fix: more std::env::vars -> std::env::vars_os fixes

Making sure we can override base instructions

.github/actions/linux-code-sign/action.yml

@@ -0,0 +1,44 @@
+name: linux-code-sign
+description: Sign Linux artifacts with cosign.
+inputs:
+  target:
+    description: Target triple for the artifacts to sign.
+    required: true
+  artifacts-dir:
+    description: Absolute path to the directory containing built binaries to sign.
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Install cosign
+      uses: sigstore/cosign-installer@v3.7.0
+
+    - name: Cosign Linux artifacts
+      shell: bash
+      env:
+        COSIGN_EXPERIMENTAL: "1"
+        COSIGN_YES: "true"
+        COSIGN_OIDC_CLIENT_ID: "sigstore"
+        COSIGN_OIDC_ISSUER: "https://oauth2.sigstore.dev/auth"
+      run: |
+        set -euo pipefail
+
+        dest="${{ inputs.artifacts-dir }}"
+        if [[ ! -d "$dest" ]]; then
+          echo "Destination $dest does not exist"
+          exit 1
+        fi
+
+        for binary in codex codex-responses-api-proxy; do
+          artifact="${dest}/${binary}"
+          if [[ ! -f "$artifact" ]]; then
+            echo "Binary $artifact not found"
+            exit 1
+          fi
+
+          cosign sign-blob \
+            --yes \
+            --bundle "${artifact}.sigstore" \
+            "$artifact"
+        done

.github/workflows/cla.yml

@@ -46,7 +46,4 @@ jobs:
           path-to-document: https://github.com/openai/codex/blob/main/docs/CLA.md
           path-to-signatures: signatures/cla.json
           branch: cla-signatures
-          allowlist: |
-            codex
-            dependabot
-            dependabot[bot]
+          allowlist: codex,dependabot,dependabot[bot],github-actions[bot]

.github/workflows/rust-ci.yml

@@ -369,6 +369,57 @@ jobs:
 
     steps:
       - uses: actions/checkout@v6
+
+      # We have been running out of space when running this job on Linux for
+      # x86_64-unknown-linux-gnu, so remove some unnecessary dependencies.
+      - name: Remove unnecessary dependencies to save space
+        if: ${{ startsWith(matrix.runner, 'ubuntu') }}
+        shell: bash
+        run: |
+          set -euo pipefail
+          sudo rm -rf \
+            /usr/local/lib/android \
+            /usr/share/dotnet \
+            /usr/local/share/boost \
+            /usr/local/lib/node_modules \
+            /opt/ghc
+          sudo apt-get remove -y docker.io docker-compose podman buildah
+
+      # Ensure brew includes this fix so that brew's shellenv.sh loads
+      # cleanly in the Codex sandbox (it is frequently eval'd via .zprofile
+      # for Brew users, including the macOS runners on GitHub):
+      #
+      # https://github.com/Homebrew/brew/pull/21157
+      #
+      # Once brew 5.0.5 is released and is the default on macOS runners, this
+      # step can be removed.
+      - name: Upgrade brew
+        if: ${{ startsWith(matrix.runner, 'macos') }}
+        shell: bash
+        run: |
+          set -euo pipefail
+          brew --version
+          git -C "$(brew --repo)" fetch origin
+          git -C "$(brew --repo)" checkout main
+          git -C "$(brew --repo)" reset --hard origin/main
+          export HOMEBREW_UPDATE_TO_TAG=0
+          brew update
+          brew upgrade
+          brew --version
+
+      # Some integration tests rely on DotSlash being installed.
+      # See https://github.com/openai/codex/pull/7617.
+      - name: Install DotSlash
+        uses: facebook/install-dotslash@v2
+
+      - name: Pre-fetch DotSlash artifacts
+        # The Bash wrapper is not available on Windows.
+        if: ${{ !startsWith(matrix.runner, 'windows') }}
+        shell: bash
+        run: |
+          set -euo pipefail
+          dotslash -- fetch exec-server/tests/suite/bash
+
       - uses: dtolnay/rust-toolchain@1.90
         with:
           targets: ${{ matrix.target }}

.github/workflows/rust-release.yml

@@ -50,6 +50,9 @@ jobs:
     name: Build - ${{ matrix.runner }} - ${{ matrix.target }}
     runs-on: ${{ matrix.runner }}
     timeout-minutes: 30
+    permissions:
+      contents: read
+      id-token: write
     defaults:
       run:
         working-directory: codex-rs
@@ -100,6 +103,13 @@ jobs:
       - name: Cargo build
         run: cargo build --target ${{ matrix.target }} --release --bin codex --bin codex-responses-api-proxy
 
+      - if: ${{ contains(matrix.target, 'linux') }}
+        name: Cosign Linux artifacts
+        uses: ./.github/actions/linux-code-sign
+        with:
+          target: ${{ matrix.target }}
+          artifacts-dir: ${{ github.workspace }}/codex-rs/target/${{ matrix.target }}/release
+
       - if: ${{ matrix.runner == 'macos-15-xlarge' }}
         name: Configure Apple code signing
         shell: bash
@@ -283,6 +293,11 @@ jobs:
             cp target/${{ matrix.target }}/release/codex-responses-api-proxy "$dest/codex-responses-api-proxy-${{ matrix.target }}"
           fi
 
+          if [[ "${{ matrix.target }}" == *linux* ]]; then
+            cp target/${{ matrix.target }}/release/codex.sigstore "$dest/codex-${{ matrix.target }}.sigstore"
+            cp target/${{ matrix.target }}/release/codex-responses-api-proxy.sigstore "$dest/codex-responses-api-proxy-${{ matrix.target }}.sigstore"
+          fi
+
       - if: ${{ matrix.runner == 'windows-11-arm' }}
         name: Install zstd
         shell: powershell
@@ -321,6 +336,11 @@ jobs:
               continue
             fi
 
+            # Don't try to compress signature bundles.
+            if [[ "$base" == *.sigstore ]]; then
+              continue
+            fi
+
             # Create per-binary tar.gz
             tar -C "$dest" -czf "$dest/${base}.tar.gz" "$base"
 

AGENTS.md

@@ -75,6 +75,7 @@ If you don’t have the tool:
 ### Test assertions
 
 - Tests should use pretty_assertions::assert_eq for clearer diffs. Import this at the top of the test module if it isn't already.
+- Prefer deep equals comparisons whenever possible. Perform `assert_eq!()` on entire objects, rather than individual fields.
 
 ### Integration tests (core)
 

codex-cli/bin/codex.js

@@ -95,14 +95,6 @@ function detectPackageManager() {
     return "bun";
   }
 
-  if (
-    process.env.BUN_INSTALL ||
-    process.env.BUN_INSTALL_GLOBAL_DIR ||
-    process.env.BUN_INSTALL_BIN_DIR
-  ) {
-    return "bun";
-  }
-
   return userAgent ? "npm" : null;
 }
 

codex-rs/Cargo.lock

@@ -198,9 +198,9 @@ dependencies = [
 
 [[package]]
 name = "arboard"
-version = "3.6.0"
+version = "3.6.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "55f533f8e0af236ffe5eb979b99381df3258853f00ba2e44b6e1955292c75227"
+checksum = "0348a1c054491f4bfe6ab86a7b6ab1e44e45d899005de92f58b3df180b36ddaf"
 dependencies = [
  "clipboard-win",
  "image",
@@ -212,7 +212,7 @@ dependencies = [
  "objc2-foundation",
  "parking_lot",
  "percent-encoding",
- "windows-sys 0.52.0",
+ "windows-sys 0.60.2",
  "wl-clipboard-rs",
  "x11rb",
 ]
@@ -858,6 +858,7 @@ dependencies = [
  "http",
  "pretty_assertions",
  "regex-lite",
+ "reqwest",
  "serde",
  "serde_json",
  "thiserror 2.0.17",
@@ -865,6 +866,7 @@ dependencies = [
  "tokio-test",
  "tokio-util",
  "tracing",
+ "wiremock",
 ]
 
 [[package]]
@@ -1046,7 +1048,7 @@ dependencies = [
  "pretty_assertions",
  "regex-lite",
  "serde_json",
- "supports-color",
+ "supports-color 3.0.2",
  "tempfile",
  "tokio",
  "toml",
@@ -1068,6 +1070,7 @@ dependencies = [
  "serde_json",
  "thiserror 2.0.17",
  "tokio",
+ "tracing",
 ]
 
 [[package]]
@@ -1085,10 +1088,13 @@ dependencies = [
  "codex-login",
  "codex-tui",
  "crossterm",
+ "owo-colors",
+ "pretty_assertions",
  "ratatui",
  "reqwest",
  "serde",
  "serde_json",
+ "supports-color 3.0.2",
  "tokio",
  "tokio-stream",
  "tracing",
@@ -1116,12 +1122,10 @@ name = "codex-common"
 version = "0.0.0"
 dependencies = [
  "clap",
- "codex-app-server-protocol",
  "codex-core",
  "codex-lmstudio",
  "codex-ollama",
  "codex-protocol",
- "once_cell",
  "serde",
  "toml",
 ]
@@ -1144,6 +1148,7 @@ dependencies = [
  "codex-apply-patch",
  "codex-arg0",
  "codex-async-utils",
+ "codex-core",
  "codex-execpolicy",
  "codex-file-search",
  "codex-git",
@@ -1185,6 +1190,7 @@ dependencies = [
  "seccompiler",
  "serde",
  "serde_json",
+ "serde_yaml",
  "serial_test",
  "sha1",
  "sha2",
@@ -1234,7 +1240,7 @@ dependencies = [
  "serde",
  "serde_json",
  "shlex",
- "supports-color",
+ "supports-color 3.0.2",
  "tempfile",
  "tokio",
  "tracing",
@@ -1250,10 +1256,14 @@ name = "codex-exec-server"
 version = "0.0.0"
 dependencies = [
  "anyhow",
+ "assert_cmd",
  "async-trait",
  "clap",
  "codex-core",
+ "codex-execpolicy",
+ "exec_server_test_support",
  "libc",
+ "maplit",
  "path-absolutize",
  "pretty_assertions",
  "rmcp",
@@ -1266,6 +1276,7 @@ dependencies = [
  "tokio-util",
  "tracing",
  "tracing-subscriber",
+ "which",
 ]
 
 [[package]]
@@ -1280,6 +1291,7 @@ dependencies = [
  "serde_json",
  "shlex",
  "starlark",
+ "tempfile",
  "thiserror 2.0.17",
 ]
 
@@ -1290,7 +1302,7 @@ dependencies = [
  "allocative",
  "anyhow",
  "clap",
- "derive_more 2.0.1",
+ "derive_more 2.1.0",
  "env_logger",
  "log",
  "multimap",
@@ -1471,6 +1483,7 @@ name = "codex-process-hardening"
 version = "0.0.0"
 dependencies = [
  "libc",
+ "pretty_assertions",
 ]
 
 [[package]]
@@ -1581,7 +1594,7 @@ dependencies = [
  "codex-windows-sandbox",
  "color-eyre",
  "crossterm",
- "derive_more 2.0.1",
+ "derive_more 2.1.0",
  "diffy",
  "dirs",
  "dunce",
@@ -1606,11 +1619,12 @@ dependencies = [
  "shlex",
  "strum 0.27.2",
  "strum_macros 0.27.2",
- "supports-color",
+ "supports-color 3.0.2",
  "tempfile",
  "textwrap 0.16.2",
  "tokio",
  "tokio-stream",
+ "tokio-util",
  "toml",
  "tracing",
  "tracing-appender",
@@ -1620,6 +1634,7 @@ dependencies = [
  "unicode-segmentation",
  "unicode-width 0.2.1",
  "url",
+ "uuid",
  "vt100",
 ]
 
@@ -1781,9 +1796,9 @@ dependencies = [
 
 [[package]]
 name = "convert_case"
-version = "0.7.1"
+version = "0.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bb402b8d4c85569410425650ce3eddc7d698ed96d39a73f941b08fb63082f1e7"
+checksum = "633458d4ef8c78b72454de2d54fd6ab2e60f9e02be22f3c6104cdc8a4e0fceb9"
 dependencies = [
  "unicode-segmentation",
 ]
@@ -2122,11 +2137,11 @@ dependencies = [
 
 [[package]]
 name = "derive_more"
-version = "2.0.1"
+version = "2.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "093242cf7570c207c83073cf82f79706fe7b8317e98620a47d5be7c3d8497678"
+checksum = "10b768e943bed7bf2cab53df09f4bc34bfd217cdb57d971e769874c9a6710618"
 dependencies = [
- "derive_more-impl 2.0.1",
+ "derive_more-impl 2.1.0",
 ]
 
 [[package]]
@@ -2144,13 +2159,14 @@ dependencies = [
 
 [[package]]
 name = "derive_more-impl"
-version = "2.0.1"
+version = "2.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bda628edc44c4bb645fbe0f758797143e4e07926f7ebf4e9bdfbd3d2ce621df3"
+checksum = "6d286bfdaf75e988b4a78e013ecd79c581e06399ab53fbacd2d916c2f904f30b"
 dependencies = [
- "convert_case 0.7.1",
+ "convert_case 0.10.0",
  "proc-macro2",
  "quote",
+ "rustc_version",
  "syn 2.0.104",
  "unicode-xid",
 ]
@@ -2491,6 +2507,18 @@ dependencies = [
  "pin-project-lite",
 ]
 
+[[package]]
+name = "exec_server_test_support"
+version = "0.0.0"
+dependencies = [
+ "anyhow",
+ "assert_cmd",
+ "codex-core",
+ "rmcp",
+ "serde_json",
+ "tokio",
+]
+
 [[package]]
 name = "eyre"
 version = "0.6.12"
@@ -2550,8 +2578,7 @@ dependencies = [
 [[package]]
 name = "filedescriptor"
 version = "0.8.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e40758ed24c9b2eeb76c35fb0aebc66c626084edd827e07e1552279814c6682d"
+source = "git+https://github.com/pakrym/wezterm?branch=PSUEDOCONSOLE_INHERIT_CURSOR#fe38df8409545a696909aa9a09e63438630f217d"
 dependencies = [
  "libc",
  "thiserror 1.0.69",
@@ -3292,9 +3319,9 @@ dependencies = [
 
 [[package]]
 name = "image"
-version = "0.25.8"
+version = "0.25.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "529feb3e6769d234375c4cf1ee2ce713682b8e76538cb13f9fc23e1400a591e7"
+checksum = "e6506c6c10786659413faa717ceebcb8f70731c0a60cbae39795fdf114519c1a"
 dependencies = [
  "bytemuck",
  "byteorder-lite",
@@ -3302,8 +3329,8 @@ dependencies = [
  "num-traits",
  "png",
  "tiff",
- "zune-core",
- "zune-jpeg",
+ "zune-core 0.5.0",
+ "zune-jpeg 0.5.5",
 ]
 
 [[package]]
@@ -3373,9 +3400,9 @@ dependencies = [
 
 [[package]]
 name = "insta"
-version = "1.43.2"
+version = "1.44.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "46fdb647ebde000f43b5b53f773c30cf9b0cb4300453208713fa38b2c70935a0"
+checksum = "b5c943d4415edd8153251b6f197de5eb1640e56d84e8d9159bea190421c73698"
 dependencies = [
  "console",
  "once_cell",
@@ -4427,6 +4454,10 @@ name = "owo-colors"
 version = "4.2.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "48dd4f4a2c8405440fd0462561f0e5806bd0f77e86f51c761481bdd4018b545e"
+dependencies = [
+ "supports-color 2.1.0",
+ "supports-color 3.0.2",
+]
 
 [[package]]
 name = "parking"
@@ -4463,6 +4494,12 @@ version = "1.0.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a"
 
+[[package]]
+name = "pastey"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "57d6c094ee800037dff99e02cab0eaf3142826586742a270ab3d7a62656bd27a"
+
 [[package]]
 name = "path-absolutize"
 version = "3.1.1"
@@ -4619,8 +4656,7 @@ dependencies = [
 [[package]]
 name = "portable-pty"
 version = "0.9.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b4a596a2b3d2752d94f51fac2d4a96737b8705dddd311a32b9af47211f08671e"
+source = "git+https://github.com/pakrym/wezterm?branch=PSUEDOCONSOLE_INHERIT_CURSOR#fe38df8409545a696909aa9a09e63438630f217d"
 dependencies = [
  "anyhow",
  "bitflags 1.3.2",
@@ -4629,7 +4665,7 @@ dependencies = [
  "lazy_static",
  "libc",
  "log",
- "nix 0.28.0",
+ "nix 0.29.0",
  "serial2",
  "shared_library",
  "shell-words",
@@ -5078,9 +5114,9 @@ checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c"
 
 [[package]]
 name = "reqwest"
-version = "0.12.23"
+version = "0.12.24"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d429f34c8092b2d42c7c93cec323bb4adeb7c67698f70839adec842ec10c7ceb"
+checksum = "9d0946410b9f7b082a427e4ef5c8ff541a88b357bc6c637c40db3a68ac70a36f"
 dependencies = [
  "base64",
  "bytes",
@@ -5141,8 +5177,9 @@ dependencies = [
 
 [[package]]
 name = "rmcp"
-version = "0.9.0"
-source = "git+https://github.com/bolinfest/rust-sdk?branch=pr556#4d9cc16f4c76c84486344f542ed9a3e9364019ba"
+version = "0.10.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "38b18323edc657390a6ed4d7a9110b0dec2dc3ed128eb2a123edfbafabdbddc5"
 dependencies = [
  "async-trait",
  "base64",
@@ -5153,7 +5190,7 @@ dependencies = [
  "http-body",
  "http-body-util",
  "oauth2",
- "paste",
+ "pastey",
  "pin-project-lite",
  "process-wrap",
  "rand 0.9.2",
@@ -5175,8 +5212,9 @@ dependencies = [
 
 [[package]]
 name = "rmcp-macros"
-version = "0.9.0"
-source = "git+https://github.com/bolinfest/rust-sdk?branch=pr556#4d9cc16f4c76c84486344f542ed9a3e9364019ba"
+version = "0.10.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c75d0a62676bf8c8003c4e3c348e2ceb6a7b3e48323681aaf177fdccdac2ce50"
 dependencies = [
  "darling 0.21.3",
  "proc-macro2",
@@ -5735,9 +5773,9 @@ dependencies = [
 
 [[package]]
 name = "serde_with"
-version = "3.14.0"
+version = "3.16.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f2c45cd61fefa9db6f254525d46e392b852e0e61d9a1fd36e5bd183450a556d5"
+checksum = "4fa237f2807440d238e0364a218270b98f767a00d3dada77b1c53ae88940e2e7"
 dependencies = [
  "base64",
  "chrono",
@@ -5746,8 +5784,7 @@ dependencies = [
  "indexmap 2.12.0",
  "schemars 0.9.0",
  "schemars 1.0.4",
- "serde",
- "serde_derive",
+ "serde_core",
  "serde_json",
  "serde_with_macros",
  "time",
@@ -5755,16 +5792,29 @@ dependencies = [
 
 [[package]]
 name = "serde_with_macros"
-version = "3.14.0"
+version = "3.16.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "de90945e6565ce0d9a25098082ed4ee4002e047cb59892c318d66821e14bb30f"
+checksum = "52a8e3ca0ca629121f70ab50f95249e5a6f925cc0f6ffe8256c45b728875706c"
 dependencies = [
- "darling 0.20.11",
+ "darling 0.21.3",
  "proc-macro2",
  "quote",
  "syn 2.0.104",
 ]
 
+[[package]]
+name = "serde_yaml"
+version = "0.9.34+deprecated"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6a8b1a1a2ebf674015cc02edccce75287f1a0130d394307b36743c2f5d504b47"
+dependencies = [
+ "indexmap 2.12.0",
+ "itoa",
+ "ryu",
+ "serde",
+ "unsafe-libyaml",
+]
+
 [[package]]
 name = "serial2"
 version = "0.2.31"
@@ -6143,6 +6193,16 @@ version = "2.6.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"
 
+[[package]]
+name = "supports-color"
+version = "2.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d6398cde53adc3c4557306a96ce67b302968513830a77a95b2b17305d9719a89"
+dependencies = [
+ "is-terminal",
+ "is_ci",
+]
+
 [[package]]
 name = "supports-color"
 version = "3.0.2"
@@ -6408,7 +6468,7 @@ dependencies = [
  "half",
  "quick-error",
  "weezl",
- "zune-jpeg",
+ "zune-jpeg 0.4.19",
 ]
 
 [[package]]
@@ -6576,6 +6636,7 @@ dependencies = [
  "futures-sink",
  "futures-util",
  "pin-project-lite",
+ "slab",
  "tokio",
 ]
 
@@ -6713,9 +6774,9 @@ checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3"
 
 [[package]]
 name = "tracing"
-version = "0.1.41"
+version = "0.1.43"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "784e0ac535deb450455cbfa28a6f0df145ea1bb7ae51b821cf5e7927fdcfbdd0"
+checksum = "2d15d90a0b5c19378952d479dc858407149d7bb45a14de0142f6c534b16fc647"
 dependencies = [
  "log",
  "pin-project-lite",
@@ -6737,9 +6798,9 @@ dependencies = [
 
 [[package]]
 name = "tracing-attributes"
-version = "0.1.30"
+version = "0.1.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "81383ab64e72a7a8b8e13130c49e3dab29def6d0c7d76a03087b3cf71c5c6903"
+checksum = "7490cfa5ec963746568740651ac6781f701c9c5ea257c58e057f3ba8cf69e8da"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -6748,9 +6809,9 @@ dependencies = [
 
 [[package]]
 name = "tracing-core"
-version = "0.1.34"
+version = "0.1.35"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b9d12581f227e93f094d3af2ae690a574abb8a2b9b7a96e7cfe9647b2b617678"
+checksum = "7a04e24fab5c89c6a36eb8558c9656f30d81de51dfa4d3b45f26b21d61fa0a6c"
 dependencies = [
  "once_cell",
  "valuable",
@@ -6878,9 +6939,9 @@ checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b"
 
 [[package]]
 name = "ts-rs"
-version = "11.0.1"
+version = "11.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6ef1b7a6d914a34127ed8e1fa927eb7088903787bcded4fa3eef8f85ee1568be"
+checksum = "4994acea2522cd2b3b85c1d9529a55991e3ad5e25cdcd3de9d505972c4379424"
 dependencies = [
  "serde_json",
  "thiserror 2.0.17",
@@ -6890,9 +6951,9 @@ dependencies = [
 
 [[package]]
 name = "ts-rs-macros"
-version = "11.0.1"
+version = "11.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e9d4ed7b4c18cc150a6a0a1e9ea1ecfa688791220781af6e119f9599a8502a0a"
+checksum = "ee6ff59666c9cbaec3533964505d39154dc4e0a56151fdea30a09ed0301f62e2"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -6979,6 +7040,12 @@ version = "0.2.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ebc1c04c71510c7f702b52b7c350734c9ff1295c464a03335b00bb84fc54f853"
 
+[[package]]
+name = "unsafe-libyaml"
+version = "0.2.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "673aac59facbab8a9007c7f6108d11f63b603f7cabff99fabf650fea5c32b861"
+
 [[package]]
 name = "untrusted"
 version = "0.9.0"
@@ -7342,9 +7409,9 @@ dependencies = [
 
 [[package]]
 name = "wildmatch"
-version = "2.5.0"
+version = "2.6.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "39b7d07a236abaef6607536ccfaf19b396dbe3f5110ddb73d39f4562902ed382"
+checksum = "29333c3ea1ba8b17211763463ff24ee84e41c78224c16b001cd907e663a38c68"
 
 [[package]]
 name = "winapi"
@@ -8093,13 +8160,28 @@ version = "0.4.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3f423a2c17029964870cfaabb1f13dfab7d092a62a29a89264f4d36990ca414a"
 
+[[package]]
+name = "zune-core"
+version = "0.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "111f7d9820f05fd715df3144e254d6fc02ee4088b0644c0ffd0efc9e6d9d2773"
+
 [[package]]
 name = "zune-jpeg"
 version = "0.4.19"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2c9e525af0a6a658e031e95f14b7f889976b74a11ba0eca5a5fc9ac8a1c43a6a"
 dependencies = [
- "zune-core",
+ "zune-core 0.4.12",
+]
+
+[[package]]
+name = "zune-jpeg"
+version = "0.5.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dc6fb7703e32e9a07fb3f757360338b3a567a5054f21b5f52a666752e333d58e"
+dependencies = [
+ "zune-core 0.5.0",
 ]
 
 [[package]]

codex-rs/Cargo.toml

@@ -59,15 +59,15 @@ license = "Apache-2.0"
 # Internal
 app_test_support = { path = "app-server/tests/common" }
 codex-ansi-escape = { path = "ansi-escape" }
+codex-api = { path = "codex-api" }
 codex-app-server = { path = "app-server" }
 codex-app-server-protocol = { path = "app-server-protocol" }
 codex-apply-patch = { path = "apply-patch" }
 codex-arg0 = { path = "arg0" }
 codex-async-utils = { path = "async-utils" }
 codex-backend-client = { path = "backend-client" }
-codex-api = { path = "codex-api" }
-codex-client = { path = "codex-client" }
 codex-chatgpt = { path = "chatgpt" }
+codex-client = { path = "codex-client" }
 codex-common = { path = "common" }
 codex-core = { path = "core" }
 codex-exec = { path = "exec" }
@@ -96,6 +96,7 @@ codex-utils-readiness = { path = "utils/readiness" }
 codex-utils-string = { path = "utils/string" }
 codex-windows-sandbox = { path = "windows-sandbox-rs" }
 core_test_support = { path = "core/tests/common" }
+exec_server_test_support = { path = "exec-server/tests/common" }
 mcp-types = { path = "mcp-types" }
 mcp_test_support = { path = "mcp-server/tests/common" }
 
@@ -136,9 +137,9 @@ icu_decimal = "2.1"
 icu_locale_core = "2.1"
 icu_provider = { version = "2.1", features = ["sync"] }
 ignore = "0.4.23"
-image = { version = "^0.25.8", default-features = false }
+image = { version = "^0.25.9", default-features = false }
 indexmap = "2.12.0"
-insta = "1.43.2"
+insta = "1.44.3"
 itertools = "0.14.0"
 keyring = { version = "3.6", default-features = false }
 landlock = "0.4.1"
@@ -169,16 +170,17 @@ pulldown-cmark = "0.10"
 rand = "0.9"
 ratatui = "0.29.0"
 ratatui-macros = "0.6.0"
-regex-lite = "0.1.7"
 regex = "1.12.2"
+regex-lite = "0.1.7"
 reqwest = "0.12"
-rmcp = { version = "0.9.0", default-features = false }
+rmcp = { version = "0.10.0", default-features = false }
 schemars = "0.8.22"
 seccompiler = "0.5.0"
 sentry = "0.34.0"
 serde = "1"
 serde_json = "1"
-serde_with = "3.14"
+serde_with = "3.16"
+serde_yaml = "0.9"
 serial_test = "3.2.0"
 sha1 = "0.10.6"
 sha2 = "0.10"
@@ -203,7 +205,7 @@ tokio-util = "0.7.16"
 toml = "0.9.5"
 toml_edit = "0.23.5"
 tonic = "0.13.1"
-tracing = "0.1.41"
+tracing = "0.1.43"
 tracing-appender = "0.2.3"
 tracing-subscriber = "0.3.20"
 tracing-test = "0.2.5"
@@ -221,7 +223,7 @@ vt100 = "0.16.2"
 walkdir = "2.5.0"
 webbrowser = "1.0"
 which = "6"
-wildmatch = "2.5.0"
+wildmatch = "2.6.1"
 
 wiremock = "0.6"
 zeroize = "1.8.2"
@@ -287,8 +289,8 @@ opt-level = 0
 # Uncomment to debug local changes.
 # ratatui = { path = "../../ratatui" }
 crossterm = { git = "https://github.com/nornagon/crossterm", branch = "nornagon/color-query" }
+portable-pty = { git = "https://github.com/pakrym/wezterm", branch = "PSUEDOCONSOLE_INHERIT_CURSOR" }
 ratatui = { git = "https://github.com/nornagon/ratatui", branch = "nornagon-v0.29.0-patch" }
-rmcp = { git = "https://github.com/bolinfest/rust-sdk", branch = "pr556" }
 
