diff --git a/registry/coder/modules/agent-firewall/README.md b/registry/coder/modules/agent-firewall/README.md
index 42cd2b820..3e05bbd5b 100644
--- a/registry/coder/modules/agent-firewall/README.md
+++ b/registry/coder/modules/agent-firewall/README.md
@@ -21,7 +21,7 @@ This module:
 ```tf
 module "agent-firewall" {
   source   = "registry.coder.com/coder/agent-firewall/coder"
-  version  = "0.0.1"
+  version  = "0.0.2"
   agent_id = coder_agent.main.id
 }
 ```
@@ -40,7 +40,7 @@ network-isolated environment.
 ```tf
 module "agent-firewall" {
   source   = "registry.coder.com/coder/agent-firewall/coder"
-  version  = "0.0.1"
+  version  = "0.0.2"
   agent_id = coder_agent.main.id
 }
 
@@ -65,7 +65,7 @@ resource "coder_script" "claude_with_agent_firewall" {
 ```tf
 module "agent-firewall" {
   source   = "registry.coder.com/coder/agent-firewall/coder"
-  version  = "0.0.1"
+  version  = "0.0.2"
   agent_id = coder_agent.main.id
 }
 
@@ -82,6 +82,46 @@ resource "coder_app" "claude_with_agent_firewall" {
 }
 ```
 
+### With Codex
+
+Use agent-firewall alongside the [`codex`](https://registry.coder.com/modules/coder-labs/codex) module the same way as other AI modules.
+
+> [!WARNING]
+> **MCP subprocesses and TLS verification**
+>
+> Codex clears the subprocess environment when spawning MCP stdio servers, stripping
+> the CA cert and proxy vars that agent-firewall injects into the Codex process.
+> This causes MCP subprocesses to fail TLS verification against agent-firewall's
+> intercepting proxy. This is a known upstream issue:
+> [openai/codex#29124](https://github.com/openai/codex/issues/29124).
+>
+> **Workaround:** pass the vars your MCP server's runtime needs via `env_vars` in
+> each `[mcp_servers.*]` block in `~/.codex/config.toml`. For example, for a
+> Node.js-based server:
+>
+> ```toml
+> [mcp_servers.memory]
+> command  = "npx"
+> args     = ["-y", "@modelcontextprotocol/server-memory"]
+> env_vars = ["NODE_EXTRA_CA_CERTS", "HTTPS_PROXY"]
+> ```
+>
+> This must be repeated for every MCP server. There is no global default in Codex.
+
+The full list of vars agent-firewall injects (from [`landjail/child.go`](https://github.com/coder/boundary/blob/main/landjail/child.go)). Add the ones relevant to your MCP server's runtime:
+
+| Variable                     | Description                              |
+| ---------------------------- | ---------------------------------------- |
+| `NODE_EXTRA_CA_CERTS`        | CA cert for Node.js TLS verification     |
+| `SSL_CERT_FILE`              | CA cert for OpenSSL/LibreSSL-based tools |
+| `SSL_CERT_DIR`               | CA cert directory for OpenSSL            |
+| `CURL_CA_BUNDLE`             | CA cert for curl                         |
+| `GIT_SSL_CAINFO`             | CA cert for Git                          |
+| `REQUESTS_CA_BUNDLE`         | CA cert for Python requests              |
+| `HTTPS_PROXY` / `HTTP_PROXY` | Proxy address for HTTPS/HTTP traffic     |
+| `https_proxy` / `http_proxy` | Lowercase aliases for the above          |
+| `NO_PROXY` / `no_proxy`      | Cleared to prevent bypassing the proxy   |
+
 ## Configuration
 
 The module ships with a comprehensive default config based on the
@@ -104,7 +144,7 @@ Pass the full YAML content directly:
 ```tf
 module "agent-firewall" {
   source   = "registry.coder.com/coder/agent-firewall/coder"
-  version  = "0.0.1"
+  version  = "0.0.2"
   agent_id = coder_agent.main.id
 
   agent_firewall_config = <<-YAML
@@ -128,7 +168,7 @@ your path. The file must exist on disk before agent-firewall starts.
 ```tf
 module "agent-firewall" {
   source   = "registry.coder.com/coder/agent-firewall/coder"
-  version  = "0.0.1"
+  version  = "0.0.2"
   agent_id = coder_agent.main.id
 
   agent_firewall_config_path = "/workspace/my-agent-firewall-config.yaml"