Docstrings

Only show the highest warning rate.
Change the warning threshold

.github/ISSUE_TEMPLATE/5-vs-code-extension.yml

@@ -0,0 +1,50 @@
+name: 🧑‍💻 VS Code Extension
+description: Report an issue with the VS Code extension
+labels:
+  - extension
+  - needs triage
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Before submitting a new issue, please search for existing issues to see if your issue has already been reported.
+        If it has, please add a 👍 reaction (no need to leave a comment) to the existing issue instead of creating a new one.
+
+  - type: input
+    id: version
+    attributes:
+      label: What version of the VS Code extension are you using?
+  - type: input
+    id: ide
+    attributes:
+      label: Which IDE are you using?
+      description: Like `VS Code`, `Cursor`, `Windsurf`, etc.
+  - type: input
+    id: platform
+    attributes:
+      label: What platform is your computer?
+      description: |
+        For MacOS and Linux: copy the output of `uname -mprs`
+        For Windows: copy the output of `"$([Environment]::OSVersion | ForEach-Object VersionString) $(if ([Environment]::Is64BitOperatingSystem) { "x64" } else { "x86" })"` in the PowerShell console
+  - type: textarea
+    id: steps
+    attributes:
+      label: What steps can reproduce the bug?
+      description: Explain the bug and provide a code snippet that can reproduce it.
+    validations:
+      required: true
+  - type: textarea
+    id: expected
+    attributes:
+      label: What is the expected behavior?
+      description: If possible, please provide text instead of a screenshot.
+  - type: textarea
+    id: actual
+    attributes:
+      label: What do you see instead?
+      description: If possible, please provide text instead of a screenshot.
+  - type: textarea
+    id: notes
+    attributes:
+      label: Additional information
+      description: Is there anything else you think we should know?

.github/actions/codex/.gitignore

@@ -1 +0,0 @@
-/node_modules/

.github/actions/codex/.prettierrc.toml

@@ -1,8 +0,0 @@
-printWidth = 80
-quoteProps = "consistent"
-semi = true
-tabWidth = 2
-trailingComma = "all"
-
-# Preserve existing behavior for markdown/text wrapping.
-proseWrap = "preserve"

.github/actions/codex/README.md

@@ -1,140 +0,0 @@
-# openai/codex-action
-
-`openai/codex-action` is a GitHub Action that facilitates the use of [Codex](https://github.com/openai/codex) on GitHub issues and pull requests. Using the action, associate **labels** to run Codex with the appropriate prompt for the given context. Codex will respond by posting comments or creating PRs, whichever you specify!
-
-Here is a sample workflow that uses `openai/codex-action`:
-
-```yaml
-name: Codex
-
-on:
-  issues:
-    types: [opened, labeled]
-  pull_request:
-    branches: [main]
-    types: [labeled]
-
-jobs:
-  codex:
-    if: ... # optional, but can be effective in conserving CI resources
-    runs-on: ubuntu-latest
-    # TODO(mbolin): Need to verify if/when `write` is necessary.
-    permissions:
-      contents: write
-      issues: write
-      pull-requests: write
-    steps:
-      # By default, Codex runs network disabled using --full-auto, so perform
-      # any setup that requires network (such as installing dependencies)
-      # before openai/codex-action.
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Run Codex
-        uses: openai/codex-action@latest
-        with:
-          openai_api_key: ${{ secrets.CODEX_OPENAI_API_KEY }}
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-```
-
-See sample usage in [`codex.yml`](../../workflows/codex.yml).
-
-## Triggering the Action
-
-Using the sample workflow above, we have:
-
-```yaml
-on:
-  issues:
-    types: [opened, labeled]
-  pull_request:
-    branches: [main]
-    types: [labeled]
-```
-
-which means our workflow will be triggered when any of the following events occur:
-
-- a label is added to an issue
-- a label is added to a pull request against the `main` branch
-
-### Label-Based Triggers
-
-To define a GitHub label that should trigger Codex, create a file named `.github/codex/labels/LABEL-NAME.md` in your repository where `LABEL-NAME` is the name of the label. The content of the file is the prompt template to use when the label is added (see more on [Prompt Template Variables](#prompt-template-variables) below).
-
-For example, if the file `.github/codex/labels/codex-review.md` exists, then:
-
-- Adding the `codex-review` label will trigger the workflow containing the `openai/codex-action` GitHub Action.
-- When `openai/codex-action` starts, it will replace the `codex-review` label with `codex-review-in-progress`.
-- When `openai/codex-action` is finished, it will replace the `codex-review-in-progress` label with `codex-review-completed`.
-
-If Codex sees that either `codex-review-in-progress` or `codex-review-completed` is already present, it will not perform the action.
-
-As determined by the [default config](./src/default-label-config.ts), Codex will act on the following labels by default:
-
-- Adding the `codex-review` label to a pull request will have Codex review the PR and add it to the PR as a comment.
-- Adding the `codex-triage` label to an issue will have Codex investigate the issue and report its findings as a comment.
-- Adding the `codex-issue-fix` label to an issue will have Codex attempt to fix the issue and create a PR wit the fix, if any.
-
-## Action Inputs
-
-The `openai/codex-action` GitHub Action takes the following inputs
-
-### `openai_api_key` (required)
-
-Set your `OPENAI_API_KEY` as a [repository secret](https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions). See **Secrets and varaibles** then **Actions** in the settings for your GitHub repo.
-
-Note that the secret name does not have to be `OPENAI_API_KEY`. For example, you might want to name it `CODEX_OPENAI_API_KEY` and then configure it on `openai/codex-action` as follows:
-
-```yaml
-openai_api_key: ${{ secrets.CODEX_OPENAI_API_KEY }}
-```
-
-### `github_token` (required)
-
-This is required so that Codex can post a comment or create a PR. Set this value on the action as follows:
-
-```yaml
-github_token: ${{ secrets.GITHUB_TOKEN }}
-```
-
-### `codex_args`
-
-A whitespace-delimited list of arguments to pass to Codex. Defaults to `--full-auto`, but if you want to override the default model to use `o3`:
-
-```yaml
-codex_args: "--full-auto --model o3"
-```
-
-For more complex configurations, use the `codex_home` input.
-
-### `codex_home`
-
-If set, the value to use for the `$CODEX_HOME` environment variable when running Codex. As explained [in the docs](https://github.com/openai/codex/tree/main/codex-rs#readme), this folder can contain the `config.toml` to configure Codex, custom instructions, and log files.
-
-This should be a relative path within your repo.
-
-## Prompt Template Variables
-
-As shown above, `"prompt"` and `"promptPath"` are used to define prompt templates that will be populated and passed to Codex in response to certain events. All template variables are of the form `{CODEX_ACTION_...}` and the supported values are defined below.
-
-### `CODEX_ACTION_ISSUE_TITLE`
-
-If the action was triggered on a GitHub issue, this is the issue title.
-
-Specifically it is read as the `.issue.title` from the `$GITHUB_EVENT_PATH`.
-
-### `CODEX_ACTION_ISSUE_BODY`
-
-If the action was triggered on a GitHub issue, this is the issue body.
-
-Specifically it is read as the `.issue.body` from the `$GITHUB_EVENT_PATH`.
-
-### `CODEX_ACTION_GITHUB_EVENT_PATH`
-
-The value of the `$GITHUB_EVENT_PATH` environment variable, which is the path to the file that contains the JSON payload for the event that triggered the workflow. Codex can use `jq` to read only the fields of interest from this file.
-
-### `CODEX_ACTION_PR_DIFF`
-
-If the action was triggered on a pull request, this is the diff between the base and head commits of the PR. It is the output from `git diff`.
-
-Note that the content of the diff could be quite large, so is generally safer to point Codex at `CODEX_ACTION_GITHUB_EVENT_PATH` and let it decide how it wants to explore the change.

.github/actions/codex/action.yml

@@ -1,125 +0,0 @@
-name: "Codex [reusable action]"
-description: "A reusable action that runs a Codex model."
-
-inputs:
-  openai_api_key:
-    description: "The value to use as the OPENAI_API_KEY environment variable when running Codex."
-    required: true
-  trigger_phrase:
-    description: "Text to trigger Codex from a PR/issue body or comment."
-    required: false
-    default: ""
-  github_token:
-    description: "Token so Codex can comment on the PR or issue."
-    required: true
-  codex_args:
-    description: "A whitespace-delimited list of arguments to pass to Codex. Due to limitations in YAML, arguments with spaces are not supported. For more complex configurations, use the `codex_home` input."
-    required: false
-    default: "--config hide_agent_reasoning=true --full-auto"
-  codex_home:
-    description: "Value to use as the CODEX_HOME environment variable when running Codex."
-    required: false
-  codex_release_tag:
-    description: "The release tag of the Codex model to run, e.g., 'rust-v0.3.0'. Defaults to the latest release."
-    required: false
-    default: ""
-
-runs:
-  using: "composite"
-  steps:
-    # Do this in Bash so we do not even bother to install Bun if the sender does
-    # not have write access to the repo.
-    - name: Verify user has write access to the repo.
-      env:
-        GH_TOKEN: ${{ github.token }}
-      shell: bash
-      run: |
-        set -euo pipefail
-
-        PERMISSION=$(gh api \
-          "/repos/${GITHUB_REPOSITORY}/collaborators/${{ github.event.sender.login }}/permission" \
-          | jq -r '.permission')
-
-        if [[ "$PERMISSION" != "admin" && "$PERMISSION" != "write" ]]; then
-          exit 1
-        fi
-
-    - name: Download Codex
-      env:
-        GH_TOKEN: ${{ github.token }}
-      shell: bash
-      run: |
-        set -euo pipefail
-
-        # Determine OS/arch and corresponding Codex artifact name.
-        uname_s=$(uname -s)
-        uname_m=$(uname -m)
-
-        case "$uname_s" in
-          Linux*)   os="linux" ;;
-          Darwin*)  os="apple-darwin" ;;
-          *) echo "Unsupported operating system: $uname_s"; exit 1 ;;
-        esac
-
-        case "$uname_m" in
-          x86_64*) arch="x86_64" ;;
-          arm64*|aarch64*) arch="aarch64" ;;
-          *) echo "Unsupported architecture: $uname_m"; exit 1 ;;
-        esac
-
-        # linux builds differentiate between musl and gnu.
-        if [[ "$os" == "linux" ]]; then
-          if [[ "$arch" == "x86_64" ]]; then
-            triple="${arch}-unknown-linux-musl"
-          else
-            # Only other supported linux build is aarch64 gnu.
-            triple="${arch}-unknown-linux-gnu"
-          fi
-        else
-          # macOS
-          triple="${arch}-apple-darwin"
-        fi
-
-        # Note that if we start baking version numbers into the artifact name,
-        # we will need to update this action.yml file to match.
-        artifact="codex-${triple}.tar.gz"
-
-        TAG_ARG="${{ inputs.codex_release_tag }}"
-        # The usage is `gh release download [<tag>] [flags]`, so if TAG_ARG
-        # is empty, we do not pass it so we can default to the latest release.
-        gh release download ${TAG_ARG:+$TAG_ARG} --repo openai/codex \
-          --pattern "$artifact" --output - \
-        | tar xzO > /usr/local/bin/codex
-        chmod +x /usr/local/bin/codex
-
-        # Display Codex version to confirm binary integrity.
-        codex --version
-
-    - name: Install Bun
-      uses: oven-sh/setup-bun@v2
-      with:
-        bun-version: 1.2.11
-
-    - name: Install dependencies
-      shell: bash
-      run: |
-        cd ${{ github.action_path }}
-        bun install --production
-
-    - name: Run Codex
-      shell: bash
-      run: bun run ${{ github.action_path }}/src/main.ts
-      # Process args plus environment variables often have a max of 128 KiB,
-      # so we should fit within that limit?
-      env:
-        INPUT_CODEX_ARGS: ${{ inputs.codex_args || '' }}
-        INPUT_CODEX_HOME: ${{ inputs.codex_home || ''}}
-        INPUT_TRIGGER_PHRASE: ${{ inputs.trigger_phrase || '' }}
-        OPENAI_API_KEY: ${{ inputs.openai_api_key }}
-        GITHUB_TOKEN: ${{ inputs.github_token }}
-        GITHUB_EVENT_ACTION: ${{ github.event.action || '' }}
-        GITHUB_EVENT_LABEL_NAME: ${{ github.event.label.name || '' }}
-        GITHUB_EVENT_ISSUE_NUMBER: ${{ github.event.issue.number || '' }}
-        GITHUB_EVENT_ISSUE_BODY: ${{ github.event.issue.body || '' }}
-        GITHUB_EVENT_REVIEW_BODY: ${{ github.event.review.body || '' }}
-        GITHUB_EVENT_COMMENT_BODY: ${{ github.event.comment.body || '' }}

.github/actions/codex/bun.lock

@@ -1,91 +0,0 @@
-{
-  "lockfileVersion": 1,
-  "workspaces": {
-    "": {
-      "name": "codex-action",
-      "dependencies": {
-        "@actions/core": "^1.11.1",
-        "@actions/github": "^6.0.1",
-      },
-      "devDependencies": {
-        "@types/bun": "^1.2.20",
-        "@types/node": "^24.3.0",
-        "prettier": "^3.6.2",
-        "typescript": "^5.9.2",
-      },
-    },
-  },
-  "packages": {
-    "@actions/core": ["@actions/core@1.11.1", "", { "dependencies": { "@actions/exec": "^1.1.1", "@actions/http-client": "^2.0.1" } }, "sha512-hXJCSrkwfA46Vd9Z3q4cpEpHB1rL5NG04+/rbqW9d3+CSvtB1tYe8UTpAlixa1vj0m/ULglfEK2UKxMGxCxv5A=="],
-
-    "@actions/exec": ["@actions/exec@1.1.1", "", { "dependencies": { "@actions/io": "^1.0.1" } }, "sha512-+sCcHHbVdk93a0XT19ECtO/gIXoxvdsgQLzb2fE2/5sIZmWQuluYyjPQtrtTHdU1YzTZ7bAPN4sITq2xi1679w=="],
-
-    "@actions/github": ["@actions/github@6.0.1", "", { "dependencies": { "@actions/http-client": "^2.2.0", "@octokit/core": "^5.0.1", "@octokit/plugin-paginate-rest": "^9.2.2", "@octokit/plugin-rest-endpoint-methods": "^10.4.0", "@octokit/request": "^8.4.1", "@octokit/request-error": "^5.1.1", "undici": "^5.28.5" } }, "sha512-xbZVcaqD4XnQAe35qSQqskb3SqIAfRyLBrHMd/8TuL7hJSz2QtbDwnNM8zWx4zO5l2fnGtseNE3MbEvD7BxVMw=="],
-
-    "@actions/http-client": ["@actions/http-client@2.2.3", "", { "dependencies": { "tunnel": "^0.0.6", "undici": "^5.25.4" } }, "sha512-mx8hyJi/hjFvbPokCg4uRd4ZX78t+YyRPtnKWwIl+RzNaVuFpQHfmlGVfsKEJN8LwTCvL+DfVgAM04XaHkm6bA=="],
-
-    "@actions/io": ["@actions/io@1.1.3", "", {}, "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q=="],
-
-    "@fastify/busboy": ["@fastify/busboy@2.1.1", "", {}, "sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA=="],
-
-    "@octokit/auth-token": ["@octokit/auth-token@4.0.0", "", {}, "sha512-tY/msAuJo6ARbK6SPIxZrPBms3xPbfwBrulZe0Wtr/DIY9lje2HeV1uoebShn6mx7SjCHif6EjMvoREj+gZ+SA=="],
-
-    "@octokit/core": ["@octokit/core@5.2.1", "", { "dependencies": { "@octokit/auth-token": "^4.0.0", "@octokit/graphql": "^7.1.0", "@octokit/request": "^8.4.1", "@octokit/request-error": "^5.1.1", "@octokit/types": "^13.0.0", "before-after-hook": "^2.2.0", "universal-user-agent": "^6.0.0" } }, "sha512-dKYCMuPO1bmrpuogcjQ8z7ICCH3FP6WmxpwC03yjzGfZhj9fTJg6+bS1+UAplekbN2C+M61UNllGOOoAfGCrdQ=="],
-
-    "@octokit/endpoint": ["@octokit/endpoint@9.0.6", "", { "dependencies": { "@octokit/types": "^13.1.0", "universal-user-agent": "^6.0.0" } }, "sha512-H1fNTMA57HbkFESSt3Y9+FBICv+0jFceJFPWDePYlR/iMGrwM5ph+Dd4XRQs+8X+PUFURLQgX9ChPfhJ/1uNQw=="],
-
-    "@octokit/graphql": ["@octokit/graphql@7.1.1", "", { "dependencies": { "@octokit/request": "^8.4.1", "@octokit/types": "^13.0.0", "universal-user-agent": "^6.0.0" } }, "sha512-3mkDltSfcDUoa176nlGoA32RGjeWjl3K7F/BwHwRMJUW/IteSa4bnSV8p2ThNkcIcZU2umkZWxwETSSCJf2Q7g=="],
-
-    "@octokit/openapi-types": ["@octokit/openapi-types@24.2.0", "", {}, "sha512-9sIH3nSUttelJSXUrmGzl7QUBFul0/mB8HRYl3fOlgHbIWG+WnYDXU3v/2zMtAvuzZ/ed00Ei6on975FhBfzrg=="],
-
-    "@octokit/plugin-paginate-rest": ["@octokit/plugin-paginate-rest@9.2.2", "", { "dependencies": { "@octokit/types": "^12.6.0" }, "peerDependencies": { "@octokit/core": "5" } }, "sha512-u3KYkGF7GcZnSD/3UP0S7K5XUFT2FkOQdcfXZGZQPGv3lm4F2Xbf71lvjldr8c1H3nNbF+33cLEkWYbokGWqiQ=="],
-
-    "@octokit/plugin-rest-endpoint-methods": ["@octokit/plugin-rest-endpoint-methods@10.4.1", "", { "dependencies": { "@octokit/types": "^12.6.0" }, "peerDependencies": { "@octokit/core": "5" } }, "sha512-xV1b+ceKV9KytQe3zCVqjg+8GTGfDYwaT1ATU5isiUyVtlVAO3HNdzpS4sr4GBx4hxQ46s7ITtZrAsxG22+rVg=="],
-
-    "@octokit/request": ["@octokit/request@8.4.1", "", { "dependencies": { "@octokit/endpoint": "^9.0.6", "@octokit/request-error": "^5.1.1", "@octokit/types": "^13.1.0", "universal-user-agent": "^6.0.0" } }, "sha512-qnB2+SY3hkCmBxZsR/MPCybNmbJe4KAlfWErXq+rBKkQJlbjdJeS85VI9r8UqeLYLvnAenU8Q1okM/0MBsAGXw=="],
-
-    "@octokit/request-error": ["@octokit/request-error@5.1.1", "", { "dependencies": { "@octokit/types": "^13.1.0", "deprecation": "^2.0.0", "once": "^1.4.0" } }, "sha512-v9iyEQJH6ZntoENr9/yXxjuezh4My67CBSu9r6Ve/05Iu5gNgnisNWOsoJHTP6k0Rr0+HQIpnH+kyammu90q/g=="],
-
-    "@octokit/types": ["@octokit/types@13.10.0", "", { "dependencies": { "@octokit/openapi-types": "^24.2.0" } }, "sha512-ifLaO34EbbPj0Xgro4G5lP5asESjwHracYJvVaPIyXMuiuXLlhic3S47cBdTb+jfODkTE5YtGCLt3Ay3+J97sA=="],
-
-    "@types/bun": ["@types/bun@1.2.20", "", { "dependencies": { "bun-types": "1.2.20" } }, "sha512-dX3RGzQ8+KgmMw7CsW4xT5ITBSCrSbfHc36SNT31EOUg/LA9JWq0VDdEXDRSe1InVWpd2yLUM1FUF/kEOyTzYA=="],
-
-    "@types/node": ["@types/node@24.3.0", "", { "dependencies": { "undici-types": "~7.10.0" } }, "sha512-aPTXCrfwnDLj4VvXrm+UUCQjNEvJgNA8s5F1cvwQU+3KNltTOkBm1j30uNLyqqPNe7gE3KFzImYoZEfLhp4Yow=="],
-
-    "@types/react": ["@types/react@19.1.8", "", { "dependencies": { "csstype": "^3.0.2" } }, "sha512-AwAfQ2Wa5bCx9WP8nZL2uMZWod7J7/JSplxbTmBQ5ms6QpqNYm672H0Vu9ZVKVngQ+ii4R/byguVEUZQyeg44g=="],
-
-    "before-after-hook": ["before-after-hook@2.2.3", "", {}, "sha512-NzUnlZexiaH/46WDhANlyR2bXRopNg4F/zuSA3OpZnllCUgRaOF2znDioDWrmbNVsuZk6l9pMquQB38cfBZwkQ=="],
-
-    "bun-types": ["bun-types@1.2.20", "", { "dependencies": { "@types/node": "*" }, "peerDependencies": { "@types/react": "^19" } }, "sha512-pxTnQYOrKvdOwyiyd/7sMt9yFOenN004Y6O4lCcCUoKVej48FS5cvTw9geRaEcB9TsDZaJKAxPTVvi8tFsVuXA=="],
-
-    "csstype": ["csstype@3.1.3", "", {}, "sha512-M1uQkMl8rQK/szD0LNhtqxIPLpimGm8sOBwU7lLnCpSbTyY3yeU1Vc7l4KT5zT4s/yOxHH5O7tIuuLOCnLADRw=="],
-
-    "deprecation": ["deprecation@2.3.1", "", {}, "sha512-xmHIy4F3scKVwMsQ4WnVaS8bHOx0DmVwRywosKhaILI0ywMDWPtBSku2HNxRvF7jtwDRsoEwYQSfbxj8b7RlJQ=="],
-
-    "once": ["once@1.4.0", "", { "dependencies": { "wrappy": "1" } }, "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w=="],
-
-    "prettier": ["prettier@3.6.2", "", { "bin": { "prettier": "bin/prettier.cjs" } }, "sha512-I7AIg5boAr5R0FFtJ6rCfD+LFsWHp81dolrFD8S79U9tb8Az2nGrJncnMSnys+bpQJfRUzqs9hnA81OAA3hCuQ=="],
-
-    "tunnel": ["tunnel@0.0.6", "", {}, "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg=="],
-
-    "typescript": ["typescript@5.9.2", "", { "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" } }, "sha512-CWBzXQrc/qOkhidw1OzBTQuYRbfyxDXJMVJ1XNwUHGROVmuaeiEm3OslpZ1RV96d7SKKjZKrSJu3+t/xlw3R9A=="],
-
-    "undici": ["undici@5.29.0", "", { "dependencies": { "@fastify/busboy": "^2.0.0" } }, "sha512-raqeBD6NQK4SkWhQzeYKd1KmIG6dllBOTt55Rmkt4HtI9mwdWtJljnrXjAFUBLTSN67HWrOIZ3EPF4kjUw80Bg=="],
-
-    "undici-types": ["undici-types@7.10.0", "", {}, "sha512-t5Fy/nfn+14LuOc2KNYg75vZqClpAiqscVvMygNnlsHBFpSXdJaYtXMcdNLpl/Qvc3P2cB3s6lOV51nqsFq4ag=="],
-
-    "universal-user-agent": ["universal-user-agent@6.0.1", "", {}, "sha512-yCzhz6FN2wU1NiiQRogkTQszlQSlpWaw8SvVegAc+bDxbzHgh1vX8uIe8OYyMH6DwH+sdTJsgMl36+mSMdRJIQ=="],
-
-    "wrappy": ["wrappy@1.0.2", "", {}, "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ=="],
-
-    "@octokit/plugin-paginate-rest/@octokit/types": ["@octokit/types@12.6.0", "", { "dependencies": { "@octokit/openapi-types": "^20.0.0" } }, "sha512-1rhSOfRa6H9w4YwK0yrf5faDaDTb+yLyBUKOCV4xtCDB5VmIPqd/v9yr9o6SAzOAlRxMiRiCic6JVM1/kunVkw=="],
-
-    "@octokit/plugin-rest-endpoint-methods/@octokit/types": ["@octokit/types@12.6.0", "", { "dependencies": { "@octokit/openapi-types": "^20.0.0" } }, "sha512-1rhSOfRa6H9w4YwK0yrf5faDaDTb+yLyBUKOCV4xtCDB5VmIPqd/v9yr9o6SAzOAlRxMiRiCic6JVM1/kunVkw=="],
-
-    "bun-types/@types/node": ["@types/node@24.2.1", "", { "dependencies": { "undici-types": "~7.10.0" } }, "sha512-DRh5K+ka5eJic8CjH7td8QpYEV6Zo10gfRkjHCO3weqZHWDtAaSTFtl4+VMqOJ4N5jcuhZ9/l+yy8rVgw7BQeQ=="],
-
-    "@octokit/plugin-paginate-rest/@octokit/types/@octokit/openapi-types": ["@octokit/openapi-types@20.0.0", "", {}, "sha512-EtqRBEjp1dL/15V7WiX5LJMIxxkdiGJnabzYx5Apx4FkQIFgAfKumXeYAqqJCj1s+BMX4cPFIFC4OLCR6stlnA=="],
-
-    "@octokit/plugin-rest-endpoint-methods/@octokit/types/@octokit/openapi-types": ["@octokit/openapi-types@20.0.0", "", {}, "sha512-EtqRBEjp1dL/15V7WiX5LJMIxxkdiGJnabzYx5Apx4FkQIFgAfKumXeYAqqJCj1s+BMX4cPFIFC4OLCR6stlnA=="],
-  }
-}

.github/actions/codex/package.json

@@ -1,21 +0,0 @@
-{
-    "name": "codex-action",
-    "version": "0.0.0",
-    "private": true,
-    "scripts": {
-        "format": "prettier --check src",
-        "format:fix": "prettier --write src",
-        "test": "bun test",
-        "typecheck": "tsc"
-    },
-    "dependencies": {
-        "@actions/core": "^1.11.1",
-        "@actions/github": "^6.0.1"
-    },
-    "devDependencies": {
-        "@types/bun": "^1.2.20",
-        "@types/node": "^24.3.0",
-        "prettier": "^3.6.2",
-        "typescript": "^5.9.2"
-    }
-}

.github/actions/codex/src/add-reaction.ts

@@ -1,85 +0,0 @@
-import * as github from "@actions/github";
-import type { EnvContext } from "./env-context";
-
-/**
- * Add an "eyes" reaction to the entity (issue, issue comment, or pull request
- * review comment) that triggered the current Codex invocation.
- *
- * The purpose is to provide immediate feedback to the user – similar to the
- * *-in-progress label flow – indicating that the bot has acknowledged the
- * request and is working on it.
- *
- * We attempt to add the reaction best suited for the current GitHub event:
- *
- *   • issues              → POST /repos/{owner}/{repo}/issues/{issue_number}/reactions
- *   • issue_comment       → POST /repos/{owner}/{repo}/issues/comments/{comment_id}/reactions
- *   • pull_request_review_comment → POST /repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions
- *
- * If the specific target is unavailable (e.g. unexpected payload shape) we
- * silently skip instead of failing the whole action because the reaction is
- * merely cosmetic.
- */
-export async function addEyesReaction(ctx: EnvContext): Promise<void> {
-  const octokit = ctx.getOctokit();
-  const { owner, repo } = github.context.repo;
-  const eventName = github.context.eventName;
-
-  try {
-    switch (eventName) {
-      case "issue_comment": {
-        const commentId = (github.context.payload as any)?.comment?.id;
-        if (commentId) {
-          await octokit.rest.reactions.createForIssueComment({
-            owner,
-            repo,
-            comment_id: commentId,
-            content: "eyes",
-          });
-          return;
-        }
-        break;
-      }
-      case "pull_request_review_comment": {
-        const commentId = (github.context.payload as any)?.comment?.id;
-        if (commentId) {
-          await octokit.rest.reactions.createForPullRequestReviewComment({
-            owner,
-            repo,
-            comment_id: commentId,
-            content: "eyes",
-          });
-          return;
-        }
-        break;
-      }
-      case "issues": {
-        const issueNumber = github.context.issue.number;
-        if (issueNumber) {
-          await octokit.rest.reactions.createForIssue({
-            owner,
-            repo,
-            issue_number: issueNumber,
-            content: "eyes",
-          });
-          return;
-        }
-        break;
-      }
-      default: {
-        // Fallback: try to react to the issue/PR if we have a number.
-        const issueNumber = github.context.issue.number;
-        if (issueNumber) {
-          await octokit.rest.reactions.createForIssue({
-            owner,
-            repo,
-            issue_number: issueNumber,
-            content: "eyes",
-          });
-        }
-      }
-    }
-  } catch (error) {
-    // Do not fail the action if reaction creation fails – log and continue.
-    console.warn(`Failed to add \"eyes\" reaction: ${error}`);
-  }
-}

.github/actions/codex/src/comment.ts

@@ -1,53 +0,0 @@
-import type { EnvContext } from "./env-context";
-import { runCodex } from "./run-codex";
-import { postComment } from "./post-comment";
-import { addEyesReaction } from "./add-reaction";
-
-/**
- * Handle `issue_comment` and `pull_request_review_comment` events once we know
- * the action is supported.
- */
-export async function onComment(ctx: EnvContext): Promise<void> {
-  const triggerPhrase = ctx.tryGet("INPUT_TRIGGER_PHRASE");
-  if (!triggerPhrase) {
-    console.warn("Empty trigger phrase: skipping.");
-    return;
-  }
-
-  // Attempt to get the body of the comment from the environment. Depending on
-  // the event type either `GITHUB_EVENT_COMMENT_BODY` (issue & PR comments) or
-  // `GITHUB_EVENT_REVIEW_BODY` (PR reviews) is set.
-  const commentBody =
-    ctx.tryGetNonEmpty("GITHUB_EVENT_COMMENT_BODY") ??
-    ctx.tryGetNonEmpty("GITHUB_EVENT_REVIEW_BODY") ??
-    ctx.tryGetNonEmpty("GITHUB_EVENT_ISSUE_BODY");
-
-  if (!commentBody) {
-    console.warn("Comment body not found in environment: skipping.");
-    return;
-  }
-
-  // Check if the trigger phrase is present.
-  if (!commentBody.includes(triggerPhrase)) {
-    console.log(
-      `Trigger phrase '${triggerPhrase}' not found: nothing to do for this comment.`,
-    );
-    return;
-  }
-
-  // Derive the prompt by removing the trigger phrase. Remove only the first
-  // occurrence to keep any additional occurrences that might be meaningful.
-  const prompt = commentBody.replace(triggerPhrase, "").trim();
-
-  if (prompt.length === 0) {
-    console.warn("Prompt is empty after removing trigger phrase: skipping");
-    return;
-  }
-
-  // Provide immediate feedback that we are working on the request.
-  await addEyesReaction(ctx);
-
-  // Run Codex and post the response as a new comment.
-  const lastMessage = await runCodex(prompt, ctx);
-  await postComment(lastMessage, ctx);
-}

