin: that lane is intentionally both live and package-backed. The PR keeps that exception explicit so script lint remains aligned with the existing Docker plan tests.

After rebasing over the plugin externalization work on main, this also keeps the root package files exclusions for the publishable acpx, googlechat, and line plugin dist trees. Those plugin builds have their own package paths and should not be swept into the core OpenClaw npm tarball.

[clawsweeper]

Codex review: needs maintainer review before merge.

Summary
The PR adds reconstructed Codex model-bound prompt snapshot fixtures, a Codex model fixture sync script, prompt snapshot CI drift checking, and package/Docker boundary adjustments.

Reproducibility: not applicable. as a feature/test-fixture PR. The current-main gap is reproducible by reading the existing docs and snapshot helper: they explicitly omit the Codex model prompt layer and render only OpenClaw-owned app-server layers.

Next step before merge
The protected maintainer label and external Codex prompt fixture provenance require human review; I found no narrow automated repair defect.

Security
Cleared: The diff adds docs, tests, generated fixtures, package exclusions, and local maintainer scripts without new dependencies, workflow permission changes, secret handling, or downloaded code execution.

Review details

Best possible solution:

Have a maintainer review the protected PR, confirm the Codex fixture provenance, and merge once the exact-head boundary checks are green.

Do we have a high-confidence way to reproduce the issue?

Not applicable as a feature/test-fixture PR. The current-main gap is reproducible by reading the existing docs and snapshot helper: they explicitly omit the Codex model prompt layer and render only OpenClaw-owned app-server layers.

Is this the best way to solve the issue?

Yes, subject to maintainer sign-off. A pinned fixture with source metadata and explicit reconstructed-layer wording is a narrow maintainable solution that avoids claiming byte-for-byte raw Codex request capture.

What I checked:

• protected_label: The PR is open, non-draft, mergeable, and labeled maintainer, which blocks automated close/cleanup handling. (2c569a5a0b24)
• current_main_gap_docs: Current main documents that happy-path snapshots render OpenClaw app-server developer instructions, params, user input, and dynamic tools, while the hidden Codex base prompt is not rendered. Public docs: docs/concepts/system-prompt.md. (docs/concepts/system-prompt.md:114, fd83c49cffc0)
• current_main_gap_helper: Current main renders separate Developer Instructions and User Input Text sections and has no reconstructed model-bound Codex prompt layer stack. (test/helpers/agents/happy-path-prompt-snapshots.ts:491, fd83c49cffc0)
• pr_renders_model_bound_layers: The PR head reads the pinned Codex model prompt fixture/source metadata and renders Reconstructed Model-Bound Prompt Layers with Codex permissions, OpenClaw runtime instructions, user input, dynamic tool references, and rough token estimates. (test/helpers/agents/happy-path-prompt-snapshots.ts:501, 2c569a5a0b24)
• sync_script_contract: The new sync script searches CODEX_HOME, default ~/.codex cache, and local checkout catalog paths; if no default source exists it skips without changing the committed fixture. (scripts/sync-codex-model-prompt-fixture.ts:165, 2c569a5a0b24)
• ci_drift_check: The PR exports the additional boundary checks list and adds prompt:snapshots:check to it, with docs saying prompt drift is pinned to the PR that caused it. (scripts/run-additional-boundary-checks.mjs:4, 2c569a5a0b24)

Likely related people:

• pashpashpash: GitHub commit history for the central snapshot helper and generator shows merged PR Add Codex happy path prompt snapshots #75807 introduced the current Codex happy-path prompt snapshot feature this PR builds on. (role: prior feature contributor; confidence: high; commits: 563dca82f429, f8e2bd4f0102, 6fb1c0d539dd; files: test/helpers/agents/happy-path-prompt-snapshots.ts, scripts/generate-prompt-snapshots.ts, test/fixtures/agents/prompt-snapshots/happy-path)
• steipete: Recent history on docs/concepts/system-prompt.md includes prompt and system-prompt maintenance work adjacent to the documented behavior this PR updates. (role: adjacent prompt/docs maintainer; confidence: medium; commits: 8f4cbbbe6658, 496a5eb56f46, 22bff819abd3; files: docs/concepts/system-prompt.md)
• vincentkoc: Recent history on the Docker E2E boundary guard includes the lane-resource guard this PR adjusts for the live package-backed Codex lane. (role: adjacent Docker/package boundary maintainer; confidence: medium; commits: b9eb31b54cfa, edfef73ffceb, 6cba12caaec0; files: scripts/check-docker-e2e-boundaries.mjs, scripts/lib/docker-e2e-scenarios.mjs, scripts/lib/docker-e2e-plan.mjs)

Remaining risk / open question:

• The exact-head check-additional-boundaries job, which includes the newly added prompt snapshot drift check, was still in progress at review time.
• The PR commits an external Codex model prompt fixture, so a maintainer should confirm the pinned source/provenance is acceptable before merge.

Codex review notes: model gpt-5.5, reasoning high; reviewed against fd83c49cffc0.