 # Uncomment to debug local changes.
 # rmcp = { path = "../../rust-sdk/crates/rmcp" }

codex-rs/app-server-protocol/src/protocol/common.rs

@@ -131,7 +131,7 @@ client_request_definitions! {
     },
     ReviewStart => "review/start" {
         params: v2::ReviewStartParams,
-        response: v2::TurnStartResponse,
+        response: v2::ReviewStartResponse,
     },
 
     ModelList => "model/list" {
@@ -139,6 +139,11 @@ client_request_definitions! {
         response: v2::ModelListResponse,
     },
 
+    McpServersList => "mcpServers/list" {
+        params: v2::ListMcpServersParams,
+        response: v2::ListMcpServersResponse,
+    },
+
     LoginAccount => "account/login/start" {
         params: v2::LoginAccountParams,
         response: v2::LoginAccountResponse,
@@ -164,6 +169,12 @@ client_request_definitions! {
         response: v2::FeedbackUploadResponse,
     },
 
+    /// Execute a command (argv vector) under the server's sandbox.
+    OneOffCommandExec => "command/exec" {
+        params: v2::CommandExecParams,
+        response: v2::CommandExecResponse,
+    },
+
     ConfigRead => "config/read" {
         params: v2::ConfigReadParams,
         response: v2::ConfigReadResponse,
@@ -506,10 +517,12 @@ server_notification_definitions! {
     TurnStarted => "turn/started" (v2::TurnStartedNotification),
     TurnCompleted => "turn/completed" (v2::TurnCompletedNotification),
     TurnDiffUpdated => "turn/diff/updated" (v2::TurnDiffUpdatedNotification),
+    TurnPlanUpdated => "turn/plan/updated" (v2::TurnPlanUpdatedNotification),
     ItemStarted => "item/started" (v2::ItemStartedNotification),
     ItemCompleted => "item/completed" (v2::ItemCompletedNotification),
     AgentMessageDelta => "item/agentMessage/delta" (v2::AgentMessageDeltaNotification),
     CommandExecutionOutputDelta => "item/commandExecution/outputDelta" (v2::CommandExecutionOutputDeltaNotification),
+    FileChangeOutputDelta => "item/fileChange/outputDelta" (v2::FileChangeOutputDeltaNotification),
     McpToolCallProgress => "item/mcpToolCall/progress" (v2::McpToolCallProgressNotification),
     AccountUpdated => "account/updated" (v2::AccountUpdatedNotification),
     AccountRateLimitsUpdated => "account/rateLimits/updated" (v2::AccountRateLimitsUpdatedNotification),

codex-rs/app-server-protocol/src/protocol/mappers.rs

@@ -0,0 +1,15 @@
+use crate::protocol::v1;
+use crate::protocol::v2;
+
+impl From<v1::ExecOneOffCommandParams> for v2::CommandExecParams {
+    fn from(value: v1::ExecOneOffCommandParams) -> Self {
+        Self {
+            command: value.command,
+            timeout_ms: value
+                .timeout_ms
+                .map(|timeout| i64::try_from(timeout).unwrap_or(60_000)),
+            cwd: value.cwd,
+            sandbox_policy: value.sandbox_policy.map(std::convert::Into::into),
+        }
+    }
+}

codex-rs/app-server-protocol/src/protocol/mod.rs

@@ -2,6 +2,7 @@
 // Exposes protocol pieces used by `lib.rs` via `pub use protocol::common::*;`.
 
 pub mod common;
+mod mappers;
 pub mod thread_history;
 pub mod v1;
 pub mod v2;

codex-rs/app-server-protocol/src/protocol/thread_history.rs

@@ -1,5 +1,6 @@
 use crate::protocol::v2::ThreadItem;
 use crate::protocol::v2::Turn;
+use crate::protocol::v2::TurnError;
 use crate::protocol::v2::TurnStatus;
 use crate::protocol::v2::UserInput;
 use codex_protocol::protocol::AgentReasoningEvent;
@@ -142,6 +143,7 @@ impl ThreadHistoryBuilder {
         PendingTurn {
             id: self.next_turn_id(),
             items: Vec::new(),
+            error: None,
             status: TurnStatus::Completed,
         }
     }
@@ -190,6 +192,7 @@ impl ThreadHistoryBuilder {
 struct PendingTurn {
     id: String,
     items: Vec<ThreadItem>,
+    error: Option<TurnError>,
     status: TurnStatus,
 }
 
@@ -198,6 +201,7 @@ impl From<PendingTurn> for Turn {
         Self {
             id: value.id,
             items: value.items,
+            error: value.error,
             status: value.status,
         }
     }

codex-rs/app-server-protocol/src/protocol/v1.rs

@@ -3,11 +3,11 @@ use std::path::PathBuf;
 
 use codex_protocol::ConversationId;
 use codex_protocol::config_types::ForcedLoginMethod;
-use codex_protocol::config_types::ReasoningEffort;
 use codex_protocol::config_types::ReasoningSummary;
 use codex_protocol::config_types::SandboxMode;
 use codex_protocol::config_types::Verbosity;
 use codex_protocol::models::ResponseItem;
+use codex_protocol::openai_models::ReasoningEffort;
 use codex_protocol::parse_command::ParsedCommand;
 use codex_protocol::protocol::AskForApproval;
 use codex_protocol::protocol::EventMsg;

codex-rs/app-server-protocol/src/protocol/v2.rs

@@ -2,15 +2,17 @@ use std::collections::HashMap;
 use std::path::PathBuf;
 
 use crate::protocol::common::AuthMode;
-use codex_protocol::ConversationId;
 use codex_protocol::account::PlanType;
+use codex_protocol::approvals::ExecPolicyAmendment as CoreExecPolicyAmendment;
 use codex_protocol::approvals::SandboxCommandAssessment as CoreSandboxCommandAssessment;
-use codex_protocol::config_types::ReasoningEffort;
 use codex_protocol::config_types::ReasoningSummary;
 use codex_protocol::items::AgentMessageContent as CoreAgentMessageContent;
 use codex_protocol::items::TurnItem as CoreTurnItem;
 use codex_protocol::models::ResponseItem;
+use codex_protocol::openai_models::ReasoningEffort;
 use codex_protocol::parse_command::ParsedCommand as CoreParsedCommand;
+use codex_protocol::plan_tool::PlanItemArg as CorePlanItemArg;
+use codex_protocol::plan_tool::StepStatus as CorePlanStepStatus;
 use codex_protocol::protocol::CodexErrorInfo as CoreCodexErrorInfo;
 use codex_protocol::protocol::CreditsSnapshot as CoreCreditsSnapshot;
 use codex_protocol::protocol::RateLimitSnapshot as CoreRateLimitSnapshot;
@@ -20,6 +22,9 @@ use codex_protocol::protocol::TokenUsage as CoreTokenUsage;
 use codex_protocol::protocol::TokenUsageInfo as CoreTokenUsageInfo;
 use codex_protocol::user_input::UserInput as CoreUserInput;
 use mcp_types::ContentBlock as McpContentBlock;
+use mcp_types::Resource as McpResource;
+use mcp_types::ResourceTemplate as McpResourceTemplate;
+use mcp_types::Tool as McpTool;
 use schemars::JsonSchema;
 use serde::Deserialize;
 use serde::Serialize;
@@ -130,6 +135,21 @@ v2_enum_from_core!(
     }
 );
 
+v2_enum_from_core!(
+    pub enum ReviewDelivery from codex_protocol::protocol::ReviewDelivery {
+        Inline, Detached
+    }
+);
+
+v2_enum_from_core!(
+    pub enum McpAuthStatus from codex_protocol::protocol::McpAuthStatus {
+        Unsupported,
+        NotLoggedIn,
+        BearerToken,
+        OAuth
+    }
+);
+
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
@@ -190,6 +210,8 @@ pub struct OverriddenMetadata {
 pub struct ConfigWriteResponse {
     pub status: WriteStatus,
     pub version: String,
+    /// Canonical path to the config file that was written.
+    pub file_path: String,
     pub overridden_metadata: Option<OverriddenMetadata>,
 }
 
@@ -226,10 +248,11 @@ pub struct ConfigReadResponse {
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
 pub struct ConfigValueWriteParams {
-    pub file_path: String,
     pub key_path: String,
     pub value: JsonValue,
     pub merge_strategy: MergeStrategy,
+    /// Path to the config file to write; defaults to the user's `config.toml` when omitted.
+    pub file_path: Option<String>,
     pub expected_version: Option<String>,
 }
 
@@ -237,8 +260,9 @@ pub struct ConfigValueWriteParams {
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
 pub struct ConfigBatchWriteParams {
-    pub file_path: String,
     pub edits: Vec<ConfigEdit>,
+    /// Path to the config file to write; defaults to the user's `config.toml` when omitted.
+    pub file_path: Option<String>,
     pub expected_version: Option<String>,
 }
 
@@ -264,6 +288,11 @@ v2_enum_from_core!(
 #[ts(export_to = "v2/")]
 pub enum ApprovalDecision {
     Accept,
+    /// Approve and remember the approval for the session.
+    AcceptForSession,
+    AcceptWithExecpolicyAmendment {
+        execpolicy_amendment: ExecPolicyAmendment,
+    },
     Decline,
     Cancel,
 }
@@ -359,6 +388,27 @@ impl From<CoreSandboxCommandAssessment> for SandboxCommandAssessment {
     }
 }
 
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
+#[serde(transparent)]
+#[ts(type = "Array<string>", export_to = "v2/")]
+pub struct ExecPolicyAmendment {
+    pub command: Vec<String>,
+}
+
+impl ExecPolicyAmendment {
+    pub fn into_core(self) -> CoreExecPolicyAmendment {
+        CoreExecPolicyAmendment::new(self.command)
+    }
+}
+
+impl From<CoreExecPolicyAmendment> for ExecPolicyAmendment {
+    fn from(value: CoreExecPolicyAmendment) -> Self {
+        Self {
+            command: value.command().to_vec(),
+        }
+    }
+}
+
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
 #[serde(tag = "type", rename_all = "camelCase")]
 #[ts(tag = "type")]
@@ -607,13 +657,44 @@ pub struct ModelListResponse {
     pub next_cursor: Option<String>,
 }
 
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
+#[serde(rename_all = "camelCase")]
+#[ts(export_to = "v2/")]
+pub struct ListMcpServersParams {
+    /// Opaque pagination cursor returned by a previous call.
+    pub cursor: Option<String>,
+    /// Optional page size; defaults to a server-defined value.
+    pub limit: Option<u32>,
+}
+
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
+#[serde(rename_all = "camelCase")]
+#[ts(export_to = "v2/")]
+pub struct McpServer {
+    pub name: String,
+    pub tools: std::collections::HashMap<String, McpTool>,
+    pub resources: Vec<McpResource>,
+    pub resource_templates: Vec<McpResourceTemplate>,
+    pub auth_status: McpAuthStatus,
+}
+
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
+#[serde(rename_all = "camelCase")]
+#[ts(export_to = "v2/")]
+pub struct ListMcpServersResponse {
+    pub data: Vec<McpServer>,
+    /// Opaque cursor to pass to the next call to continue after the last item.
+    /// If None, there are no more items to return.
+    pub next_cursor: Option<String>,
+}
+
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
 pub struct FeedbackUploadParams {
     pub classification: String,
     pub reason: Option<String>,
-    pub conversation_id: Option<ConversationId>,
+    pub thread_id: Option<String>,
     pub include_logs: bool,
 }
 
@@ -624,6 +705,26 @@ pub struct FeedbackUploadResponse {
     pub thread_id: String,
 }
 
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
+#[serde(rename_all = "camelCase")]
+#[ts(export_to = "v2/")]
+pub struct CommandExecParams {
+    pub command: Vec<String>,
+    #[ts(type = "number | null")]
+    pub timeout_ms: Option<i64>,
+    pub cwd: Option<PathBuf>,
+    pub sandbox_policy: Option<SandboxPolicy>,
+}
+
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
+#[serde(rename_all = "camelCase")]
+#[ts(export_to = "v2/")]
+pub struct CommandExecResponse {
+    pub exit_code: i32,
+    pub stdout: String,
+    pub stderr: String,
+}
+
 // === Threads, Turns, and Items ===
 // Thread APIs
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Default, JsonSchema, TS)]
@@ -758,6 +859,7 @@ pub struct Thread {
     /// Model provider used for this thread (for example, 'openai').
     pub model_provider: String,
     /// Unix timestamp (in seconds) when the thread was created.
+    #[ts(type = "number")]
     pub created_at: i64,
     /// [UNSTABLE] Path to the thread on disk.
     pub path: PathBuf,
@@ -848,8 +950,9 @@ pub struct Turn {
     /// For all other responses and notifications returning a Turn,
     /// the items field will be an empty list.
     pub items: Vec<ThreadItem>,
-    #[serde(flatten)]
     pub status: TurnStatus,
+    /// Only populated when the Turn's status is failed.
+    pub error: Option<TurnError>,
 }
 
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS, Error)]
@@ -866,17 +969,20 @@ pub struct TurnError {
 #[ts(export_to = "v2/")]
 pub struct ErrorNotification {
     pub error: TurnError,
+    // Set to true if the error is transient and the app-server process will automatically retry.
+    // If true, this will not interrupt a turn.
+    pub will_retry: bool,
     pub thread_id: String,
     pub turn_id: String,
 }
 
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(tag = "status", rename_all = "camelCase")]
-#[ts(tag = "status", export_to = "v2/")]
+#[serde(rename_all = "camelCase")]
+#[ts(export_to = "v2/")]
 pub enum TurnStatus {
     Completed,
     Interrupted,
-    Failed { error: TurnError },
+    Failed,
     InProgress,
 }
 
@@ -908,9 +1014,22 @@ pub struct ReviewStartParams {
     pub thread_id: String,
     pub target: ReviewTarget,
 
-    /// When true, also append the final review message to the original thread.
+    /// Where to run the review: inline (default) on the current thread or
+    /// detached on a new thread (returned in `reviewThreadId`).
     #[serde(default)]
-    pub append_to_original_thread: bool,
+    pub delivery: Option<ReviewDelivery>,
+}
+
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
+#[serde(rename_all = "camelCase")]
+#[ts(export_to = "v2/")]
+pub struct ReviewStartResponse {
+    pub turn: Turn,
+    /// Identifies the thread where the review runs.
+    ///
+    /// For inline reviews, this is the original thread id.
+    /// For detached reviews, this is the id of the new review thread.
+    pub review_thread_id: String,
 }
 
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
@@ -1020,6 +1139,8 @@ pub enum ThreadItem {
         command: String,
         /// The command's working directory.
         cwd: PathBuf,
+        /// Identifier for the underlying PTY process (when available).
+        process_id: Option<String>,
         status: CommandExecutionStatus,
         /// A best-effort parsing of the command to understand the action(s) it will perform.
         /// This returns a list of CommandAction objects because a single shell command may
@@ -1030,6 +1151,7 @@ pub enum ThreadItem {
         /// The command's exit code.
         exit_code: Option<i32>,
         /// The duration of the command execution in milliseconds.
+        #[ts(type = "number | null")]
         duration_ms: Option<i64>,
     },
     #[serde(rename_all = "camelCase")]
@@ -1049,19 +1171,22 @@ pub enum ThreadItem {
         arguments: JsonValue,
         result: Option<McpToolCallResult>,
         error: Option<McpToolCallError>,
+        /// The duration of the MCP tool call in milliseconds.
+        #[ts(type = "number | null")]
+        duration_ms: Option<i64>,
     },
     #[serde(rename_all = "camelCase")]
     #[ts(rename_all = "camelCase")]
     WebSearch { id: String, query: String },
     #[serde(rename_all = "camelCase")]
     #[ts(rename_all = "camelCase")]
-    TodoList { id: String, items: Vec<TodoItem> },
-    #[serde(rename_all = "camelCase")]
-    #[ts(rename_all = "camelCase")]
     ImageView { id: String, path: String },
     #[serde(rename_all = "camelCase")]
     #[ts(rename_all = "camelCase")]
-    CodeReview { id: String, review: String },
+    EnteredReviewMode { id: String, review: String },
+    #[serde(rename_all = "camelCase")]
+    #[ts(rename_all = "camelCase")]
+    ExitedReviewMode { id: String, review: String },
 }
 
 impl From<CoreTurnItem> for ThreadItem {
@@ -1157,15 +1282,6 @@ pub struct McpToolCallError {
     pub message: String,
 }
 
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct TodoItem {
-    pub id: String,
-    pub text: String,
-    pub completed: bool,
-}
-
 // === Server Notifications ===
 // Thread/Turn lifecycle notifications and item progress events
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
@@ -1206,10 +1322,57 @@ pub struct TurnCompletedNotification {
 /// Notification that the turn-level unified diff has changed.
 /// Contains the latest aggregated diff across all file changes in the turn.
 pub struct TurnDiffUpdatedNotification {
+    pub thread_id: String,
     pub turn_id: String,
     pub diff: String,
 }
 
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
+#[serde(rename_all = "camelCase")]
+#[ts(export_to = "v2/")]
+pub struct TurnPlanUpdatedNotification {
+    pub thread_id: String,
+    pub turn_id: String,
+    pub explanation: Option<String>,
+    pub plan: Vec<TurnPlanStep>,
+}
+
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
+#[serde(rename_all = "camelCase")]
+#[ts(export_to = "v2/")]
+pub struct TurnPlanStep {
+    pub step: String,
+    pub status: TurnPlanStepStatus,
+}
+
+#[derive(Serialize, Deserialize, Debug, Clone, Copy, PartialEq, Eq, JsonSchema, TS)]
+#[serde(rename_all = "camelCase")]
+#[ts(export_to = "v2/")]
+pub enum TurnPlanStepStatus {
+    Pending,
+    InProgress,
+    Completed,
+}
+
+impl From<CorePlanItemArg> for TurnPlanStep {
+    fn from(value: CorePlanItemArg) -> Self {
+        Self {
+            step: value.step,
+            status: value.status.into(),
+        }
+    }
+}
+
+impl From<CorePlanStepStatus> for TurnPlanStepStatus {
+    fn from(value: CorePlanStepStatus) -> Self {
+        match value {
+            CorePlanStepStatus::Pending => Self::Pending,
+            CorePlanStepStatus::InProgress => Self::InProgress,
+            CorePlanStepStatus::Completed => Self::Completed,
+        }
+    }
+}
+
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
@@ -1233,6 +1396,8 @@ pub struct ItemCompletedNotification {
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
 pub struct AgentMessageDeltaNotification {
+    pub thread_id: String,
+    pub turn_id: String,
     pub item_id: String,
     pub delta: String,
 }
@@ -1241,8 +1406,11 @@ pub struct AgentMessageDeltaNotification {
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
 pub struct ReasoningSummaryTextDeltaNotification {
+    pub thread_id: String,
+    pub turn_id: String,
     pub item_id: String,
     pub delta: String,
+    #[ts(type = "number")]
     pub summary_index: i64,
 }
 
@@ -1250,7 +1418,10 @@ pub struct ReasoningSummaryTextDeltaNotification {
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
 pub struct ReasoningSummaryPartAddedNotification {
+    pub thread_id: String,
+    pub turn_id: String,
     pub item_id: String,
+    #[ts(type = "number")]
     pub summary_index: i64,
 }
 
@@ -1258,8 +1429,11 @@ pub struct ReasoningSummaryPartAddedNotification {
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
 pub struct ReasoningTextDeltaNotification {
+    pub thread_id: String,
+    pub turn_id: String,
     pub item_id: String,
     pub delta: String,
+    #[ts(type = "number")]
     pub content_index: i64,
 }
 
@@ -1267,6 +1441,18 @@ pub struct ReasoningTextDeltaNotification {
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
 pub struct CommandExecutionOutputDeltaNotification {
+    pub thread_id: String,
+    pub turn_id: String,
+    pub item_id: String,
+    pub delta: String,
+}
+
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
+#[serde(rename_all = "camelCase")]
+#[ts(export_to = "v2/")]
+pub struct FileChangeOutputDeltaNotification {
+    pub thread_id: String,
+    pub turn_id: String,
     pub item_id: String,
     pub delta: String,
 }
@@ -1275,6 +1461,8 @@ pub struct CommandExecutionOutputDeltaNotification {
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
 pub struct McpToolCallProgressNotification {
+    pub thread_id: String,
+    pub turn_id: String,
     pub item_id: String,
     pub message: String,
 }
@@ -1307,15 +1495,8 @@ pub struct CommandExecutionRequestApprovalParams {
     pub reason: Option<String>,
     /// Optional model-provided risk assessment describing the blocked command.
     pub risk: Option<SandboxCommandAssessment>,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct CommandExecutionRequestAcceptSettings {
-    /// If true, automatically approve this command for the duration of the session.
-    #[serde(default)]
-    pub for_session: bool,
+    /// Optional proposed execpolicy amendment to allow similar commands without prompting.
+    pub proposed_execpolicy_amendment: Option<ExecPolicyAmendment>,
 }
 
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
@@ -1323,10 +1504,6 @@ pub struct CommandExecutionRequestAcceptSettings {
 #[ts(export_to = "v2/")]
 pub struct CommandExecutionRequestApprovalResponse {
     pub decision: ApprovalDecision,
-    /// Optional approval settings for when the decision is `accept`.
-    /// Ignored if the decision is `decline` or `cancel`.
-    #[serde(default)]
-    pub accept_settings: Option<CommandExecutionRequestAcceptSettings>,
 }
 
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
@@ -1363,6 +1540,7 @@ pub struct RateLimitSnapshot {
     pub primary: Option<RateLimitWindow>,
     pub secondary: Option<RateLimitWindow>,
     pub credits: Option<CreditsSnapshot>,
+    pub plan_type: Option<PlanType>,
 }
 
 impl From<CoreRateLimitSnapshot> for RateLimitSnapshot {
@@ -1371,6 +1549,7 @@ impl From<CoreRateLimitSnapshot> for RateLimitSnapshot {
             primary: value.primary.map(RateLimitWindow::from),
             secondary: value.secondary.map(RateLimitWindow::from),
             credits: value.credits.map(CreditsSnapshot::from),
+            plan_type: value.plan_type,
         }
     }
 }
@@ -1380,7 +1559,9 @@ impl From<CoreRateLimitSnapshot> for RateLimitSnapshot {
 #[ts(export_to = "v2/")]
 pub struct RateLimitWindow {
     pub used_percent: i32,
+    #[ts(type = "number | null")]
     pub window_duration_mins: Option<i64>,
+    #[ts(type = "number | null")]
     pub resets_at: Option<i64>,
 }
 

codex-rs/app-server-test-client/src/main.rs

@@ -21,7 +21,6 @@ use codex_app_server_protocol::ApprovalDecision;
 use codex_app_server_protocol::AskForApproval;
 use codex_app_server_protocol::ClientInfo;
 use codex_app_server_protocol::ClientRequest;
-use codex_app_server_protocol::CommandExecutionRequestAcceptSettings;
 use codex_app_server_protocol::CommandExecutionRequestApprovalParams;
 use codex_app_server_protocol::CommandExecutionRequestApprovalResponse;
 use codex_app_server_protocol::FileChangeRequestApprovalParams;
@@ -563,7 +562,9 @@ impl CodexClient {
                 ServerNotification::TurnCompleted(payload) => {
                     if payload.turn.id == turn_id {
                         println!("\n< turn/completed notification: {:?}", payload.turn.status);
-                        if let TurnStatus::Failed { error } = &payload.turn.status {
+                        if payload.turn.status == TurnStatus::Failed
+                            && let Some(error) = payload.turn.error
+                        {
                             println!("[turn error] {}", error.message);
                         }
                         break;
@@ -752,6 +753,7 @@ impl CodexClient {
             item_id,
             reason,
             risk,
+            proposed_execpolicy_amendment,
         } = params;
 
         println!(
@@ -763,10 +765,12 @@ impl CodexClient {
         if let Some(risk) = risk.as_ref() {
             println!("< risk assessment: {risk:?}");
         }
+        if let Some(execpolicy_amendment) = proposed_execpolicy_amendment.as_ref() {
+            println!("< proposed execpolicy amendment: {execpolicy_amendment:?}");
+        }
 
         let response = CommandExecutionRequestApprovalResponse {
             decision: ApprovalDecision::Accept,
-            accept_settings: Some(CommandExecutionRequestAcceptSettings { for_session: false }),
         };
         self.send_server_request_response(request_id, &response)?;
         println!("< approved commandExecution request for item {item_id}");

codex-rs/app-server/Cargo.toml

@@ -31,6 +31,7 @@ chrono = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true }
 sha2 = { workspace = true }
+mcp-types = { workspace = true }
 tempfile = { workspace = true }
 toml = { workspace = true }
 tokio = { workspace = true, features = [

codex-rs/app-server/README.md

@@ -1,15 +1,15 @@
 # codex-app-server
 
-`codex app-server` is the interface Codex uses to power rich interfaces such as the [Codex VS Code extension](https://marketplace.visualstudio.com/items?itemName=openai.chatgpt). The message schema is currently unstable, but those who wish to build experimental UIs on top of Codex may find it valuable.
+`codex app-server` is the interface Codex uses to power rich interfaces such as the [Codex VS Code extension](https://marketplace.visualstudio.com/items?itemName=openai.chatgpt).
 
