diff --git a/registry/coder/modules/agent-firewall/README.md b/registry/coder/modules/agent-firewall/README.md
index 42cd2b820..b7ed4d698 100644
--- a/registry/coder/modules/agent-firewall/README.md
+++ b/registry/coder/modules/agent-firewall/README.md
@@ -21,7 +21,7 @@ This module:
 ```tf
 module "agent-firewall" {
   source   = "registry.coder.com/coder/agent-firewall/coder"
-  version  = "0.0.1"
+  version  = "0.0.2"
   agent_id = coder_agent.main.id
 }
 ```
@@ -40,7 +40,7 @@ network-isolated environment.
 ```tf
 module "agent-firewall" {
   source   = "registry.coder.com/coder/agent-firewall/coder"
-  version  = "0.0.1"
+  version  = "0.0.2"
   agent_id = coder_agent.main.id
 }
 
@@ -65,7 +65,7 @@ resource "coder_script" "claude_with_agent_firewall" {
 ```tf
 module "agent-firewall" {
   source   = "registry.coder.com/coder/agent-firewall/coder"
-  version  = "0.0.1"
+  version  = "0.0.2"
   agent_id = coder_agent.main.id
 }
 
@@ -82,6 +82,45 @@ resource "coder_app" "claude_with_agent_firewall" {
 }
 ```
 
+### With Codex
+
+Use agent-firewall alongside the `codex` module the same way as other AI modules.
+
+> [!WARNING]
+> **MCP subprocesses and TLS verification**
+>
+> Codex clears the subprocess environment when spawning MCP stdio servers, stripping
+> the CA cert and proxy vars that agent-firewall injects into the Codex process.
+> This causes MCP subprocesses to fail TLS verification against agent-firewall's
+> intercepting proxy. This is a known upstream issue:
+> [openai/codex#29124](https://github.com/openai/codex/issues/29124).
+>
+> **Workaround:** pass the required vars through explicitly via `env_vars` in each
+> `[mcp_servers.*]` block in `~/.codex/config.toml`:
+>
+> ```toml
+> [mcp_servers.memory]
+> command  = "npx"
+> args     = ["-y", "@modelcontextprotocol/server-memory"]
+> env_vars = ["NODE_EXTRA_CA_CERTS", "HTTPS_PROXY"]
+> ```
+>
+> This must be repeated for every MCP server. There is no global default in Codex.
+>
+> **All vars agent-firewall injects** (from [`landjail/child.go`](https://github.com/coder/boundary/blob/main/landjail/child.go)):
+>
+> | Variable                     | Description                              |
+> | ---------------------------- | ---------------------------------------- |
+> | `NODE_EXTRA_CA_CERTS`        | CA cert for Node.js TLS verification     |
+> | `SSL_CERT_FILE`              | CA cert for OpenSSL/LibreSSL-based tools |
+> | `SSL_CERT_DIR`               | CA cert directory for OpenSSL            |
+> | `CURL_CA_BUNDLE`             | CA cert for curl                         |
+> | `GIT_SSL_CAINFO`             | CA cert for Git                          |
+> | `REQUESTS_CA_BUNDLE`         | CA cert for Python requests              |
+> | `HTTPS_PROXY` / `HTTP_PROXY` | Proxy address for HTTPS/HTTP traffic     |
+> | `https_proxy` / `http_proxy` | Lowercase aliases for the above          |
+> | `NO_PROXY` / `no_proxy`      | Cleared to prevent bypassing the proxy   |
+
 ## Configuration
 
 The module ships with a comprehensive default config based on the
@@ -104,7 +143,7 @@ Pass the full YAML content directly:
 ```tf
 module "agent-firewall" {
   source   = "registry.coder.com/coder/agent-firewall/coder"
-  version  = "0.0.1"
+  version  = "0.0.2"
   agent_id = coder_agent.main.id
 
   agent_firewall_config = <<-YAML
@@ -128,7 +167,7 @@ your path. The file must exist on disk before agent-firewall starts.
 ```tf
 module "agent-firewall" {
   source   = "registry.coder.com/coder/agent-firewall/coder"
-  version  = "0.0.1"
+  version  = "0.0.2"
   agent_id = coder_agent.main.id
 
   agent_firewall_config_path = "/workspace/my-agent-firewall-config.yaml"