.github/actions/codex/src/config.ts

@@ -1,11 +0,0 @@
-import { readdirSync, statSync } from "fs";
-import * as path from "path";
-
-export interface Config {
-  labels: Record<string, LabelConfig>;
-}
-
-export interface LabelConfig {
-  /** Returns the prompt template. */
-  getPromptTemplate(): string;
-}

.github/actions/codex/src/default-label-config.ts

@@ -1,44 +0,0 @@
-import type { Config } from "./config";
-
-export function getDefaultConfig(): Config {
-  return {
-    labels: {
-      "codex-investigate-issue": {
-        getPromptTemplate: () =>
-          `
-Troubleshoot whether the reported issue is valid.
-
-Provide a concise and respectful comment summarizing the findings.
-
-### {CODEX_ACTION_ISSUE_TITLE}
-
-{CODEX_ACTION_ISSUE_BODY}
-`.trim(),
-      },
-      "codex-code-review": {
-        getPromptTemplate: () =>
-          `
-Review this PR and respond with a very concise final message, formatted in Markdown.
-
-There should be a summary of the changes (1-2 sentences) and a few bullet points if necessary.
-
-Then provide the **review** (1-2 sentences plus bullet points, friendly tone).
-
-{CODEX_ACTION_GITHUB_EVENT_PATH} contains the JSON that triggered this GitHub workflow. It contains the \`base\` and \`head\` refs that define this PR. Both refs are available locally.
-`.trim(),
-      },
-      "codex-attempt-fix": {
-        getPromptTemplate: () =>
-          `
-Attempt to solve the reported issue.
-
-If a code change is required, create a new branch, commit the fix, and open a pull-request that resolves the problem.
-
-### {CODEX_ACTION_ISSUE_TITLE}
-
-{CODEX_ACTION_ISSUE_BODY}
-`.trim(),
-      },
-    },
-  };
-}

.github/actions/codex/src/env-context.ts

@@ -1,116 +0,0 @@
-/*
- * Centralised access to environment variables used by the Codex GitHub
- * Action.
- *
- * To enable proper unit-testing we avoid reading from `process.env` at module
- * initialisation time.  Instead a `EnvContext` object is created (usually from
- * the real `process.env`) and passed around explicitly or – where that is not
- * yet practical – imported as the shared `defaultContext` singleton. Tests can
- * create their own context backed by a stubbed map of variables without having
- * to mutate global state.
- */
-
-import { fail } from "./fail";
-import * as github from "@actions/github";
-
-export interface EnvContext {
-  /**
-   * Return the value for a given environment variable or terminate the action
-   * via `fail` if it is missing / empty.
-   */
-  get(name: string): string;
-
-  /**
-   * Attempt to read an environment variable. Returns the value when present;
-   * otherwise returns undefined (does not call `fail`).
-   */
-  tryGet(name: string): string | undefined;
-
-  /**
-   * Attempt to read an environment variable. Returns non-empty string value or
-   * null if unset or empty string.
-   */
-  tryGetNonEmpty(name: string): string | null;
-
-  /**
-   * Return a memoised Octokit instance authenticated via the token resolved
-   * from the provided argument (when defined) or the environment variables
-   * `GITHUB_TOKEN`/`GH_TOKEN`.
-   *
-   * Subsequent calls return the same cached instance to avoid spawning
-   * multiple REST clients within a single action run.
-   */
-  getOctokit(token?: string): ReturnType<typeof github.getOctokit>;
-}
-
-/** Internal helper – *not* exported. */
-function _getRequiredEnv(
-  name: string,
-  env: Record<string, string | undefined>,
-): string | undefined {
-  const value = env[name];
-
-  // Avoid leaking secrets into logs while still logging non-secret variables.
-  if (name.endsWith("KEY") || name.endsWith("TOKEN")) {
-    if (value) {
-      console.log(`value for ${name} was found`);
-    }
-  } else {
-    console.log(`${name}=${value}`);
-  }
-
-  return value;
-}
-
-/** Create a context backed by the supplied environment map (defaults to `process.env`). */
-export function createEnvContext(
-  env: Record<string, string | undefined> = process.env,
-): EnvContext {
-  // Lazily instantiated Octokit client – shared across this context.
-  let cachedOctokit: ReturnType<typeof github.getOctokit> | null = null;
-
-  return {
-    get(name: string): string {
-      const value = _getRequiredEnv(name, env);
-      if (value == null) {
-        fail(`Missing required environment variable: ${name}`);
-      }
-      return value;
-    },
-
-    tryGet(name: string): string | undefined {
-      return _getRequiredEnv(name, env);
-    },
-
-    tryGetNonEmpty(name: string): string | null {
-      const value = _getRequiredEnv(name, env);
-      return value == null || value === "" ? null : value;
-    },
-
-    getOctokit(token?: string) {
-      if (cachedOctokit) {
-        return cachedOctokit;
-      }
-
-      // Determine the token to authenticate with.
-      const githubToken = token ?? env["GITHUB_TOKEN"] ?? env["GH_TOKEN"];
-
-      if (!githubToken) {
-        fail(
-          "Unable to locate a GitHub token. `github_token` should have been set on the action.",
-        );
-      }
-
-      cachedOctokit = github.getOctokit(githubToken!);
-      return cachedOctokit;
-    },
-  };
-}
-
-/**
- * Shared context built from the actual `process.env`.  Production code that is
- * not yet refactored to receive a context explicitly may import and use this
- * singleton.  Tests should avoid the singleton and instead pass their own
- * context to the functions they exercise.
- */
-export const defaultContext: EnvContext = createEnvContext();

.github/actions/codex/src/fail.ts

@@ -1,4 +0,0 @@
-export function fail(message: string): never {
-  console.error(message);
-  process.exit(1);
-}

.github/actions/codex/src/git-helpers.ts

@@ -1,149 +0,0 @@
-import { spawnSync } from "child_process";
-import * as github from "@actions/github";
-import { EnvContext } from "./env-context";
-
-function runGit(args: string[], silent = true): string {
-  console.info(`Running git ${args.join(" ")}`);
-  const res = spawnSync("git", args, {
-    encoding: "utf8",
-    stdio: silent ? ["ignore", "pipe", "pipe"] : "inherit",
-  });
-  if (res.error) {
-    throw res.error;
-  }
-  if (res.status !== 0) {
-    // Return stderr so caller may handle; else throw.
-    throw new Error(
-      `git ${args.join(" ")} failed with code ${res.status}: ${res.stderr}`,
-    );
-  }
-  return res.stdout.trim();
-}
-
-function stageAllChanges() {
-  runGit(["add", "-A"]);
-}
-
-function hasStagedChanges(): boolean {
-  const res = spawnSync("git", ["diff", "--cached", "--quiet", "--exit-code"]);
-  return res.status !== 0;
-}
-
-function ensureOnBranch(
-  issueNumber: number,
-  protectedBranches: string[],
-  suggestedSlug?: string,
-): string {
-  let branch = "";
-  try {
-    branch = runGit(["symbolic-ref", "--short", "-q", "HEAD"]);
-  } catch {
-    branch = "";
-  }
-
-  // If detached HEAD or on a protected branch, create a new branch.
-  if (!branch || protectedBranches.includes(branch)) {
-    if (suggestedSlug) {
-      const safeSlug = suggestedSlug
-        .toLowerCase()
-        .replace(/[^\w\s-]/g, "")
-        .trim()
-        .replace(/\s+/g, "-");
-      branch = `codex-fix-${issueNumber}-${safeSlug}`;
-    } else {
-      branch = `codex-fix-${issueNumber}-${Date.now()}`;
-    }
-    runGit(["switch", "-c", branch]);
-  }
-  return branch;
-}
-
-function commitIfNeeded(issueNumber: number) {
-  if (hasStagedChanges()) {
-    runGit([
-      "commit",
-      "-m",
-      `fix: automated fix for #${issueNumber} via Codex`,
-    ]);
-  }
-}
-
-function pushBranch(branch: string, githubToken: string, ctx: EnvContext) {
-  const repoSlug = ctx.get("GITHUB_REPOSITORY"); // owner/repo
-  const remoteUrl = `https://x-access-token:${githubToken}@github.com/${repoSlug}.git`;
-
-  runGit(["push", "--force-with-lease", "-u", remoteUrl, `HEAD:${branch}`]);
-}
-
-/**
- * If this returns a string, it is the URL of the created PR.
- */
-export async function maybePublishPRForIssue(
-  issueNumber: number,
-  lastMessage: string,
-  ctx: EnvContext,
-): Promise<string | undefined> {
-  // Only proceed if GITHUB_TOKEN available.
-  const githubToken =
-    ctx.tryGetNonEmpty("GITHUB_TOKEN") ?? ctx.tryGetNonEmpty("GH_TOKEN");
-  if (!githubToken) {
-    console.warn("No GitHub token - skipping PR creation.");
-    return undefined;
-  }
-
-  // Print `git status` for debugging.
-  runGit(["status"]);
-
-  // Stage any remaining changes so they can be committed and pushed.
-  stageAllChanges();
-
-  const octokit = ctx.getOctokit(githubToken);
-
-  const { owner, repo } = github.context.repo;
-
-  // Determine default branch to treat as protected.
-  let defaultBranch = "main";
-  try {
-    const repoInfo = await octokit.rest.repos.get({ owner, repo });
-    defaultBranch = repoInfo.data.default_branch ?? "main";
-  } catch (e) {
-    console.warn(`Failed to get default branch, assuming 'main': ${e}`);
-  }
-
-  const sanitizedMessage = lastMessage.replace(/\u2022/g, "-");
-  const [summaryLine] = sanitizedMessage.split(/\r?\n/);
-  const branch = ensureOnBranch(issueNumber, [defaultBranch, "master"], summaryLine);
-  commitIfNeeded(issueNumber);
-  pushBranch(branch, githubToken, ctx);
-
-  // Try to find existing PR for this branch
-  const headParam = `${owner}:${branch}`;
-  const existing = await octokit.rest.pulls.list({
-    owner,
-    repo,
-    head: headParam,
-    state: "open",
-  });
-  if (existing.data.length > 0) {
-    return existing.data[0].html_url;
-  }
-
-  // Determine base branch (default to main)
-  let baseBranch = "main";
-  try {
-    const repoInfo = await octokit.rest.repos.get({ owner, repo });
-    baseBranch = repoInfo.data.default_branch ?? "main";
-  } catch (e) {
-    console.warn(`Failed to get default branch, assuming 'main': ${e}`);
-  }
-
-  const pr = await octokit.rest.pulls.create({
-    owner,
-    repo,
-    title: summaryLine,
-    head: branch,
-    base: baseBranch,
-    body: sanitizedMessage,
-  });
-  return pr.data.html_url;
-}

.github/actions/codex/src/git-user.ts

@@ -1,16 +0,0 @@
-export function setGitHubActionsUser(): void {
-  const commands = [
-    ["git", "config", "--global", "user.name", "github-actions[bot]"],
-    [
-      "git",
-      "config",
-      "--global",
-      "user.email",
-      "41898282+github-actions[bot]@users.noreply.github.com",
-    ],
-  ];
-
-  for (const command of commands) {
-    Bun.spawnSync(command);
-  }
-}

.github/actions/codex/src/github-workspace.ts

@@ -1,11 +0,0 @@
-import * as pathMod from "path";
-import { EnvContext } from "./env-context";
-
-export function resolveWorkspacePath(path: string, ctx: EnvContext): string {
-  if (pathMod.isAbsolute(path)) {
-    return path;
-  } else {
-    const workspace = ctx.get("GITHUB_WORKSPACE");
-    return pathMod.join(workspace, path);
-  }
-}

.github/actions/codex/src/load-config.ts

@@ -1,56 +0,0 @@
-import type { Config, LabelConfig } from "./config";
-
-import { getDefaultConfig } from "./default-label-config";
-import { readFileSync, readdirSync, statSync } from "fs";
-import * as path from "path";
-
-/**
- * Build an in-memory configuration object by scanning the repository for
- * Markdown templates located in `.github/codex/labels`.
- *
- * Each `*.md` file in that directory represents a label that can trigger the
- * Codex GitHub Action. The filename **without** the extension is interpreted
- * as the label name, e.g. `codex-review.md` ➜ `codex-review`.
- *
- * For every such label we derive the corresponding `doneLabel` by appending
- * the suffix `-completed`.
- */
-export function loadConfig(workspace: string): Config {
-  const labelsDir = path.join(workspace, ".github", "codex", "labels");
-
-  let entries: string[];
-  try {
-    entries = readdirSync(labelsDir);
-  } catch {
-    // If the directory is missing, return the default configuration.
-    return getDefaultConfig();
-  }
-
-  const labels: Record<string, LabelConfig> = {};
-
-  for (const entry of entries) {
-    if (!entry.endsWith(".md")) {
-      continue;
-    }
-
-    const fullPath = path.join(labelsDir, entry);
-
-    if (!statSync(fullPath).isFile()) {
-      continue;
-    }
-
-    const labelName = entry.slice(0, -3); // trim ".md"
-
-    labels[labelName] = new FileLabelConfig(fullPath);
-  }
-
-  return { labels };
-}
-
-class FileLabelConfig implements LabelConfig {
-  constructor(private readonly promptPath: string) {}
-
-  getPromptTemplate(): string {
-    return readFileSync(this.promptPath, "utf8");
-  }
-}

.github/actions/codex/src/main.ts

@@ -1,80 +0,0 @@
-#!/usr/bin/env bun
-
-import type { Config } from "./config";
-
-import { defaultContext, EnvContext } from "./env-context";
-import { loadConfig } from "./load-config";
-import { setGitHubActionsUser } from "./git-user";
-import { onLabeled } from "./process-label";
-import { ensureBaseAndHeadCommitsForPRAreAvailable } from "./prompt-template";
-import { performAdditionalValidation } from "./verify-inputs";
-import { onComment } from "./comment";
-import { onReview } from "./review";
-
-async function main(): Promise<void> {
-  const ctx: EnvContext = defaultContext;
-
-  // Build the configuration dynamically by scanning `.github/codex/labels`.
-  const GITHUB_WORKSPACE = ctx.get("GITHUB_WORKSPACE");
-  const config: Config = loadConfig(GITHUB_WORKSPACE);
-
-  // Optionally perform additional validation of prompt template files.
-  performAdditionalValidation(config, GITHUB_WORKSPACE);
-
-  const GITHUB_EVENT_NAME = ctx.get("GITHUB_EVENT_NAME");
-  const GITHUB_EVENT_ACTION = ctx.get("GITHUB_EVENT_ACTION");
-
-  // Set user.name and user.email to a bot before Codex runs, just in case it
-  // creates a commit.
-  setGitHubActionsUser();
-
-  switch (GITHUB_EVENT_NAME) {
-    case "issues": {
-      if (GITHUB_EVENT_ACTION === "labeled") {
-        await onLabeled(config, ctx);
-        return;
-      } else if (GITHUB_EVENT_ACTION === "opened") {
-        await onComment(ctx);
-        return;
-      }
-      break;
-    }
-    case "issue_comment": {
-      if (GITHUB_EVENT_ACTION === "created") {
-        await onComment(ctx);
-        return;
-      }
-      break;
-    }
-    case "pull_request": {
-      if (GITHUB_EVENT_ACTION === "labeled") {
-        await ensureBaseAndHeadCommitsForPRAreAvailable(ctx);
-        await onLabeled(config, ctx);
-        return;
-      }
-      break;
-    }
-    case "pull_request_review": {
-      await ensureBaseAndHeadCommitsForPRAreAvailable(ctx);
-      if (GITHUB_EVENT_ACTION === "submitted") {
-        await onReview(ctx);
-        return;
-      }
-      break;
-    }
-    case "pull_request_review_comment": {
-      await ensureBaseAndHeadCommitsForPRAreAvailable(ctx);
-      if (GITHUB_EVENT_ACTION === "created") {
-        await onComment(ctx);
-        return;
-      }
-      break;
-    }
-  }
-
-  console.warn(
-    `Unsupported action '${GITHUB_EVENT_ACTION}' for event '${GITHUB_EVENT_NAME}'.`,
-  );
-}
-
-main();

.github/actions/codex/src/post-comment.ts

@@ -1,62 +0,0 @@
-import { fail } from "./fail";
-import * as github from "@actions/github";
-import { EnvContext } from "./env-context";
-
-/**
- * Post a comment to the issue / pull request currently in scope.
- *
- * Provide the environment context so that token lookup (inside getOctokit) does
- * not rely on global state.
- */
-export async function postComment(
-  commentBody: string,
-  ctx: EnvContext,
-): Promise<void> {
-  // Append a footer with a link back to the workflow run, if available.
-  const footer = buildWorkflowRunFooter(ctx);
-  const bodyWithFooter = footer ? `${commentBody}${footer}` : commentBody;
-
-  const octokit = ctx.getOctokit();
-  console.info("Got Octokit instance for posting comment");
-  const { owner, repo } = github.context.repo;
-  const issueNumber = github.context.issue.number;
-
-  if (!issueNumber) {
-    console.warn(
-      "No issue or pull_request number found in GitHub context; skipping comment creation.",
-    );
-    return;
-  }
-
-  try {
-    console.info("Calling octokit.rest.issues.createComment()");
-    await octokit.rest.issues.createComment({
-      owner,
-      repo,
-      issue_number: issueNumber,
-      body: bodyWithFooter,
-    });
-  } catch (error) {
-    fail(`Failed to create comment via GitHub API: ${error}`);
-  }
-}
-
-/**
- * Helper to build a Markdown fragment linking back to the workflow run that
- * generated the current comment. Returns `undefined` if required environment
- * variables are missing – e.g. when running outside of GitHub Actions – so we
- * can gracefully skip the footer in those cases.
- */
-function buildWorkflowRunFooter(ctx: EnvContext): string | undefined {
-  const serverUrl =
-    ctx.tryGetNonEmpty("GITHUB_SERVER_URL") ?? "https://github.com";
-  const repository = ctx.tryGetNonEmpty("GITHUB_REPOSITORY");
-  const runId = ctx.tryGetNonEmpty("GITHUB_RUN_ID");
-
-  if (!repository || !runId) {
-    return undefined;
-  }
-
-  const url = `${serverUrl}/${repository}/actions/runs/${runId}`;
-  return `\n\n---\n*[_View workflow run_](${url})*`;
-}

.github/actions/codex/src/process-label.ts

@@ -1,226 +0,0 @@
-import { fail } from "./fail";
-import { EnvContext } from "./env-context";
-import { renderPromptTemplate } from "./prompt-template";
-
-import { postComment } from "./post-comment";
-import { runCodex } from "./run-codex";
-
-import * as github from "@actions/github";
-import { Config, LabelConfig } from "./config";
-import { maybePublishPRForIssue } from "./git-helpers";
-
-export async function onLabeled(
-  config: Config,
-  ctx: EnvContext,
-): Promise<void> {
-  const GITHUB_EVENT_LABEL_NAME = ctx.get("GITHUB_EVENT_LABEL_NAME");
-  const labelConfig = config.labels[GITHUB_EVENT_LABEL_NAME] as
-    | LabelConfig
-    | undefined;
-  if (!labelConfig) {
-    fail(
-      `Label \`${GITHUB_EVENT_LABEL_NAME}\` not found in config: ${JSON.stringify(config)}`,
-    );
-  }
-
-  await processLabelConfig(ctx, GITHUB_EVENT_LABEL_NAME, labelConfig);
-}
-
-/**
- * Wrapper that handles `-in-progress` and `-completed` semantics around the core lint/fix/review
- * processing. It will:
- *
- * - Skip execution if the `-in-progress` or `-completed` label is already present.
- * - Mark the PR/issue as `-in-progress`.
- * - After successful execution, mark the PR/issue as `-completed`.
- */
-async function processLabelConfig(
-  ctx: EnvContext,
-  label: string,
-  labelConfig: LabelConfig,
-): Promise<void> {
-  const octokit = ctx.getOctokit();
-  const { owner, repo, issueNumber, labelNames } =
-    await getCurrentLabels(octokit);
-
-  const inProgressLabel = `${label}-in-progress`;
-  const completedLabel = `${label}-completed`;
-  for (const markerLabel of [inProgressLabel, completedLabel]) {
-    if (labelNames.includes(markerLabel)) {
-      console.log(
-        `Label '${markerLabel}' already present on issue/PR #${issueNumber}. Skipping Codex action.`,
-      );
-
-      // Clean up: remove the triggering label to avoid confusion and re-runs.
-      await addAndRemoveLabels(octokit, {
-        owner,
-        repo,
-        issueNumber,
-        remove: markerLabel,
-      });
-
-      return;
-    }
-  }
-
-  // Mark the PR/issue as in progress.
-  await addAndRemoveLabels(octokit, {
-    owner,
-    repo,
-    issueNumber,
-    add: inProgressLabel,
-    remove: label,
-  });
-
-  // Run the core Codex processing.
-  await processLabel(ctx, label, labelConfig);
-
-  // Mark the PR/issue as completed.
-  await addAndRemoveLabels(octokit, {
-    owner,
-    repo,
-    issueNumber,
-    add: completedLabel,
-    remove: inProgressLabel,
-  });
-}
-
-async function processLabel(
-  ctx: EnvContext,
-  label: string,
-  labelConfig: LabelConfig,
-): Promise<void> {
-  const template = labelConfig.getPromptTemplate();
-
-  // If this is a review label, prepend explicit PR-diff scoping guidance to
-  // reduce out-of-scope feedback. Do this before rendering so placeholders in
-  // the guidance (e.g., {CODEX_ACTION_GITHUB_EVENT_PATH}) are substituted.
-  const isReview = label.toLowerCase().includes("review");
-  const reviewScopeGuidance = `
-PR Diff Scope
-- Only review changes between the PR's merge-base and head; do not comment on commits or files outside this range.
-- Derive the base/head SHAs from the event JSON at {CODEX_ACTION_GITHUB_EVENT_PATH}, then compute and use the PR diff for all analysis and comments.
-
-Commands to determine scope
-- Resolve SHAs:
-  - BASE_SHA=$(jq -r '.pull_request.base.sha // .pull_request.base.ref' "{CODEX_ACTION_GITHUB_EVENT_PATH}")
-  - HEAD_SHA=$(jq -r '.pull_request.head.sha // .pull_request.head.ref' "{CODEX_ACTION_GITHUB_EVENT_PATH}")
-  - BASE_SHA=$(git rev-parse "$BASE_SHA")
-  - HEAD_SHA=$(git rev-parse "$HEAD_SHA")
-- Prefer triple-dot (merge-base) semantics for PR diffs:
-  - Changed commits: git log --oneline "$BASE_SHA...$HEAD_SHA"
-  - Changed files: git diff --name-status "$BASE_SHA...$HEAD_SHA"
-  - Review hunks: git diff -U0 "$BASE_SHA...$HEAD_SHA"
-
-Review rules
-- Anchor every comment to a file and hunk present in git diff "$BASE_SHA...$HEAD_SHA".
-- If you mention context outside the diff, label it as "Follow-up (outside this PR scope)" and keep it brief (<=2 bullets).
-- Do not critique commits or files not reachable in the PR range (merge-base(base, head) → head).
-`.trim();
-
-  const effectiveTemplate = isReview
-    ? `${reviewScopeGuidance}\n\n${template}`
-    : template;
-
-  const populatedTemplate = await renderPromptTemplate(effectiveTemplate, ctx);
-
-  // Always run Codex and post the resulting message as a comment.
-  let commentBody = await runCodex(populatedTemplate, ctx);
-
-  // Current heuristic: only try to create a PR if "attempt" or "fix" is in the
-  // label name. (Yes, we plan to evolve this.)
-  if (label.indexOf("fix") !== -1 || label.indexOf("attempt") !== -1) {
-    console.info(`label ${label} indicates we should attempt to create a PR`);
-    const prUrl = await maybeFixIssue(ctx, commentBody);
-    if (prUrl) {
-      commentBody += `\n\n---\nOpened pull request: ${prUrl}`;
-    }
-  } else {
-    console.info(
-      `label ${label} does not indicate we should attempt to create a PR`,
-    );
-  }
-
-  await postComment(commentBody, ctx);
-}
-
-async function maybeFixIssue(
-  ctx: EnvContext,
-  lastMessage: string,
-): Promise<string | undefined> {
-  // Attempt to create a PR out of any changes Codex produced.
-  const issueNumber = github.context.issue.number!; // exists for issues triggering this path
-  try {
-    return await maybePublishPRForIssue(issueNumber, lastMessage, ctx);
-  } catch (e) {
-    console.warn(`Failed to publish PR: ${e}`);
-  }
-}
-
-async function getCurrentLabels(
-  octokit: ReturnType<typeof github.getOctokit>,
-): Promise<{
-  owner: string;
-  repo: string;
-  issueNumber: number;
-  labelNames: Array<string>;
-}> {
-  const { owner, repo } = github.context.repo;
-  const issueNumber = github.context.issue.number;
-
-  if (!issueNumber) {
-    fail("No issue or pull_request number found in GitHub context.");
-  }
-
-  const { data: issueData } = await octokit.rest.issues.get({
-    owner,
-    repo,
-    issue_number: issueNumber,
-  });
-
-  const labelNames =
-    issueData.labels?.map((label: any) =>
-      typeof label === "string" ? label : label.name,
-    ) ?? [];
-
-  return { owner, repo, issueNumber, labelNames };
-}
-
-async function addAndRemoveLabels(
-  octokit: ReturnType<typeof github.getOctokit>,
-  opts: {
-    owner: string;
-    repo: string;
-    issueNumber: number;
-    add?: string;
-    remove?: string;
-  },
-): Promise<void> {
-  const { owner, repo, issueNumber, add, remove } = opts;
-
-  if (add) {
-    try {
-      await octokit.rest.issues.addLabels({
-        owner,
-        repo,
-        issue_number: issueNumber,
-        labels: [add],
-      });
-    } catch (error) {
-      console.warn(`Failed to add label '${add}': ${error}`);
-    }
-  }
-
-  if (remove) {
-    try {
-      await octokit.rest.issues.removeLabel({
-        owner,
-        repo,
-        issue_number: issueNumber,
-        name: remove,
-      });
-    } catch (error) {
-      console.warn(`Failed to remove label '${remove}': ${error}`);
-    }
-  }
-}

.github/actions/codex/src/prompt-template.ts

@@ -1,284 +0,0 @@
-/*
- * Utilities to render Codex prompt templates.
- *
- * A template is a Markdown (or plain-text) file that may contain one or more
- * placeholders of the form `{CODEX_ACTION_<NAME>}`. At runtime these
- * placeholders are substituted with dynamically generated content. Each
- * placeholder is resolved **exactly once** even if it appears multiple times
- * in the same template.
- */
-
-import { readFile } from "fs/promises";
-
-import { EnvContext } from "./env-context";
-
-// ---------------------------------------------------------------------------
-// Helpers
-// ---------------------------------------------------------------------------
-
-/**
- * Lazily caches parsed `$GITHUB_EVENT_PATH` contents keyed by the file path so
- * we only hit the filesystem once per unique event payload.
- */
-const githubEventDataCache: Map<string, Promise<any>> = new Map();
-
-function getGitHubEventData(ctx: EnvContext): Promise<any> {
-  const eventPath = ctx.get("GITHUB_EVENT_PATH");
-  let cached = githubEventDataCache.get(eventPath);
-  if (!cached) {
-    cached = readFile(eventPath, "utf8").then((raw) => JSON.parse(raw));
-    githubEventDataCache.set(eventPath, cached);
-  }
-  return cached;
-}
-
-async function runCommand(args: Array<string>): Promise<string> {
-  const result = Bun.spawnSync(args, {
-    stdout: "pipe",
-    stderr: "pipe",
-  });
-
-  if (result.success) {
-    return result.stdout.toString();
-  }
-
-  console.error(`Error running ${JSON.stringify(args)}: ${result.stderr}`);
-  return "";
-}
-
-// ---------------------------------------------------------------------------
-// Public API
-// ---------------------------------------------------------------------------
-
-// Regex that captures the variable name without the surrounding { } braces.
-const VAR_REGEX = /\{(CODEX_ACTION_[A-Z0-9_]+)\}/g;
-
-// Cache individual placeholder values so each one is resolved at most once per
-// process even if many templates reference it.
-const placeholderCache: Map<string, Promise<string>> = new Map();
-
-/**
- * Parse a template string, resolve all placeholders and return the rendered
- * result.
- */
-export async function renderPromptTemplate(
-  template: string,
-  ctx: EnvContext,
-): Promise<string> {
-  // ---------------------------------------------------------------------
-  // 1) Gather all *unique* placeholders present in the template.
-  // ---------------------------------------------------------------------
-  const variables = new Set<string>();
-  for (const match of template.matchAll(VAR_REGEX)) {
-    variables.add(match[1]);
-  }
-
-  // ---------------------------------------------------------------------
-  // 2) Kick off (or reuse) async resolution for each variable.
-  // ---------------------------------------------------------------------
-  for (const variable of variables) {
-    if (!placeholderCache.has(variable)) {
-      placeholderCache.set(variable, resolveVariable(variable, ctx));
-    }
-  }
-
-  // ---------------------------------------------------------------------
-  // 3) Await completion so we can perform a simple synchronous replace below.
-  // ---------------------------------------------------------------------
-  const resolvedEntries: [string, string][] = [];
-  for (const [key, promise] of placeholderCache.entries()) {
-    resolvedEntries.push([key, await promise]);
-  }
-  const resolvedMap = new Map<string, string>(resolvedEntries);
-
-  // ---------------------------------------------------------------------
-  // 4) Replace each occurrence.  We use replace with a callback to ensure
-  //    correct substitution even if variable names overlap (they shouldn't,
-  //    but better safe than sorry).
-  // ---------------------------------------------------------------------
-  return template.replace(VAR_REGEX, (_, varName: string) => {
-    return resolvedMap.get(varName) ?? "";
-  });
-}
-
-export async function ensureBaseAndHeadCommitsForPRAreAvailable(
-  ctx: EnvContext,
-): Promise<{ baseSha: string; headSha: string } | null> {
-  const prShas = await getPrShas(ctx);
-  if (prShas == null) {
-    console.warn("Unable to resolve PR branches");
-    return null;
-  }
-
-  const event = await getGitHubEventData(ctx);
-  const pr = event.pull_request;
-  if (!pr) {
-    console.warn("event.pull_request is not defined - unexpected");
-    return null;
-  }
-
-  const workspace = ctx.get("GITHUB_WORKSPACE");
-
-  // Refs (branch names)
-  const baseRef: string | undefined = pr.base?.ref;
-  const headRef: string | undefined = pr.head?.ref;
-
-  // Clone URLs
-  const baseRemoteUrl: string | undefined = pr.base?.repo?.clone_url;
-  const headRemoteUrl: string | undefined = pr.head?.repo?.clone_url;
-
-  if (!baseRef || !headRef || !baseRemoteUrl || !headRemoteUrl) {
-    console.warn(
-      "Missing PR ref or remote URL information - cannot fetch commits",
-    );
-    return null;
-  }
-
-  // Ensure we have the base branch.
-  await runCommand([
-    "git",
-    "-C",
-    workspace,
-    "fetch",
-    "--no-tags",
-    "origin",
-    baseRef,
-  ]);
-
-  // Ensure we have the head branch.
-  if (headRemoteUrl === baseRemoteUrl) {
-    // Same repository – the commit is available from `origin`.
-    await runCommand([
-      "git",
-      "-C",
-      workspace,
-      "fetch",
-      "--no-tags",
-      "origin",
-      headRef,
-    ]);
-  } else {
-    // Fork – make sure a `pr` remote exists that points at the fork. Attempting
-    // to add a remote that already exists causes git to error, so we swallow
-    // any non-zero exit codes from that specific command.
-    await runCommand([
-      "git",
-      "-C",
-      workspace,
-      "remote",
-      "add",
-      "pr",
-      headRemoteUrl,
-    ]);
-
-    // Whether adding succeeded or the remote already existed, attempt to fetch
-    // the head ref from the `pr` remote.
-    await runCommand([
-      "git",
-      "-C",
-      workspace,
-      "fetch",
-      "--no-tags",
-      "pr",
-      headRef,
-    ]);
-  }
-
-  return prShas;
-}
-
-// ---------------------------------------------------------------------------
-// Internal helpers – still exported for use by other modules.
-// ---------------------------------------------------------------------------
-
-export async function resolvePrDiff(ctx: EnvContext): Promise<string> {
-  const prShas = await ensureBaseAndHeadCommitsForPRAreAvailable(ctx);
-  if (prShas == null) {
-    console.warn("Unable to resolve PR branches");
-    return "";
-  }
-
-  const workspace = ctx.get("GITHUB_WORKSPACE");
-  const { baseSha, headSha } = prShas;
-  return runCommand([
-    "git",
-    "-C",
-    workspace,
-    "diff",
-    "--color=never",
-    `${baseSha}..${headSha}`,
-  ]);
-}
-
-// ---------------------------------------------------------------------------
-// Placeholder resolution
-// ---------------------------------------------------------------------------
-
-async function resolveVariable(name: string, ctx: EnvContext): Promise<string> {
-  switch (name) {
-    case "CODEX_ACTION_ISSUE_TITLE": {
-      const event = await getGitHubEventData(ctx);
-      const issue = event.issue ?? event.pull_request;
-      return issue?.title ?? "";
-    }
-
-    case "CODEX_ACTION_ISSUE_BODY": {
-      const event = await getGitHubEventData(ctx);
-      const issue = event.issue ?? event.pull_request;
-      return issue?.body ?? "";
-    }
-
-    case "CODEX_ACTION_GITHUB_EVENT_PATH": {
-      return ctx.get("GITHUB_EVENT_PATH");
-    }
-
-    case "CODEX_ACTION_BASE_REF": {
-      const event = await getGitHubEventData(ctx);
-      return event?.pull_request?.base?.ref ?? "";
-    }
-
-    case "CODEX_ACTION_HEAD_REF": {
-      const event = await getGitHubEventData(ctx);
-      return event?.pull_request?.head?.ref ?? "";
-    }
-
-    case "CODEX_ACTION_PR_DIFF": {
-      return resolvePrDiff(ctx);
-    }
-
-    // -------------------------------------------------------------------
-    // Add new template variables here.
-    // -------------------------------------------------------------------
-
-    default: {
-      // Unknown variable – leave it blank to avoid leaking placeholders to the
-      // final prompt.  The alternative would be to `fail()` here, but silently
-      // ignoring unknown placeholders is more forgiving and better matches the
-      // behaviour of typical template engines.
-      console.warn(`Unknown template variable: ${name}`);
-      return "";
-    }
-  }
-}
-
-async function getPrShas(
-  ctx: EnvContext,
-): Promise<{ baseSha: string; headSha: string } | null> {
-  const event = await getGitHubEventData(ctx);
-  const pr = event.pull_request;
-  if (!pr) {
-    console.warn("event.pull_request is not defined");
-    return null;
-  }
-
-  // Prefer explicit SHAs if available to avoid relying on local branch names.
-  const baseSha: string | undefined = pr.base?.sha;
-  const headSha: string | undefined = pr.head?.sha;
-
-  if (!baseSha || !headSha) {
-    console.warn("one of base or head is not defined on event.pull_request");
-    return null;
-  }
-
-  return { baseSha, headSha };
-}