 ## Table of Contents
 - [Protocol](#protocol)
 - [Message Schema](#message-schema)
+- [Core Primitives](#core-primitives)
 - [Lifecycle Overview](#lifecycle-overview)
 - [Initialization](#initialization)
-- [Core primitives](#core-primitives)
-- [Thread & turn endpoints](#thread--turn-endpoints)
-- [Events (work-in-progress)](#events-work-in-progress)
+- [API Overview](#api-overview)
+- [Events](#events)
 - [Auth endpoints](#auth-endpoints)
 
 ## Protocol
@@ -25,6 +25,15 @@ codex app-server generate-ts --out DIR
 codex app-server generate-json-schema --out DIR
 ```
 
+## Core Primitives
+
+The API exposes three top level primitives representing an interaction between a user and Codex:
+- **Thread**: A conversation between a user and the Codex agent. Each thread contains multiple turns.
+- **Turn**: One turn of the conversation, typically starting with a user message and finishing with an agent message. Each turn contains multiple items.
+- **Item**: Represents user inputs and agent outputs as part of the turn, persisted and used as the context for future conversations. Example items include user message, agent reasoning, agent message, shell command, file edit, etc.
+
+Use the thread APIs to create, list, or archive conversations. Drive a conversation with turn APIs and stream progress via turn notifications.
+
 ## Lifecycle Overview
 
 - Initialize once: Immediately after launching the codex app-server process, send an `initialize` request with your client metadata, then emit an `initialized` notification. Any other request before this handshake gets rejected.
@@ -37,37 +46,32 @@ codex app-server generate-json-schema --out DIR
 
 Clients must send a single `initialize` request before invoking any other method, then acknowledge with an `initialized` notification. The server returns the user agent string it will present to upstream services; subsequent requests issued before initialization receive a `"Not initialized"` error, and repeated `initialize` calls receive an `"Already initialized"` error.
 
-Example:
+Applications building on top of `codex app-server` should identify themselves via the `clientInfo` parameter.
 
+Example (from OpenAI's official VSCode extension):
 ```json
 { "method": "initialize", "id": 0, "params": {
     "clientInfo": { "name": "codex-vscode", "title": "Codex VS Code Extension", "version": "0.1.0" }
 } }
-{ "id": 0, "result": { "userAgent": "codex-app-server/0.1.0 codex-vscode/0.1.0" } }
-{ "method": "initialized" }
 ```
 
-## Core primitives
-
-We have 3 top level primitives:
-- Thread - a conversation between the Codex agent and a user. Each thread contains multiple turns.
-- Turn - one turn of the conversation, typically starting with a user message and finishing with an agent message. Each turn contains multiple items.
-- Item - represents user inputs and agent outputs as part of the turn, persisted and used as the context for future conversations.
-
-## Thread & turn endpoints
-
-The JSON-RPC API exposes dedicated methods for managing Codex conversations. Threads store long-lived conversation metadata, and turns store the per-message exchange (input → Codex output, including streamed items). Use the thread APIs to create, list, or archive sessions, then drive the conversation with turn APIs and notifications.
-
-### Quick reference
+## API Overview
 - `thread/start` — create a new thread; emits `thread/started` and auto-subscribes you to turn/item events for that thread.
 - `thread/resume` — reopen an existing thread by id so subsequent `turn/start` calls append to it.
 - `thread/list` — page through stored rollouts; supports cursor-based pagination and optional `modelProviders` filtering.
 - `thread/archive` — move a thread’s rollout file into the archived directory; returns `{}` on success.
 - `turn/start` — add user input to a thread and begin Codex generation; responds with the initial `turn` object and streams `turn/started`, `item/*`, and `turn/completed` notifications.
 - `turn/interrupt` — request cancellation of an in-flight turn by `(thread_id, turn_id)`; success is an empty `{}` response and the turn finishes with `status: "interrupted"`.
-- `review/start` — kick off Codex’s automated reviewer for a thread; responds like `turn/start` and emits a `item/completed` notification with a `codeReview` item when results are ready.
+- `review/start` — kick off Codex’s automated reviewer for a thread; responds like `turn/start` and emits `item/started`/`item/completed` notifications with `enteredReviewMode` and `exitedReviewMode` items, plus a final assistant `agentMessage` containing the review.
+- `command/exec` — run a single command under the server sandbox without starting a thread/turn (handy for utilities and validation).
+- `model/list` — list available models (with reasoning effort options).
+- `feedback/upload` — submit a feedback report (classification + optional reason/logs and conversation_id); returns the tracking thread id.
+- `command/exec` — run a single command under the server sandbox without starting a thread/turn (handy for utilities and validation).
+- `config/read` — fetch the effective config on disk after resolving config layering.
+- `config/value/write` — write a single config key/value to the user's config.toml on disk.
+- `config/batchWrite` — apply multiple config edits atomically to the user's config.toml on disk.
 
-### 1) Start or resume a thread
+### Example: Start or resume a thread
 
 Start a fresh thread when you need a new Codex conversation.
 
@@ -98,7 +102,7 @@ To continue a stored session, call `thread/resume` with the `thread.id` you prev
 { "id": 11, "result": { "thread": { "id": "thr_123", … } } }
 ```
 
-### 2) List threads (pagination & filters)
+### Example: List threads (with pagination & filters)
 
 `thread/list` lets you render a history UI. Pass any combination of:
 - `cursor` — opaque string from a prior response; omit for the first page.
@@ -123,7 +127,7 @@ Example:
 
 When `nextCursor` is `null`, you’ve reached the final page.
 
-### 3) Archive a thread
+### Example: Archive a thread
 
 Use `thread/archive` to move the persisted rollout (stored as a JSONL file on disk) into the archived sessions directory.
 
@@ -134,7 +138,7 @@ Use `thread/archive` to move the persisted rollout (stored as a JSONL file on di
 
 An archived thread will not appear in future calls to `thread/list`.
 
-### 4) Start a turn (send user input)
+### Example: Start a turn (send user input)
 
 Turns attach user input (text or images) to a thread and trigger Codex generation. The `input` field is a list of discriminated unions:
 
@@ -168,7 +172,7 @@ You can optionally specify config overrides on the new turn. If specified, these
 } } }
 ```
 
-### 5) Interrupt an active turn
+### Example: Interrupt an active turn
 
 You can cancel a running Turn with `turn/interrupt`.
 
@@ -182,7 +186,7 @@ You can cancel a running Turn with `turn/interrupt`.
 
 The server requests cancellations for running subprocesses, then emits a `turn/completed` event with `status: "interrupted"`. Rely on the `turn/completed` to know when Codex-side cleanup is done.
 
-### 6) Request a code review
+### Example: Request a code review
 
 Use `review/start` to run Codex’s reviewer on the currently checked-out project. The request takes the thread id plus a `target` describing what should be reviewed:
 
@@ -190,51 +194,77 @@ Use `review/start` to run Codex’s reviewer on the currently checked-out projec
 - `{"type":"baseBranch","branch":"main"}` — diff against the provided branch’s upstream (see prompt for the exact `git merge-base`/`git diff` instructions Codex will run).
 - `{"type":"commit","sha":"abc1234","title":"Optional subject"}` — review a specific commit.
 - `{"type":"custom","instructions":"Free-form reviewer instructions"}` — fallback prompt equivalent to the legacy manual review request.
-- `appendToOriginalThread` (bool, default `false`) — when `true`, Codex also records a final assistant-style message with the review summary in the original thread. When `false`, only the `codeReview` item is emitted for the review run and no extra message is added to the original thread.
+- `delivery` (`"inline"` or `"detached"`, default `"inline"`) — where the review runs:
+  - `"inline"`: run the review as a new turn on the existing thread. The response’s `reviewThreadId` equals the original `threadId`, and no new `thread/started` notification is emitted.
+  - `"detached"`: fork a new review thread from the parent conversation and run the review there. The response’s `reviewThreadId` is the id of this new review thread, and the server emits a `thread/started` notification for it before streaming review items.
 
 Example request/response:
 
 ```json
 { "method": "review/start", "id": 40, "params": {
     "threadId": "thr_123",
-    "appendToOriginalThread": true,
+    "delivery": "inline",
     "target": { "type": "commit", "sha": "1234567deadbeef", "title": "Polish tui colors" }
 } }
-{ "id": 40, "result": { "turn": {
-    "id": "turn_900",
-    "status": "inProgress",
-    "items": [
-        { "type": "userMessage", "id": "turn_900", "content": [ { "type": "text", "text": "Review commit 1234567: Polish tui colors" } ] }
-    ],
-    "error": null
-} } }
+{ "id": 40, "result": {
+    "turn": {
+        "id": "turn_900",
+        "status": "inProgress",
+        "items": [
+            { "type": "userMessage", "id": "turn_900", "content": [ { "type": "text", "text": "Review commit 1234567: Polish tui colors" } ] }
+        ],
+        "error": null
+    },
+    "reviewThreadId": "thr_123"
+} }
 ```
 
+For a detached review, use `"delivery": "detached"`. The response is the same shape, but `reviewThreadId` will be the id of the new review thread (different from the original `threadId`). The server also emits a `thread/started` notification for that new thread before streaming the review turn.
+
 Codex streams the usual `turn/started` notification followed by an `item/started`
-with the same `codeReview` item id so clients can show progress:
+with an `enteredReviewMode` item so clients can show progress:
 
 ```json
 { "method": "item/started", "params": { "item": {
-    "type": "codeReview",
+    "type": "enteredReviewMode",
     "id": "turn_900",
     "review": "current changes"
 } } }
 ```
 
-When the reviewer finishes, the server emits `item/completed` containing the same
-`codeReview` item with the final review text:
+When the reviewer finishes, the server emits `item/started` and `item/completed`
+containing an `exitedReviewMode` item with the final review text:
 
