Three-part wiring so codex agents get full dynamic-tool consume
support:
1. mcp-host subcommand in the plugin binary (routes argv[1] to
mcpbridge.Run). Reads PLEXUM_MCP_SOCKET / PLEXUM_MCP_AGENT_ID
from env, baked into codex's `mcp add --env` registration.
2. EnsureCodexMCPRegistered registers a per-agent stable server
name (plexum-host-<sanitised>) lazily on first turn. Stable
per-agent socket path via StableSocketPath so codex's
registration entry and the per-turn bridge listener agree.
3. Post-turn ParseRolloutToolCalls + EmitCodexToolCalls walks the
matching rollout-*-<thread_id>.jsonl and emits canonical events
for every function_call + function_call_output pair using
codex's REAL call_X ids. dynamic.jsonl now has block_ids that
match codex's session, so consume mirror has real targets.
4. MutateCodexSession rewrites those response_item entries on
consume: function_call.arguments → "{}" (heavy), output → marker.
E2E verified: codex resume sees "...(tool called)" instead of
the original output.
Wires the host's mirror hook end-to-end: FindCodexSessionFile walks
~/.codex/sessions/<YYYY>/<MM>/<DD>/rollout-*-<thread_id>.jsonl to
prove the path for the captured thread_id, then logs the no-op.
Real rewrite is deferred to v2: codex keys tool calls by `call_<id>`
not the `toolu_<id>` Plexum's canonical block format uses, so a v1
rewriter would never find a matching id. When tool-call id round-trip
through codex's native surface lands, the rewriter plugs into this
file's path resolver.
Also rescues cmd/plexum-openai-provider-plugin/main.go from .gitignore
(the bare 'plexum-openai-provider-plugin' pattern was too greedy — it
matched the source directory). Tightened to '/plexum-openai-provider-plugin'
+ '/bin/' so only built binaries get ignored.