.github/actions/codex/src/review.ts

@@ -1,42 +0,0 @@
-import type { EnvContext } from "./env-context";
-import { runCodex } from "./run-codex";
-import { postComment } from "./post-comment";
-import { addEyesReaction } from "./add-reaction";
-
-/**
- * Handle `pull_request_review` events. We treat the review body the same way
- * as a normal comment.
- */
-export async function onReview(ctx: EnvContext): Promise<void> {
-  const triggerPhrase = ctx.tryGet("INPUT_TRIGGER_PHRASE");
-  if (!triggerPhrase) {
-    console.warn("Empty trigger phrase: skipping.");
-    return;
-  }
-
-  const reviewBody = ctx.tryGet("GITHUB_EVENT_REVIEW_BODY");
-
-  if (!reviewBody) {
-    console.warn("Review body not found in environment: skipping.");
-    return;
-  }
-
-  if (!reviewBody.includes(triggerPhrase)) {
-    console.log(
-      `Trigger phrase '${triggerPhrase}' not found: nothing to do for this review.`,
-    );
-    return;
-  }
-
-  const prompt = reviewBody.replace(triggerPhrase, "").trim();
-
-  if (prompt.length === 0) {
-    console.warn("Prompt is empty after removing trigger phrase: skipping.");
-    return;
-  }
-
-  await addEyesReaction(ctx);
-
-  const lastMessage = await runCodex(prompt, ctx);
-  await postComment(lastMessage, ctx);
-}

.github/actions/codex/src/run-codex.ts

@@ -1,58 +0,0 @@
-import { fail } from "./fail";
-import { EnvContext } from "./env-context";
-import { tmpdir } from "os";
-import { join } from "node:path";
-import { readFile, mkdtemp } from "fs/promises";
-import { resolveWorkspacePath } from "./github-workspace";
-
-/**
- * Runs the Codex CLI with the provided prompt and returns the output written
- * to the "last message" file.
- */
-export async function runCodex(
-  prompt: string,
-  ctx: EnvContext,
-): Promise<string> {
-  const OPENAI_API_KEY = ctx.get("OPENAI_API_KEY");
-
-  const tempDirPath = await mkdtemp(join(tmpdir(), "codex-"));
-  const lastMessageOutput = join(tempDirPath, "codex-prompt.md");
-
-  // Use the unified CLI and its `exec` subcommand instead of the old
-  // standalone `codex-exec` binary.
-  const args = ["/usr/local/bin/codex", "exec"];
-
-  const inputCodexArgs = ctx.tryGet("INPUT_CODEX_ARGS")?.trim();
-  if (inputCodexArgs) {
-    args.push(...inputCodexArgs.split(/\s+/));
-  }
-
-  args.push("--output-last-message", lastMessageOutput, prompt);
-
-  const env: Record<string, string> = { ...process.env, OPENAI_API_KEY };
-  const INPUT_CODEX_HOME = ctx.tryGet("INPUT_CODEX_HOME");
-  if (INPUT_CODEX_HOME) {
-    env.CODEX_HOME = resolveWorkspacePath(INPUT_CODEX_HOME, ctx);
-  }
-
-  console.log(`Running Codex: ${JSON.stringify(args)}`);
-  const result = Bun.spawnSync(args, {
-    stdout: "inherit",
-    stderr: "inherit",
-    env,
-  });
-
-  if (!result.success) {
-    fail(`Codex failed: see above for details.`);
-  }
-
-  // Read the output generated by Codex.
-  let lastMessage: string;
-  try {
-    lastMessage = await readFile(lastMessageOutput, "utf8");
-  } catch (err) {
-    fail(`Failed to read Codex output at '${lastMessageOutput}': ${err}`);
-  }
-
-  return lastMessage;
-}

.github/actions/codex/src/verify-inputs.ts

@@ -1,33 +0,0 @@
-// Validate the inputs passed to the composite action.
-// The script currently ensures that the provided configuration file exists and
-// matches the expected schema.
-
-import type { Config } from "./config";
-
-import { existsSync } from "fs";
-import * as path from "path";
-import { fail } from "./fail";
-
-export function performAdditionalValidation(config: Config, workspace: string) {
-  // Additional validation: ensure referenced prompt files exist and are Markdown.
-  for (const [label, details] of Object.entries(config.labels)) {
-    // Determine which prompt key is present (the schema guarantees exactly one).
-    const promptPathStr =
-      (details as any).prompt ?? (details as any).promptPath;
-
-    if (promptPathStr) {
-      const promptPath = path.isAbsolute(promptPathStr)
-        ? promptPathStr
-        : path.join(workspace, promptPathStr);
-
-      if (!existsSync(promptPath)) {
-        fail(`Prompt file for label '${label}' not found: ${promptPath}`);
-      }
-      if (!promptPath.endsWith(".md")) {
-        fail(
-          `Prompt file for label '${label}' must be a .md file (got ${promptPathStr}).`,
-        );
-      }
-    }
-  }
-}

.github/actions/codex/tsconfig.json

@@ -1,15 +0,0 @@
-{
-  "compilerOptions": {
-    "lib": ["ESNext"],
-    "target": "ESNext",
-    "module": "ESNext",
-    "moduleDetection": "force",
-    "moduleResolution": "bundler",
-
-    "noEmit": true,
-    "strict": true,
-    "skipLibCheck": true
-  },
-
-  "include": ["src"]
-}

.github/dotslash-config.json

@@ -21,6 +21,10 @@
         "windows-x86_64": {
           "regex": "^codex-x86_64-pc-windows-msvc\\.exe\\.zst$",
           "path": "codex.exe"
+        },
+        "windows-aarch64": {
+          "regex": "^codex-aarch64-pc-windows-msvc\\.exe\\.zst$",
+          "path": "codex.exe"
         }
       }
     }

.github/pull_request_template.md

@@ -1,6 +1,6 @@
 # External (non-OpenAI) Pull Request Requirements
 
-Before opening this Pull Request, please read the "Contributing" section of the README or your PR may be closed:
-https://github.com/openai/codex#contributing
+Before opening this Pull Request, please read the dedicated "Contributing" markdown file or your PR may be closed:
+https://github.com/openai/codex/blob/main/docs/contributing.md
 
 If your PR conforms to our contribution guidelines, replace this text with a detailed and high quality description of your changes.

.github/workflows/ci.yml

@@ -14,33 +14,18 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v5
 
-      - name: Setup Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: 22
-
       - name: Setup pnpm
         uses: pnpm/action-setup@v4
         with:
-          version: 10.8.1
           run_install: false
 
-      - name: Get pnpm store directory
-        id: pnpm-cache
-        shell: bash
-        run: |
-          echo "store_path=$(pnpm store path --silent)" >> $GITHUB_OUTPUT
-
-      - name: Setup pnpm cache
-        uses: actions/cache@v4
+      - name: Setup Node.js
+        uses: actions/setup-node@v5
         with:
-          path: ${{ steps.pnpm-cache.outputs.store_path }}
-          key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
-          restore-keys: |
-            ${{ runner.os }}-pnpm-store-
+          node-version: 22
 
       - name: Install dependencies
-        run: pnpm install
+        run: pnpm install --frozen-lockfile
 
       # Run all tasks using workspace filters
 

.github/workflows/codespell.yml

@@ -25,3 +25,4 @@ jobs:
         uses: codespell-project/actions-codespell@406322ec52dd7b488e48c1c4b82e2a8b3a1bf630 # v2
         with:
           ignore_words_file: .codespellignore
+          skip: frame*.txt

.github/workflows/codex.yml

@@ -1,64 +0,0 @@
-name: Codex
-
-on:
-  issues:
-    types: [opened, labeled]
-  pull_request:
-    branches: [main]
-    types: [labeled]
-
-jobs:
-  codex:
-    # This `if` check provides complex filtering logic to avoid running Codex
-    # on every PR. Admittedly, one thing this does not verify is whether the
-    # sender has write access to the repo: that must be done as part of a
-    # runtime step.
-    #
-    # Note the label values should match the ones in the .github/codex/labels
-    # folder.
-    if: |
-      (github.event_name == 'issues' && (
-        (github.event.action == 'labeled' && (github.event.label.name == 'codex-attempt' || github.event.label.name == 'codex-triage'))
-      )) ||
-      (github.event_name == 'pull_request' && github.event.action == 'labeled' && (github.event.label.name == 'codex-review' || github.event.label.name == 'codex-rust-review'))
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write # can push or create branches
-      issues: write # for comments + labels on issues/PRs
-      pull-requests: write # for PR comments/labels
-    steps:
-      # TODO: Consider adding an optional mode (--dry-run?) to actions/codex
-      # that verifies whether Codex should actually be run for this event.
-      # (For example, it may be rejected because the sender does not have
-      # write access to the repo.) The benefit would be two-fold:
-      # 1. As the first step of this job, it gives us a chance to add a reaction
-      #    or comment to the PR/issue ASAP to "ack" the request.
-      # 2. It saves resources by skipping the clone and setup steps below if
-      #    Codex is not going to run.
-
-      - name: Checkout repository
-        uses: actions/checkout@v5
-
-      - uses: dtolnay/rust-toolchain@1.89
-        with:
-          targets: x86_64-unknown-linux-gnu
-          components: clippy
-
-      - uses: actions/cache@v4
-        with:
-          path: |
-            ~/.cargo/bin/
-            ~/.cargo/registry/index/
-            ~/.cargo/registry/cache/
-            ~/.cargo/git/db/
-            ${{ github.workspace }}/codex-rs/target/
-          key: cargo-ubuntu-24.04-x86_64-unknown-linux-gnu-dev-${{ hashFiles('**/Cargo.lock') }}
-
-      # Note it is possible that the `verify` step internal to Run Codex will
-      # fail, in which case the work to setup the repo was worthless :(
-      - name: Run Codex
-        uses: ./.github/actions/codex
-        with:
-          openai_api_key: ${{ secrets.CODEX_OPENAI_API_KEY }}
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          codex_home: ./.github/codex/home

.github/workflows/rust-ci.yml

@@ -62,6 +62,26 @@ jobs:
           components: rustfmt
       - name: cargo fmt
         run: cargo fmt -- --config imports_granularity=Item --check
+      - name: Verify codegen for mcp-types
+        run: ./mcp-types/check_lib_rs.py
+
+  cargo_shear:
+    name: cargo shear
+    runs-on: ubuntu-24.04
+    needs: changed
+    if: ${{ needs.changed.outputs.codex == 'true' || needs.changed.outputs.workflows == 'true' || github.event_name == 'push' }}
+    defaults:
+      run:
+        working-directory: codex-rs
+    steps:
+      - uses: actions/checkout@v5
+      - uses: dtolnay/rust-toolchain@1.89
+      - uses: taiki-e/install-action@0c5db7f7f897c03b771660e91d065338615679f4 # v2
+        with:
+          tool: cargo-shear
+          version: 1.5.1
+      - name: cargo shear
+        run: cargo shear
 
   # --- CI to validate on different os/targets --------------------------------
   lint_build_test:
@@ -100,15 +120,26 @@ jobs:
           - runner: windows-latest
             target: x86_64-pc-windows-msvc
             profile: dev
+          - runner: windows-11-arm
+            target: aarch64-pc-windows-msvc
+            profile: dev
 
           # Also run representative release builds on Mac and Linux because
           # there could be release-only build errors we want to catch.
+          # Hopefully this also pre-populates the build cache to speed up
+          # releases.
           - runner: macos-14
             target: aarch64-apple-darwin
             profile: release
           - runner: ubuntu-24.04
             target: x86_64-unknown-linux-musl
             profile: release
+          - runner: windows-latest
+            target: x86_64-pc-windows-msvc
+            profile: release
+          - runner: windows-11-arm
+            target: aarch64-pc-windows-msvc
+            profile: release
 
     steps:
       - uses: actions/checkout@v5
@@ -134,7 +165,7 @@ jobs:
 
       - name: cargo clippy
         id: clippy
-        run: cargo clippy --target ${{ matrix.target }} --all-features --tests -- -D warnings
+        run: cargo clippy --target ${{ matrix.target }} --all-features --tests --profile ${{ matrix.profile }} -- -D warnings
 
       # Running `cargo build` from the workspace root builds the workspace using
       # the union of all features from third-party crates. This can mask errors
@@ -149,12 +180,17 @@ jobs:
           find . -name Cargo.toml -mindepth 2 -maxdepth 2 -print0 \
             | xargs -0 -n1 -I{} bash -c 'cd "$(dirname "{}")" && cargo check --profile ${{ matrix.profile }}'
 
-      - name: cargo test
+      - uses: taiki-e/install-action@0c5db7f7f897c03b771660e91d065338615679f4 # v2
+        with:
+          tool: nextest
+          version: 0.9.103
+
+      - name: tests
         id: test
-        # `cargo test` takes too long for release builds to run them on every PR
+        # Tests take too long for release builds to run them on every PR.
         if: ${{ matrix.profile != 'release' }}
         continue-on-error: true
-        run: cargo test --all-features --target ${{ matrix.target }} --profile ${{ matrix.profile }}
+        run: cargo nextest run --all-features --no-fail-fast --target ${{ matrix.target }}
         env:
           RUST_BACKTRACE: 1
 
@@ -171,7 +207,7 @@ jobs:
   # --- Gatherer job that you mark as the ONLY required status -----------------
   results:
     name: CI results (required)
-    needs: [changed, general, lint_build_test]
+    needs: [changed, general, cargo_shear, lint_build_test]
     if: always()
     runs-on: ubuntu-24.04
     steps:
@@ -179,6 +215,7 @@ jobs:
         shell: bash
         run: |
           echo "general: ${{ needs.general.result }}"
+          echo "shear  : ${{ needs.cargo_shear.result }}"
           echo "matrix : ${{ needs.lint_build_test.result }}"
 
           # If nothing relevant changed (PR touching only root README, etc.),
@@ -190,4 +227,5 @@ jobs:
 
           # Otherwise require the jobs to have succeeded
           [[ '${{ needs.general.result }}' == 'success' ]] || { echo 'general failed'; exit 1; }
+          [[ '${{ needs.cargo_shear.result }}' == 'success' ]] || { echo 'cargo_shear failed'; exit 1; }
           [[ '${{ needs.lint_build_test.result }}' == 'success' ]] || { echo 'matrix failed'; exit 1; }

.github/workflows/rust-release.yml

@@ -72,6 +72,8 @@ jobs:
             target: aarch64-unknown-linux-gnu
           - runner: windows-latest
             target: x86_64-pc-windows-msvc
+          - runner: windows-11-arm
+            target: aarch64-pc-windows-msvc
 
     steps:
       - uses: actions/checkout@v5
@@ -87,7 +89,7 @@ jobs:
             ~/.cargo/registry/cache/
             ~/.cargo/git/db/
             ${{ github.workspace }}/codex-rs/target/
-          key: cargo-release-${{ matrix.runner }}-${{ matrix.target }}-release-${{ hashFiles('**/Cargo.lock') }}
+          key: cargo-${{ matrix.runner }}-${{ matrix.target }}-release-${{ hashFiles('**/Cargo.lock') }}
 
       - if: ${{ matrix.target == 'x86_64-unknown-linux-musl' || matrix.target == 'aarch64-unknown-linux-musl'}}
         name: Install musl build tools
@@ -109,6 +111,11 @@ jobs:
             cp target/${{ matrix.target }}/release/codex "$dest/codex-${{ matrix.target }}"
           fi
 
+      - if: ${{ matrix.runner == 'windows-11-arm' }}
+        name: Install zstd
+        shell: powershell
+        run: choco install -y zstandard
+
       - name: Compress artifacts
         shell: bash
         run: |
@@ -160,6 +167,12 @@ jobs:
     needs: build
     name: release
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      actions: read
+    outputs:
+      version: ${{ steps.release_name.outputs.name }}
+      tag: ${{ github.ref_name }}
 
     steps:
       - name: Checkout repository
@@ -212,3 +225,64 @@ jobs:
         with:
           tag: ${{ github.ref_name }}
           config: .github/dotslash-config.json
+
+  # Publish to npm using OIDC authentication.
+  # July 31, 2025: https://github.blog/changelog/2025-07-31-npm-trusted-publishing-with-oidc-is-generally-available/
+  # npm docs: https://docs.npmjs.com/trusted-publishers
+  publish-npm:
+    # Skip this step for pre-releases (alpha/beta).
+    if: ${{ !contains(needs.release.outputs.version, '-') }}
+    name: publish-npm
+    needs: release
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write # Required for OIDC
+      contents: read
+
+    steps:
+      - name: Setup Node.js
+        uses: actions/setup-node@v5
+        with:
+          node-version: 22
+          registry-url: "https://registry.npmjs.org"
+          scope: "@openai"
+
+      # Trusted publishing requires npm CLI version 11.5.1 or later.
+      - name: Update npm
+        run: npm install -g npm@latest
+
+      - name: Download npm tarball from release
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          set -euo pipefail
+          version="${{ needs.release.outputs.version }}"
+          tag="${{ needs.release.outputs.tag }}"
+          mkdir -p dist/npm
+          gh release download "$tag" \
+            --repo "${GITHUB_REPOSITORY}" \
+            --pattern "codex-npm-${version}.tgz" \
+            --dir dist/npm
+
+      # No NODE_AUTH_TOKEN needed because we use OIDC.
+      - name: Publish to npm
+        run: npm publish "${GITHUB_WORKSPACE}/dist/npm/codex-npm-${{ needs.release.outputs.version }}.tgz"
+
+  update-branch:
+    name: Update latest-alpha-cli branch
+    permissions:
+      contents: write
+    needs: release
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Update latest-alpha-cli branch
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          set -euo pipefail
+          gh api \
+            repos/${GITHUB_REPOSITORY}/git/refs/heads/latest-alpha-cli \
+            -X PATCH \
+            -f sha="${GITHUB_SHA}" \
+            -F force=true

.vscode/extensions.json

@@ -1,5 +1,11 @@
 {
     "recommendations": [
+        "rust-lang.rust-analyzer",
         "tamasfe.even-better-toml",
+        "vadimcn.vscode-lldb",
+
+        // Useful if touching files in .github/workflows, though most
+        // contributors will not be doing that?
+        // "github.vscode-github-actions",
     ]
 }

AGENTS.md

@@ -4,13 +4,15 @@ In the codex-rs folder where the rust code lives:
 
 - Crate names are prefixed with `codex-`. For example, the `core` folder's crate is named `codex-core`
 - When using format! and you can inline variables into {}, always do that.
+- Install any commands the repo relies on (for example `just`, `rg`, or `cargo-insta`) if they aren't already available before running instructions here.
 - Never add or modify any code related to `CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR` or `CODEX_SANDBOX_ENV_VAR`.
   - You operate in a sandbox where `CODEX_SANDBOX_NETWORK_DISABLED=1` will be set whenever you use the `shell` tool. Any existing code that uses `CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR` was authored with this fact in mind. It is often used to early exit out of tests that the author knew you would not be able to run given your sandbox limitations.
   - Similarly, when you spawn a process using Seatbelt (`/usr/bin/sandbox-exec`), `CODEX_SANDBOX=seatbelt` will be set on the child process. Integration tests that want to run Seatbelt themselves cannot be run under Seatbelt, so checks for `CODEX_SANDBOX=seatbelt` are also often used to early exit out of tests, as appropriate.
 
-Before finalizing a change to `codex-rs`, run `just fmt` (in `codex-rs` directory) to format the code and `just fix -p <project>` (in `codex-rs` directory) to fix any linter issues in the code. Additionally, run the tests:
+Run `just fmt` (in `codex-rs` directory) automatically after making Rust code changes; do not ask for approval to run it. Before finalizing a change to `codex-rs`, run `just fix -p <project>` (in `codex-rs` directory) to fix any linter issues in the code. Prefer scoping with `-p` to avoid slow workspace‑wide Clippy builds; only run `just fix` without `-p` if you changed shared crates. Additionally, run the tests:
 1. Run the test for the specific project that was changed. For example, if changes were made in `codex-rs/tui`, run `cargo test -p codex-tui`.
 2. Once those pass, if any changes were made in common, core, or protocol, run the complete test suite with `cargo test --all-features`.
+When running interactively, ask the user before running `just fix` to finalize. `just fmt` does not require approval. project-specific or individual tests can be run without asking the user, but do ask the user before running the complete test suite.
 
 ## TUI style conventions
 
@@ -25,7 +27,26 @@ See `codex-rs/tui/styles.md`.
   - Example: patch summary file lines
     - Desired: vec!["  └ ".into(), "M".red(), " ".dim(), "tui/src/app.rs".dim()]
 
-## Snapshot tests
+### TUI Styling (ratatui)
+- Prefer Stylize helpers: use "text".dim(), .bold(), .cyan(), .italic(), .underlined() instead of manual Style where possible.
+- Prefer simple conversions: use "text".into() for spans and vec![…].into() for lines; when inference is ambiguous (e.g., Paragraph::new/Cell::from), use Line::from(spans) or Span::from(text).
+- Computed styles: if the Style is computed at runtime, using `Span::styled` is OK (`Span::from(text).set_style(style)` is also acceptable).
+- Avoid hardcoded white: do not use `.white()`; prefer the default foreground (no color).
+- Chaining: combine helpers by chaining for readability (e.g., url.cyan().underlined()).
+- Single items: prefer "text".into(); use Line::from(text) or Span::from(text) only when the target type isn’t obvious from context, or when using .into() would require extra type annotations.
+- Building lines: use vec![…].into() to construct a Line when the target type is obvious and no extra type annotations are needed; otherwise use Line::from(vec![…]).
+- Avoid churn: don’t refactor between equivalent forms (Span::styled ↔ set_style, Line::from ↔ .into()) without a clear readability or functional gain; follow file‑local conventions and do not introduce type annotations solely to satisfy .into().
+- Compactness: prefer the form that stays on one line after rustfmt; if only one of Line::from(vec![…]) or vec![…].into() avoids wrapping, choose that. If both wrap, pick the one with fewer wrapped lines.
+
+### Text wrapping
+- Always use textwrap::wrap to wrap plain strings.
+- If you have a ratatui Line and you want to wrap it, use the helpers in tui/src/wrapping.rs, e.g. word_wrap_lines / word_wrap_line.
+- If you need to indent wrapped lines, use the initial_indent / subsequent_indent options from RtOptions if you can, rather than writing custom logic.
+- If you have a list of lines and you need to prefix them all with some prefix (optionally different on the first vs subsequent lines), use the `prefix_lines` helper from line_utils.
+
+## Tests
+
+### Snapshot tests
 
 This repo uses snapshot tests (via `insta`), especially in `codex-rs/tui`, to validate rendered output. When UI or text output changes intentionally, update the snapshots as follows:
 
@@ -40,3 +61,7 @@ This repo uses snapshot tests (via `insta`), especially in `codex-rs/tui`, to va
 
 If you don’t have the tool:
 - `cargo install cargo-insta`
+
+### Test assertions
+
+- Tests should use pretty_assertions::assert_eq for clearer diffs. Import this at the top of the test module if it isn't already.