 ```json
 { "method": "item/completed", "params": { "item": {
-    "type": "codeReview",
+    "type": "exitedReviewMode",
     "id": "turn_900",
     "review": "Looks solid overall...\n\n- Prefer Stylize helpers — app.rs:10-20\n  ..."
 } } }
 ```
 
-The `review` string is plain text that already bundles the overall explanation plus a bullet list for each structured finding (matching `ThreadItem::CodeReview` in the generated schema). Use this notification to render the reviewer output in your client.
+The `review` string is plain text that already bundles the overall explanation plus a bullet list for each structured finding (matching `ThreadItem::ExitedReviewMode` in the generated schema). Use this notification to render the reviewer output in your client.
 
-## Events (work-in-progress)
+### Example: One-off command execution
+
+Run a standalone command (argv vector) in the server’s sandbox without creating a thread or turn:
+
+```json
+{ "method": "command/exec", "id": 32, "params": {
+    "command": ["ls", "-la"],
+    "cwd": "/Users/me/project",                    // optional; defaults to server cwd
+    "sandboxPolicy": { "type": "workspaceWrite" }, // optional; defaults to user config
+    "timeoutMs": 10000                             // optional; ms timeout; defaults to server timeout
+} }
+{ "id": 32, "result": { "exitCode": 0, "stdout": "...", "stderr": "" } }
+```
+
+Notes:
+- Empty `command` arrays are rejected.
+- `sandboxPolicy` accepts the same shape used by `turn/start` (e.g., `dangerFullAccess`, `readOnly`, `workspaceWrite` with flags).
+- When omitted, `timeoutMs` falls back to the server default.
+
+## Events
 
 Event notifications are the server-initiated event stream for thread lifecycles, turn lifecycles, and the items within them. After you start or resume a thread, keep reading stdout for `thread/started`, `turn/*`, and `item/*` notifications.
 
@@ -244,10 +274,12 @@ The app-server streams JSON-RPC notifications while a turn is running. Each turn
 
 - `turn/started` — `{ turn }` with the turn id, empty `items`, and `status: "inProgress"`.
 - `turn/completed` — `{ turn }` where `turn.status` is `completed`, `interrupted`, or `failed`; failures carry `{ error: { message, codexErrorInfo? } }`.
+- `turn/diff/updated` — `{ threadId, turnId, diff }` represents the up-to-date snapshot of the turn-level unified diff, emitted after every FileChange item. `diff` is the latest aggregated unified diff across every file change in the turn. UIs can render this to show the full "what changed" view without stitching individual `fileChange` items.
+- `turn/plan/updated` — `{ turnId, explanation?, plan }` whenever the agent shares or changes its plan; each `plan` entry is `{ step, status }` with `status` in `pending`, `inProgress`, or `completed`.
 
 Today both notifications carry an empty `items` array even when item events were streamed; rely on `item/*` notifications for the canonical item list until this is fixed.
 
-#### Thread items
+#### Items
 
 `ThreadItem` is the tagged union carried in turn responses and `item/*` notifications. Currently we support events for the following items:
 - `userMessage` — `{id, content}` where `content` is a list of user inputs (`text`, `image`, or `localImage`).
@@ -257,6 +289,9 @@ Today both notifications carry an empty `items` array even when item events were
 - `fileChange` — `{id, changes, status}` describing proposed edits; `changes` list `{path, kind, diff}` and `status` is `inProgress`, `completed`, `failed`, or `declined`.
 - `mcpToolCall` — `{id, server, tool, status, arguments, result?, error?}` describing MCP calls; `status` is `inProgress`, `completed`, or `failed`.
 - `webSearch` — `{id, query}` for a web search request issued by the agent.
+- `imageView` — `{id, path}` emitted when the agent invokes the image viewer tool.
+- `enteredReviewMode` — `{id, review}` sent when the reviewer starts; `review` is a short user-facing label such as `"current changes"` or the requested target description.
+- `exitedReviewMode` — `{id, review}` emitted when the reviewer finishes; `review` is the full plain-text review (usually, overall notes plus bullet point findings).
 - `compacted` - `{threadId, turnId}` when codex compacts the conversation history. This can happen automatically.
 
 All items emit two shared lifecycle events:
@@ -274,7 +309,7 @@ There are additional item-specific events:
 - `item/commandExecution/outputDelta` — streams stdout/stderr for the command; append deltas in order to render live output alongside `aggregatedOutput` in the final item.
 Final `commandExecution` items include parsed `commandActions`, `status`, `exitCode`, and `durationMs` so the UI can summarize what ran and whether it succeeded.
 #### fileChange
-`fileChange` items contain a `changes` list with `{path, kind, diff}` entries (`kind` is `add`, `delete`, or `update` with an optional `movePath`). The `status` tracks whether apply succeeded (`completed`), failed, or was `declined`.
+- `item/fileChange/outputDelta` - contains the tool call response of the underlying `apply_patch` tool call.
 
 ### Errors
 `error` event is emitted whenever the server hits an error mid-turn (for example, upstream model errors or quota limits). Carries the same `{ error: { message, codexErrorInfo? } }` payload as `turn.status: "failed"` and may precede that terminal notification.
@@ -323,7 +358,7 @@ UI guidance for IDEs: surface an approval dialog as soon as the request arrives.
 
 The JSON-RPC auth/account surface exposes request/response methods plus server-initiated notifications (no `id`). Use these to determine auth state, start or cancel logins, logout, and inspect ChatGPT rate limits.
 
-### Quick reference
+### API Overview
 - `account/read` — fetch current account info; optionally refresh tokens.
 - `account/login/start` — begin login (`apiKey` or `chatgpt`).
 - `account/login/completed` (notify) — emitted when a login attempt finishes (success or error).
@@ -408,9 +443,3 @@ Field notes:
 - `usedPercent` is current usage within the OpenAI quota window.
 - `windowDurationMins` is the quota window length.
 - `resetsAt` is a Unix timestamp (seconds) for the next reset.
-
-### Dev notes
-
-- `codex app-server generate-ts --out <dir>` emits v2 types under `v2/`.
-- `codex app-server generate-json-schema --out <dir>` outputs `codex_app_server_protocol.schemas.json`.
-- See [“Authentication and authorization” in the config docs](../../docs/config.md#authentication-and-authorization) for configuration knobs.

codex-rs/app-server/src/bespoke_event_handling.rs

@@ -18,6 +18,8 @@ use codex_app_server_protocol::ContextCompactedNotification;
 use codex_app_server_protocol::ErrorNotification;
 use codex_app_server_protocol::ExecCommandApprovalParams;
 use codex_app_server_protocol::ExecCommandApprovalResponse;
+use codex_app_server_protocol::ExecPolicyAmendment as V2ExecPolicyAmendment;
+use codex_app_server_protocol::FileChangeOutputDeltaNotification;
 use codex_app_server_protocol::FileChangeRequestApprovalParams;
 use codex_app_server_protocol::FileChangeRequestApprovalResponse;
 use codex_app_server_protocol::FileUpdateChange;
@@ -43,6 +45,8 @@ use codex_app_server_protocol::TurnCompletedNotification;
 use codex_app_server_protocol::TurnDiffUpdatedNotification;
 use codex_app_server_protocol::TurnError;
 use codex_app_server_protocol::TurnInterruptResponse;
+use codex_app_server_protocol::TurnPlanStep;
+use codex_app_server_protocol::TurnPlanUpdatedNotification;
 use codex_app_server_protocol::TurnStatus;
 use codex_core::CodexConversation;
 use codex_core::parse_command::shlex_join;
@@ -59,7 +63,9 @@ use codex_core::protocol::ReviewDecision;
 use codex_core::protocol::TokenCountEvent;
 use codex_core::protocol::TurnDiffEvent;
 use codex_core::review_format::format_review_findings_block;
+use codex_core::review_prompts;
 use codex_protocol::ConversationId;
+use codex_protocol::plan_tool::UpdatePlanArgs;
 use codex_protocol::protocol::ReviewOutputEvent;
 use std::collections::HashMap;
 use std::convert::TryFrom;
@@ -174,6 +180,7 @@ pub(crate) async fn apply_bespoke_event_handling(
             cwd,
             reason,
             risk,
+            proposed_execpolicy_amendment,
             parsed_cmd,
         }) => match api_version {
             ApiVersion::V1 => {
@@ -201,6 +208,8 @@ pub(crate) async fn apply_bespoke_event_handling(
                     .map(V2ParsedCommand::from)
                     .collect::<Vec<_>>();
                 let command_string = shlex_join(&command);
+                let proposed_execpolicy_amendment_v2 =
+                    proposed_execpolicy_amendment.map(V2ExecPolicyAmendment::from);
 
                 let params = CommandExecutionRequestApprovalParams {
                     thread_id: conversation_id.to_string(),
@@ -210,6 +219,7 @@ pub(crate) async fn apply_bespoke_event_handling(
                     item_id: item_id.clone(),
                     reason,
                     risk: risk.map(V2SandboxCommandAssessment::from),
+                    proposed_execpolicy_amendment: proposed_execpolicy_amendment_v2,
                 };
                 let rx = outgoing
                     .send_request(ServerRequestPayload::CommandExecutionRequestApproval(
@@ -257,6 +267,8 @@ pub(crate) async fn apply_bespoke_event_handling(
         }
         EventMsg::AgentMessageContentDelta(event) => {
             let notification = AgentMessageDeltaNotification {
+                thread_id: conversation_id.to_string(),
+                turn_id: event_turn_id.clone(),
                 item_id: event.item_id,
                 delta: event.delta,
             };
@@ -275,6 +287,8 @@ pub(crate) async fn apply_bespoke_event_handling(
         }
         EventMsg::ReasoningContentDelta(event) => {
             let notification = ReasoningSummaryTextDeltaNotification {
+                thread_id: conversation_id.to_string(),
+                turn_id: event_turn_id.clone(),
                 item_id: event.item_id,
                 delta: event.delta,
                 summary_index: event.summary_index,
@@ -287,6 +301,8 @@ pub(crate) async fn apply_bespoke_event_handling(
         }
         EventMsg::ReasoningRawContentDelta(event) => {
             let notification = ReasoningTextDeltaNotification {
+                thread_id: conversation_id.to_string(),
+                turn_id: event_turn_id.clone(),
                 item_id: event.item_id,
                 delta: event.delta,
                 content_index: event.content_index,
@@ -297,6 +313,8 @@ pub(crate) async fn apply_bespoke_event_handling(
         }
         EventMsg::AgentReasoningSectionBreak(event) => {
             let notification = ReasoningSummaryPartAddedNotification {
+                thread_id: conversation_id.to_string(),
+                turn_id: event_turn_id.clone(),
                 item_id: event.item_id,
                 summary_index: event.summary_index,
             };
@@ -319,6 +337,7 @@ pub(crate) async fn apply_bespoke_event_handling(
             outgoing
                 .send_server_notification(ServerNotification::Error(ErrorNotification {
                     error: turn_error,
+                    will_retry: false,
                     thread_id: conversation_id.to_string(),
                     turn_id: event_turn_id.clone(),
                 }))
@@ -334,22 +353,57 @@ pub(crate) async fn apply_bespoke_event_handling(
             outgoing
                 .send_server_notification(ServerNotification::Error(ErrorNotification {
                     error: turn_error,
+                    will_retry: true,
                     thread_id: conversation_id.to_string(),
                     turn_id: event_turn_id.clone(),
                 }))
                 .await;
         }
-        EventMsg::EnteredReviewMode(review_request) => {
-            let notification = ItemStartedNotification {
+        EventMsg::ViewImageToolCall(view_image_event) => {
+            let item = ThreadItem::ImageView {
+                id: view_image_event.call_id.clone(),
+                path: view_image_event.path.to_string_lossy().into_owned(),
+            };
+            let started = ItemStartedNotification {
                 thread_id: conversation_id.to_string(),
                 turn_id: event_turn_id.clone(),
-                item: ThreadItem::CodeReview {
-                    id: event_turn_id.clone(),
-                    review: review_request.user_facing_hint,
-                },
+                item: item.clone(),
             };
             outgoing
-                .send_server_notification(ServerNotification::ItemStarted(notification))
+                .send_server_notification(ServerNotification::ItemStarted(started))
+                .await;
+            let completed = ItemCompletedNotification {
+                thread_id: conversation_id.to_string(),
+                turn_id: event_turn_id.clone(),
+                item,
+            };
+            outgoing
+                .send_server_notification(ServerNotification::ItemCompleted(completed))
+                .await;
+        }
+        EventMsg::EnteredReviewMode(review_request) => {
+            let review = review_request
+                .user_facing_hint
+                .unwrap_or_else(|| review_prompts::user_facing_hint(&review_request.target));
+            let item = ThreadItem::EnteredReviewMode {
+                id: event_turn_id.clone(),
+                review,
+            };
+            let started = ItemStartedNotification {
+                thread_id: conversation_id.to_string(),
+                turn_id: event_turn_id.clone(),
+                item: item.clone(),
+            };
+            outgoing
+                .send_server_notification(ServerNotification::ItemStarted(started))
+                .await;
+            let completed = ItemCompletedNotification {
+                thread_id: conversation_id.to_string(),
+                turn_id: event_turn_id.clone(),
+                item,
+            };
+            outgoing
+                .send_server_notification(ServerNotification::ItemCompleted(completed))
                 .await;
         }
         EventMsg::ItemStarted(item_started_event) => {
@@ -375,21 +429,29 @@ pub(crate) async fn apply_bespoke_event_handling(
                 .await;
         }
         EventMsg::ExitedReviewMode(review_event) => {
-            let review_text = match review_event.review_output {
+            let review = match review_event.review_output {
                 Some(output) => render_review_output_text(&output),
                 None => REVIEW_FALLBACK_MESSAGE.to_string(),
             };
-            let review_item_id = event_turn_id.clone();
-            let notification = ItemCompletedNotification {
+            let item = ThreadItem::ExitedReviewMode {
+                id: event_turn_id.clone(),
+                review,
+            };
+            let started = ItemStartedNotification {
                 thread_id: conversation_id.to_string(),
                 turn_id: event_turn_id.clone(),
-                item: ThreadItem::CodeReview {
-                    id: review_item_id,
-                    review: review_text,
-                },
+                item: item.clone(),
             };
             outgoing
-                .send_server_notification(ServerNotification::ItemCompleted(notification))
+                .send_server_notification(ServerNotification::ItemStarted(started))
+                .await;
+            let completed = ItemCompletedNotification {
+                thread_id: conversation_id.to_string(),
+                turn_id: event_turn_id.clone(),
+                item,
+            };
+            outgoing
+                .send_server_notification(ServerNotification::ItemCompleted(completed))
                 .await;
         }
         EventMsg::PatchApplyBegin(patch_begin_event) => {
@@ -449,11 +511,13 @@ pub(crate) async fn apply_bespoke_event_handling(
                 .collect::<Vec<_>>();
             let command = shlex_join(&exec_command_begin_event.command);
             let cwd = exec_command_begin_event.cwd;
+            let process_id = exec_command_begin_event.process_id;
 
             let item = ThreadItem::CommandExecution {
                 id: item_id,
                 command,
                 cwd,
+                process_id,
                 status: CommandExecutionStatus::InProgress,
                 command_actions,
                 aggregated_output: None,
@@ -470,15 +534,44 @@ pub(crate) async fn apply_bespoke_event_handling(
                 .await;
         }
         EventMsg::ExecCommandOutputDelta(exec_command_output_delta_event) => {
-            let notification = CommandExecutionOutputDeltaNotification {
-                item_id: exec_command_output_delta_event.call_id.clone(),
-                delta: String::from_utf8_lossy(&exec_command_output_delta_event.chunk).to_string(),
+            let item_id = exec_command_output_delta_event.call_id.clone();
+            let delta = String::from_utf8_lossy(&exec_command_output_delta_event.chunk).to_string();
+            // The underlying EventMsg::ExecCommandOutputDelta is used for shell, unified_exec,
+            // and apply_patch tool calls. We represent apply_patch with the FileChange item, and
+            // everything else with the CommandExecution item.
+            //
+            // We need to detect which item type it is so we can emit the right notification.
+            // We already have state tracking FileChange items on item/started, so let's use that.
+            let is_file_change = {
+                let map = turn_summary_store.lock().await;
+                map.get(&conversation_id)
+                    .is_some_and(|summary| summary.file_change_started.contains(&item_id))
             };
-            outgoing
-                .send_server_notification(ServerNotification::CommandExecutionOutputDelta(
-                    notification,
-                ))
-                .await;
+            if is_file_change {
+                let notification = FileChangeOutputDeltaNotification {
+                    thread_id: conversation_id.to_string(),
+                    turn_id: event_turn_id.clone(),
+                    item_id,
+                    delta,
+                };
+                outgoing
+                    .send_server_notification(ServerNotification::FileChangeOutputDelta(
+                        notification,
+                    ))
+                    .await;
+            } else {
+                let notification = CommandExecutionOutputDeltaNotification {
+                    thread_id: conversation_id.to_string(),
+                    turn_id: event_turn_id.clone(),
+                    item_id,
+                    delta,
+                };
+                outgoing
+                    .send_server_notification(ServerNotification::CommandExecutionOutputDelta(
+                        notification,
+                    ))
+                    .await;
+            }
         }
         EventMsg::ExecCommandEnd(exec_command_end_event) => {
             let ExecCommandEndEvent {
@@ -486,6 +579,7 @@ pub(crate) async fn apply_bespoke_event_handling(
                 command,
                 cwd,
                 parsed_cmd,
+                process_id,
                 aggregated_output,
                 exit_code,
                 duration,
@@ -514,6 +608,7 @@ pub(crate) async fn apply_bespoke_event_handling(
                 id: call_id,
                 command: shlex_join(&command),
                 cwd,
+                process_id,
                 status,
                 command_actions,
                 aggregated_output,
@@ -563,6 +658,7 @@ pub(crate) async fn apply_bespoke_event_handling(
         }
         EventMsg::TurnDiff(turn_diff_event) => {
             handle_turn_diff(
+                conversation_id,
                 &event_turn_id,
                 turn_diff_event,
                 api_version,
@@ -570,12 +666,23 @@ pub(crate) async fn apply_bespoke_event_handling(
             )
             .await;
         }
+        EventMsg::PlanUpdate(plan_update_event) => {
+            handle_turn_plan_update(
+                conversation_id,
+                &event_turn_id,
+                plan_update_event,
+                api_version,
+                outgoing.as_ref(),
+            )
+            .await;
+        }
 
         _ => {}
     }
 }
 
 async fn handle_turn_diff(
+    conversation_id: ConversationId,
     event_turn_id: &str,
     turn_diff_event: TurnDiffEvent,
     api_version: ApiVersion,
@@ -583,6 +690,7 @@ async fn handle_turn_diff(
 ) {
     if let ApiVersion::V2 = api_version {
         let notification = TurnDiffUpdatedNotification {
+            thread_id: conversation_id.to_string(),
             turn_id: event_turn_id.to_string(),
             diff: turn_diff_event.unified_diff,
         };
@@ -592,10 +700,35 @@ async fn handle_turn_diff(
     }
 }
 
+async fn handle_turn_plan_update(
+    conversation_id: ConversationId,
+    event_turn_id: &str,
+    plan_update_event: UpdatePlanArgs,
+    api_version: ApiVersion,
+    outgoing: &OutgoingMessageSender,
+) {
+    if let ApiVersion::V2 = api_version {
+        let notification = TurnPlanUpdatedNotification {
+            thread_id: conversation_id.to_string(),
+            turn_id: event_turn_id.to_string(),
+            explanation: plan_update_event.explanation,
+            plan: plan_update_event
+                .plan
+                .into_iter()
+                .map(TurnPlanStep::from)
+                .collect(),
+        };
+        outgoing
+            .send_server_notification(ServerNotification::TurnPlanUpdated(notification))
+            .await;
+    }
+}
+
 async fn emit_turn_completed_with_status(
     conversation_id: ConversationId,
     event_turn_id: String,
     status: TurnStatus,
+    error: Option<TurnError>,
     outgoing: &OutgoingMessageSender,
 ) {
     let notification = TurnCompletedNotification {
@@ -603,6 +736,7 @@ async fn emit_turn_completed_with_status(
         turn: Turn {
             id: event_turn_id,
             items: vec![],
+            error,
             status,
         },
     };
@@ -649,6 +783,7 @@ async fn complete_command_execution_item(
     item_id: String,
     command: String,
     cwd: PathBuf,
+    process_id: Option<String>,
     command_actions: Vec<V2ParsedCommand>,
     status: CommandExecutionStatus,
     outgoing: &OutgoingMessageSender,
@@ -657,6 +792,7 @@ async fn complete_command_execution_item(
         id: item_id,
         command,
         cwd,
+        process_id,
         status,
         command_actions,
         aggregated_output: None,
@@ -689,13 +825,12 @@ async fn handle_turn_complete(
 ) {
     let turn_summary = find_and_remove_turn_summary(conversation_id, turn_summary_store).await;
 
-    let status = if let Some(error) = turn_summary.last_error {
-        TurnStatus::Failed { error }
-    } else {
-        TurnStatus::Completed
+    let (status, error) = match turn_summary.last_error {
+        Some(error) => (TurnStatus::Failed, Some(error)),
+        None => (TurnStatus::Completed, None),
     };
 
-    emit_turn_completed_with_status(conversation_id, event_turn_id, status, outgoing).await;
+    emit_turn_completed_with_status(conversation_id, event_turn_id, status, error, outgoing).await;
 }
 
 async fn handle_turn_interrupted(
@@ -710,6 +845,7 @@ async fn handle_turn_interrupted(
         conversation_id,
         event_turn_id,
         TurnStatus::Interrupted,
+        None,
         outgoing,
     )
     .await;
@@ -915,7 +1051,11 @@ async fn on_file_change_request_approval_response(
                 });
 
             let (decision, completion_status) = match response.decision {
-                ApprovalDecision::Accept => (ReviewDecision::Approved, None),
+                ApprovalDecision::Accept
+                | ApprovalDecision::AcceptForSession
+                | ApprovalDecision::AcceptWithExecpolicyAmendment { .. } => {
+                    (ReviewDecision::Approved, None)
+                }
                 ApprovalDecision::Decline => {
                     (ReviewDecision::Denied, Some(PatchApplyStatus::Declined))
                 }
@@ -977,25 +1117,27 @@ async fn on_command_execution_request_approval_response(
                     error!("failed to deserialize CommandExecutionRequestApprovalResponse: {err}");
                     CommandExecutionRequestApprovalResponse {
                         decision: ApprovalDecision::Decline,
-                        accept_settings: None,
                     }
                 });
 
-            let CommandExecutionRequestApprovalResponse {
-                decision,
-                accept_settings,
-            } = response;
+            let decision = response.decision;
 
-            let (decision, completion_status) = match (decision, accept_settings) {
-                (ApprovalDecision::Accept, Some(settings)) if settings.for_session => {
-                    (ReviewDecision::ApprovedForSession, None)
-                }
-                (ApprovalDecision::Accept, _) => (ReviewDecision::Approved, None),
-                (ApprovalDecision::Decline, _) => (
+            let (decision, completion_status) = match decision {
+                ApprovalDecision::Accept => (ReviewDecision::Approved, None),
+                ApprovalDecision::AcceptForSession => (ReviewDecision::ApprovedForSession, None),
+                ApprovalDecision::AcceptWithExecpolicyAmendment {
+                    execpolicy_amendment,
+                } => (
+                    ReviewDecision::ApprovedExecpolicyAmendment {
+                        proposed_execpolicy_amendment: execpolicy_amendment.into_core(),
+                    },
+                    None,
+                ),
+                ApprovalDecision::Decline => (
                     ReviewDecision::Denied,
                     Some(CommandExecutionStatus::Declined),
                 ),
-                (ApprovalDecision::Cancel, _) => (
+                ApprovalDecision::Cancel => (
                     ReviewDecision::Abort,
                     Some(CommandExecutionStatus::Declined),
                 ),
@@ -1015,6 +1157,7 @@ async fn on_command_execution_request_approval_response(
             item_id.clone(),
             command.clone(),
             cwd.clone(),
+            None,
             command_actions.clone(),
             status,
             outgoing.as_ref(),
@@ -1047,6 +1190,7 @@ async fn construct_mcp_tool_call_notification(
         arguments: begin_event.invocation.arguments.unwrap_or(JsonValue::Null),
         result: None,
         error: None,
+        duration_ms: None,
     };
     ItemStartedNotification {
         thread_id,
@@ -1066,6 +1210,7 @@ async fn construct_mcp_tool_call_end_notification(
     } else {
         McpToolCallStatus::Failed
     };
+    let duration_ms = i64::try_from(end_event.duration.as_millis()).ok();
 
     let (result, error) = match &end_event.result {
         Ok(value) => (
@@ -1091,6 +1236,7 @@ async fn construct_mcp_tool_call_end_notification(
         arguments: end_event.invocation.arguments.unwrap_or(JsonValue::Null),
         result,
         error,
+        duration_ms,
     };
     ItemCompletedNotification {
         thread_id,
@@ -1108,12 +1254,15 @@ mod tests {
     use anyhow::Result;
     use anyhow::anyhow;
     use anyhow::bail;
+    use codex_app_server_protocol::TurnPlanStepStatus;
     use codex_core::protocol::CreditsSnapshot;
     use codex_core::protocol::McpInvocation;
     use codex_core::protocol::RateLimitSnapshot;
     use codex_core::protocol::RateLimitWindow;
     use codex_core::protocol::TokenUsage;
     use codex_core::protocol::TokenUsageInfo;
+    use codex_protocol::plan_tool::PlanItemArg;
+    use codex_protocol::plan_tool::StepStatus;
     use mcp_types::CallToolResult;
     use mcp_types::ContentBlock;
     use mcp_types::TextContent;
@@ -1178,6 +1327,7 @@ mod tests {
             OutgoingMessage::AppServerNotification(ServerNotification::TurnCompleted(n)) => {
                 assert_eq!(n.turn.id, event_turn_id);
                 assert_eq!(n.turn.status, TurnStatus::Completed);
+                assert_eq!(n.turn.error, None);
             }
             other => bail!("unexpected message: {other:?}"),
         }
@@ -1218,6 +1368,7 @@ mod tests {
             OutgoingMessage::AppServerNotification(ServerNotification::TurnCompleted(n)) => {
                 assert_eq!(n.turn.id, event_turn_id);
                 assert_eq!(n.turn.status, TurnStatus::Interrupted);
+                assert_eq!(n.turn.error, None);
             }
             other => bail!("unexpected message: {other:?}"),
         }
@@ -1257,14 +1408,13 @@ mod tests {
         match msg {
             OutgoingMessage::AppServerNotification(ServerNotification::TurnCompleted(n)) => {
                 assert_eq!(n.turn.id, event_turn_id);
+                assert_eq!(n.turn.status, TurnStatus::Failed);
                 assert_eq!(
-                    n.turn.status,
-                    TurnStatus::Failed {
-                        error: TurnError {
-                            message: "bad".to_string(),
-                            codex_error_info: Some(V2CodexErrorInfo::Other),
-                        }
-                    }
+                    n.turn.error,
+                    Some(TurnError {
+                        message: "bad".to_string(),
+                        codex_error_info: Some(V2CodexErrorInfo::Other),
+                    })
                 );
             }
             other => bail!("unexpected message: {other:?}"),
@@ -1273,6 +1423,56 @@ mod tests {
         Ok(())
     }
 
+    #[tokio::test]
+    async fn test_handle_turn_plan_update_emits_notification_for_v2() -> Result<()> {
+        let (tx, mut rx) = mpsc::channel(CHANNEL_CAPACITY);
+        let outgoing = OutgoingMessageSender::new(tx);
+        let update = UpdatePlanArgs {
+            explanation: Some("need plan".to_string()),
+            plan: vec![
+                PlanItemArg {
+                    step: "first".to_string(),
+                    status: StepStatus::Pending,
+                },
+                PlanItemArg {
+                    step: "second".to_string(),
+                    status: StepStatus::Completed,
+                },
+            ],
+        };
+
+        let conversation_id = ConversationId::new();
+
+        handle_turn_plan_update(
+            conversation_id,
+            "turn-123",
+            update,
+            ApiVersion::V2,
+            &outgoing,
+        )
+        .await;
+
+        let msg = rx
+            .recv()
+            .await
+            .ok_or_else(|| anyhow!("should send one notification"))?;
+        match msg {
+            OutgoingMessage::AppServerNotification(ServerNotification::TurnPlanUpdated(n)) => {
+                assert_eq!(n.thread_id, conversation_id.to_string());
+                assert_eq!(n.turn_id, "turn-123");
+                assert_eq!(n.explanation.as_deref(), Some("need plan"));
+                assert_eq!(n.plan.len(), 2);
+                assert_eq!(n.plan[0].step, "first");
+                assert_eq!(n.plan[0].status, TurnPlanStepStatus::Pending);
+                assert_eq!(n.plan[1].step, "second");
+                assert_eq!(n.plan[1].status, TurnPlanStepStatus::Completed);
+            }
+            other => bail!("unexpected message: {other:?}"),
+        }
+        assert!(rx.try_recv().is_err(), "no extra messages expected");
+        Ok(())
+    }
+
     #[tokio::test]
     async fn test_handle_token_count_event_emits_usage_and_rate_limits() -> Result<()> {
         let conversation_id = ConversationId::new();
@@ -1309,6 +1509,7 @@ mod tests {
                 unlimited: false,
                 balance: Some("5".to_string()),
             }),
+            plan_type: None,
         };
 
         handle_token_count_event(
@@ -1413,6 +1614,7 @@ mod tests {
                 arguments: serde_json::json!({"server": ""}),
                 result: None,
                 error: None,
+                duration_ms: None,
             },
         };
 
@@ -1485,14 +1687,13 @@ mod tests {
         match msg {
             OutgoingMessage::AppServerNotification(ServerNotification::TurnCompleted(n)) => {
                 assert_eq!(n.turn.id, a_turn1);
+                assert_eq!(n.turn.status, TurnStatus::Failed);
                 assert_eq!(
-                    n.turn.status,
-                    TurnStatus::Failed {
-                        error: TurnError {
