[privacy-export] Propose CLI command schema for Codex local export

[marco-openai]

Why

This PR proposes the CLI contract before exposing or implementing it. The planned local export should stay close to the existing Codex DSR shape: task identity/title/archive state plus ordered user and assistant turns, rather than becoming a general backup of ~/.codex.

The implementation should remain deliberately small: copy files that already match the task/turn intent, modify only included files with a concrete credential-leak risk, and leave everything else out - the files are already available to the user, this is a simpler and safer alternative for them to access their local Codex files.

This PR still adds no production command, dispatch, or export behavior.

Proposed CLI

codex privacy export <PATH>

The command schema is test-only. Snapshots make the proposed command name, subcommand, positional argument, and help text reviewable without releasing them.

Proposed file scope

1. Ready as-is

• sessions/**/*.jsonl: active task conversations, including user and assistant turns and their associated tool activity.
• archived_sessions/**/*.jsonl: archived task conversations. The directory location preserves archived state.
• session_index.jsonl: task/session ID, thread title, and update time.
• history.jsonl: user-entered text keyed by session ID and timestamp.
• AGENTS.md: global user-authored instructions, analogous to custom instructions in user turns. Include only when the file exists.

These files are copied without record-level transformation. User-provided content is the subject of the export, so this phase does not attempt heuristic redaction of prompts, responses, or tool output.

2. Needs modification before inclusion

• config.toml requires transformation before export. Remove literal values from MCP env and http_headers, and model-provider experimental_bearer_token and http_headers. Preserve environment-variable references.

3. Not included

• Credentials and secrets: auth.json, .credentials.json, app-server-signing-secret, secrets/**, .sandbox-secrets/**, and similar files if present.
• Databases and mixed app state that would require snapshotting or field-level extraction: state_5.sqlite*, .codex-global-state.json, .codex-global-state.json.bak, memories_1.sqlite*, goals_1.sqlite*, logs_2.sqlite*, codex-dev.db, and SQLite WAL/SHM files.
• Separate feature state outside the codex.json task/turn intent: memories/**, agents/**, automations/**, rules/**, computer-use/**, and ambient-suggestions/**.
• Installation/update/UI metadata that does not add task or turn content: installation_id, version.json, models_cache.json, cloud cache files, native-host config, and migration markers.
• Runtime and diagnostics: log/**, shell_snapshots/**, node_repl/**, process_manager/**, host-cache/**, and visualizations/**.
• Rebuildable or unrelated content: cache/**, plugins/**, skills/**, vendor_imports/**, worktrees/**, avatars/**, pets/**, .tmp/**, tmp/**, Git metadata, and symlinks.

User impact

None. privacy is explicitly absent from the production command tree.

Validation

• focused parser and non-registration tests: just test -p codex-cli privacy
• help snapshots for codex privacy and codex privacy export <PATH>
• no pending snapshots

[github-actions]

All contributors have signed the CLA ✍️ ✅
_{Posted by the CLA Assistant Lite bot.}

[marco-openai]

I have read the CLA Document and I hereby sign the CLA

[marco-openai]

recheck