CHANGELOG.md

@@ -1,211 +1 @@
-# Changelog
-
-You can install any of these versions: `npm install -g codex@version`
-
-## `0.1.2505172129`
-
-### 🪲 Bug Fixes
-
-- Add node version check (#1007)
-- Persist token after refresh (#1006)
-
-## `0.1.2505171619`
-
-- `codex --login` + `codex --free` (#998)
-
-## `0.1.2505161800`
-
-- Sign in with chatgpt credits (#974)
-- Add support for OpenAI tool type, local_shell (#961)
-
-## `0.1.2505161243`
-
-- Sign in with chatgpt (#963)
-- Session history viewer (#912)
-- Apply patch issue when using different cwd (#942)
-- Diff command for filenames with special characters (#954)
-
-## `0.1.2505160811`
-
-- `codex-mini-latest` (#951)
-
-## `0.1.2505140839`
-
-### 🪲 Bug Fixes
-
-- Gpt-4.1 apply_patch handling (#930)
-- Add support for fileOpener in config.json (#911)
-- Patch in #366 and #367 for marked-terminal (#916)
-- Remember to set lastIndex = 0 on shared RegExp (#918)
-- Always load version from package.json at runtime (#909)
-- Tweak the label for citations for better rendering (#919)
-- Tighten up some logic around session timestamps and ids (#922)
-- Change EventMsg enum so every variant takes a single struct (#925)
-- Reasoning default to medium, show workdir when supplied (#931)
-- Test_dev_null_write() was not using echo as intended (#923)
-
-## `0.1.2504301751`
-
-### 🚀 Features
-
-- User config api key (#569)
-- `@mention` files in codex (#701)
-- Add `--reasoning` CLI flag (#314)
-- Lower default retry wait time and increase number of tries (#720)
-- Add common package registries domains to allowed-domains list (#414)
-
-### 🪲 Bug Fixes
-
-- Insufficient quota message (#758)
-- Input keyboard shortcut opt+delete (#685)
-- `/diff` should include untracked files (#686)
-- Only allow running without sandbox if explicitly marked in safe container (#699)
-- Tighten up check for /usr/bin/sandbox-exec (#710)
-- Check if sandbox-exec is available (#696)
-- Duplicate messages in quiet mode (#680)
-
-## `0.1.2504251709`
-
-### 🚀 Features
-
-- Add openai model info configuration (#551)
-- Added provider to run quiet mode function (#571)
-- Create parent directories when creating new files (#552)
-- Print bug report URL in terminal instead of opening browser (#510) (#528)
-- Add support for custom provider configuration in the user config (#537)
-- Add support for OpenAI-Organization and OpenAI-Project headers (#626)
-- Add specific instructions for creating API keys in error msg (#581)
-- Enhance toCodePoints to prevent potential unicode 14 errors (#615)
-- More native keyboard navigation in multiline editor (#655)
-- Display error on selection of invalid model (#594)
-
-### 🪲 Bug Fixes
-
-- Model selection (#643)
-- Nits in apply patch (#640)
-- Input keyboard shortcuts (#676)
-- `apply_patch` unicode characters (#625)
-- Don't clear turn input before retries (#611)
-- More loosely match context for apply_patch (#610)
-- Update bug report template - there is no --revision flag (#614)
-- Remove outdated copy of text input and external editor feature (#670)
-- Remove unreachable "disableResponseStorage" logic flow introduced in #543 (#573)
-- Non-openai mode - fix for gemini content: null, fix 429 to throw before stream (#563)
-- Only allow going up in history when not already in history if input is empty (#654)
-- Do not grant "node" user sudo access when using run_in_container.sh (#627)
-- Update scripts/build_container.sh to use pnpm instead of npm (#631)
-- Update lint-staged config to use pnpm --filter (#582)
-- Non-openai mode - don't default temp and top_p (#572)
-- Fix error catching when checking for updates (#597)
-- Close stdin when running an exec tool call (#636)
-
-## `0.1.2504221401`
-
-### 🚀 Features
-
-- Show actionable errors when api keys are missing (#523)
-- Add CLI `--version` flag (#492)
-
-### 🪲 Bug Fixes
-
-- Agent loop for ZDR (`disableResponseStorage`) (#543)
-- Fix relative `workdir` check for `apply_patch` (#556)
-- Minimal mid-stream #429 retry loop using existing back-off (#506)
-- Inconsistent usage of base URL and API key (#507)
-- Remove requirement for api key for ollama (#546)
-- Support `[provider]_BASE_URL` (#542)
-
-## `0.1.2504220136`
-
-### 🚀 Features
-
-- Add support for ZDR orgs (#481)
-- Include fractional portion of chunk that exceeds stdout/stderr limit (#497)
-
-## `0.1.2504211509`
-
-### 🚀 Features
-
-- Support multiple providers via Responses-Completion transformation (#247)
-- Add user-defined safe commands configuration and approval logic #380 (#386)
-- Allow switching approval modes when prompted to approve an edit/command (#400)
-- Add support for `/diff` command autocomplete in TerminalChatInput (#431)
-- Auto-open model selector if user selects deprecated model (#427)
-- Read approvalMode from config file (#298)
-- `/diff` command to view git diff (#426)
-- Tab completions for file paths (#279)
-- Add /command autocomplete (#317)
-- Allow multi-line input (#438)
-
-### 🪲 Bug Fixes
-
-- `full-auto` support in quiet mode (#374)
-- Enable shell option for child process execution (#391)
-- Configure husky and lint-staged for pnpm monorepo (#384)
-- Command pipe execution by improving shell detection (#437)
-- Name of the file not matching the name of the component (#354)
-- Allow proper exit from new Switch approval mode dialog (#453)
-- Ensure /clear resets context and exclude system messages from approximateTokenUsed count (#443)
-- `/clear` now clears terminal screen and resets context left indicator (#425)
-- Correct fish completion function name in CLI script (#485)
-- Auto-open model-selector when model is not found (#448)
-- Remove unnecessary isLoggingEnabled() checks (#420)
-- Improve test reliability for `raw-exec` (#434)
-- Unintended tear down of agent loop (#483)
-- Remove extraneous type casts (#462)
-
-## `0.1.2504181820`
-
-### 🚀 Features
-
-- Add `/bug` report command (#312)
-- Notify when a newer version is available (#333)
-
-### 🪲 Bug Fixes
-
-- Update context left display logic in TerminalChatInput component (#307)
-- Improper spawn of sh on Windows Powershell (#318)
-- `/bug` report command, thinking indicator (#381)
-- Include pnpm lock file (#377)
-
-## `0.1.2504172351`
-
-### 🚀 Features
-
-- Add Nix flake for reproducible development environments (#225)
-
-### 🪲 Bug Fixes
-
-- Handle invalid commands (#304)
-- Raw-exec-process-group.test improve reliability and error handling (#280)
-- Canonicalize the writeable paths used in seatbelt policy (#275)
-
-## `0.1.2504172304`
-
-### 🚀 Features
-
-- Add shell completion subcommand (#138)
-- Add command history persistence (#152)
-- Shell command explanation option (#173)
-- Support bun fallback runtime for codex CLI (#282)
-- Add notifications for MacOS using Applescript (#160)
-- Enhance image path detection in input processing (#189)
-- `--config`/`-c` flag to open global instructions in nvim (#158)
-- Update position of cursor when navigating input history with arrow keys to the end of the text (#255)
-
-### 🪲 Bug Fixes
-
-- Correct word deletion logic for trailing spaces (Ctrl+Backspace) (#131)
-- Improve Windows compatibility for CLI commands and sandbox (#261)
-- Correct typos in thinking texts (transcendent & parroting) (#108)
-- Add empty vite config file to prevent resolving to parent (#273)
-- Update regex to better match the retry error messages (#266)
-- Add missing "as" in prompt prefix in agent loop (#186)
-- Allow continuing after interrupting assistant (#178)
-- Standardize filename to kebab-case 🐍➡️🥙 (#302)
-- Small update to bug report template (#288)
-- Duplicated message on model change (#276)
-- Typos in prompts and comments (#195)
-- Check workdir before spawn (#221)
-
-<!-- generated - do not edit -->
+The changelog can be found on the [releases page](https://github.com/openai/codex/releases)

README.md

@@ -2,76 +2,31 @@
 
 <p align="center"><code>npm i -g @openai/codex</code><br />or <code>brew install codex</code></p>
 
-<p align="center"><strong>Codex CLI</strong> is a coding agent from OpenAI that runs locally on your computer.</br>If you are looking for the <em>cloud-based agent</em> from OpenAI, <strong>Codex Web</strong>, see <a href="https://chatgpt.com/codex">chatgpt.com/codex</a>.</p>
+<p align="center"><strong>Codex CLI</strong> is a coding agent from OpenAI that runs locally on your computer.
+</br>
+</br>If you want Codex in your code editor (VS Code, Cursor, Windsurf), <a href="https://developers.openai.com/codex/ide">install in your IDE</a>
+</br>If you are looking for the <em>cloud-based agent</em> from OpenAI, <strong>Codex Web</strong>, go to <a href="https://chatgpt.com/codex">chatgpt.com/codex</a></p>
 
 <p align="center">
-  <img src="./.github/codex-cli-splash.png" alt="Codex CLI splash" width="50%" />
+  <img src="./.github/codex-cli-splash.png" alt="Codex CLI splash" width="80%" />
   </p>
 
 ---
 
-<details>
-<summary><strong>Table of contents</strong></summary>
-
-<!-- Begin ToC -->
-
-- [Quickstart](#quickstart)
-  - [Installing and running Codex CLI](#installing-and-running-codex-cli)
-  - [Using Codex with your ChatGPT plan](#using-codex-with-your-chatgpt-plan)
-  - [Connecting on a "Headless" Machine](#connecting-on-a-headless-machine)
-    - [Authenticate locally and copy your credentials to the "headless" machine](#authenticate-locally-and-copy-your-credentials-to-the-headless-machine)
-    - [Connecting through VPS or remote](#connecting-through-vps-or-remote)
-  - [Usage-based billing alternative: Use an OpenAI API key](#usage-based-billing-alternative-use-an-openai-api-key)
-    - [Forcing a specific auth method (advanced)](#forcing-a-specific-auth-method-advanced)
-  - [Choosing Codex's level of autonomy](#choosing-codexs-level-of-autonomy)
-    - [**1. Read/write**](#1-readwrite)
-    - [**2. Read-only**](#2-read-only)
-    - [**3. Advanced configuration**](#3-advanced-configuration)
-    - [Can I run without ANY approvals?](#can-i-run-without-any-approvals)
-    - [Fine-tuning in `config.toml`](#fine-tuning-in-configtoml)
-  - [Example prompts](#example-prompts)
-- [Running with a prompt as input](#running-with-a-prompt-as-input)
-- [Using Open Source Models](#using-open-source-models)
-  - [Platform sandboxing details](#platform-sandboxing-details)
-- [Experimental technology disclaimer](#experimental-technology-disclaimer)
-- [System requirements](#system-requirements)
-- [CLI reference](#cli-reference)
-- [Memory & project docs](#memory--project-docs)
-- [Non-interactive / CI mode](#non-interactive--ci-mode)
-- [Model Context Protocol (MCP)](#model-context-protocol-mcp)
-- [Tracing / verbose logging](#tracing--verbose-logging)
-  - [DotSlash](#dotslash)
-- [Configuration](#configuration)
-- [FAQ](#faq)
-- [Zero data retention (ZDR) usage](#zero-data-retention-zdr-usage)
-- [Codex open source fund](#codex-open-source-fund)
-- [Contributing](#contributing)
-  - [Development workflow](#development-workflow)
-  - [Writing high-impact code changes](#writing-high-impact-code-changes)
-  - [Opening a pull request](#opening-a-pull-request)
-  - [Review process](#review-process)
-  - [Community values](#community-values)
-  - [Getting help](#getting-help)
-  - [Contributor license agreement (CLA)](#contributor-license-agreement-cla)
-    - [Quick fixes](#quick-fixes)
-  - [Releasing `codex`](#releasing-codex)
-- [Security & responsible AI](#security--responsible-ai)
-- [License](#license)
-
-<!-- End ToC -->
-
-</details>
-
----
-
 ## Quickstart
 
 ### Installing and running Codex CLI
 
-Install globally with your preferred package manager:
+Install globally with your preferred package manager. If you use npm:
 
 ```shell
-npm install -g @openai/codex  # Alternatively: `brew install codex`
+npm install -g @openai/codex
+```
+
+Alternatively, if you use Homebrew:
+
+```shell
+brew install codex
 ```
 
 Then simply run `codex` to get started:
@@ -99,607 +54,52 @@ Each archive contains a single entry with the platform baked into the name (e.g.
 ### Using Codex with your ChatGPT plan
 
 <p align="center">
-  <img src="./.github/codex-cli-login.png" alt="Codex CLI login" width="50%" />
+  <img src="./.github/codex-cli-login.png" alt="Codex CLI login" width="80%" />
   </p>
 
-Run `codex` and select **Sign in with ChatGPT**. You'll need a Plus, Pro, or Team ChatGPT account, and will get access to our latest models, including `gpt-5`, at no extra cost to your plan. (Enterprise is coming soon.)
+Run `codex` and select **Sign in with ChatGPT**. We recommend signing into your ChatGPT account to use Codex as part of your Plus, Pro, Team, Edu, or Enterprise plan. [Learn more about what's included in your ChatGPT plan](https://help.openai.com/en/articles/11369540-codex-in-chatgpt).
 
-> Important: If you've used the Codex CLI before, follow these steps to migrate from usage-based billing with your API key:
->
-> 1. Update the CLI and ensure `codex --version` is `0.20.0` or later
-> 2. Delete `~/.codex/auth.json` (this should be `C:\Users\USERNAME\.codex\auth.json` on Windows)
-> 3. Run `codex login` again
+You can also use Codex with an API key, but this requires [additional setup](./docs/authentication.md#usage-based-billing-alternative-use-an-openai-api-key). If you previously used an API key for usage-based billing, see the [migration steps](./docs/authentication.md#migrating-from-usage-based-billing-api-key). If you're having trouble with login, please comment on [this issue](https://github.com/openai/codex/issues/1243).
 
-If you encounter problems with the login flow, please comment on [this issue](https://github.com/openai/codex/issues/1243).
+### Model Context Protocol (MCP)
 
-### Connecting on a "Headless" Machine
+Codex CLI supports [MCP servers](./docs/advanced.md#model-context-protocol-mcp). Enable by adding an `mcp_servers` section to your `~/.codex/config.toml`.
 
-Today, the login process entails running a server on `localhost:1455`. If you are on a "headless" server, such as a Docker container or are `ssh`'d into a remote machine, loading `localhost:1455` in the browser on your local machine will not automatically connect to the webserver running on the _headless_ machine, so you must use one of the following workarounds:
 
-#### Authenticate locally and copy your credentials to the "headless" machine
+### Configuration
 
-The easiest solution is likely to run through the `codex login` process on your local machine such that `localhost:1455` _is_ accessible in your web browser. When you complete the authentication process, an `auth.json` file should be available at `$CODEX_HOME/auth.json` (on Mac/Linux, `$CODEX_HOME` defaults to `~/.codex` whereas on Windows, it defaults to `%USERPROFILE%\.codex`).
-
-Because the `auth.json` file is not tied to a specific host, once you complete the authentication flow locally, you can copy the `$CODEX_HOME/auth.json` file to the headless machine and then `codex` should "just work" on that machine. Note to copy a file to a Docker container, you can do:
-
-```shell
-# substitute MY_CONTAINER with the name or id of your Docker container:
-CONTAINER_HOME=$(docker exec MY_CONTAINER printenv HOME)
-docker exec MY_CONTAINER mkdir -p "$CONTAINER_HOME/.codex"
-docker cp auth.json MY_CONTAINER:"$CONTAINER_HOME/.codex/auth.json"
-```
-
-whereas if you are `ssh`'d into a remote machine, you likely want to use [`scp`](https://en.wikipedia.org/wiki/Secure_copy_protocol):
-
-```shell
-ssh user@remote 'mkdir -p ~/.codex'
-scp ~/.codex/auth.json user@remote:~/.codex/auth.json
-```
-
-or try this one-liner:
-
-```shell
-ssh user@remote 'mkdir -p ~/.codex && cat > ~/.codex/auth.json' < ~/.codex/auth.json
-```
-
-#### Connecting through VPS or remote
-
-If you run Codex on a remote machine (VPS/server) without a local browser, the login helper starts a server on `localhost:1455` on the remote host. To complete login in your local browser, forward that port to your machine before starting the login flow:
-
-```bash
-# From your local machine
-ssh -L 1455:localhost:1455 <user>@<remote-host>
-```
-
-Then, in that SSH session, run `codex` and select "Sign in with ChatGPT". When prompted, open the printed URL (it will be `http://localhost:1455/...`) in your local browser. The traffic will be tunneled to the remote server.
-
-### Usage-based billing alternative: Use an OpenAI API key
-
-If you prefer to pay-as-you-go, you can still authenticate with your OpenAI API key by setting it as an environment variable:
-
-```shell
-export OPENAI_API_KEY="your-api-key-here"
-```
-
-Notes:
-
-- This command only sets the key for your current terminal session, which we recommend. To set it for all future sessions, you can also add the `export` line to your shell's configuration file (e.g., `~/.zshrc`).
-- If you have signed in with ChatGPT, Codex will default to using your ChatGPT credits. If you wish to use your API key, use the `/logout` command to clear your ChatGPT authentication.
-
-#### Forcing a specific auth method (advanced)
-
-You can explicitly choose which authentication Codex should prefer when both are available.
-
-- To always use your API key (even when ChatGPT auth exists), set:
-
-```toml
-# ~/.codex/config.toml
-preferred_auth_method = "apikey"
-```
-
-Or override ad-hoc via CLI:
-
-```bash
-codex --config preferred_auth_method="apikey"
-```
-
-- To prefer ChatGPT auth (default), set:
-
-```toml
-# ~/.codex/config.toml
-preferred_auth_method = "chatgpt"
-```
-
-Notes:
-
-- When `preferred_auth_method = "apikey"` and an API key is available, the login screen is skipped.
-- When `preferred_auth_method = "chatgpt"` (default), Codex prefers ChatGPT auth if present; if only an API key is present, it will use the API key. Certain account types may also require API-key mode.
-
-### Choosing Codex's level of autonomy
-
-We always recommend running Codex in its default sandbox that gives you strong guardrails around what the agent can do. The default sandbox prevents it from editing files outside its workspace, or from accessing the network.
-
-When you launch Codex in a new folder, it detects whether the folder is version controlled and recommends one of two levels of autonomy:
-
-#### **1. Read/write**
-
-- Codex can run commands and write files in the workspace without approval.
-- To write files in other folders, access network, update git or perform other actions protected by the sandbox, Codex will need your permission.
-- By default, the workspace includes the current directory, as well as temporary directories like `/tmp`. You can see what directories are in the workspace with the `/status` command. See the docs for how to customize this behavior.
-- Advanced: You can manually specify this configuration by running `codex --sandbox workspace-write --ask-for-approval on-request`
-- This is the recommended default for version-controlled folders.
-
-#### **2. Read-only**
-
-- Codex can run read-only commands without approval.
-- To edit files, access network, or perform other actions protected by the sandbox, Codex will need your permission.
-- Advanced: You can manually specify this configuration by running `codex --sandbox read-only --ask-for-approval on-request`
-- This is the recommended default non-version-controlled folders.
-
-#### **3. Advanced configuration**
-
-Codex gives you fine-grained control over the sandbox with the `--sandbox` option, and over when it requests approval with the `--ask-for-approval` option. Run `codex help` for more on these options.
-
-#### Can I run without ANY approvals?
-
-Yes, run codex non-interactively with `--ask-for-approval never`. This option works with all `--sandbox` options, so you still have full control over Codex's level of autonomy. It will make its best attempt with whatever contrainsts you provide. For example:
-
-- Use `codex --ask-for-approval never --sandbox read-only` when you are running many agents to answer questions in parallel in the same workspace.
-- Use `codex --ask-for-approval never --sandbox workspace-write` when you want the agent to non-interactively take time to produce the best outcome, with strong guardrails around its behavior.
-- Use `codex --ask-for-approval never --sandbox danger-full-access` to dangerously give the agent full autonomy. Because this disables important safety mechanisms, we recommend against using this unless running Codex in an isolated environment.
-
-#### Fine-tuning in `config.toml`
-
-```toml
-# approval mode
-approval_policy = "untrusted"
-sandbox_mode    = "read-only"
-
-# full-auto mode
-approval_policy = "on-request"
-sandbox_mode    = "workspace-write"
-
-# Optional: allow network in workspace-write mode
-[sandbox_workspace_write]
-network_access = true
-```
-
-You can also save presets as **profiles**:
-
-```toml
-[profiles.full_auto]
-approval_policy = "on-request"
-sandbox_mode    = "workspace-write"
-
-[profiles.readonly_quiet]
-approval_policy = "never"
-sandbox_mode    = "read-only"
-```
-
-### Example prompts
-
-Below are a few bite-size examples you can copy-paste. Replace the text in quotes with your own task. See the [prompting guide](https://github.com/openai/codex/blob/main/codex-cli/examples/prompting_guide.md) for more tips and usage patterns.
-
-| ✨  | What you type                                                                   | What happens                                                               |
-| --- | ------------------------------------------------------------------------------- | -------------------------------------------------------------------------- |
-| 1   | `codex "Refactor the Dashboard component to React Hooks"`                       | Codex rewrites the class component, runs `npm test`, and shows the diff.   |
-| 2   | `codex "Generate SQL migrations for adding a users table"`                      | Infers your ORM, creates migration files, and runs them in a sandboxed DB. |
-| 3   | `codex "Write unit tests for utils/date.ts"`                                    | Generates tests, executes them, and iterates until they pass.              |
-| 4   | `codex "Bulk-rename *.jpeg -> *.jpg with git mv"`                               | Safely renames files and updates imports/usages.                           |
-| 5   | `codex "Explain what this regex does: ^(?=.*[A-Z]).{8,}$"`                      | Outputs a step-by-step human explanation.                                  |
-| 6   | `codex "Carefully review this repo, and propose 3 high impact well-scoped PRs"` | Suggests impactful PRs in the current codebase.                            |
-| 7   | `codex "Look for vulnerabilities and create a security review report"`          | Finds and explains security bugs.                                          |
-
-## Running with a prompt as input
-
-You can also run Codex CLI with a prompt as input:
-
-```shell
-codex "explain this codebase to me"
-```
-
-```shell
-codex --full-auto "create the fanciest todo-list app"
-```
-
-That's it - Codex will scaffold a file, run it inside a sandbox, install any
-missing dependencies, and show you the live result. Approve the changes and
-they'll be committed to your working directory.
-
-## Using Open Source Models
-
-<details>
-<summary><strong>Use <code>--profile</code> to use other models</strong></summary>
-
-Codex also allows you to use other providers that support the OpenAI Chat Completions (or Responses) API.
-
-To do so, you must first define custom [providers](./config.md#model_providers) in `~/.codex/config.toml`. For example, the provider for a standard Ollama setup would be defined as follows:
-
-```toml
-[model_providers.ollama]
-name = "Ollama"
-base_url = "http://localhost:11434/v1"
-```
-
-The `base_url` will have `/chat/completions` appended to it to build the full URL for the request.
-
-For providers that also require an `Authorization` header of the form `Bearer: SECRET`, an `env_key` can be specified, which indicates the environment variable to read to use as the value of `SECRET` when making a request:
-
-```toml
-[model_providers.openrouter]
-name = "OpenRouter"
-base_url = "https://openrouter.ai/api/v1"
-env_key = "OPENROUTER_API_KEY"
-```
-
-Providers that speak the Responses API are also supported by adding `wire_api = "responses"` as part of the definition. Accessing OpenAI models via Azure is an example of such a provider, though it also requires specifying additional `query_params` that need to be appended to the request URL:
-
-```toml
-[model_providers.azure]
-name = "Azure"
-# Make sure you set the appropriate subdomain for this URL.
-base_url = "https://YOUR_PROJECT_NAME.openai.azure.com/openai"
-env_key = "AZURE_OPENAI_API_KEY"  # Or "OPENAI_API_KEY", whichever you use.
-# Newer versions appear to support the responses API, see https://github.com/openai/codex/pull/1321
-query_params = { api-version = "2025-04-01-preview" }
-wire_api = "responses"
-```
-
-Once you have defined a provider you wish to use, you can configure it as your default provider as follows:
-
-```toml
-model_provider = "azure"
-```
-
-> [!TIP]
-> If you find yourself experimenting with a variety of models and providers, then you likely want to invest in defining a _profile_ for each configuration like so:
-
-```toml
-[profiles.o3]
-model_provider = "azure"
-model = "o3"
-
-[profiles.mistral]
-model_provider = "ollama"
-model = "mistral"
-```
-
-This way, you can specify one command-line argument (.e.g., `--profile o3`, `--profile mistral`) to override multiple settings together.
-
-</details>
-
-Codex can run fully locally against an OpenAI-compatible OSS host (like Ollama) using the `--oss` flag:
-
-- Interactive UI:
-  - codex --oss
-- Non-interactive (programmatic) mode:
-  - echo "Refactor utils" | codex exec --oss
-
-Model selection when using `--oss`:
-
-- If you omit `-m/--model`, Codex defaults to -m gpt-oss:20b and will verify it exists locally (downloading if needed).
-- To pick a different size, pass one of:
-  - -m "gpt-oss:20b"
-  - -m "gpt-oss:120b"
-
-Point Codex at your own OSS host:
-
-- By default, `--oss` talks to http://localhost:11434/v1.
-- To use a different host, set one of these environment variables before running Codex:
-  - CODEX_OSS_BASE_URL, for example:
-    - CODEX_OSS_BASE_URL="http://my-ollama.example.com:11434/v1" codex --oss -m gpt-oss:20b
-  - or CODEX_OSS_PORT (when the host is localhost):
-    - CODEX_OSS_PORT=11434 codex --oss
-
-Advanced: you can persist this in your config instead of environment variables by overriding the built-in `oss` provider in `~/.codex/config.toml`:
-
-```toml
-[model_providers.oss]
-name = "Open Source"
-base_url = "http://my-ollama.example.com:11434/v1"
-```
+Codex CLI supports a rich set of configuration options, with preferences stored in `~/.codex/config.toml`. For full configuration options, see [Configuration](./docs/config.md).
 
 ---
 
-### Platform sandboxing details
-
-By default, Codex CLI runs code and shell commands inside a restricted sandbox to protect your system.  
-
-> [!IMPORTANT]
-> Not all tool calls are sandboxed. Specifically, **trusted Model Context Protocol (MCP) tool calls** are executed outside of the sandbox.  
-> This is intentional: MCP tools are explicitly configured and trusted by you, and they often need to connect to **external applications or services** (e.g. issue trackers, databases, messaging systems).  
-> Running them outside the sandbox allows Codex to integrate with these external systems without being blocked by sandbox restrictions.
-
-The mechanism Codex uses to implement the sandbox policy depends on your OS:
-
-- **macOS 12+** uses **Apple Seatbelt** and runs commands using `sandbox-exec` with a profile (`-p`) that corresponds to the `--sandbox` that was specified.
-- **Linux** uses a combination of Landlock/seccomp APIs to enforce the `sandbox` configuration.
-
-Note that when running Linux in a containerized environment such as Docker, sandboxing may not work if the host/container configuration does not support the necessary Landlock/seccomp APIs. In such cases, we recommend configuring your Docker container so that it provides the sandbox guarantees you are looking for and then running `codex` with `--sandbox danger-full-access` (or, more simply, the `--dangerously-bypass-approvals-and-sandbox` flag) within your container.
-
----
-
-## Experimental technology disclaimer
-
-Codex CLI is an experimental project under active development. It is not yet stable, may contain bugs, incomplete features, or undergo breaking changes. We're building it in the open with the community and welcome:
-
-- Bug reports
-- Feature requests
-- Pull requests
-- Good vibes
-
-Help us improve by filing issues or submitting PRs (see the section below for how to contribute)!
-
----
-
-## System requirements
-
-| Requirement                 | Details                                                         |
-| --------------------------- | --------------------------------------------------------------- |
-| Operating systems           | macOS 12+, Ubuntu 20.04+/Debian 10+, or Windows 11 **via WSL2** |
-| Git (optional, recommended) | 2.23+ for built-in PR helpers                                   |
-| RAM                         | 4-GB minimum (8-GB recommended)                                 |
-
----
-
-## CLI reference
-
-| Command            | Purpose                            | Example                         |
-| ------------------ | ---------------------------------- | ------------------------------- |
-| `codex`            | Interactive TUI                    | `codex`                         |
-| `codex "..."`      | Initial prompt for interactive TUI | `codex "fix lint errors"`       |
-| `codex exec "..."` | Non-interactive "automation mode"  | `codex exec "explain utils.ts"` |
-
-Key flags: `--model/-m`, `--ask-for-approval/-a`.
-
----
-
-## Memory & project docs
-
-You can give Codex extra instructions and guidance using `AGENTS.md` files. Codex looks for `AGENTS.md` files in the following places, and merges them top-down:
-
-1. `~/.codex/AGENTS.md` - personal global guidance
-2. `AGENTS.md` at repo root - shared project notes
-3. `AGENTS.md` in the current working directory - sub-folder/feature specifics
-
----
-
-## Non-interactive / CI mode
-
-Run Codex head-less in pipelines. Example GitHub Action step:
-
-```yaml
-- name: Update changelog via Codex
-  run: |
-    npm install -g @openai/codex
-    export OPENAI_API_KEY="${{ secrets.OPENAI_KEY }}"
-    codex exec --full-auto "update CHANGELOG for next release"
-```
-
-## Model Context Protocol (MCP)
-
-The Codex CLI can be configured to leverage MCP servers by defining an [`mcp_servers`](./codex-rs/config.md#mcp_servers) section in `~/.codex/config.toml`. It is intended to mirror how tools such as Claude and Cursor define `mcpServers` in their respective JSON config files, though the Codex format is slightly different since it uses TOML rather than JSON, e.g.:
-
-```toml
-# IMPORTANT: the top-level key is `mcp_servers` rather than `mcpServers`.
-[mcp_servers.server-name]
-command = "npx"
-args = ["-y", "mcp-server"]
-env = { "API_KEY" = "value" }
-```
-
-> [!TIP]
-> It is somewhat experimental, but the Codex CLI can also be run as an MCP _server_ via `codex mcp`. If you launch it with an MCP client such as `npx @modelcontextprotocol/inspector codex mcp` and send it a `tools/list` request, you will see that there is only one tool, `codex`, that accepts a grab-bag of inputs, including a catch-all `config` map for anything you might want to override. Feel free to play around with it and provide feedback via GitHub issues.
-
-## Tracing / verbose logging
-
-Because Codex is written in Rust, it honors the `RUST_LOG` environment variable to configure its logging behavior.
-
-The TUI defaults to `RUST_LOG=codex_core=info,codex_tui=info` and log messages are written to `~/.codex/log/codex-tui.log`, so you can leave the following running in a separate terminal to monitor log messages as they are written:
-
-```
-tail -F ~/.codex/log/codex-tui.log
-```
-
-By comparison, the non-interactive mode (`codex exec`) defaults to `RUST_LOG=error`, but messages are printed inline, so there is no need to monitor a separate file.
-
-See the Rust documentation on [`RUST_LOG`](https://docs.rs/env_logger/latest/env_logger/#enabling-logging) for more information on the configuration options.
-
----
-
-### DotSlash
-
-The GitHub Release also contains a [DotSlash](https://dotslash-cli.com/) file for the Codex CLI named `codex`. Using a DotSlash file makes it possible to make a lightweight commit to source control to ensure all contributors use the same version of an executable, regardless of what platform they use for development.
-
-</details>
-
-<details>
-<summary><strong>Build from source</strong></summary>
-
-```bash
-# Clone the repository and navigate to the root of the Cargo workspace.
-git clone https://github.com/openai/codex.git
-cd codex/codex-rs
-
-# Install the Rust toolchain, if necessary.
-curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
-source "$HOME/.cargo/env"
-rustup component add rustfmt
-rustup component add clippy
-
-# Build Codex.
-cargo build
-
-# Launch the TUI with a sample prompt.
-cargo run --bin codex -- "explain this codebase to me"
-
-# After making changes, ensure the code is clean.
-cargo fmt -- --config imports_granularity=Item
-cargo clippy --tests
-
-# Run the tests.
-cargo test
-```
-
-</details>
-
----
-
-## Configuration
-
-Codex supports a rich set of configuration options documented in [`codex-rs/config.md`](./codex-rs/config.md).
-
-By default, Codex loads its configuration from `~/.codex/config.toml`.
-
-Though `--config` can be used to set/override ad-hoc config values for individual invocations of `codex`.
-
----
-
-## FAQ
-
-<details>
-<summary>OpenAI released a model called Codex in 2021 - is this related?</summary>
-
-In 2021, OpenAI released Codex, an AI system designed to generate code from natural language prompts. That original Codex model was deprecated as of March 2023 and is separate from the CLI tool.
-
-</details>
-
-<details>
-<summary>Which models are supported?</summary>
-
-Any model available with [Responses API](https://platform.openai.com/docs/api-reference/responses). The default is `o4-mini`, but pass `--model gpt-4.1` or set `model: gpt-4.1` in your config file to override.
-
-</details>
-<details>
-<summary>Why does <code>o3</code> or <code>o4-mini</code> not work for me?</summary>
-
-It's possible that your [API account needs to be verified](https://help.openai.com/en/articles/10910291-api-organization-verification) in order to start streaming responses and seeing chain of thought summaries from the API. If you're still running into issues, please let us know!
-
-</details>
-
-<details>
-<summary>How do I stop Codex from editing my files?</summary>
-
-Codex runs model-generated commands in a sandbox. If a proposed command or file change doesn't look right, you can simply type **n** to deny the command or give the model feedback.
-
-</details>
-<details>
-<summary>Does it work on Windows?</summary>
-
-Not directly. It requires [Windows Subsystem for Linux (WSL2)](https://learn.microsoft.com/en-us/windows/wsl/install) - Codex has been tested on macOS and Linux with Node 22.
-
-</details>
-
----
-
-## Zero data retention (ZDR) usage
-
-Codex CLI **does** support OpenAI organizations with [Zero Data Retention (ZDR)](https://platform.openai.com/docs/guides/your-data#zero-data-retention) enabled. If your OpenAI organization has Zero Data Retention enabled and you still encounter errors such as:
-
-```
-OpenAI rejected the request. Error details: Status: 400, Code: unsupported_parameter, Type: invalid_request_error, Message: 400 Previous response cannot be used for this organization due to Zero Data Retention.
-```
-
-Ensure you are running `codex` with `--config disable_response_storage=true` or add this line to `~/.codex/config.toml` to avoid specifying the command line option each time:
-
-```toml
-disable_response_storage = true
-```
-
-See [the configuration documentation on `disable_response_storage`](./codex-rs/config.md#disable_response_storage) for details.
-
----
-
-## Codex open source fund
-
-We're excited to launch a **$1 million initiative** supporting open source projects that use Codex CLI and other OpenAI models.
-
-- Grants are awarded up to **$25,000** API credits.
-- Applications are reviewed **on a rolling basis**.
-
-**Interested? [Apply here](https://openai.com/form/codex-open-source-fund/).**
-
----
-
-## Contributing
-
-This project is under active development and the code will likely change pretty significantly.
-
-**At the moment, we only plan to prioritize reviewing external contributions for bugs or security fixes.**
-
-If you want to add a new feature or change the behavior of an existing one, please open an issue proposing the feature and get approval from an OpenAI team member before spending time building it.
-
-**New contributions that don't go through this process may be closed** if they aren't aligned with our current roadmap or conflict with other priorities/upcoming features.
-
-### Development workflow
-
-- Create a _topic branch_ from `main` - e.g. `feat/interactive-prompt`.
-- Keep your changes focused. Multiple unrelated fixes should be opened as separate PRs.
-- Following the [development setup](#development-workflow) instructions above, ensure your change is free of lint warnings and test failures.
-
-### Writing high-impact code changes
-
-1. **Start with an issue.** Open a new one or comment on an existing discussion so we can agree on the solution before code is written.
-2. **Add or update tests.** Every new feature or bug-fix should come with test coverage that fails before your change and passes afterwards. 100% coverage is not required, but aim for meaningful assertions.
-3. **Document behaviour.** If your change affects user-facing behaviour, update the README, inline help (`codex --help`), or relevant example projects.
-4. **Keep commits atomic.** Each commit should compile and the tests should pass. This makes reviews and potential rollbacks easier.
-
-### Opening a pull request
-
-- Fill in the PR template (or include similar information) - **What? Why? How?**
-- Run **all** checks locally (`cargo test && cargo clippy --tests && cargo fmt -- --config imports_granularity=Item`). CI failures that could have been caught locally slow down the process.
-- Make sure your branch is up-to-date with `main` and that you have resolved merge conflicts.
-- Mark the PR as **Ready for review** only when you believe it is in a merge-able state.
-
-### Review process
-
-1. One maintainer will be assigned as a primary reviewer.
-2. If your PR adds a new feature that was not previously discussed and approved, we may choose to close your PR (see [Contributing](#contributing)).
-3. We may ask for changes - please do not take this personally. We value the work, but we also value consistency and long-term maintainability.
-5. When there is consensus that the PR meets the bar, a maintainer will squash-and-merge.
-
-### Community values
-
-- **Be kind and inclusive.** Treat others with respect; we follow the [Contributor Covenant](https://www.contributor-covenant.org/).
-- **Assume good intent.** Written communication is hard - err on the side of generosity.
-- **Teach & learn.** If you spot something confusing, open an issue or PR with improvements.
-
-### Getting help
-
-If you run into problems setting up the project, would like feedback on an idea, or just want to say _hi_ - please open a Discussion or jump into the relevant issue. We are happy to help.
-
-Together we can make Codex CLI an incredible tool. **Happy hacking!** :rocket:
-
-### Contributor license agreement (CLA)
-
-All contributors **must** accept the CLA. The process is lightweight:
-
-1. Open your pull request.
-2. Paste the following comment (or reply `recheck` if you've signed before):
-
-   ```text
-   I have read the CLA Document and I hereby sign the CLA
-   ```
-
-3. The CLA-Assistant bot records your signature in the repo and marks the status check as passed.
-
-No special Git commands, email attachments, or commit footers required.
-
-#### Quick fixes
-
-| Scenario          | Command                                          |
-| ----------------- | ------------------------------------------------ |
-| Amend last commit | `git commit --amend -s --no-edit && git push -f` |
-
-The **DCO check** blocks merges until every commit in the PR carries the footer (with squash this is just the one).
-
-### Releasing `codex`
-
-_For admins only._
-
-Make sure you are on `main` and have no local changes. Then run:
-
-```shell
-VERSION=0.2.0  # Can also be 0.2.0-alpha.1 or any valid Rust version.
-./codex-rs/scripts/create_github_release.sh "$VERSION"
-```
-
-This will make a local commit on top of `main` with `version` set to `$VERSION` in `codex-rs/Cargo.toml` (note that on `main`, we leave the version as `version = "0.0.0"`).
-
-This will push the commit using the tag `rust-v${VERSION}`, which in turn kicks off [the release workflow](.github/workflows/rust-release.yml). This will create a new GitHub Release named `$VERSION`.
-
-If everything looks good in the generated GitHub Release, uncheck the **pre-release** box so it is the latest release.
-
-Create a PR to update [`Formula/c/codex.rb`](https://github.com/Homebrew/homebrew-core/blob/main/Formula/c/codex.rb) on Homebrew.
-
----
-
-## Security & responsible AI
-
-Have you discovered a vulnerability or have concerns about model output? Please e-mail **security@openai.com** and we will respond promptly.
+### Docs & FAQ
+
+- [**Getting started**](./docs/getting-started.md)
+  - [CLI usage](./docs/getting-started.md#cli-usage)
+  - [Running with a prompt as input](./docs/getting-started.md#running-with-a-prompt-as-input)
+  - [Example prompts](./docs/getting-started.md#example-prompts)
+  - [Memory with AGENTS.md](./docs/getting-started.md#memory-with-agentsmd)
+  - [Configuration](./docs/config.md)
+- [**Sandbox & approvals**](./docs/sandbox.md)
+- [**Authentication**](./docs/authentication.md)
+  - [Auth methods](./docs/authentication.md#forcing-a-specific-auth-method-advanced)
+  - [Login on a "Headless" machine](./docs/authentication.md#connecting-on-a-headless-machine)
+- [**Advanced**](./docs/advanced.md)
+  - [Non-interactive / CI mode](./docs/advanced.md#non-interactive--ci-mode)
+  - [Tracing / verbose logging](./docs/advanced.md#tracing--verbose-logging)
+  - [Model Context Protocol (MCP)](./docs/advanced.md#model-context-protocol-mcp)
+- [**Zero data retention (ZDR)**](./docs/zdr.md)
+- [**Contributing**](./docs/contributing.md)
+- [**Install & build**](./docs/install.md)
+  - [System Requirements](./docs/install.md#system-requirements)
+  - [DotSlash](./docs/install.md#dotslash)
+  - [Build from source](./docs/install.md#build-from-source)
+- [**FAQ**](./docs/faq.md)
+- [**Open source fund**](./docs/open-source-fund.md)
 