-                            message: "a1".to_string(),
-                            codex_error_info: Some(V2CodexErrorInfo::BadRequest),
-                        }
-                    }
+                    n.turn.error,
+                    Some(TurnError {
+                        message: "a1".to_string(),
+                        codex_error_info: Some(V2CodexErrorInfo::BadRequest),
+                    })
                 );
             }
             other => bail!("unexpected message: {other:?}"),
@@ -1506,14 +1707,13 @@ mod tests {
         match msg {
             OutgoingMessage::AppServerNotification(ServerNotification::TurnCompleted(n)) => {
                 assert_eq!(n.turn.id, b_turn1);
+                assert_eq!(n.turn.status, TurnStatus::Failed);
                 assert_eq!(
-                    n.turn.status,
-                    TurnStatus::Failed {
-                        error: TurnError {
-                            message: "b1".to_string(),
-                            codex_error_info: None,
-                        }
-                    }
+                    n.turn.error,
+                    Some(TurnError {
+                        message: "b1".to_string(),
+                        codex_error_info: None,
+                    })
                 );
             }
             other => bail!("unexpected message: {other:?}"),
@@ -1528,6 +1728,7 @@ mod tests {
             OutgoingMessage::AppServerNotification(ServerNotification::TurnCompleted(n)) => {
                 assert_eq!(n.turn.id, a_turn2);
                 assert_eq!(n.turn.status, TurnStatus::Completed);
+                assert_eq!(n.turn.error, None);
             }
             other => bail!("unexpected message: {other:?}"),
         }
@@ -1567,6 +1768,7 @@ mod tests {
                 arguments: JsonValue::Null,
                 result: None,
                 error: None,
+                duration_ms: None,
             },
         };
 
@@ -1620,6 +1822,7 @@ mod tests {
                     structured_content: None,
                 }),
                 error: None,
+                duration_ms: Some(0),
             },
         };
 
@@ -1661,6 +1864,7 @@ mod tests {
                 error: Some(McpToolCallError {
                     message: "boom".to_string(),
                 }),
+                duration_ms: Some(1),
             },
         };
 
@@ -1672,8 +1876,10 @@ mod tests {
         let (tx, mut rx) = mpsc::channel(CHANNEL_CAPACITY);
         let outgoing = OutgoingMessageSender::new(tx);
         let unified_diff = "--- a\n+++ b\n".to_string();
+        let conversation_id = ConversationId::new();
 
         handle_turn_diff(
+            conversation_id,
             "turn-1",
             TurnDiffEvent {
                 unified_diff: unified_diff.clone(),
@@ -1691,6 +1897,7 @@ mod tests {
             OutgoingMessage::AppServerNotification(ServerNotification::TurnDiffUpdated(
                 notification,
             )) => {
+                assert_eq!(notification.thread_id, conversation_id.to_string());
                 assert_eq!(notification.turn_id, "turn-1");
                 assert_eq!(notification.diff, unified_diff);
             }
@@ -1704,8 +1911,10 @@ mod tests {
     async fn test_handle_turn_diff_is_noop_for_v1() -> Result<()> {
         let (tx, mut rx) = mpsc::channel(CHANNEL_CAPACITY);
         let outgoing = OutgoingMessageSender::new(tx);
+        let conversation_id = ConversationId::new();
 
         handle_turn_diff(
+            conversation_id,
             "turn-1",
             TurnDiffEvent {
                 unified_diff: "diff".to_string(),

codex-rs/app-server/src/codex_message_processor.rs

@@ -21,9 +21,9 @@ use codex_app_server_protocol::CancelLoginAccountParams;
 use codex_app_server_protocol::CancelLoginAccountResponse;
 use codex_app_server_protocol::CancelLoginChatGptResponse;
 use codex_app_server_protocol::ClientRequest;
+use codex_app_server_protocol::CommandExecParams;
 use codex_app_server_protocol::ConversationGitInfo;
 use codex_app_server_protocol::ConversationSummary;
-use codex_app_server_protocol::ExecOneOffCommandParams;
 use codex_app_server_protocol::ExecOneOffCommandResponse;
 use codex_app_server_protocol::FeedbackUploadParams;
 use codex_app_server_protocol::FeedbackUploadResponse;
@@ -45,6 +45,8 @@ use codex_app_server_protocol::InterruptConversationParams;
 use codex_app_server_protocol::JSONRPCErrorError;
 use codex_app_server_protocol::ListConversationsParams;
 use codex_app_server_protocol::ListConversationsResponse;
+use codex_app_server_protocol::ListMcpServersParams;
+use codex_app_server_protocol::ListMcpServersResponse;
 use codex_app_server_protocol::LoginAccountParams;
 use codex_app_server_protocol::LoginApiKeyParams;
 use codex_app_server_protocol::LoginApiKeyResponse;
@@ -52,6 +54,7 @@ use codex_app_server_protocol::LoginChatGptCompleteNotification;
 use codex_app_server_protocol::LoginChatGptResponse;
 use codex_app_server_protocol::LogoutAccountResponse;
 use codex_app_server_protocol::LogoutChatGptResponse;
+use codex_app_server_protocol::McpServer;
 use codex_app_server_protocol::ModelListParams;
 use codex_app_server_protocol::ModelListResponse;
 use codex_app_server_protocol::NewConversationParams;
@@ -61,8 +64,10 @@ use codex_app_server_protocol::RemoveConversationSubscriptionResponse;
 use codex_app_server_protocol::RequestId;
 use codex_app_server_protocol::ResumeConversationParams;
 use codex_app_server_protocol::ResumeConversationResponse;
+use codex_app_server_protocol::ReviewDelivery as ApiReviewDelivery;
 use codex_app_server_protocol::ReviewStartParams;
-use codex_app_server_protocol::ReviewTarget;
+use codex_app_server_protocol::ReviewStartResponse;
+use codex_app_server_protocol::ReviewTarget as ApiReviewTarget;
 use codex_app_server_protocol::SandboxMode;
 use codex_app_server_protocol::SendUserMessageParams;
 use codex_app_server_protocol::SendUserMessageResponse;
@@ -117,10 +122,14 @@ use codex_core::exec_env::create_env;
 use codex_core::features::Feature;
 use codex_core::find_conversation_path_by_id_str;
 use codex_core::git_info::git_diff_to_remote;
+use codex_core::mcp::collect_mcp_snapshot;
+use codex_core::mcp::group_tools_by_server;
 use codex_core::parse_cursor;
 use codex_core::protocol::EventMsg;
 use codex_core::protocol::Op;
+use codex_core::protocol::ReviewDelivery as CoreReviewDelivery;
 use codex_core::protocol::ReviewRequest;
+use codex_core::protocol::ReviewTarget as CoreReviewTarget;
 use codex_core::protocol::SessionConfiguredEvent;
 use codex_core::read_head_for_summary;
 use codex_feedback::CodexFeedback;
@@ -132,6 +141,7 @@ use codex_protocol::config_types::ForcedLoginMethod;
 use codex_protocol::items::TurnItem;
 use codex_protocol::models::ResponseItem;
 use codex_protocol::protocol::GitInfo as CoreGitInfo;
+use codex_protocol::protocol::McpAuthStatus as CoreMcpAuthStatus;
 use codex_protocol::protocol::RateLimitSnapshot as CoreRateLimitSnapshot;
 use codex_protocol::protocol::RolloutItem;
 use codex_protocol::protocol::SessionMetaLine;
@@ -252,8 +262,7 @@ impl CodexMessageProcessor {
     }
 
     fn review_request_from_target(
-        target: ReviewTarget,
-        append_to_original_thread: bool,
+        target: ApiReviewTarget,
     ) -> Result<(ReviewRequest, String), JSONRPCErrorError> {
         fn invalid_request(message: String) -> JSONRPCErrorError {
             JSONRPCErrorError {
@@ -263,77 +272,52 @@ impl CodexMessageProcessor {
             }
         }
 
-        match target {
-            // TODO(jif) those messages will be extracted in a follow-up PR.
-            ReviewTarget::UncommittedChanges => Ok((
-                ReviewRequest {
-                    prompt: "Review the current code changes (staged, unstaged, and untracked files) and provide prioritized findings.".to_string(),
-                    user_facing_hint: "current changes".to_string(),
-                    append_to_original_thread,
-                },
-                "Review uncommitted changes".to_string(),
-            )),
-            ReviewTarget::BaseBranch { branch } => {
+        let cleaned_target = match target {
+            ApiReviewTarget::UncommittedChanges => ApiReviewTarget::UncommittedChanges,
+            ApiReviewTarget::BaseBranch { branch } => {
                 let branch = branch.trim().to_string();
                 if branch.is_empty() {
                     return Err(invalid_request("branch must not be empty".to_string()));
                 }
-                let prompt = format!("Review the code changes against the base branch '{branch}'. Start by finding the merge diff between the current branch and {branch}'s upstream e.g. (`git merge-base HEAD \"$(git rev-parse --abbrev-ref \"{branch}@{{upstream}}\")\"`), then run `git diff` against that SHA to see what changes we would merge into the {branch} branch. Provide prioritized, actionable findings.");
-                let hint = format!("changes against '{branch}'");
-                let display = format!("Review changes against base branch '{branch}'");
-                Ok((
-                    ReviewRequest {
-                        prompt,
-                        user_facing_hint: hint,
-                        append_to_original_thread,
-                    },
-                    display,
-                ))
+                ApiReviewTarget::BaseBranch { branch }
             }
-            ReviewTarget::Commit { sha, title } => {
+            ApiReviewTarget::Commit { sha, title } => {
                 let sha = sha.trim().to_string();
                 if sha.is_empty() {
                     return Err(invalid_request("sha must not be empty".to_string()));
                 }
-                let brief_title = title
+                let title = title
                     .map(|t| t.trim().to_string())
                     .filter(|t| !t.is_empty());
-                let prompt = if let Some(title) = brief_title.clone() {
-                    format!("Review the code changes introduced by commit {sha} (\"{title}\"). Provide prioritized, actionable findings.")
-                } else {
-                    format!("Review the code changes introduced by commit {sha}. Provide prioritized, actionable findings.")
-                };
-                let short_sha = sha.chars().take(7).collect::<String>();
-                let hint = format!("commit {short_sha}");
-                let display = if let Some(title) = brief_title {
-                    format!("Review commit {short_sha}: {title}")
-                } else {
-                    format!("Review commit {short_sha}")
-                };
-                Ok((
-                    ReviewRequest {
-                        prompt,
-                        user_facing_hint: hint,
-                        append_to_original_thread,
-                    },
-                    display,
-                ))
+                ApiReviewTarget::Commit { sha, title }
             }
-            ReviewTarget::Custom { instructions } => {
+            ApiReviewTarget::Custom { instructions } => {
                 let trimmed = instructions.trim().to_string();
                 if trimmed.is_empty() {
-                    return Err(invalid_request("instructions must not be empty".to_string()));
+                    return Err(invalid_request(
+                        "instructions must not be empty".to_string(),
+                    ));
+                }
+                ApiReviewTarget::Custom {
+                    instructions: trimmed,
                 }
-                Ok((
-                    ReviewRequest {
-                        prompt: trimmed.clone(),
-                        user_facing_hint: trimmed.clone(),
-                        append_to_original_thread,
-                    },
-                    trimmed,
-                ))
             }
-        }
+        };
+
+        let core_target = match cleaned_target {
+            ApiReviewTarget::UncommittedChanges => CoreReviewTarget::UncommittedChanges,
+            ApiReviewTarget::BaseBranch { branch } => CoreReviewTarget::BaseBranch { branch },
+            ApiReviewTarget::Commit { sha, title } => CoreReviewTarget::Commit { sha, title },
+            ApiReviewTarget::Custom { instructions } => CoreReviewTarget::Custom { instructions },
+        };
+
+        let hint = codex_core::review_prompts::user_facing_hint(&core_target);
+        let review_request = ReviewRequest {
+            target: core_target,
+            user_facing_hint: Some(hint.clone()),
+        };
+
+        Ok((review_request, hint))
     }
 
     pub async fn process_request(&mut self, request: ClientRequest) {
@@ -385,6 +369,9 @@ impl CodexMessageProcessor {
             ClientRequest::ModelList { request_id, params } => {
                 self.list_models(request_id, params).await;
             }
+            ClientRequest::McpServersList { request_id, params } => {
+                self.list_mcp_servers(request_id, params).await;
+            }
             ClientRequest::LoginAccount { request_id, params } => {
                 self.login_v2(request_id, params).await;
             }
@@ -469,9 +456,12 @@ impl CodexMessageProcessor {
             ClientRequest::FuzzyFileSearch { request_id, params } => {
                 self.fuzzy_file_search(request_id, params).await;
             }
-            ClientRequest::ExecOneOffCommand { request_id, params } => {
+            ClientRequest::OneOffCommandExec { request_id, params } => {
                 self.exec_one_off_command(request_id, params).await;
             }
+            ClientRequest::ExecOneOffCommand { request_id, params } => {
+                self.exec_one_off_command(request_id, params.into()).await;
+            }
             ClientRequest::ConfigRead { .. }
             | ClientRequest::ConfigValueWrite { .. }
             | ClientRequest::ConfigBatchWrite { .. } => {
@@ -1156,7 +1146,7 @@ impl CodexMessageProcessor {
         }
     }
 
-    async fn exec_one_off_command(&self, request_id: RequestId, params: ExecOneOffCommandParams) {
+    async fn exec_one_off_command(&self, request_id: RequestId, params: CommandExecParams) {
         tracing::debug!("ExecOneOffCommand params: {params:?}");
 
         if params.command.is_empty() {
@@ -1171,7 +1161,9 @@ impl CodexMessageProcessor {
 
         let cwd = params.cwd.unwrap_or_else(|| self.config.cwd.clone());
         let env = create_env(&self.config.shell_environment_policy);
-        let timeout_ms = params.timeout_ms;
+        let timeout_ms = params
+            .timeout_ms
+            .and_then(|timeout_ms| u64::try_from(timeout_ms).ok());
         let exec_params = ExecParams {
             command: params.command,
             cwd,
@@ -1184,6 +1176,7 @@ impl CodexMessageProcessor {
 
         let effective_policy = params
             .sandbox_policy
+            .map(|policy| policy.to_core())
             .unwrap_or_else(|| self.config.sandbox_policy.clone());
 
         let codex_linux_sandbox_exe = self.config.codex_linux_sandbox_exe.clone();
@@ -1869,8 +1862,7 @@ impl CodexMessageProcessor {
 
     async fn list_models(&self, request_id: RequestId, params: ModelListParams) {
         let ModelListParams { limit, cursor } = params;
-        let auth_mode = self.auth_manager.auth().map(|auth| auth.mode);
-        let models = supported_models(auth_mode);
+        let models = supported_models(self.conversation_manager.clone()).await;
         let total = models.len();
 
         if total == 0 {
@@ -1924,6 +1916,85 @@ impl CodexMessageProcessor {
         self.outgoing.send_response(request_id, response).await;
     }
 
+    async fn list_mcp_servers(&self, request_id: RequestId, params: ListMcpServersParams) {
+        let snapshot = collect_mcp_snapshot(self.config.as_ref()).await;
+
+        let tools_by_server = group_tools_by_server(&snapshot.tools);
+
+        let mut server_names: Vec<String> = self
+            .config
+            .mcp_servers
+            .keys()
+            .cloned()
+            .chain(snapshot.auth_statuses.keys().cloned())
+            .chain(snapshot.resources.keys().cloned())
+            .chain(snapshot.resource_templates.keys().cloned())
+            .collect();
+        server_names.sort();
+        server_names.dedup();
+
+        let total = server_names.len();
+        let limit = params.limit.unwrap_or(total as u32).max(1) as usize;
+        let effective_limit = limit.min(total);
+        let start = match params.cursor {
+            Some(cursor) => match cursor.parse::<usize>() {
+                Ok(idx) => idx,
+                Err(_) => {
+                    let error = JSONRPCErrorError {
+                        code: INVALID_REQUEST_ERROR_CODE,
+                        message: format!("invalid cursor: {cursor}"),
+                        data: None,
+                    };
+                    self.outgoing.send_error(request_id, error).await;
+                    return;
+                }
+            },
+            None => 0,
+        };
+
+        if start > total {
+            let error = JSONRPCErrorError {
+                code: INVALID_REQUEST_ERROR_CODE,
+                message: format!("cursor {start} exceeds total MCP servers {total}"),
+                data: None,
+            };
+            self.outgoing.send_error(request_id, error).await;
+            return;
+        }
+
+        let end = start.saturating_add(effective_limit).min(total);
+
+        let data: Vec<McpServer> = server_names[start..end]
+            .iter()
+            .map(|name| McpServer {
+                name: name.clone(),
+                tools: tools_by_server.get(name).cloned().unwrap_or_default(),
+                resources: snapshot.resources.get(name).cloned().unwrap_or_default(),
+                resource_templates: snapshot
+                    .resource_templates
+                    .get(name)
+                    .cloned()
+                    .unwrap_or_default(),
+                auth_status: snapshot
+                    .auth_statuses
+                    .get(name)
+                    .cloned()
+                    .unwrap_or(CoreMcpAuthStatus::Unsupported)
+                    .into(),
+            })
+            .collect();
+
+        let next_cursor = if end < total {
+            Some(end.to_string())
+        } else {
+            None
+        };
+
+        let response = ListMcpServersResponse { data, next_cursor };
+
+        self.outgoing.send_response(request_id, response).await;
+    }
+
     async fn handle_resume_conversation(
         &self,
         request_id: RequestId,
@@ -2471,6 +2542,7 @@ impl CodexMessageProcessor {
                 let turn = Turn {
                     id: turn_id.clone(),
                     items: vec![],
+                    error: None,
                     status: TurnStatus::InProgress,
                 };
 
@@ -2497,60 +2569,221 @@ impl CodexMessageProcessor {
         }
     }
 
-    async fn review_start(&self, request_id: RequestId, params: ReviewStartParams) {
+    fn build_review_turn(turn_id: String, display_text: &str) -> Turn {
+        let items = if display_text.is_empty() {
+            Vec::new()
+        } else {
+            vec![ThreadItem::UserMessage {
+                id: turn_id.clone(),
+                content: vec![V2UserInput::Text {
+                    text: display_text.to_string(),
+                }],
+            }]
+        };
+
+        Turn {
+            id: turn_id,
+            items,
+            error: None,
+            status: TurnStatus::InProgress,
+        }
+    }
+
+    async fn emit_review_started(
+        &self,
+        request_id: &RequestId,
+        turn: Turn,
+        parent_thread_id: String,
+        review_thread_id: String,
+    ) {
+        let response = ReviewStartResponse {
+            turn: turn.clone(),
+            review_thread_id,
+        };
+        self.outgoing
+            .send_response(request_id.clone(), response)
+            .await;
+
+        let notif = TurnStartedNotification {
+            thread_id: parent_thread_id,
+            turn,
+        };
+        self.outgoing
+            .send_server_notification(ServerNotification::TurnStarted(notif))
+            .await;
+    }
+
+    async fn start_inline_review(
+        &self,
+        request_id: &RequestId,
+        parent_conversation: Arc<CodexConversation>,
+        review_request: ReviewRequest,
+        display_text: &str,
+        parent_thread_id: String,
+    ) -> std::result::Result<(), JSONRPCErrorError> {
+        let turn_id = parent_conversation
+            .submit(Op::Review { review_request })
+            .await;
+
+        match turn_id {
+            Ok(turn_id) => {
+                let turn = Self::build_review_turn(turn_id, display_text);
+                self.emit_review_started(
+                    request_id,
+                    turn,
+                    parent_thread_id.clone(),
+                    parent_thread_id,
+                )
+                .await;
+                Ok(())
+            }
+            Err(err) => Err(JSONRPCErrorError {
+                code: INTERNAL_ERROR_CODE,
+                message: format!("failed to start review: {err}"),
+                data: None,
+            }),
+        }
+    }
+
+    async fn start_detached_review(
+        &mut self,
+        request_id: &RequestId,
+        parent_conversation_id: ConversationId,
+        review_request: ReviewRequest,
+        display_text: &str,
+    ) -> std::result::Result<(), JSONRPCErrorError> {
+        let rollout_path = find_conversation_path_by_id_str(
+            &self.config.codex_home,
+            &parent_conversation_id.to_string(),
+        )
+        .await
+        .map_err(|err| JSONRPCErrorError {
+            code: INTERNAL_ERROR_CODE,
+            message: format!("failed to locate conversation id {parent_conversation_id}: {err}"),
+            data: None,
+        })?
+        .ok_or_else(|| JSONRPCErrorError {
+            code: INVALID_REQUEST_ERROR_CODE,
+            message: format!("no rollout found for conversation id {parent_conversation_id}"),
+            data: None,
+        })?;
+
+        let mut config = self.config.as_ref().clone();
+        config.model = self.config.review_model.clone();
+
+        let NewConversation {
+            conversation_id,
+            conversation,
+            session_configured,
+            ..
+        } = self
+            .conversation_manager
+            .fork_conversation(usize::MAX, config, rollout_path)
+            .await
+            .map_err(|err| JSONRPCErrorError {
+                code: INTERNAL_ERROR_CODE,
+                message: format!("error creating detached review conversation: {err}"),
+                data: None,
+            })?;
+
+        if let Err(err) = self
+            .attach_conversation_listener(conversation_id, false, ApiVersion::V2)
+            .await
+        {
+            tracing::warn!(
+                "failed to attach listener for review conversation {}: {}",
+                conversation_id,
+                err.message
+            );
+        }
+
+        let rollout_path = conversation.rollout_path();
+        let fallback_provider = self.config.model_provider_id.as_str();
+        match read_summary_from_rollout(rollout_path.as_path(), fallback_provider).await {
+            Ok(summary) => {
+                let thread = summary_to_thread(summary);
+                let notif = ThreadStartedNotification { thread };
+                self.outgoing
+                    .send_server_notification(ServerNotification::ThreadStarted(notif))
+                    .await;
+            }
+            Err(err) => {
+                tracing::warn!(
+                    "failed to load summary for review conversation {}: {}",
+                    session_configured.session_id,
+                    err
+                );
+            }
+        }
+
+        let turn_id = conversation
+            .submit(Op::Review { review_request })
+            .await
+            .map_err(|err| JSONRPCErrorError {
+                code: INTERNAL_ERROR_CODE,
+                message: format!("failed to start detached review turn: {err}"),
+                data: None,
+            })?;
+
+        let turn = Self::build_review_turn(turn_id, display_text);
+        let review_thread_id = conversation_id.to_string();
+        self.emit_review_started(request_id, turn, review_thread_id.clone(), review_thread_id)
+            .await;
+
+        Ok(())
+    }
+
+    async fn review_start(&mut self, request_id: RequestId, params: ReviewStartParams) {
         let ReviewStartParams {
             thread_id,
             target,
-            append_to_original_thread,
+            delivery,
         } = params;
-        let (_, conversation) = match self.conversation_from_thread_id(&thread_id).await {
-            Ok(v) => v,
-            Err(error) => {
-                self.outgoing.send_error(request_id, error).await;
-                return;
-            }
-        };
-
-        let (review_request, display_text) =
-            match Self::review_request_from_target(target, append_to_original_thread) {
-                Ok(value) => value,
-                Err(err) => {
-                    self.outgoing.send_error(request_id, err).await;
+        let (parent_conversation_id, parent_conversation) =
+            match self.conversation_from_thread_id(&thread_id).await {
+                Ok(v) => v,
+                Err(error) => {
+                    self.outgoing.send_error(request_id, error).await;
                     return;
                 }
             };
 
-        let turn_id = conversation.submit(Op::Review { review_request }).await;
-
-        match turn_id {
-            Ok(turn_id) => {
-                let mut items = Vec::new();
-                if !display_text.is_empty() {
-                    items.push(ThreadItem::UserMessage {
-                        id: turn_id.clone(),
-                        content: vec![V2UserInput::Text { text: display_text }],
-                    });
-                }
-                let turn = Turn {
-                    id: turn_id.clone(),
-                    items,
-                    status: TurnStatus::InProgress,
-                };
-                let response = TurnStartResponse { turn: turn.clone() };
-                self.outgoing.send_response(request_id, response).await;
-
-                let notif = TurnStartedNotification { thread_id, turn };
-                self.outgoing
-                    .send_server_notification(ServerNotification::TurnStarted(notif))
-                    .await;
-            }
+        let (review_request, display_text) = match Self::review_request_from_target(target) {
+            Ok(value) => value,
             Err(err) => {
-                let error = JSONRPCErrorError {
-                    code: INTERNAL_ERROR_CODE,
-                    message: format!("failed to start review: {err}"),
-                    data: None,
-                };
-                self.outgoing.send_error(request_id, error).await;
+                self.outgoing.send_error(request_id, err).await;
+                return;
+            }
+        };
+
+        let delivery = delivery.unwrap_or(ApiReviewDelivery::Inline).to_core();
+        match delivery {
+            CoreReviewDelivery::Inline => {
+                if let Err(err) = self
+                    .start_inline_review(
+                        &request_id,
+                        parent_conversation,
+                        review_request,
+                        display_text.as_str(),
+                        thread_id.clone(),
+                    )
+                    .await
+                {
+                    self.outgoing.send_error(request_id, err).await;
+                }
+            }
+            CoreReviewDelivery::Detached => {
+                if let Err(err) = self
+                    .start_detached_review(
+                        &request_id,
+                        parent_conversation_id,
+                        review_request,
+                        display_text.as_str(),
+                    )
+                    .await
+                {
+                    self.outgoing.send_error(request_id, err).await;
+                }
             }
         }
     }
@@ -2787,10 +3020,26 @@ impl CodexMessageProcessor {
         let FeedbackUploadParams {
             classification,
             reason,
-            conversation_id,
+            thread_id,
             include_logs,
         } = params;
 
+        let conversation_id = match thread_id.as_deref() {
+            Some(thread_id) => match ConversationId::from_string(thread_id) {
+                Ok(conversation_id) => Some(conversation_id),
+                Err(err) => {
+                    let error = JSONRPCErrorError {
+                        code: INVALID_REQUEST_ERROR_CODE,
+                        message: format!("invalid thread id: {err}"),
+                        data: None,
+                    };
+                    self.outgoing.send_error(request_id, error).await;
+                    return;
+                }
+            },
+            None => None,
+        };
+
         let snapshot = self.feedback.snapshot(conversation_id);
         let thread_id = snapshot.thread_id.clone();
 

codex-rs/app-server/src/config_api.rs

@@ -109,12 +109,17 @@ impl ConfigApi {
 
     async fn apply_edits(
         &self,
-        file_path: String,
+        file_path: Option<String>,
         expected_version: Option<String>,
         edits: Vec<(String, JsonValue, MergeStrategy)>,
     ) -> Result<ConfigWriteResponse, JSONRPCErrorError> {
         let allowed_path = self.codex_home.join(CONFIG_FILE_NAME);
-        if !paths_match(&allowed_path, &file_path) {
+        let provided_path = file_path
+            .as_ref()
+            .map(PathBuf::from)
+            .unwrap_or_else(|| allowed_path.clone());
+
+        if !paths_match(&allowed_path, &provided_path) {
             return Err(config_write_error(
                 ConfigWriteErrorCode::ConfigLayerReadonly,
                 "Only writes to the user config are allowed",
@@ -190,9 +195,16 @@ impl ConfigApi {
             .map(|_| WriteStatus::OkOverridden)
             .unwrap_or(WriteStatus::Ok);
 
+        let file_path = provided_path
+            .canonicalize()
+            .unwrap_or(provided_path.clone())
+            .display()
+            .to_string();
+
         Ok(ConfigWriteResponse {
             status,
             version: updated_layers.user.version.clone(),
+            file_path,
             overridden_metadata: overridden,
         })
     }
@@ -587,15 +599,14 @@ fn canonical_json(value: &JsonValue) -> JsonValue {
     }
 }
 
-fn paths_match(expected: &Path, provided: &str) -> bool {
-    let provided_path = PathBuf::from(provided);
+fn paths_match(expected: &Path, provided: &Path) -> bool {
     if let (Ok(expanded_expected), Ok(expanded_provided)) =
-        (expected.canonicalize(), provided_path.canonicalize())
+        (expected.canonicalize(), provided.canonicalize())
     {
         return expanded_expected == expanded_provided;
     }
 
-    expected == provided_path
+    expected == provided
 }
 
 fn value_at_path<'a>(root: &'a TomlValue, segments: &[String]) -> Option<&'a TomlValue> {
@@ -795,7 +806,7 @@ mod tests {
 
         let result = api
             .write_value(ConfigValueWriteParams {
-                file_path: tmp.path().join(CONFIG_FILE_NAME).display().to_string(),
+                file_path: Some(tmp.path().join(CONFIG_FILE_NAME).display().to_string()),
                 key_path: "approval_policy".to_string(),
                 value: json!("never"),
                 merge_strategy: MergeStrategy::Replace,
@@ -832,7 +843,7 @@ mod tests {
         let api = ConfigApi::new(tmp.path().to_path_buf(), vec![]);
         let error = api
             .write_value(ConfigValueWriteParams {
-                file_path: tmp.path().join(CONFIG_FILE_NAME).display().to_string(),
+                file_path: Some(tmp.path().join(CONFIG_FILE_NAME).display().to_string()),
                 key_path: "model".to_string(),
                 value: json!("gpt-5"),
                 merge_strategy: MergeStrategy::Replace,
@@ -852,6 +863,30 @@ mod tests {
         );
     }
 
+    #[tokio::test]
+    async fn write_value_defaults_to_user_config_path() {
+        let tmp = tempdir().expect("tempdir");
+        std::fs::write(tmp.path().join(CONFIG_FILE_NAME), "").unwrap();
+
