CC: Add Codex ephemeral exec helper

.sot/03-PROTOCOLS/CTO-CODEX-RETENTION-POLICY-PACKET.md

@@ -63,6 +63,18 @@ Probe result on 2026-06-04:
 5. Phase 3: delete archived session JSONL only after separate destructive approval.
 6. Phase 4: delete/truncate logs and checkpoint/vacuum only after Codex is stopped and destructive approval is explicit.
 
+## Prevention Helper
+
+`python3 tools/codex_ephemeral_exec.py` builds disposable worker commands as `codex exec --ephemeral`. It supports `--check` and `--print-command` validation paths that do not run Codex.
+
+Example dry command:
+
+```bash
+python3 tools/codex_ephemeral_exec.py --print-command -C /path/to/repo "summarize current git status"
+```
+
+The helper is prevention only. It does not archive threads, delete JSONL, truncate logs, checkpoint, vacuum, read transcript bodies, or mutate Core.
+
 ## Approval Boundary
 
 Blocked without explicit operator approval:
@@ -82,4 +94,5 @@ Next safe action is to ask for archive-only approval. Delete and vacuum stay sep
 
 - must-fix: obtain explicit archive-only approval before any `threads.archived` update.
 - must-fix: obtain separate destructive approval before session deletion, log deletion, checkpoint, or vacuum.
+- follow-up: use the ephemeral exec helper for disposable non-interactive worker runs.
 - follow-up: native Codex retention support is checked for installed `0.134.0`; update/re-probe `0.137.0` before custom mutation if latest native behavior should be considered.