 ---
 
 ## License
 
 This repository is licensed under the [Apache-2.0 License](LICENSE).
+

codex-cli/bin/codex.js

@@ -43,7 +43,8 @@ switch (platform) {
         targetTriple = "x86_64-pc-windows-msvc.exe";
         break;
       case "arm64":
-      // We do not build this today, fall through...
+        targetTriple = "aarch64-pc-windows-msvc.exe";
+        break;
       default:
         break;
     }

codex-cli/package.json

@@ -15,7 +15,8 @@
   ],
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/openai/codex.git"
+    "url": "git+https://github.com/openai/codex.git",
+    "directory": "codex-cli"
   },
   "dependencies": {
     "@vscode/ripgrep": "^1.15.14"

codex-cli/scripts/install_native_deps.sh

@@ -20,7 +20,7 @@ CODEX_CLI_ROOT=""
 # Until we start publishing stable GitHub releases, we have to grab the binaries
 # from the GitHub Action that created them. Update the URL below to point to the
 # appropriate workflow run:
-WORKFLOW_URL="https://github.com/openai/codex/actions/runs/16840150768" # rust-v0.20.0-alpha.2
+WORKFLOW_URL="https://github.com/openai/codex/actions/runs/17417194663" # rust-v0.28.0
 
 while [[ $# -gt 0 ]]; do
   case "$1" in
@@ -87,5 +87,8 @@ zstd -d "$ARTIFACTS_DIR/aarch64-apple-darwin/codex-aarch64-apple-darwin.zst" \
 # x64 Windows
 zstd -d "$ARTIFACTS_DIR/x86_64-pc-windows-msvc/codex-x86_64-pc-windows-msvc.exe.zst" \
     -o "$BIN_DIR/codex-x86_64-pc-windows-msvc.exe"
+# ARM64 Windows
+zstd -d "$ARTIFACTS_DIR/aarch64-pc-windows-msvc/codex-aarch64-pc-windows-msvc.exe.zst" \
+    -o "$BIN_DIR/codex-aarch64-pc-windows-msvc.exe"
 
 echo "Installed native dependencies into $BIN_DIR"

codex-rs/Cargo.toml

@@ -9,6 +9,7 @@ members = [
     "exec",
     "execpolicy",
     "file-search",
+    "git-tooling",
     "linux-sandbox",
     "login",
     "mcp-client",
@@ -29,13 +30,168 @@ version = "0.0.0"
 # edition.
 edition = "2024"
 
+[workspace.dependencies]
+# Internal
+codex-ansi-escape = { path = "ansi-escape" }
+codex-apply-patch = { path = "apply-patch" }
+codex-arg0 = { path = "arg0" }
+codex-chatgpt = { path = "chatgpt" }
+codex-common = { path = "common" }
+codex-core = { path = "core" }
+codex-exec = { path = "exec" }
+codex-file-search = { path = "file-search" }
+codex-git-tooling = { path = "git-tooling" }
+codex-linux-sandbox = { path = "linux-sandbox" }
+codex-login = { path = "login" }
+codex-mcp-client = { path = "mcp-client" }
+codex-mcp-server = { path = "mcp-server" }
+codex-ollama = { path = "ollama" }
+codex-protocol = { path = "protocol" }
+codex-protocol-ts = { path = "protocol-ts" }
+codex-tui = { path = "tui" }
+core_test_support = { path = "core/tests/common" }
+mcp-types = { path = "mcp-types" }
+mcp_test_support = { path = "mcp-server/tests/common" }
+
+# External
+allocative = "0.3.3"
+ansi-to-tui = "7.0.0"
+anyhow = "1"
+arboard = "3"
+askama = "0.12"
+assert_cmd = "2"
+async-channel = "2.3.1"
+async-stream = "0.3.6"
+base64 = "0.22.1"
+bytes = "1.10.1"
+chrono = "0.4.40"
+clap = "4"
+clap_complete = "4"
+color-eyre = "0.6.3"
+crossterm = "0.28.1"
+derive_more = "2"
+diffy = "0.4.2"
+dirs = "6"
+dotenvy = "0.15.7"
+env-flags = "0.1.1"
+env_logger = "0.11.5"
+eventsource-stream = "0.2.3"
+futures = "0.3"
+icu_decimal = "2.0.0"
+icu_locale_core = "2.0.0"
+ignore = "0.4.23"
+image = { version = "^0.25.8", default-features = false }
+insta = "1.43.2"
+itertools = "0.14.0"
+landlock = "0.4.1"
+lazy_static = "1"
+libc = "0.2.175"
+log = "0.4"
+maplit = "1.0.2"
+mime_guess = "2.0.5"
+multimap = "0.10.0"
+nucleo-matcher = "0.3.1"
+once_cell = "1"
+openssl-sys = "*"
+os_info = "3.12.0"
+owo-colors = "4.2.0"
+path-absolutize = "3.1.1"
+path-clean = "1.0.1"
+pathdiff = "0.2"
+portable-pty = "0.9.0"
+predicates = "3"
+pretty_assertions = "1.4.1"
+pulldown-cmark = "0.10"
+rand = "0.9"
+ratatui = "0.29.0"
+regex-lite = "0.1.7"
+reqwest = "0.12"
+schemars = "0.8.22"
+seccompiler = "0.5.0"
+serde = "1"
+serde_json = "1"
+serde_with = "3.14"
+sha1 = "0.10.6"
+sha2 = "0.10"
+shlex = "1.3.0"
+similar = "2.7.0"
+starlark = "0.13.0"
+strum = "0.27.2"
+strum_macros = "0.27.2"
+supports-color = "3.0.2"
+sys-locale = "0.3.2"
+tempfile = "3.13.0"
+textwrap = "0.16.2"
+thiserror = "2.0.16"
+time = "0.3"
+tiny_http = "0.12"
+tokio = "1"
+tokio-stream = "0.1.17"
+tokio-test = "0.4"
+tokio-util = "0.7.16"
+toml = "0.9.5"
+toml_edit = "0.23.4"
+tracing = "0.1.41"
+tracing-appender = "0.2.3"
+tracing-subscriber = "0.3.20"
+tree-sitter = "0.25.9"
+tree-sitter-bash = "0.25.0"
+ts-rs = "11"
+unicode-segmentation = "1.12.0"
+unicode-width = "0.1"
+url = "2"
+urlencoding = "2.1"
+uuid = "1"
+vt100 = "0.16.2"
+walkdir = "2.5.0"
+webbrowser = "1.0"
+which = "6"
+wildmatch = "2.5.0"
+wiremock = "0.6"
+
 [workspace.lints]
 rust = {}
 
 [workspace.lints.clippy]
 expect_used = "deny"
+identity_op = "deny"
+manual_clamp = "deny"
+manual_filter = "deny"
+manual_find = "deny"
+manual_flatten = "deny"
+manual_map = "deny"
+manual_memcpy = "deny"
+manual_non_exhaustive = "deny"
+manual_ok_or = "deny"
+manual_range_contains = "deny"
+manual_retain = "deny"
+manual_strip = "deny"
+manual_try_fold = "deny"
+manual_unwrap_or = "deny"
+needless_borrow = "deny"
+needless_borrowed_reference = "deny"
+needless_collect = "deny"
+needless_late_init = "deny"
+needless_option_as_deref = "deny"
+needless_question_mark = "deny"
+needless_update = "deny"
+redundant_clone = "deny"
+redundant_closure = "deny"
+redundant_closure_for_method_calls = "deny"
+redundant_static_lifetimes = "deny"
+trivially_copy_pass_by_ref = "deny"
+uninlined_format_args = "deny"
+unnecessary_filter_map = "deny"
+unnecessary_lazy_evaluations = "deny"
+unnecessary_sort_by = "deny"
+unnecessary_to_owned = "deny"
 unwrap_used = "deny"
 
+# cargo-shear cannot see the platform-specific openssl-sys usage, so we
+# silence the false positive here instead of deleting a real dependency.
+[workspace.metadata.cargo-shear]
+ignored = ["openssl-sys"]
+
 [profile.release]
 lto = "fat"
 # Because we bundle some of these executables with the TypeScript CLI, we

codex-rs/README.md

@@ -19,11 +19,11 @@ While we are [working to close the gap between the TypeScript and Rust implement
 
 ### Config
 
-Codex supports a rich set of configuration options. Note that the Rust CLI uses `config.toml` instead of `config.json`. See [`config.md`](./config.md) for details.
+Codex supports a rich set of configuration options. Note that the Rust CLI uses `config.toml` instead of `config.json`. See [`docs/config.md`](../docs/config.md) for details.
 
 ### Model Context Protocol Support
 
-Codex CLI functions as an MCP client that can connect to MCP servers on startup. See the [`mcp_servers`](./config.md#mcp_servers) section in the configuration documentation for details.
+Codex CLI functions as an MCP client that can connect to MCP servers on startup. See the [`mcp_servers`](../docs/config.md#mcp_servers) section in the configuration documentation for details.
 
 It is still experimental, but you can also launch Codex as an MCP _server_ by running `codex mcp`. Use the [`@modelcontextprotocol/inspector`](https://github.com/modelcontextprotocol/inspector) to try it out:
 
@@ -33,9 +33,9 @@ npx @modelcontextprotocol/inspector codex mcp
 
 ### Notifications
 
-You can enable notifications by configuring a script that is run whenever the agent finishes a turn. The [notify documentation](./config.md#notify) includes a detailed example that explains how to get desktop notifications via [terminal-notifier](https://github.com/julienXX/terminal-notifier) on macOS.
+You can enable notifications by configuring a script that is run whenever the agent finishes a turn. The [notify documentation](../docs/config.md#notify) includes a detailed example that explains how to get desktop notifications via [terminal-notifier](https://github.com/julienXX/terminal-notifier) on macOS.
 
-### `codex exec` to run Codex programmatially/non-interactively
+### `codex exec` to run Codex programmatically/non-interactively
 
 To run Codex non-interactively, run `codex exec PROMPT` (you can also pass the prompt via `stdin`) and Codex will work on your task until it decides that it is done and exits. Output is printed to the terminal directly. You can set the `RUST_LOG` environment variable to see more about what's going on.
 

codex-rs/ansi-escape/Cargo.toml

@@ -8,9 +8,9 @@ name = "codex_ansi_escape"
 path = "src/lib.rs"
 
 [dependencies]
-ansi-to-tui = "7.0.0"
-ratatui = { version = "0.29.0", features = [
+ansi-to-tui = { workspace = true }
+ratatui = { workspace = true, features = [
     "unstable-rendered-line-info",
     "unstable-widget-ref",
 ] }
-tracing = { version = "0.1.41", features = ["log"] }
+tracing = { workspace = true, features = ["log"] }

codex-rs/ansi-escape/src/lib.rs

@@ -9,7 +9,7 @@ use ratatui::text::Text;
 pub fn ansi_escape_line(s: &str) -> Line<'static> {
     let text = ansi_escape(s);
     match text.lines.as_slice() {
-        [] => Line::from(""),
+        [] => "".into(),
         [only] => only.clone(),
         [first, rest @ ..] => {
             tracing::warn!("ansi_escape_line: expected a single line, got {first:?} and {rest:?}");

codex-rs/apply-patch/Cargo.toml

@@ -15,13 +15,14 @@ path = "src/main.rs"
 workspace = true
 
 [dependencies]
-anyhow = "1"
-similar = "2.7.0"
-thiserror = "2.0.12"
-tree-sitter = "0.25.8"
-tree-sitter-bash = "0.25.0"
+anyhow = { workspace = true }
+similar = { workspace = true }
+thiserror = { workspace = true }
+tree-sitter = { workspace = true }
+tree-sitter-bash = { workspace = true }
+once_cell = { workspace = true }
 
 [dev-dependencies]
-assert_cmd = "2"
-pretty_assertions = "1.4.1"
-tempfile = "3.13.0"
+assert_cmd = { workspace = true }
+pretty_assertions = { workspace = true }
+tempfile = { workspace = true }

codex-rs/apply-patch/src/lib.rs

@@ -9,6 +9,7 @@ use std::str::Utf8Error;
 
 use anyhow::Context;
 use anyhow::Result;
+use once_cell::sync::Lazy;
 pub use parser::Hunk;
 pub use parser::ParseError;
 use parser::ParseError::*;
@@ -18,6 +19,9 @@ use similar::TextDiff;
 use thiserror::Error;
 use tree_sitter::LanguageError;
 use tree_sitter::Parser;
+use tree_sitter::Query;
+use tree_sitter::QueryCursor;
+use tree_sitter::StreamingIterator;
 use tree_sitter_bash::LANGUAGE as BASH;
 
 pub use standalone_executable::main;
@@ -36,6 +40,11 @@ pub enum ApplyPatchError {
     /// Error that occurs while computing replacements when applying patch chunks
     #[error("{0}")]
     ComputeReplacements(String),
+    /// A raw patch body was provided without an explicit `apply_patch` invocation.
+    #[error(
+        "patch detected without explicit call to apply_patch. Rerun as [\"apply_patch\", \"<patch>\"]"
+    )]
+    ImplicitInvocation,
 }
 
 impl From<std::io::Error> for ApplyPatchError {
@@ -84,26 +93,29 @@ pub enum MaybeApplyPatch {
 pub struct ApplyPatchArgs {
     pub patch: String,
     pub hunks: Vec<Hunk>,
+    pub workdir: Option<String>,
 }
 
 pub fn maybe_parse_apply_patch(argv: &[String]) -> MaybeApplyPatch {
     match argv {
+        // Direct invocation: apply_patch <patch>
         [cmd, body] if APPLY_PATCH_COMMANDS.contains(&cmd.as_str()) => match parse_patch(body) {
             Ok(source) => MaybeApplyPatch::Body(source),
             Err(e) => MaybeApplyPatch::PatchParseError(e),
         },
-        [bash, flag, script]
-            if bash == "bash"
-                && flag == "-lc"
-                && APPLY_PATCH_COMMANDS
-                    .iter()
-                    .any(|cmd| script.trim_start().starts_with(cmd)) =>
-        {
-            match extract_heredoc_body_from_apply_patch_command(script) {
-                Ok(body) => match parse_patch(&body) {
-                    Ok(source) => MaybeApplyPatch::Body(source),
+        // Bash heredoc form: (optional `cd <path> &&`) apply_patch <<'EOF' ...
+        [bash, flag, script] if bash == "bash" && flag == "-lc" => {
+            match extract_apply_patch_from_bash(script) {
+                Ok((body, workdir)) => match parse_patch(&body) {
+                    Ok(mut source) => {
+                        source.workdir = workdir;
+                        MaybeApplyPatch::Body(source)
+                    }
                     Err(e) => MaybeApplyPatch::PatchParseError(e),
                 },
+                Err(ExtractHeredocError::CommandDidNotStartWithApplyPatch) => {
+                    MaybeApplyPatch::NotApplyPatch
+                }
                 Err(e) => MaybeApplyPatch::ShellParseError(e),
             }
         }
@@ -116,7 +128,9 @@ pub enum ApplyPatchFileChange {
     Add {
         content: String,
     },
-    Delete,
+    Delete {
+        content: String,
+    },
     Update {
         unified_diff: String,
         move_path: Option<PathBuf>,
@@ -200,17 +214,63 @@ impl ApplyPatchAction {
 /// cwd must be an absolute path so that we can resolve relative paths in the
 /// patch.
 pub fn maybe_parse_apply_patch_verified(argv: &[String], cwd: &Path) -> MaybeApplyPatchVerified {
+    // Detect a raw patch body passed directly as the command or as the body of a bash -lc
+    // script. In these cases, report an explicit error rather than applying the patch.
+    match argv {
+        [body] => {
+            if parse_patch(body).is_ok() {
+                return MaybeApplyPatchVerified::CorrectnessError(
+                    ApplyPatchError::ImplicitInvocation,
+                );
+            }
+        }
+        [bash, flag, script] if bash == "bash" && flag == "-lc" => {
+            if parse_patch(script).is_ok() {
+                return MaybeApplyPatchVerified::CorrectnessError(
+                    ApplyPatchError::ImplicitInvocation,
+                );
+            }
+        }
+        _ => {}
+    }
+
     match maybe_parse_apply_patch(argv) {
-        MaybeApplyPatch::Body(ApplyPatchArgs { patch, hunks }) => {
+        MaybeApplyPatch::Body(ApplyPatchArgs {
+            patch,
+            hunks,
+            workdir,
+        }) => {
+            let effective_cwd = workdir
+                .as_ref()
+                .map(|dir| {
+                    let path = Path::new(dir);
+                    if path.is_absolute() {
+                        path.to_path_buf()
+                    } else {
+                        cwd.join(path)
+                    }
+                })
+                .unwrap_or_else(|| cwd.to_path_buf());
             let mut changes = HashMap::new();
             for hunk in hunks {
-                let path = hunk.resolve_path(cwd);
+                let path = hunk.resolve_path(&effective_cwd);
                 match hunk {
                     Hunk::AddFile { contents, .. } => {
                         changes.insert(path, ApplyPatchFileChange::Add { content: contents });
                     }
                     Hunk::DeleteFile { .. } => {
-                        changes.insert(path, ApplyPatchFileChange::Delete);
+                        let content = match std::fs::read_to_string(&path) {
+                            Ok(content) => content,
+                            Err(e) => {
+                                return MaybeApplyPatchVerified::CorrectnessError(
+                                    ApplyPatchError::IoError(IoError {
+                                        context: format!("Failed to read {}", path.display()),
+                                        source: e,
+                                    }),
+                                );
+                            }
+                        };
+                        changes.insert(path, ApplyPatchFileChange::Delete { content });
                     }
                     Hunk::UpdateFile {
                         move_path, chunks, ..
@@ -238,7 +298,7 @@ pub fn maybe_parse_apply_patch_verified(argv: &[String], cwd: &Path) -> MaybeApp
             MaybeApplyPatchVerified::Body(ApplyPatchAction {
                 changes,
                 patch,
-                cwd: cwd.to_path_buf(),
+                cwd: effective_cwd,
             })
         }
         MaybeApplyPatch::ShellParseError(e) => MaybeApplyPatchVerified::ShellParseError(e),
@@ -247,33 +307,96 @@ pub fn maybe_parse_apply_patch_verified(argv: &[String], cwd: &Path) -> MaybeApp
     }
 }
 
-/// Attempts to extract a heredoc_body object from a string bash command like:
-/// Optimistically
+/// Extract the heredoc body (and optional `cd` workdir) from a `bash -lc` script
+/// that invokes the apply_patch tool using a heredoc.
 ///
-/// ```bash
-/// bash -lc 'apply_patch <<EOF\n***Begin Patch\n...EOF'
-/// ```
+/// Supported top‑level forms (must be the only top‑level statement):
+/// - `apply_patch <<'EOF'\n...\nEOF`
+/// - `cd <path> && apply_patch <<'EOF'\n...\nEOF`
 ///
-/// # Arguments
+/// Notes about matching:
+/// - Parsed with Tree‑sitter Bash and a strict query that uses anchors so the
+///   heredoc‑redirected statement is the only top‑level statement.
+/// - The connector between `cd` and `apply_patch` must be `&&` (not `|` or `||`).
+/// - Exactly one positional `word` argument is allowed for `cd` (no flags, no quoted
+///   strings, no second argument).
+/// - The apply command is validated in‑query via `#any-of?` to allow `apply_patch`
+///   or `applypatch`.
+/// - Preceding or trailing commands (e.g., `echo ...;` or `... && echo done`) do not match.
 ///
-/// * `src` - A string slice that holds the full command
-///
-/// # Returns
-///
-/// This function returns a `Result` which is:
-///
-/// * `Ok(String)` - The heredoc body if the extraction is successful.
-/// * `Err(anyhow::Error)` - An error if the extraction fails.
-///
-fn extract_heredoc_body_from_apply_patch_command(
+/// Returns `(heredoc_body, Some(path))` when the `cd` variant matches, or
+/// `(heredoc_body, None)` for the direct form. Errors are returned if the script
+/// cannot be parsed or does not match the allowed patterns.
+fn extract_apply_patch_from_bash(
     src: &str,
-) -> std::result::Result<String, ExtractHeredocError> {
-    if !APPLY_PATCH_COMMANDS
-        .iter()
-        .any(|cmd| src.trim_start().starts_with(cmd))
-    {
-        return Err(ExtractHeredocError::CommandDidNotStartWithApplyPatch);
-    }
+) -> std::result::Result<(String, Option<String>), ExtractHeredocError> {
+    // This function uses a Tree-sitter query to recognize one of two
+    // whole-script forms, each expressed as a single top-level statement:
+    //
+    // 1. apply_patch <<'EOF'\n...\nEOF
+    // 2. cd <path> && apply_patch <<'EOF'\n...\nEOF
+    //
+    // Key ideas when reading the query:
+    // - dots (`.`) between named nodes enforces adjacency among named children and
+    //   anchor to the start/end of the expression.
+    // - we match a single redirected_statement directly under program with leading
+    //   and trailing anchors (`.`). This ensures it is the only top-level statement
+    //   (so prefixes like `echo ...;` or suffixes like `... && echo done` do not match).
+    //
+    // Overall, we want to be conservative and only match the intended forms, as other
+    // forms are likely to be model errors, or incorrectly interpreted by later code.
+    //
+    // If you're editing this query, it's helpful to start by creating a debugging binary
+    // which will let you see the AST of an arbitrary bash script passed in, and optionally
+    // also run an arbitrary query against the AST. This is useful for understanding
+    // how tree-sitter parses the script and whether the query syntax is correct. Be sure
+    // to test both positive and negative cases.
+    static APPLY_PATCH_QUERY: Lazy<Query> = Lazy::new(|| {
+        let language = BASH.into();
+        #[expect(clippy::expect_used)]
+        Query::new(
+            &language,
+            r#"
+            (
+              program
+                . (redirected_statement
+                    body: (command
+                            name: (command_name (word) @apply_name) .)
+                    (#any-of? @apply_name "apply_patch" "applypatch")
+                    redirect: (heredoc_redirect
+                                . (heredoc_start)
+                                . (heredoc_body) @heredoc
+                                . (heredoc_end)
+                                .))
+                .)
+
+            (
+              program
+                . (redirected_statement
+                    body: (list
+                            . (command
+                                name: (command_name (word) @cd_name) .
+                                argument: [
+                                  (word) @cd_path
+                                  (string (string_content) @cd_path)
+                                  (raw_string) @cd_raw_string
+                                ] .)
+                            "&&"
+                            . (command
+                                name: (command_name (word) @apply_name))
+                            .)
+                    (#eq? @cd_name "cd")
+                    (#any-of? @apply_name "apply_patch" "applypatch")
+                    redirect: (heredoc_redirect
+                                . (heredoc_start)
+                                . (heredoc_body) @heredoc
+                                . (heredoc_end)
+                                .))
+                .)
+            "#,
+        )
+        .expect("valid bash query")
+    });
 
     let lang = BASH.into();
     let mut parser = Parser::new();
@@ -285,26 +408,55 @@ fn extract_heredoc_body_from_apply_patch_command(
         .ok_or(ExtractHeredocError::FailedToParsePatchIntoAst)?;
 
     let bytes = src.as_bytes();
-    let mut c = tree.root_node().walk();
+    let root = tree.root_node();
 
-    loop {
-        let node = c.node();
-        if node.kind() == "heredoc_body" {
-            let text = node
-                .utf8_text(bytes)
-                .map_err(ExtractHeredocError::HeredocNotUtf8)?;
-            return Ok(text.trim_end_matches('\n').to_owned());
-        }
+    let mut cursor = QueryCursor::new();
+    let mut matches = cursor.matches(&APPLY_PATCH_QUERY, root, bytes);
+    while let Some(m) = matches.next() {
+        let mut heredoc_text: Option<String> = None;
+        let mut cd_path: Option<String> = None;
 
-        if c.goto_first_child() {
-            continue;
-        }
-        while !c.goto_next_sibling() {
-            if !c.goto_parent() {
-                return Err(ExtractHeredocError::FailedToFindHeredocBody);
+        for capture in m.captures.iter() {
+            let name = APPLY_PATCH_QUERY.capture_names()[capture.index as usize];
+            match name {
+                "heredoc" => {
+                    let text = capture
+                        .node
+                        .utf8_text(bytes)
+                        .map_err(ExtractHeredocError::HeredocNotUtf8)?
+                        .trim_end_matches('\n')
+                        .to_string();
+                    heredoc_text = Some(text);
+                }
+                "cd_path" => {
+                    let text = capture
+                        .node
+                        .utf8_text(bytes)
+                        .map_err(ExtractHeredocError::HeredocNotUtf8)?
+                        .to_string();
+                    cd_path = Some(text);
+                }
+                "cd_raw_string" => {
+                    let raw = capture
+                        .node
+                        .utf8_text(bytes)
+                        .map_err(ExtractHeredocError::HeredocNotUtf8)?;
+                    let trimmed = raw
+                        .strip_prefix('\'')
+                        .and_then(|s| s.strip_suffix('\''))
+                        .unwrap_or(raw);
+                    cd_path = Some(trimmed.to_string());
+                }
+                _ => {}
             }
         }
+
+        if let Some(heredoc) = heredoc_text {
+            return Ok((heredoc, cd_path));
+        }
     }
+
+    Err(ExtractHeredocError::CommandDidNotStartWithApplyPatch)
 }
 