+        let api = ConfigApi::new(tmp.path().to_path_buf(), vec![]);
+        api.write_value(ConfigValueWriteParams {
+            file_path: None,
+            key_path: "model".to_string(),
+            value: json!("gpt-new"),
+            merge_strategy: MergeStrategy::Replace,
+            expected_version: None,
+        })
+        .await
+        .expect("write succeeds");
+
+        let contents =
+            std::fs::read_to_string(tmp.path().join(CONFIG_FILE_NAME)).expect("read config");
+        assert!(
+            contents.contains("model = \"gpt-new\""),
+            "config.toml should be updated even when file_path is omitted"
+        );
+    }
+
     #[tokio::test]
     async fn invalid_user_value_rejected_even_if_overridden_by_managed() {
         let tmp = tempdir().expect("tempdir");
@@ -872,7 +907,7 @@ mod tests {
 
         let error = api
             .write_value(ConfigValueWriteParams {
-                file_path: tmp.path().join(CONFIG_FILE_NAME).display().to_string(),
+                file_path: Some(tmp.path().join(CONFIG_FILE_NAME).display().to_string()),
                 key_path: "approval_policy".to_string(),
                 value: json!("bogus"),
                 merge_strategy: MergeStrategy::Replace,
@@ -957,7 +992,7 @@ mod tests {
 
         let result = api
             .write_value(ConfigValueWriteParams {
-                file_path: tmp.path().join(CONFIG_FILE_NAME).display().to_string(),
+                file_path: Some(tmp.path().join(CONFIG_FILE_NAME).display().to_string()),
                 key_path: "approval_policy".to_string(),
                 value: json!("on-request"),
                 merge_strategy: MergeStrategy::Replace,

codex-rs/app-server/src/models.rs

@@ -1,12 +1,15 @@
-use codex_app_server_protocol::AuthMode;
+use std::sync::Arc;
+
 use codex_app_server_protocol::Model;
 use codex_app_server_protocol::ReasoningEffortOption;
-use codex_common::model_presets::ModelPreset;
-use codex_common::model_presets::ReasoningEffortPreset;
-use codex_common::model_presets::builtin_model_presets;
+use codex_core::ConversationManager;
+use codex_protocol::openai_models::ModelPreset;
+use codex_protocol::openai_models::ReasoningEffortPreset;
 
-pub fn supported_models(auth_mode: Option<AuthMode>) -> Vec<Model> {
-    builtin_model_presets(auth_mode)
+pub async fn supported_models(conversation_manager: Arc<ConversationManager>) -> Vec<Model> {
+    conversation_manager
+        .list_models()
+        .await
         .into_iter()
         .map(model_from_preset)
         .collect()
@@ -27,7 +30,7 @@ fn model_from_preset(preset: ModelPreset) -> Model {
 }
 
 fn reasoning_efforts_from_preset(
-    efforts: &'static [ReasoningEffortPreset],
+    efforts: Vec<ReasoningEffortPreset>,
 ) -> Vec<ReasoningEffortOption> {
     efforts
         .iter()

codex-rs/app-server/src/outgoing_message.rs

@@ -16,6 +16,9 @@ use tracing::warn;
 
 use crate::error_code::INTERNAL_ERROR_CODE;
 
+#[cfg(test)]
+use codex_protocol::account::PlanType;
+
 /// Sends messages to the client and manages request callbacks.
 pub(crate) struct OutgoingMessageSender {
     next_request_id: AtomicI64,
@@ -230,6 +233,7 @@ mod tests {
                     }),
                     secondary: None,
                     credits: None,
+                    plan_type: Some(PlanType::Plus),
                 },
             });
 
@@ -245,7 +249,8 @@ mod tests {
                             "resetsAt": 123
                         },
                         "secondary": null,
-                        "credits": null
+                        "credits": null,
+                        "planType": "plus"
                     }
                 },
             }),

codex-rs/app-server/tests/common/lib.rs

@@ -15,6 +15,7 @@ pub use mcp_process::McpProcess;
 pub use mock_model_server::create_mock_chat_completions_server;
 pub use mock_model_server::create_mock_chat_completions_server_unchecked;
 pub use responses::create_apply_patch_sse_response;
+pub use responses::create_exec_command_sse_response;
 pub use responses::create_final_assistant_message_sse_response;
 pub use responses::create_shell_command_sse_response;
 pub use rollout::create_fake_rollout;

codex-rs/app-server/tests/common/responses.rs

@@ -94,3 +94,42 @@ pub fn create_apply_patch_sse_response(
     );
     Ok(sse)
 }
+
+pub fn create_exec_command_sse_response(call_id: &str) -> anyhow::Result<String> {
+    let (cmd, args) = if cfg!(windows) {
+        ("cmd.exe", vec!["/d", "/c", "echo hi"])
+    } else {
+        ("/bin/sh", vec!["-c", "echo hi"])
+    };
+    let command = std::iter::once(cmd.to_string())
+        .chain(args.into_iter().map(str::to_string))
+        .collect::<Vec<_>>();
+    let tool_call_arguments = serde_json::to_string(&json!({
+        "cmd": command.join(" "),
+        "yield_time_ms": 500
+    }))?;
+    let tool_call = json!({
+        "choices": [
+            {
+                "delta": {
+                    "tool_calls": [
+                        {
+                            "id": call_id,
+                            "function": {
+                                "name": "exec_command",
+                                "arguments": tool_call_arguments
+                            }
+                        }
+                    ]
+                },
+                "finish_reason": "tool_calls"
+            }
+        ]
+    });
+
+    let sse = format!(
+        "data: {}\n\ndata: DONE\n\n",
+        serde_json::to_string(&tool_call)?
+    );
+    Ok(sse)
+}

codex-rs/app-server/tests/suite/codex_message_processor_flow.rs

@@ -23,10 +23,10 @@ use codex_app_server_protocol::SendUserTurnResponse;
 use codex_app_server_protocol::ServerRequest;
 use codex_core::protocol::AskForApproval;
 use codex_core::protocol::SandboxPolicy;
-use codex_core::protocol_config_types::ReasoningEffort;
 use codex_core::protocol_config_types::ReasoningSummary;
 use codex_core::spawn::CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR;
 use codex_protocol::config_types::SandboxMode;
+use codex_protocol::openai_models::ReasoningEffort;
 use codex_protocol::parse_command::ParsedCommand;
 use codex_protocol::protocol::Event;
 use codex_protocol::protocol::EventMsg;

codex-rs/app-server/tests/suite/config.rs

@@ -10,10 +10,10 @@ use codex_app_server_protocol::Tools;
 use codex_app_server_protocol::UserSavedConfig;
 use codex_core::protocol::AskForApproval;
 use codex_protocol::config_types::ForcedLoginMethod;
-use codex_protocol::config_types::ReasoningEffort;
 use codex_protocol::config_types::ReasoningSummary;
 use codex_protocol::config_types::SandboxMode;
 use codex_protocol::config_types::Verbosity;
+use codex_protocol::openai_models::ReasoningEffort;
 use pretty_assertions::assert_eq;
 use std::collections::HashMap;
 use std::path::Path;

codex-rs/app-server/tests/suite/v2/config_rpc.rs

@@ -206,7 +206,7 @@ model = "gpt-old"
 
     let write_id = mcp
         .send_config_value_write_request(ConfigValueWriteParams {
-            file_path: codex_home.path().join("config.toml").display().to_string(),
+            file_path: None,
             key_path: "model".to_string(),
             value: json!("gpt-new"),
             merge_strategy: MergeStrategy::Replace,
@@ -219,8 +219,16 @@ model = "gpt-old"
     )
     .await??;
     let write: ConfigWriteResponse = to_response(write_resp)?;
+    let expected_file_path = codex_home
+        .path()
+        .join("config.toml")
+        .canonicalize()
+        .unwrap()
+        .display()
+        .to_string();
 
     assert_eq!(write.status, WriteStatus::Ok);
+    assert_eq!(write.file_path, expected_file_path);
     assert!(write.overridden_metadata.is_none());
 
     let verify_id = mcp
@@ -254,7 +262,7 @@ model = "gpt-old"
 
     let write_id = mcp
         .send_config_value_write_request(ConfigValueWriteParams {
-            file_path: codex_home.path().join("config.toml").display().to_string(),
+            file_path: Some(codex_home.path().join("config.toml").display().to_string()),
             key_path: "model".to_string(),
             value: json!("gpt-new"),
             merge_strategy: MergeStrategy::Replace,
@@ -288,7 +296,7 @@ async fn config_batch_write_applies_multiple_edits() -> Result<()> {
 
     let batch_id = mcp
         .send_config_batch_write_request(ConfigBatchWriteParams {
-            file_path: codex_home.path().join("config.toml").display().to_string(),
+            file_path: Some(codex_home.path().join("config.toml").display().to_string()),
             edits: vec![
                 ConfigEdit {
                     key_path: "sandbox_mode".to_string(),
@@ -314,6 +322,14 @@ async fn config_batch_write_applies_multiple_edits() -> Result<()> {
     .await??;
     let batch_write: ConfigWriteResponse = to_response(batch_resp)?;
     assert_eq!(batch_write.status, WriteStatus::Ok);
+    let expected_file_path = codex_home
+        .path()
+        .join("config.toml")
+        .canonicalize()
+        .unwrap()
+        .display()
+        .to_string();
+    assert_eq!(batch_write.file_path, expected_file_path);
 
     let read_id = mcp
         .send_config_read_request(ConfigReadParams {

codex-rs/app-server/tests/suite/v2/model_list.rs

@@ -11,7 +11,7 @@ use codex_app_server_protocol::ModelListParams;
 use codex_app_server_protocol::ModelListResponse;
 use codex_app_server_protocol::ReasoningEffortOption;
 use codex_app_server_protocol::RequestId;
-use codex_protocol::config_types::ReasoningEffort;
+use codex_protocol::openai_models::ReasoningEffort;
 use pretty_assertions::assert_eq;
 use tempfile::TempDir;
 use tokio::time::timeout;

codex-rs/app-server/tests/suite/v2/rate_limits.rs

@@ -11,6 +11,7 @@ use codex_app_server_protocol::RateLimitSnapshot;
 use codex_app_server_protocol::RateLimitWindow;
 use codex_app_server_protocol::RequestId;
 use codex_core::auth::AuthCredentialsStoreMode;
+use codex_protocol::account::PlanType as AccountPlanType;
 use pretty_assertions::assert_eq;
 use serde_json::json;
 use std::path::Path;
@@ -153,6 +154,7 @@ async fn get_account_rate_limits_returns_snapshot() -> Result<()> {
                 resets_at: Some(secondary_reset_timestamp),
             }),
             credits: None,
+            plan_type: Some(AccountPlanType::Pro),
         },
     };
     assert_eq!(received, expected);

codex-rs/app-server/tests/suite/v2/review.rs

@@ -9,12 +9,13 @@ use codex_app_server_protocol::JSONRPCError;
 use codex_app_server_protocol::JSONRPCNotification;
 use codex_app_server_protocol::JSONRPCResponse;
 use codex_app_server_protocol::RequestId;
+use codex_app_server_protocol::ReviewDelivery;
 use codex_app_server_protocol::ReviewStartParams;
+use codex_app_server_protocol::ReviewStartResponse;
 use codex_app_server_protocol::ReviewTarget;
 use codex_app_server_protocol::ThreadItem;
 use codex_app_server_protocol::ThreadStartParams;
 use codex_app_server_protocol::ThreadStartResponse;
-use codex_app_server_protocol::TurnStartResponse;
 use codex_app_server_protocol::TurnStatus;
 use serde_json::json;
 use tempfile::TempDir;
@@ -59,7 +60,7 @@ async fn review_start_runs_review_turn_and_emits_code_review_item() -> Result<()
     let review_req = mcp
         .send_review_start_request(ReviewStartParams {
             thread_id: thread_id.clone(),
-            append_to_original_thread: true,
+            delivery: Some(ReviewDelivery::Inline),
             target: ReviewTarget::Commit {
                 sha: "1234567deadbeef".to_string(),
                 title: Some("Tidy UI colors".to_string()),
@@ -71,43 +72,43 @@ async fn review_start_runs_review_turn_and_emits_code_review_item() -> Result<()
         mcp.read_stream_until_response_message(RequestId::Integer(review_req)),
     )
     .await??;
-    let TurnStartResponse { turn } = to_response::<TurnStartResponse>(review_resp)?;
+    let ReviewStartResponse {
+        turn,
+        review_thread_id,
+    } = to_response::<ReviewStartResponse>(review_resp)?;
+    assert_eq!(review_thread_id, thread_id.clone());
     let turn_id = turn.id.clone();
     assert_eq!(turn.status, TurnStatus::InProgress);
-    assert_eq!(turn.items.len(), 1);
-    match &turn.items[0] {
-        ThreadItem::UserMessage { content, .. } => {
-            assert_eq!(content.len(), 1);
-            assert!(matches!(
-                &content[0],
-                codex_app_server_protocol::UserInput::Text { .. }
-            ));
-        }
-        other => panic!("expected user message, got {other:?}"),
-    }
 
-    let _started: JSONRPCNotification = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_notification_message("turn/started"),
-    )
-    .await??;
-    let item_started: JSONRPCNotification = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_notification_message("item/started"),
-    )
-    .await??;
-    let started: ItemStartedNotification =
-        serde_json::from_value(item_started.params.expect("params must be present"))?;
-    match started.item {
-        ThreadItem::CodeReview { id, review } => {
-            assert_eq!(id, turn_id);
-            assert_eq!(review, "commit 1234567");
+    // Confirm we see the EnteredReviewMode marker on the main thread.
+    let mut saw_entered_review_mode = false;
+    for _ in 0..10 {
+        let item_started: JSONRPCNotification = timeout(
+            DEFAULT_READ_TIMEOUT,
+            mcp.read_stream_until_notification_message("item/started"),
+        )
+        .await??;
+        let started: ItemStartedNotification =
+            serde_json::from_value(item_started.params.expect("params must be present"))?;
+        match started.item {
+            ThreadItem::EnteredReviewMode { id, review } => {
+                assert_eq!(id, turn_id);
+                assert_eq!(review, "commit 1234567: Tidy UI colors");
+                saw_entered_review_mode = true;
+                break;
+            }
+            _ => continue,
         }
-        other => panic!("expected code review item, got {other:?}"),
     }
+    assert!(
+        saw_entered_review_mode,
+        "did not observe enteredReviewMode item"
+    );
 
+    // Confirm we see the ExitedReviewMode marker (with review text)
+    // on the same turn. Ignore any other items the stream surfaces.
     let mut review_body: Option<String> = None;
-    for _ in 0..5 {
+    for _ in 0..10 {
         let review_notif: JSONRPCNotification = timeout(
             DEFAULT_READ_TIMEOUT,
             mcp.read_stream_until_notification_message("item/completed"),
@@ -116,13 +117,12 @@ async fn review_start_runs_review_turn_and_emits_code_review_item() -> Result<()
         let completed: ItemCompletedNotification =
             serde_json::from_value(review_notif.params.expect("params must be present"))?;
         match completed.item {
-            ThreadItem::CodeReview { id, review } => {
+            ThreadItem::ExitedReviewMode { id, review } => {
                 assert_eq!(id, turn_id);
                 review_body = Some(review);
                 break;
             }
-            ThreadItem::UserMessage { .. } => continue,
-            other => panic!("unexpected item/completed payload: {other:?}"),
+            _ => continue,
         }
     }
 
@@ -146,7 +146,7 @@ async fn review_start_rejects_empty_base_branch() -> Result<()> {
     let request_id = mcp
         .send_review_start_request(ReviewStartParams {
             thread_id,
-            append_to_original_thread: true,
+            delivery: Some(ReviewDelivery::Inline),
             target: ReviewTarget::BaseBranch {
                 branch: "   ".to_string(),
             },
@@ -167,6 +167,56 @@ async fn review_start_rejects_empty_base_branch() -> Result<()> {
     Ok(())
 }
 
+#[tokio::test]
+async fn review_start_with_detached_delivery_returns_new_thread_id() -> Result<()> {
+    let review_payload = json!({
+        "findings": [],
+        "overall_correctness": "ok",
+        "overall_explanation": "detached review",
+        "overall_confidence_score": 0.5
+    })
+    .to_string();
+    let responses = vec![create_final_assistant_message_sse_response(
+        &review_payload,
+    )?];
+    let server = create_mock_chat_completions_server_unchecked(responses).await;
+
+    let codex_home = TempDir::new()?;
+    create_config_toml(codex_home.path(), &server.uri())?;
+
+    let mut mcp = McpProcess::new(codex_home.path()).await?;
+    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
+
+    let thread_id = start_default_thread(&mut mcp).await?;
+
+    let review_req = mcp
+        .send_review_start_request(ReviewStartParams {
+            thread_id: thread_id.clone(),
+            delivery: Some(ReviewDelivery::Detached),
+            target: ReviewTarget::Custom {
+                instructions: "detached review".to_string(),
+            },
+        })
+        .await?;
+    let review_resp: JSONRPCResponse = timeout(
+        DEFAULT_READ_TIMEOUT,
+        mcp.read_stream_until_response_message(RequestId::Integer(review_req)),
+    )
+    .await??;
+    let ReviewStartResponse {
+        turn,
+        review_thread_id,
+    } = to_response::<ReviewStartResponse>(review_resp)?;
+
+    assert_eq!(turn.status, TurnStatus::InProgress);
+    assert_ne!(
+        review_thread_id, thread_id,
+        "detached review should run on a different thread"
+    );
+
+    Ok(())
+}
+
 #[tokio::test]
 async fn review_start_rejects_empty_commit_sha() -> Result<()> {
     let server = create_mock_chat_completions_server_unchecked(vec![]).await;
@@ -180,7 +230,7 @@ async fn review_start_rejects_empty_commit_sha() -> Result<()> {
     let request_id = mcp
         .send_review_start_request(ReviewStartParams {
             thread_id,
-            append_to_original_thread: true,
+            delivery: Some(ReviewDelivery::Inline),
             target: ReviewTarget::Commit {
                 sha: "\t".to_string(),
                 title: None,
@@ -215,7 +265,7 @@ async fn review_start_rejects_empty_custom_instructions() -> Result<()> {
     let request_id = mcp
         .send_review_start_request(ReviewStartParams {
             thread_id,
-            append_to_original_thread: true,
+            delivery: Some(ReviewDelivery::Inline),
             target: ReviewTarget::Custom {
                 instructions: "\n\n".to_string(),
             },

codex-rs/app-server/tests/suite/v2/turn_start.rs

@@ -1,6 +1,7 @@
 use anyhow::Result;
 use app_test_support::McpProcess;
 use app_test_support::create_apply_patch_sse_response;
+use app_test_support::create_exec_command_sse_response;
 use app_test_support::create_final_assistant_message_sse_response;
 use app_test_support::create_mock_chat_completions_server;
 use app_test_support::create_mock_chat_completions_server_unchecked;
@@ -10,6 +11,7 @@ use app_test_support::to_response;
 use codex_app_server_protocol::ApprovalDecision;
 use codex_app_server_protocol::CommandExecutionRequestApprovalResponse;
 use codex_app_server_protocol::CommandExecutionStatus;
+use codex_app_server_protocol::FileChangeOutputDeltaNotification;
 use codex_app_server_protocol::FileChangeRequestApprovalResponse;
 use codex_app_server_protocol::ItemCompletedNotification;
 use codex_app_server_protocol::ItemStartedNotification;
@@ -28,8 +30,8 @@ use codex_app_server_protocol::TurnStartResponse;
 use codex_app_server_protocol::TurnStartedNotification;
 use codex_app_server_protocol::TurnStatus;
 use codex_app_server_protocol::UserInput as V2UserInput;
-use codex_core::protocol_config_types::ReasoningEffort;
 use codex_core::protocol_config_types::ReasoningSummary;
+use codex_protocol::openai_models::ReasoningEffort;
 use core_test_support::skip_if_no_network;
 use pretty_assertions::assert_eq;
 use std::path::Path;
@@ -425,7 +427,6 @@ async fn turn_start_exec_approval_decline_v2() -> Result<()> {
         request_id,
         serde_json::to_value(CommandExecutionRequestApprovalResponse {
             decision: ApprovalDecision::Decline,
-            accept_settings: None,
         })?,
     )
     .await?;
@@ -724,6 +725,26 @@ async fn turn_start_file_change_approval_v2() -> Result<()> {
     )
     .await?;
 
+    let output_delta_notif = timeout(
+        DEFAULT_READ_TIMEOUT,
+        mcp.read_stream_until_notification_message("item/fileChange/outputDelta"),
+    )
+    .await??;
+    let output_delta: FileChangeOutputDeltaNotification = serde_json::from_value(
+        output_delta_notif
+            .params
+            .clone()
+            .expect("item/fileChange/outputDelta params"),
+    )?;
+    assert_eq!(output_delta.thread_id, thread.id);
+    assert_eq!(output_delta.turn_id, turn.id);
+    assert_eq!(output_delta.item_id, "patch-call");
+    assert!(
+        !output_delta.delta.is_empty(),
+        "expected delta to be non-empty, got: {}",
+        output_delta.delta
+    );
+
     let completed_file_change = timeout(DEFAULT_READ_TIMEOUT, async {
         loop {
             let completed_notif = mcp
@@ -907,6 +928,134 @@ async fn turn_start_file_change_approval_decline_v2() -> Result<()> {
     Ok(())
 }
 
+#[tokio::test]
+#[cfg_attr(windows, ignore = "process id reporting differs on Windows")]
+async fn command_execution_notifications_include_process_id() -> Result<()> {
+    skip_if_no_network!(Ok(()));
+
+    let responses = vec![
+        create_exec_command_sse_response("uexec-1")?,
+        create_final_assistant_message_sse_response("done")?,
+    ];
+    let server = create_mock_chat_completions_server(responses).await;
+    let codex_home = TempDir::new()?;
+    create_config_toml(codex_home.path(), &server.uri(), "never")?;
+    let config_toml = codex_home.path().join("config.toml");
+    let mut config_contents = std::fs::read_to_string(&config_toml)?;
+    config_contents.push_str(
+        r#"
+[features]
+unified_exec = true
+"#,
+    );
+    std::fs::write(&config_toml, config_contents)?;
+
+    let mut mcp = McpProcess::new(codex_home.path()).await?;
+    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
+
+    let start_id = mcp
+        .send_thread_start_request(ThreadStartParams {
+            model: Some("mock-model".to_string()),
+            ..Default::default()
+        })
+        .await?;
+    let start_resp: JSONRPCResponse = timeout(
+        DEFAULT_READ_TIMEOUT,
+        mcp.read_stream_until_response_message(RequestId::Integer(start_id)),
+    )
+    .await??;
+    let ThreadStartResponse { thread, .. } = to_response::<ThreadStartResponse>(start_resp)?;
+
+    let turn_id = mcp
+        .send_turn_start_request(TurnStartParams {
+            thread_id: thread.id.clone(),
+            input: vec![V2UserInput::Text {
+                text: "run a command".to_string(),
+            }],
+            ..Default::default()
+        })
+        .await?;
+    let turn_resp: JSONRPCResponse = timeout(
+        DEFAULT_READ_TIMEOUT,
+        mcp.read_stream_until_response_message(RequestId::Integer(turn_id)),
+    )
+    .await??;
+    let TurnStartResponse { turn: _turn } = to_response::<TurnStartResponse>(turn_resp)?;
+
+    let started_command = timeout(DEFAULT_READ_TIMEOUT, async {
+        loop {
+            let notif = mcp
+                .read_stream_until_notification_message("item/started")
+                .await?;
+            let started: ItemStartedNotification = serde_json::from_value(
+                notif
+                    .params
+                    .clone()
+                    .expect("item/started should include params"),
+            )?;
+            if let ThreadItem::CommandExecution { .. } = started.item {
+                return Ok::<ThreadItem, anyhow::Error>(started.item);
+            }
+        }
+    })
+    .await??;
+    let ThreadItem::CommandExecution {
+        id,
+        process_id: started_process_id,
+        status,
+        ..
+    } = started_command
+    else {
+        unreachable!("loop ensures we break on command execution items");
+    };
+    assert_eq!(id, "uexec-1");
+    assert_eq!(status, CommandExecutionStatus::InProgress);
+    let started_process_id = started_process_id.expect("process id should be present");
+
+    let completed_command = timeout(DEFAULT_READ_TIMEOUT, async {
+        loop {
+            let notif = mcp
+                .read_stream_until_notification_message("item/completed")
+                .await?;
+            let completed: ItemCompletedNotification = serde_json::from_value(
+                notif
+                    .params
+                    .clone()
+                    .expect("item/completed should include params"),
+            )?;
+            if let ThreadItem::CommandExecution { .. } = completed.item {
+                return Ok::<ThreadItem, anyhow::Error>(completed.item);
+            }
+        }
+    })
+    .await??;
+    let ThreadItem::CommandExecution {
+        id: completed_id,
+        process_id: completed_process_id,
+        status: completed_status,
+        exit_code,
+        ..
+    } = completed_command
+    else {
+        unreachable!("loop ensures we break on command execution items");
+    };
+    assert_eq!(completed_id, "uexec-1");
+    assert_eq!(completed_status, CommandExecutionStatus::Completed);
+    assert_eq!(exit_code, Some(0));
+    assert_eq!(
+        completed_process_id.as_deref(),
+        Some(started_process_id.as_str())
+    );
+
+    timeout(
+        DEFAULT_READ_TIMEOUT,
+        mcp.read_stream_until_notification_message("turn/completed"),
+    )
+    .await??;
+
+    Ok(())
+}
+
 // Helper to create a config.toml pointing at the mock model server.
 fn create_config_toml(
     codex_home: &Path,

codex-rs/apply-patch/src/lib.rs

@@ -699,13 +699,7 @@ fn derive_new_contents_from_chunks(
         }
     };
 
-    let mut original_lines: Vec<String> = original_contents.split('\n').map(String::from).collect();
-
-    // Drop the trailing empty element that results from the final newline so
-    // that line counts match the behaviour of standard `diff`.
-    if original_lines.last().is_some_and(String::is_empty) {
-        original_lines.pop();
-    }
+    let original_lines: Vec<String> = build_lines_from_contents(&original_contents);
 
     let replacements = compute_replacements(&original_lines, path, chunks)?;
     let new_lines = apply_replacements(original_lines, &replacements);
@@ -713,13 +707,67 @@ fn derive_new_contents_from_chunks(
     if !new_lines.last().is_some_and(String::is_empty) {
         new_lines.push(String::new());
     }
-    let new_contents = new_lines.join("\n");
+    let new_contents = build_contents_from_lines(&original_contents, &new_lines);
     Ok(AppliedPatch {
         original_contents,
         new_contents,
     })
 }
 
+// TODO(dylan-hurd-oai): I think we can migrate to just use `contents.lines()`
+// across all platforms.
+fn build_lines_from_contents(contents: &str) -> Vec<String> {
+    if cfg!(windows) {
+        contents.lines().map(String::from).collect()
+    } else {
+        let mut lines: Vec<String> = contents.split('\n').map(String::from).collect();
+
+        // Drop the trailing empty element that results from the final newline so
+        // that line counts match the behaviour of standard `diff`.
+        if lines.last().is_some_and(String::is_empty) {
+            lines.pop();
+        }
+
+        lines
+    }
+}
+
+fn build_contents_from_lines(original_contents: &str, lines: &[String]) -> String {
+    if cfg!(windows) {
+        // for now, only compute this if we're on Windows.
+        let uses_crlf = contents_uses_crlf(original_contents);
+        if uses_crlf {
+            lines.join("\r\n")
+        } else {
+            lines.join("\n")
+        }
+    } else {
+        lines.join("\n")
+    }
+}
+
+/// Detects whether the source file uses Windows CRLF line endings consistently.
+/// We only consider a file CRLF-formatted if every newline is part of a
+/// CRLF sequence. This avoids rewriting an LF-formatted file that merely
+/// contains embedded sequences of "\r\n".
+///
+/// Returns `true` if the file uses CRLF line endings, `false` otherwise.
+fn contents_uses_crlf(contents: &str) -> bool {
+    let bytes = contents.as_bytes();
+    let mut n_newlines = 0usize;
+    let mut n_crlf = 0usize;
+    for i in 0..bytes.len() {
+        if bytes[i] == b'\n' {
+            n_newlines += 1;
+            if i > 0 && bytes[i - 1] == b'\r' {
+                n_crlf += 1;
+            }
+        }
+    }
+
+    n_newlines > 0 && n_crlf == n_newlines
+}
+
 /// Compute a list of replacements needed to transform `original_lines` into the
 /// new lines, given the patch `chunks`. Each replacement is returned as
 /// `(start_index, old_len, new_lines)`.
@@ -1359,6 +1407,72 @@ PATCH"#,
         assert_eq!(contents, "a\nB\nc\nd\nE\nf\ng\n");
     }
 
+    /// Ensure CRLF line endings are preserved for updated files on Windows‑style inputs.
+    #[cfg(windows)]
+    #[test]
+    fn test_preserve_crlf_line_endings_on_update() {
+        let dir = tempdir().unwrap();
+        let path = dir.path().join("crlf.txt");
+
+        // Original file uses CRLF (\r\n) endings.
+        std::fs::write(&path, b"a\r\nb\r\nc\r\n").unwrap();
+
+        // Replace `b` -> `B` and append `d`.
+        let patch = wrap_patch(&format!(
+            r#"*** Update File: {}
+@@
+ a
+-b
++B
+@@
+ c
++d
+*** End of File"#,
+            path.display()
+        ));
+
+        let mut stdout = Vec::new();
+        let mut stderr = Vec::new();
+        apply_patch(&patch, &mut stdout, &mut stderr).unwrap();
+
+        let out = std::fs::read(&path).unwrap();
+        // Expect all CRLF endings; count occurrences of CRLF and ensure there are 4 lines.
+        let content = String::from_utf8_lossy(&out);
+        assert!(content.contains("\r\n"));
+        // No bare LF occurrences immediately preceding a non-CR: the text should not contain "a\nb".
+        assert!(!content.contains("a\nb"));
+        // Validate exact content sequence with CRLF delimiters.
+        assert_eq!(content, "a\r\nB\r\nc\r\nd\r\n");
+    }
+
+    /// Ensure CRLF inputs with embedded carriage returns in the content are preserved.
+    #[cfg(windows)]
+    #[test]
+    fn test_preserve_crlf_embedded_carriage_returns_on_append() {
+        let dir = tempdir().unwrap();
+        let path = dir.path().join("crlf_cr_content.txt");
+
+        // Original file: first line has a literal '\r' in the content before the CRLF terminator.
+        std::fs::write(&path, b"foo\r\r\nbar\r\n").unwrap();
+
+        // Append a new line without modifying existing ones.
+        let patch = wrap_patch(&format!(
+            r#"*** Update File: {}
+@@
++BAZ
+*** End of File"#,
+            path.display()
+        ));
+
+        let mut stdout = Vec::new();
+        let mut stderr = Vec::new();
+        apply_patch(&patch, &mut stdout, &mut stderr).unwrap();
+
+        let out = std::fs::read(&path).unwrap();
+        // CRLF endings must be preserved and the extra CR in "foo\r\r" must not be collapsed.
+        assert_eq!(out.as_slice(), b"foo\r\r\nbar\r\nBAZ\r\n");
+    }
+
     #[test]
     fn test_pure_addition_chunk_followed_by_removal() {
         let dir = tempdir().unwrap();
@@ -1544,6 +1658,37 @@ PATCH"#,
         assert_eq!(expected, diff);
     }
 
+    /// For LF-only inputs with a trailing newline ensure that the helper used
+    /// on Windows-style builds drops the synthetic trailing empty element so
+    /// replacements behave like standard `diff` line numbering.
+    #[test]
+    fn test_derive_new_contents_lf_trailing_newline() {
+        let dir = tempdir().unwrap();
+        let path = dir.path().join("lf_trailing_newline.txt");
+        fs::write(&path, "foo\nbar\n").unwrap();
+
+        let patch = wrap_patch(&format!(
+            r#"*** Update File: {}
+@@
+ foo
+-bar
++BAR
+"#,
+            path.display()
+        ));
+
+        let patch = parse_patch(&patch).unwrap();
+        let chunks = match patch.hunks.as_slice() {
+            [Hunk::UpdateFile { chunks, .. }] => chunks,
+            _ => panic!("Expected a single UpdateFile hunk"),
+        };
+
+        let AppliedPatch { new_contents, .. } =
+            derive_new_contents_from_chunks(&path, chunks).unwrap();
+
+        assert_eq!(new_contents, "foo\nBAR\n");
+    }
+
     #[test]
     fn test_unified_diff_insert_at_eof() {
         // Insert a new line at end‑of‑file.

codex-rs/apply-patch/tests/fixtures/scenarios/.gitattributes

@@ -0,0 +1 @@
+** text eol=lf

codex-rs/apply-patch/tests/fixtures/scenarios/001_add_file/expected/bar.md

@@ -0,0 +1 @@
+This is a new file

codex-rs/apply-patch/tests/fixtures/scenarios/001_add_file/patch.txt

@@ -0,0 +1,4 @@
+*** Begin Patch
+*** Add File: bar.md
++This is a new file
+*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/002_multiple_operations/expected/modify.txt

@@ -0,0 +1,2 @@
+line1
+changed

codex-rs/apply-patch/tests/fixtures/scenarios/002_multiple_operations/expected/nested/new.txt

@@ -0,0 +1 @@
+created

codex-rs/apply-patch/tests/fixtures/scenarios/002_multiple_operations/input/delete.txt

@@ -0,0 +1 @@
+obsolete

codex-rs/apply-patch/tests/fixtures/scenarios/002_multiple_operations/input/modify.txt

@@ -0,0 +1,2 @@
+line1
+line2

codex-rs/apply-patch/tests/fixtures/scenarios/002_multiple_operations/patch.txt

@@ -0,0 +1,9 @@
+*** Begin Patch
+*** Add File: nested/new.txt
++created
+*** Delete File: delete.txt
+*** Update File: modify.txt
+@@
+-line2
++changed
+*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/003_multiple_chunks/expected/multi.txt

@@ -0,0 +1,4 @@
+line1
+changed2
+line3
+changed4

codex-rs/apply-patch/tests/fixtures/scenarios/003_multiple_chunks/input/multi.txt

@@ -0,0 +1,4 @@
+line1
+line2
+line3
+line4

codex-rs/apply-patch/tests/fixtures/scenarios/003_multiple_chunks/patch.txt

@@ -0,0 +1,9 @@
+*** Begin Patch
+*** Update File: multi.txt
+@@
+-line2
++changed2
+@@
+-line4
++changed4
+*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/004_move_to_new_directory/expected/old/other.txt

@@ -0,0 +1 @@
+unrelated file

codex-rs/apply-patch/tests/fixtures/scenarios/004_move_to_new_directory/expected/renamed/dir/name.txt

@@ -0,0 +1 @@
+new content

codex-rs/apply-patch/tests/fixtures/scenarios/004_move_to_new_directory/input/old/name.txt

@@ -0,0 +1 @@
+old content

codex-rs/apply-patch/tests/fixtures/scenarios/004_move_to_new_directory/input/old/other.txt

@@ -0,0 +1 @@
+unrelated file

codex-rs/apply-patch/tests/fixtures/scenarios/004_move_to_new_directory/patch.txt

@@ -0,0 +1,7 @@
+*** Begin Patch
+*** Update File: old/name.txt
+*** Move to: renamed/dir/name.txt
+@@
+-old content
++new content
+*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/005_rejects_empty_patch/patch.txt

@@ -0,0 +1,2 @@
+*** Begin Patch
+*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/006_rejects_missing_context/expected/modify.txt

@@ -0,0 +1,2 @@
+line1
+line2

codex-rs/apply-patch/tests/fixtures/scenarios/006_rejects_missing_context/input/modify.txt

@@ -0,0 +1,2 @@
+line1
+line2

codex-rs/apply-patch/tests/fixtures/scenarios/006_rejects_missing_context/patch.txt

@@ -0,0 +1,6 @@
+*** Begin Patch
+*** Update File: modify.txt
+@@
+-missing
++changed
+*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/007_rejects_missing_file_delete/patch.txt

@@ -0,0 +1,3 @@
+*** Begin Patch
+*** Delete File: missing.txt
+*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/008_rejects_empty_update_hunk/patch.txt

@@ -0,0 +1,3 @@
+*** Begin Patch
+*** Update File: foo.txt
+*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/009_requires_existing_file_for_update/patch.txt

@@ -0,0 +1,6 @@
+*** Begin Patch
+*** Update File: missing.txt
+@@
+-old
++new
+*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/010_move_overwrites_existing_destination/expected/old/other.txt

@@ -0,0 +1 @@
+unrelated file

codex-rs/apply-patch/tests/fixtures/scenarios/010_move_overwrites_existing_destination/expected/renamed/dir/name.txt

@@ -0,0 +1 @@
+new

codex-rs/apply-patch/tests/fixtures/scenarios/010_move_overwrites_existing_destination/input/old/name.txt

@@ -0,0 +1 @@
+from

codex-rs/apply-patch/tests/fixtures/scenarios/010_move_overwrites_existing_destination/input/old/other.txt

@@ -0,0 +1 @@
+unrelated file

codex-rs/apply-patch/tests/fixtures/scenarios/010_move_overwrites_existing_destination/input/renamed/dir/name.txt

@@ -0,0 +1 @@
+existing

codex-rs/apply-patch/tests/fixtures/scenarios/010_move_overwrites_existing_destination/patch.txt

@@ -0,0 +1,7 @@
+*** Begin Patch
+*** Update File: old/name.txt
+*** Move to: renamed/dir/name.txt
+@@
+-from
++new
+*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/011_add_overwrites_existing_file/expected/duplicate.txt

@@ -0,0 +1 @@
+new content

codex-rs/apply-patch/tests/fixtures/scenarios/011_add_overwrites_existing_file/input/duplicate.txt

@@ -0,0 +1 @@
+old content

codex-rs/apply-patch/tests/fixtures/scenarios/011_add_overwrites_existing_file/patch.txt

@@ -0,0 +1,4 @@
+*** Begin Patch
+*** Add File: duplicate.txt
++new content
+*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/012_delete_directory_fails/patch.txt

@@ -0,0 +1,3 @@
+*** Begin Patch
+*** Delete File: dir
+*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/013_rejects_invalid_hunk_header/patch.txt

@@ -0,0 +1,3 @@
+*** Begin Patch
+*** Frobnicate File: foo
+*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/014_update_file_appends_trailing_newline/expected/no_newline.txt

@@ -0,0 +1,2 @@
+first line
+second line

codex-rs/apply-patch/tests/fixtures/scenarios/014_update_file_appends_trailing_newline/input/no_newline.txt

@@ -0,0 +1 @@
+no newline at end

codex-rs/apply-patch/tests/fixtures/scenarios/014_update_file_appends_trailing_newline/patch.txt

@@ -0,0 +1,7 @@
+*** Begin Patch
+*** Update File: no_newline.txt
+@@
+-no newline at end
++first line
++second line
+*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/015_failure_after_partial_success_leaves_changes/expected/created.txt

@@ -0,0 +1 @@
+hello

codex-rs/apply-patch/tests/fixtures/scenarios/015_failure_after_partial_success_leaves_changes/patch.txt

@@ -0,0 +1,8 @@
+*** Begin Patch
+*** Add File: created.txt
++hello
+*** Update File: missing.txt
+@@
+-old
++new
+*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/016_pure_addition_update_chunk/expected/input.txt

@@ -0,0 +1,4 @@
+line1
+line2
+added line 1
+added line 2

codex-rs/apply-patch/tests/fixtures/scenarios/016_pure_addition_update_chunk/input/input.txt

@@ -0,0 +1,2 @@
+line1
+line2

codex-rs/apply-patch/tests/fixtures/scenarios/016_pure_addition_update_chunk/patch.txt

@@ -0,0 +1,6 @@
+*** Begin Patch
+*** Update File: input.txt
+@@
++added line 1
++added line 2
+*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/017_whitespace_padded_hunk_header/expected/foo.txt

@@ -0,0 +1 @@
+new

codex-rs/apply-patch/tests/fixtures/scenarios/017_whitespace_padded_hunk_header/input/foo.txt

@@ -0,0 +1 @@
+old

codex-rs/apply-patch/tests/fixtures/scenarios/017_whitespace_padded_hunk_header/patch.txt

@@ -0,0 +1,6 @@
+*** Begin Patch
+  *** Update File: foo.txt
+@@
+-old
++new
+*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/018_whitespace_padded_patch_markers/expected/file.txt

@@ -0,0 +1 @@
+two

codex-rs/apply-patch/tests/fixtures/scenarios/018_whitespace_padded_patch_markers/input/file.txt

@@ -0,0 +1 @@
+one

codex-rs/apply-patch/tests/fixtures/scenarios/018_whitespace_padded_patch_markers/patch.txt

@@ -0,0 +1,6 @@
+ *** Begin Patch
+*** Update File: file.txt
+@@
+-one
++two
+*** End Patch 

codex-rs/apply-patch/tests/fixtures/scenarios/README.md

@@ -0,0 +1,18 @@
+# Overview
+This directory is a collection of end to end tests for the apply-patch specification, meant to be easily portable to other languages or platforms.
+
+
+# Specification
+Each test case is one directory, composed of input state (input/), the patch operation (patch.txt), and the expected final state (expected/). This structure is designed to keep tests simple (i.e. test exactly one patch at a time) while still providing enough flexibility to test any given operation across files.
+
+Here's what this would look like for a simple test apply-patch test case to create a new file:
+
+```
+001_add/
+  input/
+    foo.md
+  expected/
+    foo.md
+    bar.md
+  patch.txt
+```

codex-rs/apply-patch/tests/suite/mod.rs

@@ -1,3 +1,4 @@
 mod cli;
+mod scenarios;
 #[cfg(not(target_os = "windows"))]
 mod tool;

codex-rs/apply-patch/tests/suite/scenarios.rs

@@ -0,0 +1,114 @@
+use assert_cmd::prelude::*;
+use pretty_assertions::assert_eq;
+use std::collections::BTreeMap;
+use std::fs;
+use std::path::Path;
+use std::path::PathBuf;
+use std::process::Command;
+use tempfile::tempdir;
+
+#[test]
+fn test_apply_patch_scenarios() -> anyhow::Result<()> {
+    for scenario in fs::read_dir("tests/fixtures/scenarios")? {
+        let scenario = scenario?;
+        let path = scenario.path();
+        if path.is_dir() {
+            run_apply_patch_scenario(&path)?;
+        }
+    }
+    Ok(())
+}
+
+/// Reads a scenario directory, copies the input files to a temporary directory, runs apply-patch,
+/// and asserts that the final state matches the expected state exactly.
+fn run_apply_patch_scenario(dir: &Path) -> anyhow::Result<()> {
+    let tmp = tempdir()?;
+
+    // Copy the input files to the temporary directory
+    let input_dir = dir.join("input");
+    if input_dir.is_dir() {
+        copy_dir_recursive(&input_dir, tmp.path())?;
+    }
+
+    // Read the patch.txt file
+    let patch = fs::read_to_string(dir.join("patch.txt"))?;
+
+    // Run apply_patch in the temporary directory. We intentionally do not assert
+    // on the exit status here; the scenarios are specified purely in terms of
+    // final filesystem state, which we compare below.
+    Command::cargo_bin("apply_patch")?
+        .arg(patch)
+        .current_dir(tmp.path())
+        .output()?;
+
+    // Assert that the final state matches the expected state exactly
+    let expected_dir = dir.join("expected");
+    let expected_snapshot = snapshot_dir(&expected_dir)?;
+    let actual_snapshot = snapshot_dir(tmp.path())?;
+
+    assert_eq!(
+        actual_snapshot,
+        expected_snapshot,
+        "Scenario {} did not match expected final state",
+        dir.display()
+    );
+
+    Ok(())
+}
+
+#[derive(Debug, Clone, PartialEq, Eq)]
+enum Entry {
+    File(Vec<u8>),
+    Dir,
+}
+
+fn snapshot_dir(root: &Path) -> anyhow::Result<BTreeMap<PathBuf, Entry>> {
+    let mut entries = BTreeMap::new();
+    if root.is_dir() {
+        snapshot_dir_recursive(root, root, &mut entries)?;
+    }
+    Ok(entries)
+}
+
+fn snapshot_dir_recursive(
+    base: &Path,
+    dir: &Path,
+    entries: &mut BTreeMap<PathBuf, Entry>,
+) -> anyhow::Result<()> {
+    for entry in fs::read_dir(dir)? {
+        let entry = entry?;
+        let path = entry.path();
+        let Some(stripped) = path.strip_prefix(base).ok() else {
+            continue;
+        };
+        let rel = stripped.to_path_buf();
+        let file_type = entry.file_type()?;
+        if file_type.is_dir() {
+            entries.insert(rel.clone(), Entry::Dir);
+            snapshot_dir_recursive(base, &path, entries)?;
+        } else if file_type.is_file() {
+            let contents = fs::read(&path)?;
+            entries.insert(rel, Entry::File(contents));
+        }
+    }
+    Ok(())
+}
+
+fn copy_dir_recursive(src: &Path, dst: &Path) -> anyhow::Result<()> {
+    for entry in fs::read_dir(src)? {
+        let entry = entry?;
+        let path = entry.path();
+        let file_type = entry.file_type()?;
+        let dest_path = dst.join(entry.file_name());
+        if file_type.is_dir() {
+            fs::create_dir_all(&dest_path)?;
+            copy_dir_recursive(&path, &dest_path)?;
+        } else if file_type.is_file() {
+            if let Some(parent) = dest_path.parent() {
+                fs::create_dir_all(parent)?;
+            }
+            fs::copy(&path, &dest_path)?;
+        }
+    }
+    Ok(())
+}

codex-rs/backend-client/src/client.rs

@@ -7,6 +7,7 @@ use crate::types::TurnAttemptsSiblingTurnsResponse;
 use anyhow::Result;
 use codex_core::auth::CodexAuth;
 use codex_core::default_client::get_codex_user_agent;
+use codex_protocol::account::PlanType as AccountPlanType;
 use codex_protocol::protocol::CreditsSnapshot;
 use codex_protocol::protocol::RateLimitSnapshot;
 use codex_protocol::protocol::RateLimitWindow;
@@ -291,6 +292,7 @@ impl Client {
             primary,
             secondary,
             credits: Self::map_credits(payload.credits),
+            plan_type: Some(Self::map_plan_type(payload.plan_type)),
         }
     }
 
@@ -325,6 +327,23 @@ impl Client {
         })
     }
 
+    fn map_plan_type(plan_type: crate::types::PlanType) -> AccountPlanType {
+        match plan_type {
+            crate::types::PlanType::Free => AccountPlanType::Free,
+            crate::types::PlanType::Plus => AccountPlanType::Plus,
+            crate::types::PlanType::Pro => AccountPlanType::Pro,
+            crate::types::PlanType::Team => AccountPlanType::Team,
+            crate::types::PlanType::Business => AccountPlanType::Business,
+            crate::types::PlanType::Enterprise => AccountPlanType::Enterprise,
+            crate::types::PlanType::Edu | crate::types::PlanType::Education => AccountPlanType::Edu,
+            crate::types::PlanType::Guest
+            | crate::types::PlanType::Go
+            | crate::types::PlanType::FreeWorkspace
+            | crate::types::PlanType::Quorum
+            | crate::types::PlanType::K12 => AccountPlanType::Unknown,
+        }
+    }
+
     fn window_minutes_from_seconds(seconds: i32) -> Option<i64> {
         if seconds <= 0 {
             return None;

codex-rs/cli/src/main.rs

@@ -18,6 +18,8 @@ use codex_cli::login::run_logout;
 use codex_cloud_tasks::Cli as CloudTasksCli;
 use codex_common::CliConfigOverrides;
 use codex_exec::Cli as ExecCli;
+use codex_exec::Command as ExecCommand;
+use codex_exec::ReviewArgs;
 use codex_execpolicy::ExecPolicyCheckCommand;
 use codex_responses_api_proxy::Args as ResponsesApiProxyArgs;
 use codex_tui::AppExitInfo;
@@ -72,6 +74,9 @@ enum Subcommand {
     #[clap(visible_alias = "e")]
     Exec(ExecCli),
 
+    /// Run a code review non-interactively.
+    Review(ReviewArgs),
+
     /// Manage login.
     Login(LoginCommand),
 
@@ -449,6 +454,15 @@ async fn cli_main(codex_linux_sandbox_exe: Option<PathBuf>) -> anyhow::Result<()
             );
             codex_exec::run_main(exec_cli, codex_linux_sandbox_exe).await?;
         }
+        Some(Subcommand::Review(review_args)) => {
+            let mut exec_cli = ExecCli::try_parse_from(["codex", "exec"])?;
+            exec_cli.command = Some(ExecCommand::Review(review_args));
+            prepend_config_flags(
+                &mut exec_cli.config_overrides,
+                root_config_overrides.clone(),
+            );
+            codex_exec::run_main(exec_cli, codex_linux_sandbox_exe).await?;
+        }
         Some(Subcommand::McpServer) => {
             codex_mcp_server::run_main(codex_linux_sandbox_exe, root_config_overrides).await?;
         }

codex-rs/cli/tests/execpolicy.rs

@@ -40,17 +40,15 @@ prefix_rule(
     assert_eq!(
         result,
         json!({
-            "match": {
-                "decision": "forbidden",
-                "matchedRules": [
-                    {
-                        "prefixRuleMatch": {
-                            "matchedPrefix": ["git", "push"],
-                            "decision": "forbidden"
-                        }
+            "decision": "forbidden",
+            "matchedRules": [
+                {
+                    "prefixRuleMatch": {
+                        "matchedPrefix": ["git", "push"],
+                        "decision": "forbidden"
                     }
-                ]
-            }
+                }
+            ]
         })
     );
 

codex-rs/client.md

@@ -1,206 +0,0 @@
-# Client Extraction Plan
-
-## Goals
-- Split the HTTP transport/client code out of `codex-core` into a reusable crate that is agnostic of Codex/OpenAI business logic and API schemas.
-- Create a separate API library crate that houses typed requests/responses for well-known APIs (Responses, Chat Completions, Compact) and plugs into the transport crate via minimal traits.
-- Preserve current behaviour (auth headers, retries, SSE handling, rate-limit parsing, compaction, fixtures) while making the APIs symmetric and avoiding code duplication.
-- Keep existing consumers (`codex-core`, tests, and tools) stable by providing a small compatibility layer during the transition.
-
-## Snapshot of Today
-- `core/src/client.rs (ModelClient)` owns config/auth/session state, chooses wire API, builds payloads, drives retries, parses SSE, compaction, and rate-limit headers.
-- `core/src/chat_completions.rs` implements the Chat Completions call + SSE parser + aggregation helper.
-- `core/src/client_common.rs` holds `Prompt`, tool specs, shared request structs (`ResponsesApiRequest`, `TextControls`), and `ResponseEvent`/`ResponseStream`.
-- `core/src/default_client.rs` wraps `reqwest` with Codex UA/originator defaults.
-- `core/src/model_provider_info.rs` models providers (base URL, headers, env keys, retry/timeout tuning) and builds `CodexRequestBuilder`s.
-    - Current retry logic is co-located with API handling; streaming SSE parsing is duplicated across Responses/Chat.
-
-## Target Crates (with interfaces)
-
-- `codex-client` (generic transport)
-  - Owns the generic HTTP machinery: a `CodexHttpClient`/`CodexRequestBuilder`-style wrapper, retry/backoff hooks, streaming connector (SSE framing + idle timeout), header injection, and optional telemetry callbacks.
-  - Does **not** know about OpenAI/Codex-specific paths, headers, or error codes; it only exposes HTTP-level concepts (status, headers, bodies, connection errors).
-  - Minimal surface:
-    ```rust
-    pub trait HttpTransport {
-        fn execute(&self, req: Request) -> Result<Response, TransportError>;
-        fn stream(&self, req: Request) -> Result<ByteStream, TransportError>;
-    }
-
-    pub struct Request {
-        pub method: Method,
-        pub url: String,
-        pub headers: HeaderMap,
-        pub body: Option<serde_json::Value>,
-        pub timeout: Option<Duration>,
-    }
-    ```
-  - Generic client traits (request/response/chunk are abstract over the transport):
-    ```rust
-    #[async_trait::async_trait]
-    pub trait UnaryClient<Req, Resp> {
-        async fn run(&self, req: Req) -> Result<Resp, TransportError>;
-    }
-
-    #[async_trait::async_trait]
-    pub trait StreamClient<Req, Chunk> {
-        async fn run(&self, req: Req) -> Result<ResponseStream<Chunk>, TransportError>;
-    }
-
-    pub struct RetryPolicy {
-        pub max_attempts: u64,
-        pub base_delay: Duration,
-        pub retry_on: RetryOn, // e.g., transport errors + 429/5xx
-    }
-    ```
-    - `RetryOn` lives in `codex-client` and captures HTTP status classes and transport failures that qualify for retry.
-    - Implementations in `codex-api` plug in their own request types, parsers, and retry policies while reusing the transport’s backoff and error types.
-    - Planned runtime helper:
-      ```rust
-      pub async fn run_with_retry<T, F, Fut>(
-          policy: RetryPolicy,
-          make_req: impl Fn() -> Request,
-          op: F,
-      ) -> Result<T, TransportError>
-      where
-          F: Fn(Request) -> Fut,
-          Fut: Future<Output = Result<T, TransportError>>,
-      {
-          for attempt in 0..=policy.max_attempts {
-              let req = make_req();
-              match op(req).await {
-                  Ok(resp) => return Ok(resp),
-                  Err(err) if policy.retry_on.should_retry(&err, attempt) => {
-                      tokio::time::sleep(backoff(policy.base_delay, attempt + 1)).await;
-                  }
-                  Err(err) => return Err(err),
-              }
-          }
-          Err(TransportError::RetryLimit)
-      }
-      ```
-      - Unary clients wrap `transport.execute` with this helper and then deserialize.
-      - Stream clients wrap the **initial** `transport.stream` call with this helper. Mid-stream disconnects are surfaced as `StreamError`s; automatic resume/reconnect can be added later on top of this primitive if we introduce cursor support.
-  - Common helpers: `retry::backoff(attempt)`, `errors::{TransportError, StreamError}`.
-  - Streaming utility (SSE framing only):
-    ```rust
-    pub fn sse_stream<S>(
-        bytes: S,
-        idle_timeout: Duration,
-        tx: mpsc::Sender<Result<String, StreamError>>,
-        telemetry: Option<Box<dyn Telemetry>>,
-    )
-    where
-        S: Stream<Item = Result<Bytes, TransportError>> + Unpin + Send + 'static;
-    ```
-    - `sse_stream` is responsible for timeouts, connection-level errors, and emitting raw `data:` chunks as UTF-8 strings; parsing those strings into structured events is done in `codex-api`.
-
-- `codex-api` (OpenAI/Codex API library)
-  - Owns typed models for Responses/Chat/Compact plus shared helpers (`Prompt`, tool specs, text controls, `ResponsesApiRequest`, etc.).
-  - Knows about OpenAI/Codex semantics:
-    - URL shapes (`/v1/responses`, `/v1/chat/completions`, `/responses/compact`).
-    - Provider configuration (`WireApi`, base URLs, query params, per-provider retry knobs).
-    - Rate-limit headers (`x-codex-*`) and their mapping into `RateLimitSnapshot` / `CreditsSnapshot`.
-    - Error body formats (`{ error: { type, code, message, plan_type, resets_at } }`) and how they become API errors (context window exceeded, quota/usage limit, etc.).
-    - SSE event names (`response.output_item.done`, `response.completed`, `response.failed`, etc.) and their mapping into high-level events.
-  - Provides a provider abstraction (conceptually similar to `ModelProviderInfo`):
-    ```rust
-    pub struct Provider {
-        pub name: String,
-        pub base_url: String,
-        pub wire: WireApi, // Responses | Chat
-        pub headers: HeaderMap,
-        pub retry: RetryConfig,
-        pub stream_idle_timeout: Duration,
-    }
-
-    pub trait AuthProvider {
-        /// Returns a bearer token to use for this request (if any).
-        /// Implementations are expected to be cheap and to surface already-refreshed tokens;
-        /// higher layers (`codex-core`) remain responsible for token refresh flows.
-        fn bearer_token(&self) -> Option<String>;
-
-        /// Optional ChatGPT account id header for Chat mode.
-        fn account_id(&self) -> Option<String>;
-    }
-    ```
-  - Ready-made clients built on `HttpTransport`:
-    ```rust
-    pub struct ResponsesClient<T: HttpTransport, A: AuthProvider> { /* ... */ }
-    impl<T, A> ResponsesClient<T, A> {
-        pub async fn stream(&self, prompt: &Prompt) -> ApiResult<ResponseStream<ApiEvent>>;
-        pub async fn compact(&self, prompt: &Prompt) -> ApiResult<Vec<ResponseItem>>;
-    }
-
-    pub struct ChatClient<T: HttpTransport, A: AuthProvider> { /* ... */ }
-    impl<T, A> ChatClient<T, A> {
-        pub async fn stream(&self, prompt: &Prompt) -> ApiResult<ResponseStream<ApiEvent>>;
-    }
-
-    pub struct CompactClient<T: HttpTransport, A: AuthProvider> { /* ... */ }
-    impl<T, A> CompactClient<T, A> {
-        pub async fn compact(&self, prompt: &Prompt) -> ApiResult<Vec<ResponseItem>>;
-    }
-    ```
-  - Streaming events unified across wire APIs (this can closely mirror `ResponseEvent` today, and we may type-alias one to the other during migration):
-    ```rust
-    pub enum ApiEvent {
-        Created,
-        OutputItemAdded(ResponseItem),
-        OutputItemDone(ResponseItem),
-        OutputTextDelta(String),
-        ReasoningContentDelta { delta: String, content_index: i64 },
-        ReasoningSummaryDelta { delta: String, summary_index: i64 },
-        RateLimits(RateLimitSnapshot),
-        Completed { response_id: String, token_usage: Option<TokenUsage> },
-    }
-    ```
-  - Error layering:
-    - `codex-client`: defines `TransportError` / `StreamError` (status codes, IO, timeouts).
-    - `codex-api`: defines `ApiError` that wraps `TransportError` plus API-specific errors parsed from bodies and headers.
-    - `codex-core`: maps `ApiError` into existing `CodexErr` variants so downstream callers remain unchanged.
-  - Aggregation strategies (today’s `AggregateStreamExt`) live here as adapters (`Aggregated`, `Streaming`) that transform `ResponseStream<ApiEvent>` into the higher-level views used by `codex-core`.
-
-## Implementation Steps
-
-1. **Create crates**: add `codex-client` and `codex-api` (names keep the `codex-` prefix). Stub lib files with feature flags/tests wired into the workspace; wire them into `Cargo.toml`.
-2. **Extract API-level SSE + rate limits into `codex-api`**:
-   - Move the Responses SSE parser (`process_sse`), rate-limit parsing, and related tests from `core/src/client.rs` into `codex-api`, keeping the behavior identical.
-   - Introduce `ApiEvent` (initially equivalent to `ResponseEvent`) and `ApiError`, and adjust the parser to emit those.
-   - Provide test-only helpers for fixture streams (replacement for `CODEX_RS_SSE_FIXTURE`) in `codex-api`.
-3. **Lift transport layer into `codex-client`**:
-   - Move `CodexHttpClient`/`CodexRequestBuilder`, UA/originator plumbing, and backoff helpers from `core/src/default_client.rs` into `codex-client` (or a thin wrapper on top of it).
-   - Introduce `HttpTransport`, `Request`, `RetryPolicy`, `RetryOn`, and `run_with_retry` as described above.
-   - Keep sandbox/no-proxy toggles behind injected configuration so `codex-client` stays generic and does not depend on Codex-specific env vars.
-4. **Model provider abstraction in `codex-api`**:
-   - Relocate `ModelProviderInfo` (base URL, env/header resolution, retry knobs, wire API enum) into `codex-api`, expressed in terms of `Provider` and `AuthProvider`.
-   - Ensure provider logic handles:
-     - URL building for Responses/Chat/Compact (including Azure special cases).
-     - Static and env-based headers.
-     - Per-provider retry and idle-timeout settings that map cleanly into `RetryPolicy`/`RetryOn`.
-5. **API crate wiring**:
-   - Move `Prompt`, tool specs, `ResponsesApiRequest`, `TextControls`, and `ResponseEvent/ResponseStream` into `codex-api` under modules (`common`, `responses`, `chat`, `compact`), keeping public types stable or re-exported through `codex-core` as needed.
-   - Rebuild Responses and Chat clients on top of `HttpTransport` + `StreamClient`, reusing shared retry + SSE helpers; keep aggregation adapters as reusable strategies instead of `ModelClient`-local logic.
-   - Implement Compact on top of `UnaryClient` and the unary `execute` path with JSON deserialization, sharing the same retry policy.
-   - Keep request builders symmetric: each client prepares a `Request<serde_json::Value>`, attaches headers/auth via `AuthProvider`, and plugs in its parser (streaming clients) or deserializer (unary) while sharing retry/backoff configuration derived from `Provider`.
-6. **Core integration layer**:
-   - Replace `core::ModelClient` internals with thin adapters that construct `codex-api` clients using `Config`, `AuthManager`, and `OtelEventManager`.
-   - Keep the public `ModelClient` API and `ResponseEvent`/`ResponseStream` types stable by re-exporting `codex-api` types or providing type aliases.
-   - Preserve existing auth flows (including ChatGPT token refresh) inside `codex-core` or a thin adapter, using `AuthProvider` to surface bearer tokens to `codex-api` and handling 401/refresh semantics at this layer.
-7. **Tests/migration**:
-   - Move unit tests for SSE parsing, retry/backoff decisions, and provider/header behavior into the new crates; keep integration tests in `core` using the compatibility layer.
-   - Update fixtures to be consumed via test-only adapters in `codex-api`.
-   - Run targeted `just fmt`, `just fix -p` for the touched crates, and scoped `cargo test -p codex-client`, `-p codex-api`, and existing `codex-core` suites.
-
-## Design Decisions
-
-- **UA construction**
-  - `codex-client` exposes an optional UA suffix/provider hook (tiny feature) and remains unaware of the CLI; `codex-core` / the CLI compute the full UA (including `terminal::user_agent()`) and pass the suffix or builder down.
-- **Config vs provider**
-  - Most configuration stays in `codex-core`. `codex-api::Provider` only contains what is strictly required for HTTP (base URLs, query params, retry/timeout knobs, wire API), while higher-level knobs (reasoning defaults, verbosity flags, etc.) remain core concerns.
-- **Auth flow ownership**
-  - Auth flows (including ChatGPT token refresh) remain in `codex-core`. `AuthProvider` simply exposes already-fresh tokens/account IDs; 401 handling and refresh retries stay in the existing auth layer.
-- **Error enums**
-  - `codex-client` continues to define `TransportError` / `StreamError`. `codex-api` defines an `ApiError` (deriving `thiserror::Error`) that wraps `TransportError` and API-specific failures, and `codex-core` maps `ApiError` into existing `CodexErr` variants for callers.
-- **Streaming reconnection semantics**
-  - For now, mid-stream SSE failures are surfaced as errors and only the initial connection is retried via `run_with_retry`. We will revisit mid-stream reconnect/resume once the underlying APIs support cursor/idempotent event semantics.
-

codex-rs/cloud-tasks-client/src/api.rs

@@ -127,6 +127,7 @@ impl Default for TaskText {
 #[async_trait::async_trait]
 pub trait CloudBackend: Send + Sync {
     async fn list_tasks(&self, env: Option<&str>) -> Result<Vec<TaskSummary>>;
+    async fn get_task_summary(&self, id: TaskId) -> Result<TaskSummary>;
     async fn get_task_diff(&self, id: TaskId) -> Result<Option<String>>;
     /// Return assistant output messages (no diff) when available.
     async fn get_task_messages(&self, id: TaskId) -> Result<Vec<String>>;

codex-rs/cloud-tasks-client/src/http.rs

@@ -63,6 +63,10 @@ impl CloudBackend for HttpClient {
         self.tasks_api().list(env).await
     }
 
+    async fn get_task_summary(&self, id: TaskId) -> Result<TaskSummary> {
+        self.tasks_api().summary(id).await
+    }
+
     async fn get_task_diff(&self, id: TaskId) -> Result<Option<String>> {
         self.tasks_api().diff(id).await
     }
@@ -149,6 +153,75 @@ mod api {
             Ok(tasks)
         }
 
+        pub(crate) async fn summary(&self, id: TaskId) -> Result<TaskSummary> {
+            let id_str = id.0.clone();
+            let (details, body, ct) = self
+                .details_with_body(&id.0)
+                .await
+                .map_err(|e| CloudTaskError::Http(format!("get_task_details failed: {e}")))?;
+            let parsed: Value = serde_json::from_str(&body).map_err(|e| {
+                CloudTaskError::Http(format!(
+                    "Decode error for {}: {e}; content-type={ct}; body={body}",
+                    id.0
+                ))
+            })?;
+            let task_obj = parsed
+                .get("task")
+                .and_then(Value::as_object)
+                .ok_or_else(|| {
+                    CloudTaskError::Http(format!("Task metadata missing from details for {id_str}"))
+                })?;
+            let status_display = parsed
+                .get("task_status_display")
+                .or_else(|| task_obj.get("task_status_display"))
+                .and_then(Value::as_object)
+                .map(|m| {
+                    m.iter()
+                        .map(|(k, v)| (k.clone(), v.clone()))
+                        .collect::<HashMap<String, Value>>()
+                });
+            let status = map_status(status_display.as_ref());
+            let mut summary = diff_summary_from_status_display(status_display.as_ref());
+            if summary.files_changed == 0
+                && summary.lines_added == 0
+                && summary.lines_removed == 0
+                && let Some(diff) = details.unified_diff()
+            {
+                summary = diff_summary_from_diff(&diff);
+            }
+            let updated_at_raw = task_obj
+                .get("updated_at")
+                .and_then(Value::as_f64)
+                .or_else(|| task_obj.get("created_at").and_then(Value::as_f64))
+                .or_else(|| latest_turn_timestamp(status_display.as_ref()));
+            let environment_id = task_obj
+                .get("environment_id")
+                .and_then(Value::as_str)
+                .map(str::to_string);
+            let environment_label = env_label_from_status_display(status_display.as_ref());
+            let attempt_total = attempt_total_from_status_display(status_display.as_ref());
+            let title = task_obj
+                .get("title")
+                .and_then(Value::as_str)
+                .unwrap_or("<untitled>")
+                .to_string();
+            let is_review = task_obj
+                .get("is_review")
+                .and_then(Value::as_bool)
+                .unwrap_or(false);
+            Ok(TaskSummary {
+                id,
+                title,
+                status,
+                updated_at: parse_updated_at(updated_at_raw.as_ref()),
+                environment_id,
+                environment_label,