 #[derive(Debug, PartialEq)]
@@ -496,21 +648,18 @@ fn derive_new_contents_from_chunks(
         }
     };
 
-    let mut original_lines: Vec<String> = original_contents
-        .split('\n')
-        .map(|s| s.to_string())
-        .collect();
+    let mut original_lines: Vec<String> = original_contents.split('\n').map(String::from).collect();
 
     // Drop the trailing empty element that results from the final newline so
     // that line counts match the behaviour of standard `diff`.
-    if original_lines.last().is_some_and(|s| s.is_empty()) {
+    if original_lines.last().is_some_and(String::is_empty) {
         original_lines.pop();
     }
 
     let replacements = compute_replacements(&original_lines, path, chunks)?;
     let new_lines = apply_replacements(original_lines, &replacements);
     let mut new_lines = new_lines;
-    if !new_lines.last().is_some_and(|s| s.is_empty()) {
+    if !new_lines.last().is_some_and(String::is_empty) {
         new_lines.push(String::new());
     }
     let new_contents = new_lines.join("\n");
@@ -554,7 +703,7 @@ fn compute_replacements(
         if chunk.old_lines.is_empty() {
             // Pure addition (no old lines). We'll add them at the end or just
             // before the final empty line if one exists.
-            let insertion_idx = if original_lines.last().is_some_and(|s| s.is_empty()) {
+            let insertion_idx = if original_lines.last().is_some_and(String::is_empty) {
                 original_lines.len() - 1
             } else {
                 original_lines.len()
@@ -580,11 +729,11 @@ fn compute_replacements(
 
         let mut new_slice: &[String] = &chunk.new_lines;
 
-        if found.is_none() && pattern.last().is_some_and(|s| s.is_empty()) {
+        if found.is_none() && pattern.last().is_some_and(String::is_empty) {
             // Retry without the trailing empty line which represents the final
             // newline in the file.
             pattern = &pattern[..pattern.len() - 1];
-            if new_slice.last().is_some_and(|s| s.is_empty()) {
+            if new_slice.last().is_some_and(String::is_empty) {
                 new_slice = &new_slice[..new_slice.len() - 1];
             }
 
@@ -601,13 +750,15 @@ fn compute_replacements(
             line_index = start_idx + pattern.len();
         } else {
             return Err(ApplyPatchError::ComputeReplacements(format!(
-                "Failed to find expected lines {:?} in {}",
-                chunk.old_lines,
-                path.display()
+                "Failed to find expected lines in {}:\n{}",
+                path.display(),
+                chunk.old_lines.join("\n"),
             )));
         }
     }
 
+    replacements.sort_by(|(lhs_idx, _, _), (rhs_idx, _, _)| lhs_idx.cmp(rhs_idx));
+
     Ok(replacements)
 }
 
@@ -694,6 +845,7 @@ mod tests {
     use super::*;
     use pretty_assertions::assert_eq;
     use std::fs;
+    use std::string::ToString;
     use tempfile::tempdir;
 
     /// Helper to construct a patch with the given body.
@@ -702,7 +854,72 @@ mod tests {
     }
 
     fn strs_to_strings(strs: &[&str]) -> Vec<String> {
-        strs.iter().map(|s| s.to_string()).collect()
+        strs.iter().map(ToString::to_string).collect()
+    }
+
+    // Test helpers to reduce repetition when building bash -lc heredoc scripts
+    fn args_bash(script: &str) -> Vec<String> {
+        strs_to_strings(&["bash", "-lc", script])
+    }
+
+    fn heredoc_script(prefix: &str) -> String {
+        format!(
+            "{prefix}apply_patch <<'PATCH'\n*** Begin Patch\n*** Add File: foo\n+hi\n*** End Patch\nPATCH"
+        )
+    }
+
+    fn heredoc_script_ps(prefix: &str, suffix: &str) -> String {
+        format!(
+            "{prefix}apply_patch <<'PATCH'\n*** Begin Patch\n*** Add File: foo\n+hi\n*** End Patch\nPATCH{suffix}"
+        )
+    }
+
+    fn expected_single_add() -> Vec<Hunk> {
+        vec![Hunk::AddFile {
+            path: PathBuf::from("foo"),
+            contents: "hi\n".to_string(),
+        }]
+    }
+
+    fn assert_match(script: &str, expected_workdir: Option<&str>) {
+        let args = args_bash(script);
+        match maybe_parse_apply_patch(&args) {
+            MaybeApplyPatch::Body(ApplyPatchArgs { hunks, workdir, .. }) => {
+                assert_eq!(workdir.as_deref(), expected_workdir);
+                assert_eq!(hunks, expected_single_add());
+            }
+            result => panic!("expected MaybeApplyPatch::Body got {result:?}"),
+        }
+    }
+
+    fn assert_not_match(script: &str) {
+        let args = args_bash(script);
+        assert!(matches!(
+            maybe_parse_apply_patch(&args),
+            MaybeApplyPatch::NotApplyPatch
+        ));
+    }
+
+    #[test]
+    fn test_implicit_patch_single_arg_is_error() {
+        let patch = "*** Begin Patch\n*** Add File: foo\n+hi\n*** End Patch".to_string();
+        let args = vec![patch];
+        let dir = tempdir().unwrap();
+        assert!(matches!(
+            maybe_parse_apply_patch_verified(&args, dir.path()),
+            MaybeApplyPatchVerified::CorrectnessError(ApplyPatchError::ImplicitInvocation)
+        ));
+    }
+
+    #[test]
+    fn test_implicit_patch_bash_script_is_error() {
+        let script = "*** Begin Patch\n*** Add File: foo\n+hi\n*** End Patch";
+        let args = args_bash(script);
+        let dir = tempdir().unwrap();
+        assert!(matches!(
+            maybe_parse_apply_patch_verified(&args, dir.path()),
+            MaybeApplyPatchVerified::CorrectnessError(ApplyPatchError::ImplicitInvocation)
+        ));
     }
 
     #[test]
@@ -717,7 +934,7 @@ mod tests {
         ]);
 
         match maybe_parse_apply_patch(&args) {
-            MaybeApplyPatch::Body(ApplyPatchArgs { hunks, patch: _ }) => {
+            MaybeApplyPatch::Body(ApplyPatchArgs { hunks, .. }) => {
                 assert_eq!(
                     hunks,
                     vec![Hunk::AddFile {
@@ -742,7 +959,7 @@ mod tests {
         ]);
 
         match maybe_parse_apply_patch(&args) {
-            MaybeApplyPatch::Body(ApplyPatchArgs { hunks, patch: _ }) => {
+            MaybeApplyPatch::Body(ApplyPatchArgs { hunks, .. }) => {
                 assert_eq!(
                     hunks,
                     vec![Hunk::AddFile {
@@ -757,29 +974,7 @@ mod tests {
 
     #[test]
     fn test_heredoc() {
-        let args = strs_to_strings(&[
-            "bash",
-            "-lc",
-            r#"apply_patch <<'PATCH'
-*** Begin Patch
-*** Add File: foo
-+hi
-*** End Patch
-PATCH"#,
-        ]);
-
-        match maybe_parse_apply_patch(&args) {
-            MaybeApplyPatch::Body(ApplyPatchArgs { hunks, patch: _ }) => {
-                assert_eq!(
-                    hunks,
-                    vec![Hunk::AddFile {
-                        path: PathBuf::from("foo"),
-                        contents: "hi\n".to_string()
-                    }]
-                );
-            }
-            result => panic!("expected MaybeApplyPatch::Body got {result:?}"),
-        }
+        assert_match(&heredoc_script(""), None);
     }
 
     #[test]
@@ -796,7 +991,8 @@ PATCH"#,
         ]);
 
         match maybe_parse_apply_patch(&args) {
-            MaybeApplyPatch::Body(ApplyPatchArgs { hunks, patch: _ }) => {
+            MaybeApplyPatch::Body(ApplyPatchArgs { hunks, workdir, .. }) => {
+                assert_eq!(workdir, None);
                 assert_eq!(
                     hunks,
                     vec![Hunk::AddFile {
@@ -809,6 +1005,69 @@ PATCH"#,
         }
     }
 
+    #[test]
+    fn test_heredoc_with_leading_cd() {
+        assert_match(&heredoc_script("cd foo && "), Some("foo"));
+    }
+
+    #[test]
+    fn test_cd_with_semicolon_is_ignored() {
+        assert_not_match(&heredoc_script("cd foo; "));
+    }
+
+    #[test]
+    fn test_cd_or_apply_patch_is_ignored() {
+        assert_not_match(&heredoc_script("cd bar || "));
+    }
+
+    #[test]
+    fn test_cd_pipe_apply_patch_is_ignored() {
+        assert_not_match(&heredoc_script("cd bar | "));
+    }
+
+    #[test]
+    fn test_cd_single_quoted_path_with_spaces() {
+        assert_match(&heredoc_script("cd 'foo bar' && "), Some("foo bar"));
+    }
+
+    #[test]
+    fn test_cd_double_quoted_path_with_spaces() {
+        assert_match(&heredoc_script("cd \"foo bar\" && "), Some("foo bar"));
+    }
+
+    #[test]
+    fn test_echo_and_apply_patch_is_ignored() {
+        assert_not_match(&heredoc_script("echo foo && "));
+    }
+
+    #[test]
+    fn test_apply_patch_with_arg_is_ignored() {
+        let script = "apply_patch foo <<'PATCH'\n*** Begin Patch\n*** Add File: foo\n+hi\n*** End Patch\nPATCH";
+        assert_not_match(script);
+    }
+
+    #[test]
+    fn test_double_cd_then_apply_patch_is_ignored() {
+        assert_not_match(&heredoc_script("cd foo && cd bar && "));
+    }
+
+    #[test]
+    fn test_cd_two_args_is_ignored() {
+        assert_not_match(&heredoc_script("cd foo bar && "));
+    }
+
+    #[test]
+    fn test_cd_then_apply_patch_then_extra_is_ignored() {
+        let script = heredoc_script_ps("cd bar && ", " && echo done");
+        assert_not_match(&script);
+    }
+
+    #[test]
+    fn test_echo_then_cd_and_apply_patch_is_ignored() {
+        // Ensure preceding commands before the `cd && apply_patch <<...` sequence do not match.
+        assert_not_match(&heredoc_script("echo foo; cd bar && "));
+    }
+
     #[test]
     fn test_add_file_hunk_creates_file_with_contents() {
         let dir = tempdir().unwrap();
@@ -1006,6 +1265,33 @@ PATCH"#,
         assert_eq!(contents, "a\nB\nc\nd\nE\nf\ng\n");
     }
 
+    #[test]
+    fn test_pure_addition_chunk_followed_by_removal() {
+        let dir = tempdir().unwrap();
+        let path = dir.path().join("panic.txt");
+        fs::write(&path, "line1\nline2\nline3\n").unwrap();
+        let patch = wrap_patch(&format!(
+            r#"*** Update File: {}
+@@
++after-context
++second-line
+@@
+ line1
+-line2
+-line3
++line2-replacement"#,
+            path.display()
+        ));
+        let mut stdout = Vec::new();
+        let mut stderr = Vec::new();
+        apply_patch(&patch, &mut stdout, &mut stderr).unwrap();
+        let contents = fs::read_to_string(path).unwrap();
+        assert_eq!(
+            contents,
+            "line1\nline2-replacement\nafter-context\nsecond-line\n"
+        );
+    }
+
     /// Ensure that patches authored with ASCII characters can update lines that
     /// contain typographic Unicode punctuation (e.g. EN DASH, NON-BREAKING
     /// HYPHEN). Historically `git apply` succeeds in such scenarios but our

codex-rs/apply-patch/src/parser.rs

@@ -175,7 +175,11 @@ fn parse_patch_text(patch: &str, mode: ParseMode) -> Result<ApplyPatchArgs, Pars
         remaining_lines = &remaining_lines[hunk_lines..]
     }
     let patch = lines.join("\n");
-    Ok(ApplyPatchArgs { hunks, patch })
+    Ok(ApplyPatchArgs {
+        hunks,
+        patch,
+        workdir: None,
+    })
 }
 
 /// Checks the start and end lines of the patch text for `apply_patch`,
@@ -586,7 +590,8 @@ fn test_parse_patch_lenient() {
         parse_patch_text(&patch_text_in_heredoc, ParseMode::Lenient),
         Ok(ApplyPatchArgs {
             hunks: expected_patch.clone(),
-            patch: patch_text.to_string()
+            patch: patch_text.to_string(),
+            workdir: None,
         })
     );
 
@@ -599,7 +604,8 @@ fn test_parse_patch_lenient() {
         parse_patch_text(&patch_text_in_single_quoted_heredoc, ParseMode::Lenient),
         Ok(ApplyPatchArgs {
             hunks: expected_patch.clone(),
-            patch: patch_text.to_string()
+            patch: patch_text.to_string(),
+            workdir: None,
         })
     );
 
@@ -611,8 +617,9 @@ fn test_parse_patch_lenient() {
     assert_eq!(
         parse_patch_text(&patch_text_in_double_quoted_heredoc, ParseMode::Lenient),
         Ok(ApplyPatchArgs {
-            hunks: expected_patch.clone(),
-            patch: patch_text.to_string()
+            hunks: expected_patch,
+            patch: patch_text.to_string(),
+            workdir: None,
         })
     );
 
@@ -630,7 +637,7 @@ fn test_parse_patch_lenient() {
         "<<EOF\n*** Begin Patch\n*** Update File: file2.py\nEOF\n".to_string();
     assert_eq!(
         parse_patch_text(&patch_text_with_missing_closing_heredoc, ParseMode::Strict),
-        Err(expected_error.clone())
+        Err(expected_error)
     );
     assert_eq!(
         parse_patch_text(&patch_text_with_missing_closing_heredoc, ParseMode::Lenient),

codex-rs/apply-patch/src/seek_sequence.rs

@@ -112,9 +112,10 @@ pub(crate) fn seek_sequence(
 #[cfg(test)]
 mod tests {
     use super::seek_sequence;
+    use std::string::ToString;
 
     fn to_vec(strings: &[&str]) -> Vec<String> {
-        strings.iter().map(|s| s.to_string()).collect()
+        strings.iter().map(ToString::to_string).collect()
     }
 
     #[test]

codex-rs/arg0/Cargo.toml

@@ -11,10 +11,10 @@ path = "src/lib.rs"
 workspace = true
 
 [dependencies]
-anyhow = "1"
-codex-apply-patch = { path = "../apply-patch" }
-codex-core = { path = "../core" }
-codex-linux-sandbox = { path = "../linux-sandbox" }
-dotenvy = "0.15.7"
-tempfile = "3"
-tokio = { version = "1", features = ["rt-multi-thread"] }
+anyhow = { workspace = true }
+codex-apply-patch = { workspace = true }
+codex-core = { workspace = true }
+codex-linux-sandbox = { workspace = true }
+dotenvy = { workspace = true }
+tempfile = { workspace = true }
+tokio = { workspace = true, features = ["rt-multi-thread"] }

codex-rs/arg0/src/lib.rs

@@ -21,8 +21,7 @@ const MISSPELLED_APPLY_PATCH_ARG0: &str = "applypatch";
 /// `codex-linux-sandbox` we *directly* execute
 /// [`codex_linux_sandbox::run_main`] (which never returns). Otherwise we:
 ///
-/// 1.  Use [`dotenvy::from_path`] and [`dotenvy::dotenv`] to modify the
-///     environment before creating any threads.
+/// 1.  Load `.env` values from `~/.codex/.env` before creating any threads.
 /// 2.  Construct a Tokio multi-thread runtime.
 /// 3.  Derive the path to the current executable (so children can re-invoke the
 ///     sandbox) when running on Linux.
@@ -55,7 +54,7 @@ where
 
     let argv1 = args.next().unwrap_or_default();
     if argv1 == CODEX_APPLY_PATCH_ARG1 {
-        let patch_arg = args.next().and_then(|s| s.to_str().map(|s| s.to_owned()));
+        let patch_arg = args.next().and_then(|s| s.to_str().map(str::to_owned));
         let exit_code = match patch_arg {
             Some(patch_arg) => {
                 let mut stdout = std::io::stdout();
@@ -106,7 +105,7 @@ where
 
 const ILLEGAL_ENV_VAR_PREFIX: &str = "CODEX_";
 
-/// Load env vars from ~/.codex/.env and `$(pwd)/.env`.
+/// Load env vars from ~/.codex/.env.
 ///
 /// Security: Do not allow `.env` files to create or modify any variables
 /// with names starting with `CODEX_`.
@@ -116,10 +115,6 @@ fn load_dotenv() {
     {
         set_filtered(iter);
     }
-
-    if let Ok(iter) = dotenvy::dotenv_iter() {
-        set_filtered(iter);
-    }
 }
 
 /// Helper to set vars from a dotenvy iterator while filtering out `CODEX_` keys.

codex-rs/chatgpt/Cargo.toml

@@ -7,15 +7,13 @@ version = { workspace = true }
 workspace = true
 
 [dependencies]
-anyhow = "1"
-clap = { version = "4", features = ["derive"] }
-codex-common = { path = "../common", features = ["cli"] }
-codex-core = { path = "../core" }
-codex-login = { path = "../login" }
-reqwest = { version = "0.12", features = ["json", "stream"] }
-serde = { version = "1", features = ["derive"] }
-serde_json = "1"
-tokio = { version = "1", features = ["full"] }
+anyhow = { workspace = true }
+clap = { workspace = true, features = ["derive"] }
+codex-common = { workspace = true, features = ["cli"] }
+codex-core = { workspace = true }
+serde = { workspace = true, features = ["derive"] }
+serde_json = { workspace = true }
+tokio = { workspace = true, features = ["full"] }
 
 [dev-dependencies]
-tempfile = "3"
+tempfile = { workspace = true }

codex-rs/chatgpt/src/chatgpt_client.rs

@@ -1,5 +1,5 @@
 use codex_core::config::Config;
-use codex_core::user_agent::get_codex_user_agent;
+use codex_core::default_client::create_client;
 
 use crate::chatgpt_token::get_chatgpt_token_data;
 use crate::chatgpt_token::init_chatgpt_token_from_auth;
@@ -16,7 +16,7 @@ pub(crate) async fn chatgpt_get_request<T: DeserializeOwned>(
     init_chatgpt_token_from_auth(&config.codex_home).await?;
 
     // Make direct HTTP request to ChatGPT backend API with the token
-    let client = reqwest::Client::new();
+    let client = create_client();
     let url = format!("{chatgpt_base_url}{path}");
 
     let token =
@@ -31,7 +31,6 @@ pub(crate) async fn chatgpt_get_request<T: DeserializeOwned>(
         .bearer_auth(&token.access_token)
         .header("chatgpt-account-id", account_id?)
         .header("Content-Type", "application/json")
-        .header("User-Agent", get_codex_user_agent(None))
         .send()
         .await
         .context("Failed to send request")?;

codex-rs/chatgpt/src/chatgpt_token.rs

@@ -1,10 +1,9 @@
-use codex_login::AuthMode;
-use codex_login::CodexAuth;
+use codex_core::CodexAuth;
 use std::path::Path;
 use std::sync::LazyLock;
 use std::sync::RwLock;
 
-use codex_login::TokenData;
+use codex_core::token_data::TokenData;
 
 static CHATGPT_TOKEN: LazyLock<RwLock<Option<TokenData>>> = LazyLock::new(|| RwLock::new(None));
 
@@ -20,7 +19,7 @@ pub fn set_chatgpt_token_data(value: TokenData) {
 
 /// Initialize the ChatGPT token from auth.json file
 pub async fn init_chatgpt_token_from_auth(codex_home: &Path) -> std::io::Result<()> {
-    let auth = CodexAuth::from_codex_home(codex_home, AuthMode::ChatGPT)?;
+    let auth = CodexAuth::from_codex_home(codex_home)?;
     if let Some(auth) = auth {
         let token_data = auth.get_token_data().await?;
         set_chatgpt_token_data(token_data);

codex-rs/cli/Cargo.toml

@@ -15,26 +15,34 @@ path = "src/lib.rs"
 workspace = true
 
 [dependencies]
-anyhow = "1"
-clap = { version = "4", features = ["derive"] }
-clap_complete = "4"
-codex-arg0 = { path = "../arg0" }
-codex-chatgpt = { path = "../chatgpt" }
-codex-common = { path = "../common", features = ["cli"] }
-codex-core = { path = "../core" }
-codex-exec = { path = "../exec" }
-codex-login = { path = "../login" }
-codex-mcp-server = { path = "../mcp-server" }
-codex-protocol = { path = "../protocol" }
-codex-tui = { path = "../tui" }
-serde_json = "1"
-tokio = { version = "1", features = [
+anyhow = { workspace = true }
+clap = { workspace = true, features = ["derive"] }
+clap_complete = { workspace = true }
+codex-arg0 = { workspace = true }
+codex-chatgpt = { workspace = true }
+codex-common = { workspace = true, features = ["cli"] }
+codex-core = { workspace = true }
+codex-exec = { workspace = true }
+codex-login = { workspace = true }
+codex-mcp-server = { workspace = true }
+codex-protocol = { workspace = true }
+codex-protocol-ts = { workspace = true }
+codex-tui = { workspace = true }
+owo-colors = { workspace = true }
+serde_json = { workspace = true }
+supports-color = { workspace = true }
+tokio = { workspace = true, features = [
     "io-std",
     "macros",
     "process",
     "rt-multi-thread",
     "signal",
 ] }
-tracing = "0.1.41"
-tracing-subscriber = "0.3.19"
-codex-protocol-ts = { path = "../protocol-ts" }
+tracing = { workspace = true }
+tracing-subscriber = { workspace = true }
+
+[dev-dependencies]
+assert_cmd = { workspace = true }
+predicates = { workspace = true }
+pretty_assertions = { workspace = true }
+tempfile = { workspace = true }

codex-rs/cli/src/debug_sandbox.rs

@@ -64,7 +64,6 @@ async fn run_command_under_sandbox(
     sandbox_type: SandboxType,
 ) -> anyhow::Result<()> {
     let sandbox_mode = create_sandbox_mode(full_auto);
-    let cwd = std::env::current_dir()?;
     let config = Config::load_with_cli_overrides(
         config_overrides
             .parse_overrides()
@@ -75,13 +74,29 @@ async fn run_command_under_sandbox(
             ..Default::default()
         },
     )?;
+
+    // In practice, this should be `std::env::current_dir()` because this CLI
+    // does not support `--cwd`, but let's use the config value for consistency.
+    let cwd = config.cwd.clone();
+    // For now, we always use the same cwd for both the command and the
+    // sandbox policy. In the future, we could add a CLI option to set them
+    // separately.
+    let sandbox_policy_cwd = cwd.clone();
+
     let stdio_policy = StdioPolicy::Inherit;
     let env = create_env(&config.shell_environment_policy);
 
     let mut child = match sandbox_type {
         SandboxType::Seatbelt => {
-            spawn_command_under_seatbelt(command, &config.sandbox_policy, cwd, stdio_policy, env)
-                .await?
+            spawn_command_under_seatbelt(
+                command,
+                cwd,
+                &config.sandbox_policy,
+                sandbox_policy_cwd.as_path(),
+                stdio_policy,
+                env,
+            )
+            .await?
         }
         SandboxType::Landlock => {
             #[expect(clippy::expect_used)]
@@ -91,8 +106,9 @@ async fn run_command_under_sandbox(
             spawn_command_under_linux_sandbox(
                 codex_linux_sandbox_exe,
                 command,
-                &config.sandbox_policy,
                 cwd,
+                &config.sandbox_policy,
+                sandbox_policy_cwd.as_path(),
                 stdio_policy,
                 env,
             )

codex-rs/cli/src/login.rs

@@ -1,15 +1,13 @@
 use codex_common::CliConfigOverrides;
+use codex_core::CodexAuth;
+use codex_core::auth::CLIENT_ID;
+use codex_core::auth::login_with_api_key;
+use codex_core::auth::logout;
 use codex_core::config::Config;
 use codex_core::config::ConfigOverrides;
-use codex_login::AuthMode;
-use codex_login::CLIENT_ID;
-use codex_login::CodexAuth;
-use codex_login::OPENAI_API_KEY_ENV_VAR;
 use codex_login::ServerOptions;
-use codex_login::login_with_api_key;
-use codex_login::logout;
 use codex_login::run_login_server;
-use std::env;
+use codex_protocol::mcp_protocol::AuthMode;
 use std::path::PathBuf;
 
 pub async fn login_with_chatgpt(codex_home: PathBuf) -> std::io::Result<()> {
@@ -60,19 +58,11 @@ pub async fn run_login_with_api_key(
 pub async fn run_login_status(cli_config_overrides: CliConfigOverrides) -> ! {
     let config = load_config_or_exit(cli_config_overrides);
 
-    match CodexAuth::from_codex_home(&config.codex_home, config.preferred_auth_method) {
+    match CodexAuth::from_codex_home(&config.codex_home) {
         Ok(Some(auth)) => match auth.mode {
             AuthMode::ApiKey => match auth.get_token().await {
                 Ok(api_key) => {
                     eprintln!("Logged in using an API key - {}", safe_format_key(&api_key));
-
-                    if let Ok(env_api_key) = env::var(OPENAI_API_KEY_ENV_VAR)
-                        && env_api_key == api_key
-                    {
-                        eprintln!(
-                            "   API loaded from OPENAI_API_KEY environment variable or .env file"
-                        );
-                    }
                     std::process::exit(0);
                 }
                 Err(e) => {

codex-rs/cli/src/main.rs

@@ -14,9 +14,15 @@ use codex_cli::login::run_logout;
 use codex_cli::proto;
 use codex_common::CliConfigOverrides;
 use codex_exec::Cli as ExecCli;
+use codex_tui::AppExitInfo;
 use codex_tui::Cli as TuiCli;
+use owo_colors::OwoColorize;
 use std::path::PathBuf;
+use supports_color::Stream;
 
+mod mcp_cmd;
+
+use crate::mcp_cmd::McpCli;
 use crate::proto::ProtoCli;
 
 /// Codex CLI
@@ -56,8 +62,8 @@ enum Subcommand {
     /// Remove stored authentication credentials.
     Logout(LogoutCommand),
 
-    /// Experimental: run Codex as an MCP server.
-    Mcp,
+    /// [experimental] Run Codex as an MCP server and manage MCP servers.
+    Mcp(McpCli),
 
     /// Run the Protocol stream via stdin/stdout
     #[clap(visible_alias = "p")]
@@ -73,6 +79,9 @@ enum Subcommand {
     #[clap(visible_alias = "a")]
     Apply(ApplyCommand),
 
+    /// Resume a previous interactive session (picker by default; use --last to continue the most recent).
+    Resume(ResumeCommand),
+
     /// Internal: generate TypeScript protocol bindings.
     #[clap(hide = true)]
     GenerateTs(GenerateTsCommand),
@@ -85,6 +94,21 @@ struct CompletionCommand {
     shell: Shell,
 }
 
+#[derive(Debug, Parser)]
+struct ResumeCommand {
+    /// Conversation/session id (UUID). When provided, resumes this session.
+    /// If omitted, use --last to pick the most recent recorded session.
+    #[arg(value_name = "SESSION_ID")]
+    session_id: Option<String>,
+
+    /// Continue the most recent session without showing the picker.
+    #[arg(long = "last", default_value_t = false, conflicts_with = "session_id")]
+    last: bool,
+
+    #[clap(flatten)]
+    config_overrides: TuiCli,
+}
+
 #[derive(Debug, Parser)]
 struct DebugArgs {
     #[command(subcommand)]
@@ -135,6 +159,41 @@ struct GenerateTsCommand {
     prettier: Option<PathBuf>,
 }
 
+fn format_exit_messages(exit_info: AppExitInfo, color_enabled: bool) -> Vec<String> {
+    let AppExitInfo {
+        token_usage,
+        conversation_id,
+    } = exit_info;
+
+    if token_usage.is_zero() {
+        return Vec::new();
+    }
+
+    let mut lines = vec![format!(
+        "{}",
+        codex_core::protocol::FinalOutput::from(token_usage)
+    )];
+
+    if let Some(session_id) = conversation_id {
+        let resume_cmd = format!("codex resume {session_id}");
+        let command = if color_enabled {
+            resume_cmd.cyan().to_string()
+        } else {
+            resume_cmd
+        };
+        lines.push(format!("To continue this session, run {command}."));
+    }
+
+    lines
+}
+
+fn print_exit_messages(exit_info: AppExitInfo) {
+    let color_enabled = supports_color::on(Stream::Stdout).is_some();
+    for line in format_exit_messages(exit_info, color_enabled) {
+        println!("{line}");
+    }
+}
+
 fn main() -> anyhow::Result<()> {
     arg0_dispatch_or_else(|codex_linux_sandbox_exe| async move {
         cli_main(codex_linux_sandbox_exe).await?;
@@ -143,26 +202,52 @@ fn main() -> anyhow::Result<()> {
 }
 
 async fn cli_main(codex_linux_sandbox_exe: Option<PathBuf>) -> anyhow::Result<()> {
-    let cli = MultitoolCli::parse();
+    let MultitoolCli {
+        config_overrides: root_config_overrides,
+        mut interactive,
+        subcommand,
+    } = MultitoolCli::parse();
 
-    match cli.subcommand {
+    match subcommand {
         None => {
-            let mut tui_cli = cli.interactive;
-            prepend_config_flags(&mut tui_cli.config_overrides, cli.config_overrides);
-            let usage = codex_tui::run_main(tui_cli, codex_linux_sandbox_exe).await?;
-            if !usage.is_zero() {
-                println!("{}", codex_core::protocol::FinalOutput::from(usage));
-            }
+            prepend_config_flags(
+                &mut interactive.config_overrides,
+                root_config_overrides.clone(),
+            );
+            let exit_info = codex_tui::run_main(interactive, codex_linux_sandbox_exe).await?;
+            print_exit_messages(exit_info);
         }
         Some(Subcommand::Exec(mut exec_cli)) => {
-            prepend_config_flags(&mut exec_cli.config_overrides, cli.config_overrides);
+            prepend_config_flags(
+                &mut exec_cli.config_overrides,
+                root_config_overrides.clone(),
+            );
             codex_exec::run_main(exec_cli, codex_linux_sandbox_exe).await?;
         }
-        Some(Subcommand::Mcp) => {
-            codex_mcp_server::run_main(codex_linux_sandbox_exe, cli.config_overrides).await?;
+        Some(Subcommand::Mcp(mut mcp_cli)) => {
+            // Propagate any root-level config overrides (e.g. `-c key=value`).
+            prepend_config_flags(&mut mcp_cli.config_overrides, root_config_overrides.clone());
+            mcp_cli.run(codex_linux_sandbox_exe).await?;
+        }
+        Some(Subcommand::Resume(ResumeCommand {
+            session_id,
+            last,
+            config_overrides,
+        })) => {
+            interactive = finalize_resume_interactive(
+                interactive,
+                root_config_overrides.clone(),
+                session_id,
+                last,
+                config_overrides,
+            );
+            codex_tui::run_main(interactive, codex_linux_sandbox_exe).await?;
         }
         Some(Subcommand::Login(mut login_cli)) => {
-            prepend_config_flags(&mut login_cli.config_overrides, cli.config_overrides);
+            prepend_config_flags(
+                &mut login_cli.config_overrides,
+                root_config_overrides.clone(),
+            );
             match login_cli.action {
                 Some(LoginSubcommand::Status) => {
                     run_login_status(login_cli.config_overrides).await;
@@ -177,11 +262,17 @@ async fn cli_main(codex_linux_sandbox_exe: Option<PathBuf>) -> anyhow::Result<()
             }
         }
         Some(Subcommand::Logout(mut logout_cli)) => {
-            prepend_config_flags(&mut logout_cli.config_overrides, cli.config_overrides);
+            prepend_config_flags(
+                &mut logout_cli.config_overrides,
+                root_config_overrides.clone(),
+            );
             run_logout(logout_cli.config_overrides).await;
         }
         Some(Subcommand::Proto(mut proto_cli)) => {
-            prepend_config_flags(&mut proto_cli.config_overrides, cli.config_overrides);
+            prepend_config_flags(
+                &mut proto_cli.config_overrides,
+                root_config_overrides.clone(),
+            );
             proto::run_main(proto_cli).await?;
         }
         Some(Subcommand::Completion(completion_cli)) => {
@@ -189,7 +280,10 @@ async fn cli_main(codex_linux_sandbox_exe: Option<PathBuf>) -> anyhow::Result<()
         }
         Some(Subcommand::Debug(debug_args)) => match debug_args.cmd {
             DebugCommand::Seatbelt(mut seatbelt_cli) => {
-                prepend_config_flags(&mut seatbelt_cli.config_overrides, cli.config_overrides);
+                prepend_config_flags(
+                    &mut seatbelt_cli.config_overrides,
+                    root_config_overrides.clone(),
+                );
                 codex_cli::debug_sandbox::run_command_under_seatbelt(
                     seatbelt_cli,
                     codex_linux_sandbox_exe,
@@ -197,7 +291,10 @@ async fn cli_main(codex_linux_sandbox_exe: Option<PathBuf>) -> anyhow::Result<()
                 .await?;
             }
             DebugCommand::Landlock(mut landlock_cli) => {
-                prepend_config_flags(&mut landlock_cli.config_overrides, cli.config_overrides);
+                prepend_config_flags(
+                    &mut landlock_cli.config_overrides,
+                    root_config_overrides.clone(),
+                );
                 codex_cli::debug_sandbox::run_command_under_landlock(
                     landlock_cli,
                     codex_linux_sandbox_exe,
@@ -206,7 +303,10 @@ async fn cli_main(codex_linux_sandbox_exe: Option<PathBuf>) -> anyhow::Result<()
             }
         },
         Some(Subcommand::Apply(mut apply_cli)) => {
-            prepend_config_flags(&mut apply_cli.config_overrides, cli.config_overrides);
+            prepend_config_flags(
+                &mut apply_cli.config_overrides,
+                root_config_overrides.clone(),
+            );
             run_apply_command(apply_cli, None).await?;
         }
         Some(Subcommand::GenerateTs(gen_cli)) => {
@@ -228,8 +328,256 @@ fn prepend_config_flags(
         .splice(0..0, cli_config_overrides.raw_overrides);
 }
 
+/// Build the final `TuiCli` for a `codex resume` invocation.
+fn finalize_resume_interactive(
+    mut interactive: TuiCli,
+    root_config_overrides: CliConfigOverrides,
+    session_id: Option<String>,
+    last: bool,
+    resume_cli: TuiCli,
+) -> TuiCli {
+    // Start with the parsed interactive CLI so resume shares the same
+    // configuration surface area as `codex` without additional flags.
+    let resume_session_id = session_id;
+    interactive.resume_picker = resume_session_id.is_none() && !last;
+    interactive.resume_last = last;
+    interactive.resume_session_id = resume_session_id;
+
+    // Merge resume-scoped flags and overrides with highest precedence.
+    merge_resume_cli_flags(&mut interactive, resume_cli);
+
+    // Propagate any root-level config overrides (e.g. `-c key=value`).
+    prepend_config_flags(&mut interactive.config_overrides, root_config_overrides);
+
+    interactive
+}
+
+/// Merge flags provided to `codex resume` so they take precedence over any
+/// root-level flags. Only overrides fields explicitly set on the resume-scoped
+/// CLI. Also appends `-c key=value` overrides with highest precedence.
+fn merge_resume_cli_flags(interactive: &mut TuiCli, resume_cli: TuiCli) {
+    if let Some(model) = resume_cli.model {
+        interactive.model = Some(model);
+    }
+    if resume_cli.oss {
+        interactive.oss = true;
+    }
+    if let Some(profile) = resume_cli.config_profile {
+        interactive.config_profile = Some(profile);
+    }
+    if let Some(sandbox) = resume_cli.sandbox_mode {
+        interactive.sandbox_mode = Some(sandbox);
+    }
+    if let Some(approval) = resume_cli.approval_policy {
+        interactive.approval_policy = Some(approval);
+    }
+    if resume_cli.full_auto {
+        interactive.full_auto = true;
+    }
+    if resume_cli.dangerously_bypass_approvals_and_sandbox {
+        interactive.dangerously_bypass_approvals_and_sandbox = true;
+    }
+    if let Some(cwd) = resume_cli.cwd {
+        interactive.cwd = Some(cwd);
+    }
+    if resume_cli.web_search {
+        interactive.web_search = true;
+    }
+    if !resume_cli.images.is_empty() {
+        interactive.images = resume_cli.images;
+    }
+    if let Some(prompt) = resume_cli.prompt {
+        interactive.prompt = Some(prompt);
+    }
+
+    interactive
+        .config_overrides
+        .raw_overrides
+        .extend(resume_cli.config_overrides.raw_overrides);
+}
+
 fn print_completion(cmd: CompletionCommand) {
     let mut app = MultitoolCli::command();
     let name = "codex";
     generate(cmd.shell, &mut app, name, &mut std::io::stdout());
 }
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use codex_core::protocol::TokenUsage;
+    use codex_protocol::mcp_protocol::ConversationId;
+
+    fn finalize_from_args(args: &[&str]) -> TuiCli {
+        let cli = MultitoolCli::try_parse_from(args).expect("parse");
+        let MultitoolCli {
+            interactive,
+            config_overrides: root_overrides,
+            subcommand,
+        } = cli;
+
+        let Subcommand::Resume(ResumeCommand {
+            session_id,
+            last,
+            config_overrides: resume_cli,
+        }) = subcommand.expect("resume present")
+        else {
+            unreachable!()
+        };
+
+        finalize_resume_interactive(interactive, root_overrides, session_id, last, resume_cli)
+    }
+
+    fn sample_exit_info(conversation: Option<&str>) -> AppExitInfo {
+        let token_usage = TokenUsage {
+            output_tokens: 2,
+            total_tokens: 2,
+            ..Default::default()
+        };
+        AppExitInfo {
+            token_usage,
+            conversation_id: conversation
+                .map(ConversationId::from_string)
+                .map(Result::unwrap),
+        }
+    }
+
+    #[test]
+    fn format_exit_messages_skips_zero_usage() {
+        let exit_info = AppExitInfo {
+            token_usage: TokenUsage::default(),
+            conversation_id: None,
+        };
+        let lines = format_exit_messages(exit_info, false);
+        assert!(lines.is_empty());
+    }
+
+    #[test]
+    fn format_exit_messages_includes_resume_hint_without_color() {
+        let exit_info = sample_exit_info(Some("123e4567-e89b-12d3-a456-426614174000"));
+        let lines = format_exit_messages(exit_info, false);
+        assert_eq!(
+            lines,
+            vec![
+                "Token usage: total=2 input=0 output=2".to_string(),
+                "To continue this session, run codex resume 123e4567-e89b-12d3-a456-426614174000."
+                    .to_string(),
+            ]
+        );
+    }
+
+    #[test]
+    fn format_exit_messages_applies_color_when_enabled() {
+        let exit_info = sample_exit_info(Some("123e4567-e89b-12d3-a456-426614174000"));
+        let lines = format_exit_messages(exit_info, true);
+        assert_eq!(lines.len(), 2);
+        assert!(lines[1].contains("\u{1b}[36m"));
+    }
+
+    #[test]
+    fn resume_model_flag_applies_when_no_root_flags() {
+        let interactive = finalize_from_args(["codex", "resume", "-m", "gpt-5-test"].as_ref());
+
+        assert_eq!(interactive.model.as_deref(), Some("gpt-5-test"));
+        assert!(interactive.resume_picker);
+        assert!(!interactive.resume_last);
+        assert_eq!(interactive.resume_session_id, None);
+    }
+
+    #[test]
+    fn resume_picker_logic_none_and_not_last() {
+        let interactive = finalize_from_args(["codex", "resume"].as_ref());
+        assert!(interactive.resume_picker);
+        assert!(!interactive.resume_last);
+        assert_eq!(interactive.resume_session_id, None);
+    }
+
+    #[test]
+    fn resume_picker_logic_last() {
+        let interactive = finalize_from_args(["codex", "resume", "--last"].as_ref());
+        assert!(!interactive.resume_picker);
+        assert!(interactive.resume_last);
+        assert_eq!(interactive.resume_session_id, None);
+    }
+
+    #[test]
+    fn resume_picker_logic_with_session_id() {
+        let interactive = finalize_from_args(["codex", "resume", "1234"].as_ref());
+        assert!(!interactive.resume_picker);
+        assert!(!interactive.resume_last);
+        assert_eq!(interactive.resume_session_id.as_deref(), Some("1234"));
+    }
+
+    #[test]
+    fn resume_merges_option_flags_and_full_auto() {
+        let interactive = finalize_from_args(
+            [
+                "codex",
+                "resume",
+                "sid",
+                "--oss",
+                "--full-auto",
+                "--search",
+                "--sandbox",
+                "workspace-write",
+                "--ask-for-approval",
+                "on-request",
+                "-m",
+                "gpt-5-test",
+                "-p",
+                "my-profile",
+                "-C",
+                "/tmp",
+                "-i",
+                "/tmp/a.png,/tmp/b.png",
+            ]
+            .as_ref(),
+        );
+
+        assert_eq!(interactive.model.as_deref(), Some("gpt-5-test"));
+        assert!(interactive.oss);
+        assert_eq!(interactive.config_profile.as_deref(), Some("my-profile"));
+        assert!(matches!(
+            interactive.sandbox_mode,
+            Some(codex_common::SandboxModeCliArg::WorkspaceWrite)
+        ));
+        assert!(matches!(
+            interactive.approval_policy,
+            Some(codex_common::ApprovalModeCliArg::OnRequest)
+        ));
+        assert!(interactive.full_auto);
+        assert_eq!(
+            interactive.cwd.as_deref(),
+            Some(std::path::Path::new("/tmp"))
+        );
+        assert!(interactive.web_search);
+        let has_a = interactive
+            .images
+            .iter()
+            .any(|p| p == std::path::Path::new("/tmp/a.png"));
+        let has_b = interactive
+            .images
+            .iter()
+            .any(|p| p == std::path::Path::new("/tmp/b.png"));
+        assert!(has_a && has_b);
+        assert!(!interactive.resume_picker);
+        assert!(!interactive.resume_last);
+        assert_eq!(interactive.resume_session_id.as_deref(), Some("sid"));
+    }
+
+    #[test]
+    fn resume_merges_dangerously_bypass_flag() {
+        let interactive = finalize_from_args(
+            [
+                "codex",
+                "resume",
+                "--dangerously-bypass-approvals-and-sandbox",
+            ]
+            .as_ref(),
+        );
+        assert!(interactive.dangerously_bypass_approvals_and_sandbox);
+        assert!(interactive.resume_picker);
+        assert!(!interactive.resume_last);
+        assert_eq!(interactive.resume_session_id, None);
+    }
+}

codex-rs/cli/src/mcp_cmd.rs

@@ -0,0 +1,384 @@
+use std::collections::BTreeMap;
+use std::collections::HashMap;
+use std::path::PathBuf;
+
+use anyhow::Context;
+use anyhow::Result;
+use anyhow::anyhow;
+use anyhow::bail;
+use codex_common::CliConfigOverrides;
+use codex_core::config::Config;
+use codex_core::config::ConfigOverrides;
+use codex_core::config::find_codex_home;
+use codex_core::config::load_global_mcp_servers;
+use codex_core::config::write_global_mcp_servers;
+use codex_core::config_types::McpServerConfig;
+
+/// [experimental] Launch Codex as an MCP server or manage configured MCP servers.
+///
+/// Subcommands:
+/// - `serve`  — run the MCP server on stdio
+/// - `list`   — list configured servers (with `--json`)
+/// - `get`    — show a single server (with `--json`)
+/// - `add`    — add a server launcher entry to `~/.codex/config.toml`
+/// - `remove` — delete a server entry
+#[derive(Debug, clap::Parser)]
+pub struct McpCli {
+    #[clap(flatten)]
+    pub config_overrides: CliConfigOverrides,
+
+    #[command(subcommand)]
+    pub cmd: Option<McpSubcommand>,
+}
+
+#[derive(Debug, clap::Subcommand)]
+pub enum McpSubcommand {
+    /// [experimental] Run the Codex MCP server (stdio transport).
+    Serve,
+
+    /// [experimental] List configured MCP servers.
+    List(ListArgs),
+
+    /// [experimental] Show details for a configured MCP server.
+    Get(GetArgs),
+
+    /// [experimental] Add a global MCP server entry.
+    Add(AddArgs),
+
+    /// [experimental] Remove a global MCP server entry.
+    Remove(RemoveArgs),
+}
+
+#[derive(Debug, clap::Parser)]
+pub struct ListArgs {
+    /// Output the configured servers as JSON.
+    #[arg(long)]
+    pub json: bool,
+}
+
+#[derive(Debug, clap::Parser)]
+pub struct GetArgs {
+    /// Name of the MCP server to display.
+    pub name: String,
+
+    /// Output the server configuration as JSON.
+    #[arg(long)]
+    pub json: bool,
+}
+
+#[derive(Debug, clap::Parser)]
+pub struct AddArgs {
+    /// Name for the MCP server configuration.
+    pub name: String,
+
+    /// Environment variables to set when launching the server.
+    #[arg(long, value_parser = parse_env_pair, value_name = "KEY=VALUE")]
+    pub env: Vec<(String, String)>,
+
+    /// Command to launch the MCP server.
+    #[arg(trailing_var_arg = true, num_args = 1..)]
+    pub command: Vec<String>,
+}
+
+#[derive(Debug, clap::Parser)]
+pub struct RemoveArgs {
+    /// Name of the MCP server configuration to remove.
+    pub name: String,
+}
+
+impl McpCli {
+    pub async fn run(self, codex_linux_sandbox_exe: Option<PathBuf>) -> Result<()> {
+        let McpCli {
+            config_overrides,
+            cmd,
+        } = self;
+        let subcommand = cmd.unwrap_or(McpSubcommand::Serve);
+
+        match subcommand {
+            McpSubcommand::Serve => {
+                codex_mcp_server::run_main(codex_linux_sandbox_exe, config_overrides).await?;
+            }
+            McpSubcommand::List(args) => {
+                run_list(&config_overrides, args)?;
+            }
+            McpSubcommand::Get(args) => {
+                run_get(&config_overrides, args)?;
+            }
+            McpSubcommand::Add(args) => {
+                run_add(&config_overrides, args)?;
+            }
+            McpSubcommand::Remove(args) => {
+                run_remove(&config_overrides, args)?;
+            }
+        }
+
+        Ok(())
+    }
+}
+
+fn run_add(config_overrides: &CliConfigOverrides, add_args: AddArgs) -> Result<()> {
+    // Validate any provided overrides even though they are not currently applied.
+    config_overrides.parse_overrides().map_err(|e| anyhow!(e))?;
+
+    let AddArgs { name, env, command } = add_args;
+
+    validate_server_name(&name)?;
+
+    let mut command_parts = command.into_iter();
+    let command_bin = command_parts
+        .next()
+        .ok_or_else(|| anyhow!("command is required"))?;
+    let command_args: Vec<String> = command_parts.collect();
+
+    let env_map = if env.is_empty() {
+        None
+    } else {
+        let mut map = HashMap::new();
+        for (key, value) in env {
+            map.insert(key, value);
+        }
+        Some(map)
+    };
+
+    let codex_home = find_codex_home().context("failed to resolve CODEX_HOME")?;
+    let mut servers = load_global_mcp_servers(&codex_home)
+        .with_context(|| format!("failed to load MCP servers from {}", codex_home.display()))?;
+
+    let new_entry = McpServerConfig {
+        command: command_bin,
+        args: command_args,
+        env: env_map,
+        startup_timeout_sec: None,
+        tool_timeout_sec: None,
+    };
+
+    servers.insert(name.clone(), new_entry);
+
+    write_global_mcp_servers(&codex_home, &servers)
+        .with_context(|| format!("failed to write MCP servers to {}", codex_home.display()))?;
+
+    println!("Added global MCP server '{name}'.");
+
+    Ok(())
+}
+
+fn run_remove(config_overrides: &CliConfigOverrides, remove_args: RemoveArgs) -> Result<()> {
+    config_overrides.parse_overrides().map_err(|e| anyhow!(e))?;
+
+    let RemoveArgs { name } = remove_args;
+
+    validate_server_name(&name)?;
+
+    let codex_home = find_codex_home().context("failed to resolve CODEX_HOME")?;
+    let mut servers = load_global_mcp_servers(&codex_home)
+        .with_context(|| format!("failed to load MCP servers from {}", codex_home.display()))?;
+
+    let removed = servers.remove(&name).is_some();
+
+    if removed {
+        write_global_mcp_servers(&codex_home, &servers)
+            .with_context(|| format!("failed to write MCP servers to {}", codex_home.display()))?;
+    }
+
+    if removed {
+        println!("Removed global MCP server '{name}'.");
+    } else {
+        println!("No MCP server named '{name}' found.");
+    }
+
+    Ok(())
+}
+
+fn run_list(config_overrides: &CliConfigOverrides, list_args: ListArgs) -> Result<()> {
+    let overrides = config_overrides.parse_overrides().map_err(|e| anyhow!(e))?;
+    let config = Config::load_with_cli_overrides(overrides, ConfigOverrides::default())
+        .context("failed to load configuration")?;
+
+    let mut entries: Vec<_> = config.mcp_servers.iter().collect();
+    entries.sort_by(|(a, _), (b, _)| a.cmp(b));
+
+    if list_args.json {
+        let json_entries: Vec<_> = entries
+            .into_iter()
+            .map(|(name, cfg)| {
+                let env = cfg.env.as_ref().map(|env| {
+                    env.iter()
+                        .map(|(k, v)| (k.clone(), v.clone()))
+                        .collect::<BTreeMap<_, _>>()
+                });
+                serde_json::json!({
+                    "name": name,
+                    "command": cfg.command,
+                    "args": cfg.args,
+                    "env": env,
+                    "startup_timeout_sec": cfg
+                        .startup_timeout_sec
+                        .map(|timeout| timeout.as_secs_f64()),
+                    "tool_timeout_sec": cfg
+                        .tool_timeout_sec
+                        .map(|timeout| timeout.as_secs_f64()),
+                })
+            })
+            .collect();
+        let output = serde_json::to_string_pretty(&json_entries)?;
+        println!("{output}");
+        return Ok(());
+    }
+
+    if entries.is_empty() {
+        println!("No MCP servers configured yet. Try `codex mcp add my-tool -- my-command`.");
+        return Ok(());
+    }
+
+    let mut rows: Vec<[String; 4]> = Vec::new();
+    for (name, cfg) in entries {
+        let args = if cfg.args.is_empty() {
+            "-".to_string()
+        } else {
+            cfg.args.join(" ")
+        };
+
+        let env = match cfg.env.as_ref() {
+            None => "-".to_string(),
+            Some(map) if map.is_empty() => "-".to_string(),
+            Some(map) => {
+                let mut pairs: Vec<_> = map.iter().collect();
+                pairs.sort_by(|(a, _), (b, _)| a.cmp(b));
+                pairs
+                    .into_iter()
+                    .map(|(k, v)| format!("{k}={v}"))
+                    .collect::<Vec<_>>()
+                    .join(", ")
+            }
+        };
+
+        rows.push([name.clone(), cfg.command.clone(), args, env]);
+    }
+
+    let mut widths = ["Name".len(), "Command".len(), "Args".len(), "Env".len()];
+    for row in &rows {
+        for (i, cell) in row.iter().enumerate() {
+            widths[i] = widths[i].max(cell.len());
+        }
+    }
+
+    println!(
+        "{:<name_w$}  {:<cmd_w$}  {:<args_w$}  {:<env_w$}",
+        "Name",
+        "Command",
+        "Args",
+        "Env",
+        name_w = widths[0],
+        cmd_w = widths[1],
+        args_w = widths[2],
+        env_w = widths[3],
+    );
+
+    for row in rows {
+        println!(
+            "{:<name_w$}  {:<cmd_w$}  {:<args_w$}  {:<env_w$}",
+            row[0],
+            row[1],
+            row[2],
+            row[3],
+            name_w = widths[0],
+            cmd_w = widths[1],
+            args_w = widths[2],
+            env_w = widths[3],
+        );
+    }
+
+    Ok(())
+}
+
+fn run_get(config_overrides: &CliConfigOverrides, get_args: GetArgs) -> Result<()> {
+    let overrides = config_overrides.parse_overrides().map_err(|e| anyhow!(e))?;
+    let config = Config::load_with_cli_overrides(overrides, ConfigOverrides::default())
+        .context("failed to load configuration")?;
+
+    let Some(server) = config.mcp_servers.get(&get_args.name) else {
+        bail!("No MCP server named '{name}' found.", name = get_args.name);
+    };
+
+    if get_args.json {
+        let env = server.env.as_ref().map(|env| {
+            env.iter()
+                .map(|(k, v)| (k.clone(), v.clone()))
+                .collect::<BTreeMap<_, _>>()
+        });
+        let output = serde_json::to_string_pretty(&serde_json::json!({
+            "name": get_args.name,
+            "command": server.command,
+            "args": server.args,
+            "env": env,
+            "startup_timeout_sec": server
+                .startup_timeout_sec
+                .map(|timeout| timeout.as_secs_f64()),
+            "tool_timeout_sec": server
+                .tool_timeout_sec
+                .map(|timeout| timeout.as_secs_f64()),
+        }))?;
+        println!("{output}");
+        return Ok(());
+    }
+
+    println!("{}", get_args.name);
+    println!("  command: {}", server.command);
+    let args = if server.args.is_empty() {
+        "-".to_string()
+    } else {
+        server.args.join(" ")
+    };
+    println!("  args: {args}");
+    let env_display = match server.env.as_ref() {
+        None => "-".to_string(),
+        Some(map) if map.is_empty() => "-".to_string(),
+        Some(map) => {
+            let mut pairs: Vec<_> = map.iter().collect();
+            pairs.sort_by(|(a, _), (b, _)| a.cmp(b));
+            pairs
+                .into_iter()
+                .map(|(k, v)| format!("{k}={v}"))
+                .collect::<Vec<_>>()
+                .join(", ")
+        }
+    };
+    println!("  env: {env_display}");
+    if let Some(timeout) = server.startup_timeout_sec {
+        println!("  startup_timeout_sec: {}", timeout.as_secs_f64());
+    }
+    if let Some(timeout) = server.tool_timeout_sec {
+        println!("  tool_timeout_sec: {}", timeout.as_secs_f64());
+    }
+    println!("  remove: codex mcp remove {}", get_args.name);
+
+    Ok(())
+}
+
+fn parse_env_pair(raw: &str) -> Result<(String, String), String> {
+    let mut parts = raw.splitn(2, '=');
+    let key = parts
+        .next()
+        .map(str::trim)
+        .filter(|s| !s.is_empty())
+        .ok_or_else(|| "environment entries must be in KEY=VALUE form".to_string())?;
+    let value = parts
+        .next()
+        .map(str::to_string)
+        .ok_or_else(|| "environment entries must be in KEY=VALUE form".to_string())?;
+
+    Ok((key.to_string(), value))
+}
+
+fn validate_server_name(name: &str) -> Result<()> {
+    let is_valid = !name.is_empty()
+        && name
+            .chars()
+            .all(|c| c.is_ascii_alphanumeric() || c == '-' || c == '_');
+
+    if is_valid {
+        Ok(())
+    } else {
+        bail!("invalid server name '{name}' (use letters, numbers, '-', '_')");
+    }
+}

codex-rs/cli/src/proto.rs

@@ -2,6 +2,7 @@ use std::io::IsTerminal;
 
 use clap::Parser;
 use codex_common::CliConfigOverrides;
+use codex_core::AuthManager;
 use codex_core::ConversationManager;
 use codex_core::NewConversation;
 use codex_core::config::Config;
@@ -9,7 +10,6 @@ use codex_core::config::ConfigOverrides;
 use codex_core::protocol::Event;
 use codex_core::protocol::EventMsg;
 use codex_core::protocol::Submission;
-use codex_login::AuthManager;
 use tokio::io::AsyncBufReadExt;
 use tokio::io::BufReader;
 use tracing::error;
@@ -37,10 +37,8 @@ pub async fn run_main(opts: ProtoCli) -> anyhow::Result<()> {
 
     let config = Config::load_with_cli_overrides(overrides_vec, ConfigOverrides::default())?;
     // Use conversation_manager API to start a conversation
-    let conversation_manager = ConversationManager::new(AuthManager::shared(
-        config.codex_home.clone(),
-        config.preferred_auth_method,
-    ));
+    let conversation_manager =
+        ConversationManager::new(AuthManager::shared(config.codex_home.clone()));
     let NewConversation {
         conversation_id: _,
         conversation,

codex-rs/cli/tests/mcp_add_remove.rs

@@ -0,0 +1,86 @@
+use std::path::Path;
+
+use anyhow::Result;
+use codex_core::config::load_global_mcp_servers;
+use predicates::str::contains;
+use pretty_assertions::assert_eq;
+use tempfile::TempDir;
+
+fn codex_command(codex_home: &Path) -> Result<assert_cmd::Command> {
+    let mut cmd = assert_cmd::Command::cargo_bin("codex")?;
+    cmd.env("CODEX_HOME", codex_home);
+    Ok(cmd)
+}
+
+#[test]
+fn add_and_remove_server_updates_global_config() -> Result<()> {
+    let codex_home = TempDir::new()?;
+
+    let mut add_cmd = codex_command(codex_home.path())?;
+    add_cmd
+        .args(["mcp", "add", "docs", "--", "echo", "hello"])
+        .assert()
+        .success()
+        .stdout(contains("Added global MCP server 'docs'."));
+
+    let servers = load_global_mcp_servers(codex_home.path())?;
+    assert_eq!(servers.len(), 1);
+    let docs = servers.get("docs").expect("server should exist");
+    assert_eq!(docs.command, "echo");
+    assert_eq!(docs.args, vec!["hello".to_string()]);
+    assert!(docs.env.is_none());
+
+    let mut remove_cmd = codex_command(codex_home.path())?;
+    remove_cmd
+        .args(["mcp", "remove", "docs"])
+        .assert()
+        .success()
+        .stdout(contains("Removed global MCP server 'docs'."));
+
+    let servers = load_global_mcp_servers(codex_home.path())?;
+    assert!(servers.is_empty());
+
+    let mut remove_again_cmd = codex_command(codex_home.path())?;
+    remove_again_cmd
+        .args(["mcp", "remove", "docs"])
+        .assert()
+        .success()
+        .stdout(contains("No MCP server named 'docs' found."));
+
+    let servers = load_global_mcp_servers(codex_home.path())?;
+    assert!(servers.is_empty());
+
+    Ok(())
+}
+
+#[test]
+fn add_with_env_preserves_key_order_and_values() -> Result<()> {
+    let codex_home = TempDir::new()?;
+
+    let mut add_cmd = codex_command(codex_home.path())?;
+    add_cmd
+        .args([
+            "mcp",
+            "add",
+            "envy",
+            "--env",
+            "FOO=bar",
+            "--env",
+            "ALPHA=beta",
+            "--",
+            "python",
+            "server.py",
+        ])
+        .assert()
+        .success();
+
+    let servers = load_global_mcp_servers(codex_home.path())?;
+    let envy = servers.get("envy").expect("server should exist");
+    let env = envy.env.as_ref().expect("env should be present");
+
+    assert_eq!(env.len(), 2);
+    assert_eq!(env.get("FOO"), Some(&"bar".to_string()));
+    assert_eq!(env.get("ALPHA"), Some(&"beta".to_string()));
+
+    Ok(())
+}

codex-rs/cli/tests/mcp_list.rs

@@ -0,0 +1,106 @@
+use std::path::Path;
+
+use anyhow::Result;
+use predicates::str::contains;
+use pretty_assertions::assert_eq;
+use serde_json::Value as JsonValue;
+use tempfile::TempDir;
+
+fn codex_command(codex_home: &Path) -> Result<assert_cmd::Command> {
+    let mut cmd = assert_cmd::Command::cargo_bin("codex")?;
+    cmd.env("CODEX_HOME", codex_home);
+    Ok(cmd)
+}
+
+#[test]
+fn list_shows_empty_state() -> Result<()> {
+    let codex_home = TempDir::new()?;
+
+    let mut cmd = codex_command(codex_home.path())?;
+    let output = cmd.args(["mcp", "list"]).output()?;
+    assert!(output.status.success());
+    let stdout = String::from_utf8(output.stdout)?;
+    assert!(stdout.contains("No MCP servers configured yet."));
+
+    Ok(())
+}
+
+#[test]
+fn list_and_get_render_expected_output() -> Result<()> {
+    let codex_home = TempDir::new()?;
+
+    let mut add = codex_command(codex_home.path())?;
+    add.args([
+        "mcp",
+        "add",
+        "docs",
+        "--env",
+        "TOKEN=secret",
+        "--",
+        "docs-server",
+        "--port",
+        "4000",
+    ])
+    .assert()
+    .success();
+
+    let mut list_cmd = codex_command(codex_home.path())?;
+    let list_output = list_cmd.args(["mcp", "list"]).output()?;
+    assert!(list_output.status.success());
+    let stdout = String::from_utf8(list_output.stdout)?;
+    assert!(stdout.contains("Name"));
+    assert!(stdout.contains("docs"));
+    assert!(stdout.contains("docs-server"));
+    assert!(stdout.contains("TOKEN=secret"));
+
+    let mut list_json_cmd = codex_command(codex_home.path())?;
+    let json_output = list_json_cmd.args(["mcp", "list", "--json"]).output()?;
+    assert!(json_output.status.success());
+    let stdout = String::from_utf8(json_output.stdout)?;
+    let parsed: JsonValue = serde_json::from_str(&stdout)?;
+    let array = parsed.as_array().expect("expected array");
+    assert_eq!(array.len(), 1);
+    let entry = &array[0];
+    assert_eq!(entry.get("name"), Some(&JsonValue::String("docs".into())));
+    assert_eq!(
+        entry.get("command"),
+        Some(&JsonValue::String("docs-server".into()))
+    );
+
+    let args = entry
+        .get("args")
+        .and_then(|v| v.as_array())
+        .expect("args array");
+    assert_eq!(
+        args,
+        &vec![
+            JsonValue::String("--port".into()),
+            JsonValue::String("4000".into())
+        ]
+    );
+
+    let env = entry
+        .get("env")
+        .and_then(|v| v.as_object())
+        .expect("env map");
+    assert_eq!(env.get("TOKEN"), Some(&JsonValue::String("secret".into())));
+
+    let mut get_cmd = codex_command(codex_home.path())?;
+    let get_output = get_cmd.args(["mcp", "get", "docs"]).output()?;
+    assert!(get_output.status.success());
+    let stdout = String::from_utf8(get_output.stdout)?;
+    assert!(stdout.contains("docs"));
+    assert!(stdout.contains("command: docs-server"));
+    assert!(stdout.contains("args: --port 4000"));
+    assert!(stdout.contains("env: TOKEN=secret"));
+    assert!(stdout.contains("remove: codex mcp remove docs"));
+
+    let mut get_json_cmd = codex_command(codex_home.path())?;
+    get_json_cmd
+        .args(["mcp", "get", "docs", "--json"])
+        .assert()
+        .success()
+        .stdout(contains("\"name\": \"docs\""));
+
+    Ok(())
+}

codex-rs/common/Cargo.toml

@@ -7,11 +7,11 @@ version = { workspace = true }
 workspace = true
 
 [dependencies]
-clap = { version = "4", features = ["derive", "wrap_help"], optional = true }
-codex-core = { path = "../core" }
-codex-protocol = { path = "../protocol" }
-serde = { version = "1", optional = true }
-toml = { version = "0.9", optional = true }
+clap = { workspace = true, features = ["derive", "wrap_help"], optional = true }
+codex-core = { workspace = true }
+codex-protocol = { workspace = true }
+serde = { workspace = true, optional = true }
+toml = { workspace = true, optional = true }
 