+                summary,
+                is_review,
+                attempt_total,
+            })
+        }
+
         pub(crate) async fn diff(&self, id: TaskId) -> Result<Option<String>> {
             let (details, body, ct) = self
                 .details_with_body(&id.0)
@@ -679,6 +752,34 @@ mod api {
             .map(str::to_string)
     }
 
+    fn diff_summary_from_diff(diff: &str) -> DiffSummary {
+        let mut files_changed = 0usize;
+        let mut lines_added = 0usize;
+        let mut lines_removed = 0usize;
+        for line in diff.lines() {
+            if line.starts_with("diff --git ") {
+                files_changed += 1;
+                continue;
+            }
+            if line.starts_with("+++") || line.starts_with("---") || line.starts_with("@@") {
+                continue;
+            }
+            match line.as_bytes().first() {
+                Some(b'+') => lines_added += 1,
+                Some(b'-') => lines_removed += 1,
+                _ => {}
+            }
+        }
+        if files_changed == 0 && !diff.trim().is_empty() {
+            files_changed = 1;
+        }
+        DiffSummary {
+            files_changed,
+            lines_added,
+            lines_removed,
+        }
+    }
+
     fn diff_summary_from_status_display(v: Option<&HashMap<String, Value>>) -> DiffSummary {
         let mut out = DiffSummary::default();
         let Some(map) = v else { return out };
@@ -700,6 +801,17 @@ mod api {
         out
     }
 
+    fn latest_turn_timestamp(v: Option<&HashMap<String, Value>>) -> Option<f64> {
+        let map = v?;
+        let latest = map
+            .get("latest_turn_status_display")
+            .and_then(Value::as_object)?;
+        latest
+            .get("updated_at")
+            .or_else(|| latest.get("created_at"))
+            .and_then(Value::as_f64)
+    }
+
     fn attempt_total_from_status_display(v: Option<&HashMap<String, Value>>) -> Option<usize> {
         let map = v?;
         let latest = map

codex-rs/cloud-tasks-client/src/mock.rs

@@ -1,6 +1,7 @@
 use crate::ApplyOutcome;
 use crate::AttemptStatus;
 use crate::CloudBackend;
+use crate::CloudTaskError;
 use crate::DiffSummary;
 use crate::Result;
 use crate::TaskId;
@@ -60,6 +61,14 @@ impl CloudBackend for MockClient {
         Ok(out)
     }
 
+    async fn get_task_summary(&self, id: TaskId) -> Result<TaskSummary> {
+        let tasks = self.list_tasks(None).await?;
+        tasks
+            .into_iter()
+            .find(|t| t.id == id)
+            .ok_or_else(|| CloudTaskError::Msg(format!("Task {} not found (mock)", id.0)))
+    }
+
     async fn get_task_diff(&self, id: TaskId) -> Result<Option<String>> {
         Ok(Some(mock_diff_for(&id)))
     }

codex-rs/cloud-tasks/Cargo.toml

@@ -34,6 +34,9 @@ tokio-stream = { workspace = true }
 tracing = { workspace = true, features = ["log"] }
 tracing-subscriber = { workspace = true, features = ["env-filter"] }
 unicode-width = { workspace = true }
+owo-colors = { workspace = true, features = ["supports-colors"] }
+supports-color = { workspace = true }
 
 [dev-dependencies]
 async-trait = { workspace = true }
+pretty_assertions = { workspace = true }

codex-rs/cloud-tasks/src/app.rs

@@ -350,6 +350,7 @@ pub enum AppEvent {
 mod tests {
     use super::*;
     use chrono::Utc;
+    use codex_cloud_tasks_client::CloudTaskError;
 
     struct FakeBackend {
         // maps env key to titles
@@ -385,6 +386,17 @@ mod tests {
             Ok(out)
         }
 
+        async fn get_task_summary(
+            &self,
+            id: TaskId,
+        ) -> codex_cloud_tasks_client::Result<TaskSummary> {
+            self.list_tasks(None)
+                .await?
+                .into_iter()
+                .find(|t| t.id == id)
+                .ok_or_else(|| CloudTaskError::Msg(format!("Task {} not found", id.0)))
+        }
+
         async fn get_task_diff(
             &self,
             _id: TaskId,

codex-rs/cloud-tasks/src/cli.rs

@@ -16,6 +16,12 @@ pub struct Cli {
 pub enum Command {
     /// Submit a new Codex Cloud task without launching the TUI.
     Exec(ExecCommand),
+    /// Show the status of a Codex Cloud task.
+    Status(StatusCommand),
+    /// Apply the diff for a Codex Cloud task locally.
+    Apply(ApplyCommand),
+    /// Show the unified diff for a Codex Cloud task.
+    Diff(DiffCommand),
 }
 
 #[derive(Debug, Args)]
@@ -28,6 +34,10 @@ pub struct ExecCommand {
     #[arg(long = "env", value_name = "ENV_ID")]
     pub environment: String,
 
+    /// Git branch to run in Codex Cloud.
+    #[arg(long = "branch", value_name = "BRANCH", default_value = "main")]
+    pub branch: String,
+
     /// Number of assistant attempts (best-of-N).
     #[arg(
         long = "attempts",
@@ -47,3 +57,32 @@ fn parse_attempts(input: &str) -> Result<usize, String> {
         Err("attempts must be between 1 and 4".to_string())
     }
 }
+
+#[derive(Debug, Args)]
+pub struct StatusCommand {
+    /// Codex Cloud task identifier to inspect.
+    #[arg(value_name = "TASK_ID")]
+    pub task_id: String,
+}
+
+#[derive(Debug, Args)]
+pub struct ApplyCommand {
+    /// Codex Cloud task identifier to apply.
+    #[arg(value_name = "TASK_ID")]
+    pub task_id: String,
+
+    /// Attempt number to apply (1-based).
+    #[arg(long = "attempt", value_parser = parse_attempts, value_name = "N")]
+    pub attempt: Option<usize>,
+}
+
+#[derive(Debug, Args)]
+pub struct DiffCommand {
+    /// Codex Cloud task identifier to display.
+    #[arg(value_name = "TASK_ID")]
+    pub task_id: String,
+
+    /// Attempt number to display (1-based).
+    #[arg(long = "attempt", value_parser = parse_attempts, value_name = "N")]
+    pub attempt: Option<usize>,
+}

codex-rs/cloud-tasks/src/lib.rs

@@ -8,17 +8,24 @@ pub mod util;
 pub use cli::Cli;
 
 use anyhow::anyhow;
+use chrono::Utc;
+use codex_cloud_tasks_client::TaskStatus;
 use codex_login::AuthManager;
+use owo_colors::OwoColorize;
+use owo_colors::Stream;
+use std::cmp::Ordering;
 use std::io::IsTerminal;
 use std::io::Read;
 use std::path::PathBuf;
 use std::sync::Arc;
 use std::time::Duration;
 use std::time::Instant;
+use supports_color::Stream as SupportStream;
 use tokio::sync::mpsc::UnboundedSender;
 use tracing::info;
 use tracing_subscriber::EnvFilter;
 use util::append_error_log;
+use util::format_relative_time;
 use util::set_user_agent_suffix;
 
 struct ApplyJob {
@@ -101,6 +108,7 @@ async fn run_exec_command(args: crate::cli::ExecCommand) -> anyhow::Result<()> {
     let crate::cli::ExecCommand {
         query,
         environment,
+        branch,
         attempts,
     } = args;
     let ctx = init_backend("codex_cloud_tasks_exec").await?;
@@ -110,7 +118,7 @@ async fn run_exec_command(args: crate::cli::ExecCommand) -> anyhow::Result<()> {
         &*ctx.backend,
         &env_id,
         &prompt,
-        "main",
+        &branch,
         false,
         attempts,
     )
@@ -192,6 +200,273 @@ fn resolve_query_input(query_arg: Option<String>) -> anyhow::Result<String> {
     }
 }
 
+fn parse_task_id(raw: &str) -> anyhow::Result<codex_cloud_tasks_client::TaskId> {
+    let trimmed = raw.trim();
+    if trimmed.is_empty() {
+        anyhow::bail!("task id must not be empty");
+    }
+    let without_fragment = trimmed.split('#').next().unwrap_or(trimmed);
+    let without_query = without_fragment
+        .split('?')
+        .next()
+        .unwrap_or(without_fragment);
+    let id = without_query
+        .rsplit('/')
+        .next()
+        .unwrap_or(without_query)
+        .trim();
+    if id.is_empty() {
+        anyhow::bail!("task id must not be empty");
+    }
+    Ok(codex_cloud_tasks_client::TaskId(id.to_string()))
+}
+
+#[derive(Clone, Debug)]
+struct AttemptDiffData {
+    placement: Option<i64>,
+    created_at: Option<chrono::DateTime<Utc>>,
+    diff: String,
+}
+
+fn cmp_attempt(lhs: &AttemptDiffData, rhs: &AttemptDiffData) -> Ordering {
+    match (lhs.placement, rhs.placement) {
+        (Some(a), Some(b)) => a.cmp(&b),
+        (Some(_), None) => Ordering::Less,
+        (None, Some(_)) => Ordering::Greater,
+        (None, None) => match (lhs.created_at, rhs.created_at) {
+            (Some(a), Some(b)) => a.cmp(&b),
+            (Some(_), None) => Ordering::Less,
+            (None, Some(_)) => Ordering::Greater,
+            (None, None) => Ordering::Equal,
+        },
+    }
+}
+
+async fn collect_attempt_diffs(
+    backend: &dyn codex_cloud_tasks_client::CloudBackend,
+    task_id: &codex_cloud_tasks_client::TaskId,
+) -> anyhow::Result<Vec<AttemptDiffData>> {
+    let text =
+        codex_cloud_tasks_client::CloudBackend::get_task_text(backend, task_id.clone()).await?;
+    let mut attempts = Vec::new();
+    if let Some(diff) =
+        codex_cloud_tasks_client::CloudBackend::get_task_diff(backend, task_id.clone()).await?
+    {
+        attempts.push(AttemptDiffData {
+            placement: text.attempt_placement,
+            created_at: None,
+            diff,
+        });
+    }
+    if let Some(turn_id) = text.turn_id {
+        let siblings = codex_cloud_tasks_client::CloudBackend::list_sibling_attempts(
+            backend,
+            task_id.clone(),
+            turn_id,
+        )
+        .await?;
+        for sibling in siblings {
+            if let Some(diff) = sibling.diff {
+                attempts.push(AttemptDiffData {
+                    placement: sibling.attempt_placement,
+                    created_at: sibling.created_at,
+                    diff,
+                });
+            }
+        }
+    }
+    attempts.sort_by(cmp_attempt);
+    if attempts.is_empty() {
+        anyhow::bail!(
+            "No diff available for task {}; it may still be running.",
+            task_id.0
+        );
+    }
+    Ok(attempts)
+}
+
+fn select_attempt(
+    attempts: &[AttemptDiffData],
+    attempt: Option<usize>,
+) -> anyhow::Result<&AttemptDiffData> {
+    if attempts.is_empty() {
+        anyhow::bail!("No attempts available");
+    }
+    let desired = attempt.unwrap_or(1);
+    let idx = desired
+        .checked_sub(1)
+        .ok_or_else(|| anyhow!("attempt must be at least 1"))?;
+    if idx >= attempts.len() {
+        anyhow::bail!(
+            "Attempt {desired} not available; only {} attempt(s) found",
+            attempts.len()
+        );
+    }
+    Ok(&attempts[idx])
+}
+
+fn task_status_label(status: &TaskStatus) -> &'static str {
+    match status {
+        TaskStatus::Pending => "PENDING",
+        TaskStatus::Ready => "READY",
+        TaskStatus::Applied => "APPLIED",
+        TaskStatus::Error => "ERROR",
+    }
+}
+
+fn summary_line(summary: &codex_cloud_tasks_client::DiffSummary, colorize: bool) -> String {
+    if summary.files_changed == 0 && summary.lines_added == 0 && summary.lines_removed == 0 {
+        let base = "no diff";
+        return if colorize {
+            base.if_supports_color(Stream::Stdout, |t| t.dimmed())
+                .to_string()
+        } else {
+            base.to_string()
+        };
+    }
+    let adds = summary.lines_added;
+    let dels = summary.lines_removed;
+    let files = summary.files_changed;
+    if colorize {
+        let adds_raw = format!("+{adds}");
+        let adds_str = adds_raw
+            .as_str()
+            .if_supports_color(Stream::Stdout, |t| t.green())
+            .to_string();
+        let dels_raw = format!("-{dels}");
+        let dels_str = dels_raw
+            .as_str()
+            .if_supports_color(Stream::Stdout, |t| t.red())
+            .to_string();
+        let bullet = "•"
+            .if_supports_color(Stream::Stdout, |t| t.dimmed())
+            .to_string();
+        let file_label = "file"
+            .if_supports_color(Stream::Stdout, |t| t.dimmed())
+            .to_string();
+        let plural = if files == 1 { "" } else { "s" };
+        format!("{adds_str}/{dels_str}  {bullet}  {files} {file_label}{plural}")
+    } else {
+        format!(
+            "+{adds}/-{dels} • {files} file{}",
+            if files == 1 { "" } else { "s" }
+        )
+    }
+}
+
+fn format_task_status_lines(
+    task: &codex_cloud_tasks_client::TaskSummary,
+    now: chrono::DateTime<Utc>,
+    colorize: bool,
+) -> Vec<String> {
+    let mut lines = Vec::new();
+    let status = task_status_label(&task.status);
+    let status = if colorize {
+        match task.status {
+            TaskStatus::Ready => status
+                .if_supports_color(Stream::Stdout, |t| t.green())
+                .to_string(),
+            TaskStatus::Pending => status
+                .if_supports_color(Stream::Stdout, |t| t.magenta())
+                .to_string(),
+            TaskStatus::Applied => status
+                .if_supports_color(Stream::Stdout, |t| t.blue())
+                .to_string(),
+            TaskStatus::Error => status
+                .if_supports_color(Stream::Stdout, |t| t.red())
+                .to_string(),
+        }
+    } else {
+        status.to_string()
+    };
+    lines.push(format!("[{status}] {}", task.title));
+    let mut meta_parts = Vec::new();
+    if let Some(label) = task.environment_label.as_deref().filter(|s| !s.is_empty()) {
+        if colorize {
+            meta_parts.push(
+                label
+                    .if_supports_color(Stream::Stdout, |t| t.dimmed())
+                    .to_string(),
+            );
+        } else {
+            meta_parts.push(label.to_string());
+        }
+    } else if let Some(id) = task.environment_id.as_deref() {
+        if colorize {
+            meta_parts.push(
+                id.if_supports_color(Stream::Stdout, |t| t.dimmed())
+                    .to_string(),
+            );
+        } else {
+            meta_parts.push(id.to_string());
+        }
+    }
+    let when = format_relative_time(now, task.updated_at);
+    meta_parts.push(if colorize {
+        when.as_str()
+            .if_supports_color(Stream::Stdout, |t| t.dimmed())
+            .to_string()
+    } else {
+        when
+    });
+    let sep = if colorize {
+        "  •  "
+            .if_supports_color(Stream::Stdout, |t| t.dimmed())
+            .to_string()
+    } else {
+        "  •  ".to_string()
+    };
+    lines.push(meta_parts.join(&sep));
+    lines.push(summary_line(&task.summary, colorize));
+    lines
+}
+
+async fn run_status_command(args: crate::cli::StatusCommand) -> anyhow::Result<()> {
+    let ctx = init_backend("codex_cloud_tasks_status").await?;
+    let task_id = parse_task_id(&args.task_id)?;
+    let summary =
+        codex_cloud_tasks_client::CloudBackend::get_task_summary(&*ctx.backend, task_id).await?;
+    let now = Utc::now();
+    let colorize = supports_color::on(SupportStream::Stdout).is_some();
+    for line in format_task_status_lines(&summary, now, colorize) {
+        println!("{line}");
+    }
+    if !matches!(summary.status, TaskStatus::Ready) {
+        std::process::exit(1);
+    }
+    Ok(())
+}
+
+async fn run_diff_command(args: crate::cli::DiffCommand) -> anyhow::Result<()> {
+    let ctx = init_backend("codex_cloud_tasks_diff").await?;
+    let task_id = parse_task_id(&args.task_id)?;
+    let attempts = collect_attempt_diffs(&*ctx.backend, &task_id).await?;
+    let selected = select_attempt(&attempts, args.attempt)?;
+    print!("{}", selected.diff);
+    Ok(())
+}
+
+async fn run_apply_command(args: crate::cli::ApplyCommand) -> anyhow::Result<()> {
+    let ctx = init_backend("codex_cloud_tasks_apply").await?;
+    let task_id = parse_task_id(&args.task_id)?;
+    let attempts = collect_attempt_diffs(&*ctx.backend, &task_id).await?;
+    let selected = select_attempt(&attempts, args.attempt)?;
+    let outcome = codex_cloud_tasks_client::CloudBackend::apply_task(
+        &*ctx.backend,
+        task_id,
+        Some(selected.diff.clone()),
+    )
+    .await?;
+    println!("{}", outcome.message);
+    if !matches!(
+        outcome.status,
+        codex_cloud_tasks_client::ApplyStatus::Success
+    ) {
+        std::process::exit(1);
+    }
+    Ok(())
+}
+
 fn level_from_status(status: codex_cloud_tasks_client::ApplyStatus) -> app::ApplyResultLevel {
     match status {
         codex_cloud_tasks_client::ApplyStatus::Success => app::ApplyResultLevel::Success,
@@ -321,6 +596,9 @@ pub async fn run_main(cli: Cli, _codex_linux_sandbox_exe: Option<PathBuf>) -> an
     if let Some(command) = cli.command {
         return match command {
             crate::cli::Command::Exec(args) => run_exec_command(args).await,
+            crate::cli::Command::Status(args) => run_status_command(args).await,
+            crate::cli::Command::Apply(args) => run_apply_command(args).await,
+            crate::cli::Command::Diff(args) => run_diff_command(args).await,
         };
     }
     let Cli { .. } = cli;
@@ -1712,14 +1990,111 @@ fn pretty_lines_from_error(raw: &str) -> Vec<String> {
 
 #[cfg(test)]
 mod tests {
+    use super::*;
+    use codex_cloud_tasks_client::DiffSummary;
+    use codex_cloud_tasks_client::MockClient;
+    use codex_cloud_tasks_client::TaskId;
+    use codex_cloud_tasks_client::TaskStatus;
+    use codex_cloud_tasks_client::TaskSummary;
     use codex_tui::ComposerAction;
     use codex_tui::ComposerInput;
     use crossterm::event::KeyCode;
     use crossterm::event::KeyEvent;
     use crossterm::event::KeyModifiers;
+    use pretty_assertions::assert_eq;
     use ratatui::buffer::Buffer;
     use ratatui::layout::Rect;
 
+    #[test]
+    fn format_task_status_lines_with_diff_and_label() {
+        let now = Utc::now();
+        let task = TaskSummary {
+            id: TaskId("task_1".to_string()),
+            title: "Example task".to_string(),
+            status: TaskStatus::Ready,
+            updated_at: now,
+            environment_id: Some("env-1".to_string()),
+            environment_label: Some("Env".to_string()),
+            summary: DiffSummary {
+                files_changed: 3,
+                lines_added: 5,
+                lines_removed: 2,
+            },
+            is_review: false,
+            attempt_total: None,
+        };
+        let lines = format_task_status_lines(&task, now, false);
+        assert_eq!(
+            lines,
+            vec![
+                "[READY] Example task".to_string(),
+                "Env  •  0s ago".to_string(),
+                "+5/-2 • 3 files".to_string(),
+            ]
+        );
+    }
+
+    #[test]
+    fn format_task_status_lines_without_diff_falls_back() {
+        let now = Utc::now();
+        let task = TaskSummary {
+            id: TaskId("task_2".to_string()),
+            title: "No diff task".to_string(),
+            status: TaskStatus::Pending,
+            updated_at: now,
+            environment_id: Some("env-2".to_string()),
+            environment_label: None,
+            summary: DiffSummary::default(),
+            is_review: false,
+            attempt_total: Some(1),
+        };
+        let lines = format_task_status_lines(&task, now, false);
+        assert_eq!(
+            lines,
+            vec![
+                "[PENDING] No diff task".to_string(),
+                "env-2  •  0s ago".to_string(),
+                "no diff".to_string(),
+            ]
+        );
+    }
+
+    #[tokio::test]
+    async fn collect_attempt_diffs_includes_sibling_attempts() {
+        let backend = MockClient;
+        let task_id = parse_task_id("https://chatgpt.com/codex/tasks/T-1000").expect("id");
+        let attempts = collect_attempt_diffs(&backend, &task_id)
+            .await
+            .expect("attempts");
+        assert_eq!(attempts.len(), 2);
+        assert_eq!(attempts[0].placement, Some(0));
+        assert_eq!(attempts[1].placement, Some(1));
+        assert!(!attempts[0].diff.is_empty());
+        assert!(!attempts[1].diff.is_empty());
+    }
+
+    #[test]
+    fn select_attempt_validates_bounds() {
+        let attempts = vec![AttemptDiffData {
+            placement: Some(0),
+            created_at: None,
+            diff: "diff --git a/file b/file\n".to_string(),
+        }];
+        let first = select_attempt(&attempts, Some(1)).expect("attempt 1");
+        assert_eq!(first.diff, "diff --git a/file b/file\n");
+        assert!(select_attempt(&attempts, Some(2)).is_err());
+    }
+
+    #[test]
+    fn parse_task_id_from_url_and_raw() {
+        let raw = parse_task_id("task_i_abc123").expect("raw id");
+        assert_eq!(raw.0, "task_i_abc123");
+        let url =
+            parse_task_id("https://chatgpt.com/codex/tasks/task_i_123456?foo=bar").expect("url id");
+        assert_eq!(url.0, "task_i_123456");
+        assert!(parse_task_id("   ").is_err());
+    }
+
     #[test]
     #[ignore = "very slow"]
     fn composer_input_renders_typed_characters() {

codex-rs/cloud-tasks/src/ui.rs

@@ -20,8 +20,7 @@ use std::time::Instant;
 
 use crate::app::App;
 use crate::app::AttemptView;
-use chrono::Local;
-use chrono::Utc;
+use crate::util::format_relative_time_now;
 use codex_cloud_tasks_client::AttemptStatus;
 use codex_cloud_tasks_client::TaskStatus;
 use codex_tui::render_markdown_text;
@@ -804,7 +803,7 @@ fn render_task_item(_app: &App, t: &codex_cloud_tasks_client::TaskSummary) -> Li
     if let Some(lbl) = t.environment_label.as_ref().filter(|s| !s.is_empty()) {
         meta.push(lbl.clone().dim());
     }
-    let when = format_relative_time(t.updated_at).dim();
+    let when = format_relative_time_now(t.updated_at).dim();
     if !meta.is_empty() {
         meta.push("  ".into());
         meta.push("•".dim());
@@ -841,27 +840,6 @@ fn render_task_item(_app: &App, t: &codex_cloud_tasks_client::TaskSummary) -> Li
     ListItem::new(vec![title, meta_line, sub, spacer])
 }
 
-fn format_relative_time(ts: chrono::DateTime<Utc>) -> String {
-    let now = Utc::now();
-    let mut secs = (now - ts).num_seconds();
-    if secs < 0 {
-        secs = 0;
-    }
-    if secs < 60 {
-        return format!("{secs}s ago");
-    }
-    let mins = secs / 60;
-    if mins < 60 {
-        return format!("{mins}m ago");
-    }
-    let hours = mins / 60;
-    if hours < 24 {
-        return format!("{hours}h ago");
-    }
-    let local = ts.with_timezone(&Local);
-    local.format("%b %e %H:%M").to_string()
-}
-
 fn draw_inline_spinner(
     frame: &mut Frame,
     area: Rect,

codex-rs/cloud-tasks/src/util.rs

@@ -1,4 +1,6 @@
 use base64::Engine as _;
+use chrono::DateTime;
+use chrono::Local;
 use chrono::Utc;
 use reqwest::header::HeaderMap;
 
@@ -120,3 +122,27 @@ pub fn task_url(base_url: &str, task_id: &str) -> String {
     }
     format!("{normalized}/codex/tasks/{task_id}")
 }
+
+pub fn format_relative_time(reference: DateTime<Utc>, ts: DateTime<Utc>) -> String {
+    let mut secs = (reference - ts).num_seconds();
+    if secs < 0 {
+        secs = 0;
+    }
+    if secs < 60 {
+        return format!("{secs}s ago");
+    }
+    let mins = secs / 60;
+    if mins < 60 {
+        return format!("{mins}m ago");
+    }
+    let hours = mins / 60;
+    if hours < 24 {
+        return format!("{hours}h ago");
+    }
+    let local = ts.with_timezone(&Local);
+    local.format("%b %e %H:%M").to_string()
+}
+
+pub fn format_relative_time_now(ts: DateTime<Utc>) -> String {
+    format_relative_time(Utc::now(), ts)
+}

codex-rs/codex-api/Cargo.toml

@@ -25,6 +25,8 @@ anyhow = { workspace = true }
 assert_matches = { workspace = true }
 pretty_assertions = { workspace = true }
 tokio-test = { workspace = true }
+wiremock = { workspace = true }
+reqwest = { workspace = true }
 
 [lints]
 workspace = true

codex-rs/codex-api/src/common.rs

@@ -1,8 +1,8 @@
 use crate::error::ApiError;
-use codex_protocol::config_types::ReasoningEffort as ReasoningEffortConfig;
 use codex_protocol::config_types::ReasoningSummary as ReasoningSummaryConfig;
 use codex_protocol::config_types::Verbosity as VerbosityConfig;
 use codex_protocol::models::ResponseItem;
+use codex_protocol::openai_models::ReasoningEffort as ReasoningEffortConfig;
 use codex_protocol::protocol::RateLimitSnapshot;
 use codex_protocol::protocol::TokenUsage;
 use futures::Stream;

codex-rs/codex-api/src/endpoint/mod.rs

@@ -1,4 +1,5 @@
 pub mod chat;
 pub mod compact;
+pub mod models;
 pub mod responses;
 mod streaming;

codex-rs/codex-api/src/endpoint/models.rs

@@ -0,0 +1,276 @@
+use crate::auth::AuthProvider;
+use crate::auth::add_auth_headers;
+use crate::error::ApiError;
+use crate::provider::Provider;
+use crate::telemetry::run_with_request_telemetry;
+use codex_client::HttpTransport;
+use codex_client::RequestTelemetry;
+use codex_protocol::openai_models::ModelsResponse;
+use http::HeaderMap;
+use http::Method;
+use http::header::ETAG;
+use std::sync::Arc;
+
+pub struct ModelsClient<T: HttpTransport, A: AuthProvider> {
+    transport: T,
+    provider: Provider,
+    auth: A,
+    request_telemetry: Option<Arc<dyn RequestTelemetry>>,
+}
+
+impl<T: HttpTransport, A: AuthProvider> ModelsClient<T, A> {
+    pub fn new(transport: T, provider: Provider, auth: A) -> Self {
+        Self {
+            transport,
+            provider,
+            auth,
+            request_telemetry: None,
+        }
+    }
+
+    pub fn with_telemetry(mut self, request: Option<Arc<dyn RequestTelemetry>>) -> Self {
+        self.request_telemetry = request;
+        self
+    }
+
+    fn path(&self) -> &'static str {
+        "models"
+    }
+
+    pub async fn list_models(
+        &self,
+        client_version: &str,
+        extra_headers: HeaderMap,
+    ) -> Result<ModelsResponse, ApiError> {
+        let builder = || {
+            let mut req = self.provider.build_request(Method::GET, self.path());
+            req.headers.extend(extra_headers.clone());
+
+            let separator = if req.url.contains('?') { '&' } else { '?' };
+            req.url = format!("{}{}client_version={client_version}", req.url, separator);
+
+            add_auth_headers(&self.auth, req)
+        };
+
+        let resp = run_with_request_telemetry(
+            self.provider.retry.to_policy(),
+            self.request_telemetry.clone(),
+            builder,
+            |req| self.transport.execute(req),
+        )
+        .await?;
+
+        let header_etag = resp
+            .headers
+            .get(ETAG)
+            .and_then(|value| value.to_str().ok())
+            .map(ToString::to_string);
+
+        let ModelsResponse { models, etag } = serde_json::from_slice::<ModelsResponse>(&resp.body)
+            .map_err(|e| {
+                ApiError::Stream(format!(
+                    "failed to decode models response: {e}; body: {}",
+                    String::from_utf8_lossy(&resp.body)
+                ))
+            })?;
+
+        let etag = header_etag.unwrap_or(etag);
+
+        Ok(ModelsResponse { models, etag })
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::provider::RetryConfig;
+    use crate::provider::WireApi;
+    use async_trait::async_trait;
+    use codex_client::Request;
+    use codex_client::Response;
+    use codex_client::StreamResponse;
+    use codex_client::TransportError;
+    use http::HeaderMap;
+    use http::StatusCode;
+    use pretty_assertions::assert_eq;
+    use serde_json::json;
+    use std::sync::Arc;
+    use std::sync::Mutex;
+    use std::time::Duration;
+
+    #[derive(Clone)]
+    struct CapturingTransport {
+        last_request: Arc<Mutex<Option<Request>>>,
+        body: Arc<ModelsResponse>,
+    }
+
+    impl Default for CapturingTransport {
+        fn default() -> Self {
+            Self {
+                last_request: Arc::new(Mutex::new(None)),
+                body: Arc::new(ModelsResponse {
+                    models: Vec::new(),
+                    etag: String::new(),
+                }),
+            }
+        }
+    }
+
+    #[async_trait]
+    impl HttpTransport for CapturingTransport {
+        async fn execute(&self, req: Request) -> Result<Response, TransportError> {
+            *self.last_request.lock().unwrap() = Some(req);
+            let body = serde_json::to_vec(&*self.body).unwrap();
+            let mut headers = HeaderMap::new();
+            if !self.body.etag.is_empty() {
+                headers.insert(ETAG, self.body.etag.parse().unwrap());
+            }
+            Ok(Response {
+                status: StatusCode::OK,
+                headers,
+                body: body.into(),
+            })
+        }
+
+        async fn stream(&self, _req: Request) -> Result<StreamResponse, TransportError> {
+            Err(TransportError::Build("stream should not run".to_string()))
+        }
+    }
+
+    #[derive(Clone, Default)]
+    struct DummyAuth;
+
+    impl AuthProvider for DummyAuth {
+        fn bearer_token(&self) -> Option<String> {
+            None
+        }
+    }
+
+    fn provider(base_url: &str) -> Provider {
+        Provider {
+            name: "test".to_string(),
+            base_url: base_url.to_string(),
+            query_params: None,
+            wire: WireApi::Responses,
+            headers: HeaderMap::new(),
+            retry: RetryConfig {
+                max_attempts: 1,
+                base_delay: Duration::from_millis(1),
+                retry_429: false,
+                retry_5xx: true,
+                retry_transport: true,
+            },
+            stream_idle_timeout: Duration::from_secs(1),
+        }
+    }
+
+    #[tokio::test]
+    async fn appends_client_version_query() {
+        let response = ModelsResponse {
+            models: Vec::new(),
+            etag: String::new(),
+        };
+
+        let transport = CapturingTransport {
+            last_request: Arc::new(Mutex::new(None)),
+            body: Arc::new(response),
+        };
+
+        let client = ModelsClient::new(
+            transport.clone(),
+            provider("https://example.com/api/codex"),
+            DummyAuth,
+        );
+
+        let result = client
+            .list_models("0.99.0", HeaderMap::new())
+            .await
+            .expect("request should succeed");
+
+        assert_eq!(result.models.len(), 0);
+
+        let url = transport
+            .last_request
+            .lock()
+            .unwrap()
+            .as_ref()
+            .unwrap()
+            .url
+            .clone();
+        assert_eq!(
+            url,
+            "https://example.com/api/codex/models?client_version=0.99.0"
+        );
+    }
+
+    #[tokio::test]
+    async fn parses_models_response() {
+        let response = ModelsResponse {
+            models: vec![
+                serde_json::from_value(json!({
+                    "slug": "gpt-test",
+                    "display_name": "gpt-test",
+                    "description": "desc",
+                    "default_reasoning_level": "medium",
+                    "supported_reasoning_levels": [{"effort": "low", "description": "low"}, {"effort": "medium", "description": "medium"}, {"effort": "high", "description": "high"}],
+                    "shell_type": "shell_command",
+                    "visibility": "list",
+                    "minimal_client_version": [0, 99, 0],
+                    "supported_in_api": true,
+                    "priority": 1,
+                    "upgrade": null,
+                }))
+                .unwrap(),
+            ],
+            etag: String::new(),
+        };
+
+        let transport = CapturingTransport {
+            last_request: Arc::new(Mutex::new(None)),
+            body: Arc::new(response),
+        };
+
+        let client = ModelsClient::new(
+            transport,
+            provider("https://example.com/api/codex"),
+            DummyAuth,
+        );
+
+        let result = client
+            .list_models("0.99.0", HeaderMap::new())
+            .await
+            .expect("request should succeed");
+
+        assert_eq!(result.models.len(), 1);
+        assert_eq!(result.models[0].slug, "gpt-test");
+        assert_eq!(result.models[0].supported_in_api, true);
+        assert_eq!(result.models[0].priority, 1);
+    }
+
+    #[tokio::test]
+    async fn list_models_includes_etag() {
+        let response = ModelsResponse {
+            models: Vec::new(),
+            etag: "\"abc\"".to_string(),
+        };
+
+        let transport = CapturingTransport {
+            last_request: Arc::new(Mutex::new(None)),
+            body: Arc::new(response),
+        };
+
+        let client = ModelsClient::new(
+            transport,
+            provider("https://example.com/api/codex"),
+            DummyAuth,
+        );
+
+        let result = client
+            .list_models("0.1.0", HeaderMap::new())
+            .await
+            .expect("request should succeed");
+
+        assert_eq!(result.models.len(), 0);
+        assert_eq!(result.etag, "\"abc\"");
+    }
+}