 [features]
 # Separate feature so that `clap` is not a mandatory dependency.

codex-rs/common/src/config_summary.rs

@@ -17,7 +17,10 @@ pub fn create_config_summary_entries(config: &Config) -> Vec<(&'static str, Stri
     {
         entries.push((
             "reasoning effort",
-            config.model_reasoning_effort.to_string(),
+            config
+                .model_reasoning_effort
+                .map(|effort| effort.to_string())
+                .unwrap_or_else(|| "none".to_string()),
         ));
         entries.push((
             "reasoning summaries",

codex-rs/common/src/elapsed.rs

@@ -2,7 +2,7 @@ use std::time::Duration;
 use std::time::Instant;
 
 /// Returns a string representing the elapsed time since `start_time` like
-/// "1m15s" or "1.50s".
+/// "1m 15s" or "1.50s".
 pub fn format_elapsed(start_time: Instant) -> String {
     format_duration(start_time.elapsed())
 }
@@ -12,7 +12,7 @@ pub fn format_elapsed(start_time: Instant) -> String {
 /// Formatting rules:
 /// * < 1 s  ->  "{milli}ms"
 /// * < 60 s ->  "{sec:.2}s" (two decimal places)
-/// * >= 60 s ->  "{min}m{sec:02}s"
+/// * >= 60 s ->  "{min}m {sec:02}s"
 pub fn format_duration(duration: Duration) -> String {
     let millis = duration.as_millis() as i64;
     format_elapsed_millis(millis)
@@ -26,7 +26,7 @@ fn format_elapsed_millis(millis: i64) -> String {
     } else {
         let minutes = millis / 60_000;
         let seconds = (millis % 60_000) / 1000;
-        format!("{minutes}m{seconds:02}s")
+        format!("{minutes}m {seconds:02}s")
     }
 }
 
@@ -61,12 +61,18 @@ mod tests {
     fn test_format_duration_minutes() {
         // Durations ≥ 1 minute should be printed mmss.
         let dur = Duration::from_millis(75_000); // 1m15s
-        assert_eq!(format_duration(dur), "1m15s");
+        assert_eq!(format_duration(dur), "1m 15s");
 
         let dur_exact = Duration::from_millis(60_000); // 1m0s
-        assert_eq!(format_duration(dur_exact), "1m00s");
+        assert_eq!(format_duration(dur_exact), "1m 00s");
 
         let dur_long = Duration::from_millis(3_601_000);
-        assert_eq!(format_duration(dur_long), "60m01s");
+        assert_eq!(format_duration(dur_long), "60m 01s");
+    }
+
+    #[test]
+    fn test_format_duration_one_hour_has_space() {
+        let dur_hour = Duration::from_millis(3_600_000);
+        assert_eq!(format_duration(dur_hour), "60m 00s");
     }
 }

codex-rs/common/src/model_presets.rs

@@ -1,4 +1,5 @@
 use codex_core::protocol_config_types::ReasoningEffort;
+use codex_protocol::mcp_protocol::AuthMode;
 
 /// A simple preset pairing a model slug with a reasoning effort.
 #[derive(Debug, Clone, Copy)]
@@ -12,43 +13,61 @@ pub struct ModelPreset {
     /// Model slug (e.g., "gpt-5").
     pub model: &'static str,
     /// Reasoning effort to apply for this preset.
-    pub effort: ReasoningEffort,
+    pub effort: Option<ReasoningEffort>,
 }
 
-/// Built-in list of model presets that pair a model with a reasoning effort.
-///
-/// Keep this UI-agnostic so it can be reused by both TUI and MCP server.
-pub fn builtin_model_presets() -> &'static [ModelPreset] {
-    // Order reflects effort from minimal to high.
-    const PRESETS: &[ModelPreset] = &[
-        ModelPreset {
-            id: "gpt-5-minimal",
-            label: "gpt-5 minimal",
-            description: "— fastest responses with limited reasoning; ideal for coding, instructions, or lightweight tasks",
-            model: "gpt-5",
-            effort: ReasoningEffort::Minimal,
-        },
-        ModelPreset {
-            id: "gpt-5-low",
-            label: "gpt-5 low",
-            description: "— balances speed with some reasoning; useful for straightforward queries and short explanations",
-            model: "gpt-5",
-            effort: ReasoningEffort::Low,
-        },
-        ModelPreset {
-            id: "gpt-5-medium",
-            label: "gpt-5 medium",
-            description: "— default setting; provides a solid balance of reasoning depth and latency for general-purpose tasks",
-            model: "gpt-5",
-            effort: ReasoningEffort::Medium,
-        },
-        ModelPreset {
-            id: "gpt-5-high",
-            label: "gpt-5 high",
-            description: "— maximizes reasoning depth for complex or ambiguous problems",
-            model: "gpt-5",
-            effort: ReasoningEffort::High,
-        },
-    ];
-    PRESETS
+const PRESETS: &[ModelPreset] = &[
+    ModelPreset {
+        id: "gpt-5-codex-low",
+        label: "gpt-5-codex low",
+        description: "",
+        model: "gpt-5-codex",
+        effort: Some(ReasoningEffort::Low),
+    },
+    ModelPreset {
+        id: "gpt-5-codex-medium",
+        label: "gpt-5-codex medium",
+        description: "",
+        model: "gpt-5-codex",
+        effort: None,
+    },
+    ModelPreset {
+        id: "gpt-5-codex-high",
+        label: "gpt-5-codex high",
+        description: "",
+        model: "gpt-5-codex",
+        effort: Some(ReasoningEffort::High),
+    },
+    ModelPreset {
+        id: "gpt-5-minimal",
+        label: "gpt-5 minimal",
+        description: "— fastest responses with limited reasoning; ideal for coding, instructions, or lightweight tasks",
+        model: "gpt-5",
+        effort: Some(ReasoningEffort::Minimal),
+    },
+    ModelPreset {
+        id: "gpt-5-low",
+        label: "gpt-5 low",
+        description: "— balances speed with some reasoning; useful for straightforward queries and short explanations",
+        model: "gpt-5",
+        effort: Some(ReasoningEffort::Low),
+    },
+    ModelPreset {
+        id: "gpt-5-medium",
+        label: "gpt-5 medium",
+        description: "— default setting; provides a solid balance of reasoning depth and latency for general-purpose tasks",
+        model: "gpt-5",
+        effort: Some(ReasoningEffort::Medium),
+    },
+    ModelPreset {
+        id: "gpt-5-high",
+        label: "gpt-5 high",
+        description: "— maximizes reasoning depth for complex or ambiguous problems",
+        model: "gpt-5",
+        effort: Some(ReasoningEffort::High),
+    },
+];
+
+pub fn builtin_model_presets(_auth_mode: Option<AuthMode>) -> Vec<ModelPreset> {
+    PRESETS.to_vec()
 }

codex-rs/config.md

@@ -1,564 +1,6 @@
-# Config
+# Configuration docs moved
 
-Codex supports several mechanisms for setting config values:
+This file has moved. Please see the latest configuration documentation here:
 
-- Config-specific command-line flags, such as `--model o3` (highest precedence).
-- A generic `-c`/`--config` flag that takes a `key=value` pair, such as `--config model="o3"`.
-  - The key can contain dots to set a value deeper than the root, e.g. `--config model_providers.openai.wire_api="chat"`.
-  - Values can contain objects, such as `--config shell_environment_policy.include_only=["PATH", "HOME", "USER"]`.
-  - For consistency with `config.toml`, values are in TOML format rather than JSON format, so use `{a = 1, b = 2}` rather than `{"a": 1, "b": 2}`.
-  - If `value` cannot be parsed as a valid TOML value, it is treated as a string value. This means that both `-c model="o3"` and `-c model=o3` are equivalent.
-- The `$CODEX_HOME/config.toml` configuration file where the `CODEX_HOME` environment value defaults to `~/.codex`. (Note `CODEX_HOME` will also be where logs and other Codex-related information are stored.)
-
-Both the `--config` flag and the `config.toml` file support the following options:
-
-## model
-
-The model that Codex should use.
-
-```toml
-model = "o3"  # overrides the default of "gpt-5"
-```
-
-## model_providers
-
-This option lets you override and amend the default set of model providers bundled with Codex. This value is a map where the key is the value to use with `model_provider` to select the corresponding provider.
-
-For example, if you wanted to add a provider that uses the OpenAI 4o model via the chat completions API, then you could add the following configuration:
-
-```toml
-# Recall that in TOML, root keys must be listed before tables.
-model = "gpt-4o"
-model_provider = "openai-chat-completions"
-
-[model_providers.openai-chat-completions]
-# Name of the provider that will be displayed in the Codex UI.
-name = "OpenAI using Chat Completions"
-# The path `/chat/completions` will be amended to this URL to make the POST
-# request for the chat completions.
-base_url = "https://api.openai.com/v1"
-# If `env_key` is set, identifies an environment variable that must be set when
-# using Codex with this provider. The value of the environment variable must be
-# non-empty and will be used in the `Bearer TOKEN` HTTP header for the POST request.
-env_key = "OPENAI_API_KEY"
-# Valid values for wire_api are "chat" and "responses". Defaults to "chat" if omitted.
-wire_api = "chat"
-# If necessary, extra query params that need to be added to the URL.
-# See the Azure example below.
-query_params = {}
-```
-
-Note this makes it possible to use Codex CLI with non-OpenAI models, so long as they use a wire API that is compatible with the OpenAI chat completions API. For example, you could define the following provider to use Codex CLI with Ollama running locally:
-
-```toml
-[model_providers.ollama]
-name = "Ollama"
-base_url = "http://localhost:11434/v1"
-```
-
-Or a third-party provider (using a distinct environment variable for the API key):
-
-```toml
-[model_providers.mistral]
-name = "Mistral"
-base_url = "https://api.mistral.ai/v1"
-env_key = "MISTRAL_API_KEY"
-```
-
-Note that Azure requires `api-version` to be passed as a query parameter, so be sure to specify it as part of `query_params` when defining the Azure provider:
-
-```toml
-[model_providers.azure]
-name = "Azure"
-# Make sure you set the appropriate subdomain for this URL.
-base_url = "https://YOUR_PROJECT_NAME.openai.azure.com/openai"
-env_key = "AZURE_OPENAI_API_KEY"  # Or "OPENAI_API_KEY", whichever you use.
-query_params = { api-version = "2025-04-01-preview" }
-```
-
-It is also possible to configure a provider to include extra HTTP headers with a request. These can be hardcoded values (`http_headers`) or values read from environment variables (`env_http_headers`):
-
-```toml
-[model_providers.example]
-# name, base_url, ...
-
-# This will add the HTTP header `X-Example-Header` with value `example-value`
-# to each request to the model provider.
-http_headers = { "X-Example-Header" = "example-value" }
-
-# This will add the HTTP header `X-Example-Features` with the value of the
-# `EXAMPLE_FEATURES` environment variable to each request to the model provider
-# _if_ the environment variable is set and its value is non-empty.
-env_http_headers = { "X-Example-Features": "EXAMPLE_FEATURES" }
-```
-
-### Per-provider network tuning
-
-The following optional settings control retry behaviour and streaming idle timeouts **per model provider**. They must be specified inside the corresponding `[model_providers.<id>]` block in `config.toml`. (Older releases accepted top‑level keys; those are now ignored.)
-
-Example:
-
-```toml
-[model_providers.openai]
-name = "OpenAI"
-base_url = "https://api.openai.com/v1"
-env_key = "OPENAI_API_KEY"
-# network tuning overrides (all optional; falls back to built‑in defaults)
-request_max_retries = 4            # retry failed HTTP requests
-stream_max_retries = 10            # retry dropped SSE streams
-stream_idle_timeout_ms = 300000    # 5m idle timeout
-```
-
-#### request_max_retries
-
-How many times Codex will retry a failed HTTP request to the model provider. Defaults to `4`.
-
-#### stream_max_retries
-
-Number of times Codex will attempt to reconnect when a streaming response is interrupted. Defaults to `10`.
-
-#### stream_idle_timeout_ms
-
-How long Codex will wait for activity on a streaming response before treating the connection as lost. Defaults to `300_000` (5 minutes).
-
-## model_provider
-
-Identifies which provider to use from the `model_providers` map. Defaults to `"openai"`. You can override the `base_url` for the built-in `openai` provider via the `OPENAI_BASE_URL` environment variable.
-
-Note that if you override `model_provider`, then you likely want to override
-`model`, as well. For example, if you are running ollama with Mistral locally,
-then you would need to add the following to your config in addition to the new entry in the `model_providers` map:
-
-```toml
-model_provider = "ollama"
-model = "mistral"
-```
-
-## approval_policy
-
-Determines when the user should be prompted to approve whether Codex can execute a command:
-
-```toml
-# Codex has hardcoded logic that defines a set of "trusted" commands.
-# Setting the approval_policy to `untrusted` means that Codex will prompt the
-# user before running a command not in the "trusted" set.
-#
-# See https://github.com/openai/codex/issues/1260 for the plan to enable
-# end-users to define their own trusted commands.
-approval_policy = "untrusted"
-```
-
-If you want to be notified whenever a command fails, use "on-failure":
-
-```toml
-# If the command fails when run in the sandbox, Codex asks for permission to
-# retry the command outside the sandbox.
-approval_policy = "on-failure"
-```
-
-If you want the model to run until it decides that it needs to ask you for escalated permissions, use "on-request":
-
-```toml
-# The model decides when to escalate
-approval_policy = "on-request"
-```
-
-Alternatively, you can have the model run until it is done, and never ask to run a command with escalated permissions:
-
-```toml
-# User is never prompted: if the command fails, Codex will automatically try
-# something out. Note the `exec` subcommand always uses this mode.
-approval_policy = "never"
-```
-
-## profiles
-
-A _profile_ is a collection of configuration values that can be set together. Multiple profiles can be defined in `config.toml` and you can specify the one you
-want to use at runtime via the `--profile` flag.
-
-Here is an example of a `config.toml` that defines multiple profiles:
-
-```toml
-model = "o3"
-approval_policy = "unless-allow-listed"
-disable_response_storage = false
-
-# Setting `profile` is equivalent to specifying `--profile o3` on the command
-# line, though the `--profile` flag can still be used to override this value.
-profile = "o3"
-
-[model_providers.openai-chat-completions]
-name = "OpenAI using Chat Completions"
-base_url = "https://api.openai.com/v1"
-env_key = "OPENAI_API_KEY"
-wire_api = "chat"
-
-[profiles.o3]
-model = "o3"
-model_provider = "openai"
-approval_policy = "never"
-model_reasoning_effort = "high"
-model_reasoning_summary = "detailed"
-
-[profiles.gpt3]
-model = "gpt-3.5-turbo"
-model_provider = "openai-chat-completions"
-
-[profiles.zdr]
-model = "o3"
-model_provider = "openai"
-approval_policy = "on-failure"
-disable_response_storage = true
-```
-
-Users can specify config values at multiple levels. Order of precedence is as follows:
-
-1. custom command-line argument, e.g., `--model o3`
-2. as part of a profile, where the `--profile` is specified via a CLI (or in the config file itself)
-3. as an entry in `config.toml`, e.g., `model = "o3"`
-4. the default value that comes with Codex CLI (i.e., Codex CLI defaults to `gpt-5`)
-
-## model_reasoning_effort
-
-If the selected model is known to support reasoning (for example: `o3`, `o4-mini`, `codex-*`, `gpt-5`), reasoning is enabled by default when using the Responses API. As explained in the [OpenAI Platform documentation](https://platform.openai.com/docs/guides/reasoning?api-mode=responses#get-started-with-reasoning), this can be set to:
-
-- `"minimal"`
-- `"low"`
-- `"medium"` (default)
-- `"high"`
-
-Note: to minimize reasoning, choose `"minimal"`.
-
-## model_reasoning_summary
-
-If the model name starts with `"o"` (as in `"o3"` or `"o4-mini"`) or `"codex"`, reasoning is enabled by default when using the Responses API. As explained in the [OpenAI Platform documentation](https://platform.openai.com/docs/guides/reasoning?api-mode=responses#reasoning-summaries), this can be set to:
-
-- `"auto"` (default)
-- `"concise"`
-- `"detailed"`
-
-To disable reasoning summaries, set `model_reasoning_summary` to `"none"` in your config:
-
-```toml
-model_reasoning_summary = "none"  # disable reasoning summaries
-```
-
-## model_verbosity
-
-Controls output length/detail on GPT‑5 family models when using the Responses API. Supported values:
-
-- `"low"`
-- `"medium"` (default when omitted)
-- `"high"`
-
-When set, Codex includes a `text` object in the request payload with the configured verbosity, for example: `"text": { "verbosity": "low" }`.
-
-Example:
-
-```toml
-model = "gpt-5"
-model_verbosity = "low"
-```
-
-Note: This applies only to providers using the Responses API. Chat Completions providers are unaffected.
-
-## model_supports_reasoning_summaries
-
-By default, `reasoning` is only set on requests to OpenAI models that are known to support them. To force `reasoning` to set on requests to the current model, you can force this behavior by setting the following in `config.toml`:
-
-```toml
-model_supports_reasoning_summaries = true
-```
-
-## sandbox_mode
-
-Codex executes model-generated shell commands inside an OS-level sandbox.
-
-In most cases you can pick the desired behaviour with a single option:
-
-```toml
-# same as `--sandbox read-only`
-sandbox_mode = "read-only"
-```
-
-The default policy is `read-only`, which means commands can read any file on
-disk, but attempts to write a file or access the network will be blocked.
-
-A more relaxed policy is `workspace-write`. When specified, the current working directory for the Codex task will be writable (as well as `$TMPDIR` on macOS). Note that the CLI defaults to using the directory where it was spawned as `cwd`, though this can be overridden using `--cwd/-C`.
-
-On macOS (and soon Linux), all writable roots (including `cwd`) that contain a `.git/` folder _as an immediate child_ will configure the `.git/` folder to be read-only while the rest of the Git repository will be writable. This means that commands like `git commit` will fail, by default (as it entails writing to `.git/`), and will require Codex to ask for permission.
-
-```toml
-# same as `--sandbox workspace-write`
-sandbox_mode = "workspace-write"
-
-# Extra settings that only apply when `sandbox = "workspace-write"`.
-[sandbox_workspace_write]
-# By default, the cwd for the Codex session will be writable as well as $TMPDIR
-# (if set) and /tmp (if it exists). Setting the respective options to `true`
-# will override those defaults.
-exclude_tmpdir_env_var = false
-exclude_slash_tmp = false
-
-# Optional list of _additional_ writable roots beyond $TMPDIR and /tmp.
-writable_roots = ["/Users/YOU/.pyenv/shims"]
-
-# Allow the command being run inside the sandbox to make outbound network
-# requests. Disabled by default.
-network_access = false
-```
-
-To disable sandboxing altogether, specify `danger-full-access` like so:
-
-```toml
-# same as `--sandbox danger-full-access`
-sandbox_mode = "danger-full-access"
-```
-
-This is reasonable to use if Codex is running in an environment that provides its own sandboxing (such as a Docker container) such that further sandboxing is unnecessary.
-
-Though using this option may also be necessary if you try to use Codex in environments where its native sandboxing mechanisms are unsupported, such as older Linux kernels or on Windows.
-
-## Approval presets
-
-Codex provides three main Approval Presets:
-
-- Read Only: Codex can read files and answer questions; edits, running commands, and network access require approval.
-- Auto: Codex can read files, make edits, and run commands in the workspace without approval; asks for approval outside the workspace or for network access.
-- Full Access: Full disk and network access without prompts; extremely risky.
-
-You can further customize how Codex runs at the command line using the `--ask-for-approval` and `--sandbox` options.
-
-## mcp_servers
-
-Defines the list of MCP servers that Codex can consult for tool use. Currently, only servers that are launched by executing a program that communicate over stdio are supported. For servers that use the SSE transport, consider an adapter like [mcp-proxy](https://github.com/sparfenyuk/mcp-proxy).
-
-**Note:** Codex may cache the list of tools and resources from an MCP server so that Codex can include this information in context at startup without spawning all the servers. This is designed to save resources by loading MCP servers lazily.
-
-This config option is comparable to how Claude and Cursor define `mcpServers` in their respective JSON config files, though because Codex uses TOML for its config language, the format is slightly different. For example, the following config in JSON:
-
-```json
-{
-  "mcpServers": {
-    "server-name": {
-      "command": "npx",
-      "args": ["-y", "mcp-server"],
-      "env": {
-        "API_KEY": "value"
-      }
-    }
-  }
-}
-```
-
-Should be represented as follows in `~/.codex/config.toml`:
-
-```toml
-# IMPORTANT: the top-level key is `mcp_servers` rather than `mcpServers`.
-[mcp_servers.server-name]
-command = "npx"
-args = ["-y", "mcp-server"]
-env = { "API_KEY" = "value" }
-```
-
-## disable_response_storage
-
-Currently, customers whose accounts are set to use Zero Data Retention (ZDR) must set `disable_response_storage` to `true` so that Codex uses an alternative to the Responses API that works with ZDR:
-
-```toml
-disable_response_storage = true
-```
-
-## shell_environment_policy
-
-Codex spawns subprocesses (e.g. when executing a `local_shell` tool-call suggested by the assistant). By default it now passes **your full environment** to those subprocesses. You can tune this behavior via the **`shell_environment_policy`** block in `config.toml`:
-
-```toml
-[shell_environment_policy]
-# inherit can be "all" (default), "core", or "none"
-inherit = "core"
-# set to true to *skip* the filter for `"*KEY*"` and `"*TOKEN*"`
-ignore_default_excludes = false
-# exclude patterns (case-insensitive globs)
-exclude = ["AWS_*", "AZURE_*"]
-# force-set / override values
-set = { CI = "1" }
-# if provided, *only* vars matching these patterns are kept
-include_only = ["PATH", "HOME"]
-```
-
-| Field                     | Type                       | Default | Description                                                                                                                                     |
-| ------------------------- | -------------------------- | ------- | ----------------------------------------------------------------------------------------------------------------------------------------------- |
-| `inherit`                 | string                     | `all`   | Starting template for the environment:<br>`all` (clone full parent env), `core` (`HOME`, `PATH`, `USER`, …), or `none` (start empty).           |
-| `ignore_default_excludes` | boolean                    | `false` | When `false`, Codex removes any var whose **name** contains `KEY`, `SECRET`, or `TOKEN` (case-insensitive) before other rules run.              |
-| `exclude`                 | array&lt;string&gt;        | `[]`    | Case-insensitive glob patterns to drop after the default filter.<br>Examples: `"AWS_*"`, `"AZURE_*"`.                                           |
-| `set`                     | table&lt;string,string&gt; | `{}`    | Explicit key/value overrides or additions – always win over inherited values.                                                                   |
-| `include_only`            | array&lt;string&gt;        | `[]`    | If non-empty, a whitelist of patterns; only variables that match _one_ pattern survive the final step. (Generally used with `inherit = "all"`.) |
-
-The patterns are **glob style**, not full regular expressions: `*` matches any
-number of characters, `?` matches exactly one, and character classes like
-`[A-Z]`/`[^0-9]` are supported. Matching is always **case-insensitive**. This
-syntax is documented in code as `EnvironmentVariablePattern` (see
-`core/src/config_types.rs`).
-
-If you just need a clean slate with a few custom entries you can write:
-
-```toml
-[shell_environment_policy]
-inherit = "none"
-set = { PATH = "/usr/bin", MY_FLAG = "1" }
-```
-
-Currently, `CODEX_SANDBOX_NETWORK_DISABLED=1` is also added to the environment, assuming network is disabled. This is not configurable.
-
-## notify
-
-Specify a program that will be executed to get notified about events generated by Codex. Note that the program will receive the notification argument as a string of JSON, e.g.:
-
-```json
-{
-  "type": "agent-turn-complete",
-  "turn-id": "12345",
-  "input-messages": ["Rename `foo` to `bar` and update the callsites."],
-  "last-assistant-message": "Rename complete and verified `cargo build` succeeds."
-}
-```
-
-The `"type"` property will always be set. Currently, `"agent-turn-complete"` is the only notification type that is supported.
-
-As an example, here is a Python script that parses the JSON and decides whether to show a desktop push notification using [terminal-notifier](https://github.com/julienXX/terminal-notifier) on macOS:
-
-```python
-#!/usr/bin/env python3
-
-import json
-import subprocess
-import sys
-
-
-def main() -> int:
-    if len(sys.argv) != 2:
-        print("Usage: notify.py <NOTIFICATION_JSON>")
-        return 1
-
-    try:
-        notification = json.loads(sys.argv[1])
-    except json.JSONDecodeError:
-        return 1
-
-    match notification_type := notification.get("type"):
-        case "agent-turn-complete":
-            assistant_message = notification.get("last-assistant-message")
-            if assistant_message:
-                title = f"Codex: {assistant_message}"
-            else:
-                title = "Codex: Turn Complete!"
-            input_messages = notification.get("input_messages", [])
-            message = " ".join(input_messages)
-            title += message
-        case _:
-            print(f"not sending a push notification for: {notification_type}")
-            return 0
-
-    subprocess.check_output(
-        [
-            "terminal-notifier",
-            "-title",
-            title,
-            "-message",
-            message,
-            "-group",
-            "codex",
-            "-ignoreDnD",
-            "-activate",
-            "com.googlecode.iterm2",
-        ]
-    )
-
-    return 0
-
-
-if __name__ == "__main__":
-    sys.exit(main())
-```
-
-To have Codex use this script for notifications, you would configure it via `notify` in `~/.codex/config.toml` using the appropriate path to `notify.py` on your computer:
-
-```toml
-notify = ["python3", "/Users/mbolin/.codex/notify.py"]
-```
-
-## history
-
-By default, Codex CLI records messages sent to the model in `$CODEX_HOME/history.jsonl`. Note that on UNIX, the file permissions are set to `o600`, so it should only be readable and writable by the owner.
-
-To disable this behavior, configure `[history]` as follows:
-
-```toml
-[history]
-persistence = "none"  # "save-all" is the default value
-```
-
-## file_opener
-
-Identifies the editor/URI scheme to use for hyperlinking citations in model output. If set, citations to files in the model output will be hyperlinked using the specified URI scheme so they can be ctrl/cmd-clicked from the terminal to open them.
-
-For example, if the model output includes a reference such as `【F:/home/user/project/main.py†L42-L50】`, then this would be rewritten to link to the URI `vscode://file/home/user/project/main.py:42`.
-
-Note this is **not** a general editor setting (like `$EDITOR`), as it only accepts a fixed set of values:
-
-- `"vscode"` (default)
-- `"vscode-insiders"`
-- `"windsurf"`
-- `"cursor"`
-- `"none"` to explicitly disable this feature
-
-Currently, `"vscode"` is the default, though Codex does not verify VS Code is installed. As such, `file_opener` may default to `"none"` or something else in the future.
-
-## hide_agent_reasoning
-
-Codex intermittently emits "reasoning" events that show the model's internal "thinking" before it produces a final answer. Some users may find these events distracting, especially in CI logs or minimal terminal output.
-
-Setting `hide_agent_reasoning` to `true` suppresses these events in **both** the TUI as well as the headless `exec` sub-command:
-
-```toml
-hide_agent_reasoning = true   # defaults to false
-```
-
-## show_raw_agent_reasoning
-
-Surfaces the model’s raw chain-of-thought ("raw reasoning content") when available.
-
-Notes:
-
-- Only takes effect if the selected model/provider actually emits raw reasoning content. Many models do not. When unsupported, this option has no visible effect.
-- Raw reasoning may include intermediate thoughts or sensitive context. Enable only if acceptable for your workflow.
-
-Example:
-
-```toml
-show_raw_agent_reasoning = true  # defaults to false
-```
-
-## model_context_window
-
-The size of the context window for the model, in tokens.
-
-In general, Codex knows the context window for the most common OpenAI models, but if you are using a new model with an old version of the Codex CLI, then you can use `model_context_window` to tell Codex what value to use to determine how much context is left during a conversation.
-
-## model_max_output_tokens
-
-This is analogous to `model_context_window`, but for the maximum number of output tokens for the model.
-
-## project_doc_max_bytes
-
-Maximum number of bytes to read from an `AGENTS.md` file to include in the instructions sent with the first turn of a session. Defaults to 32 KiB.
-
-## tui
-
-Options that are specific to the TUI.
-
-```toml
-[tui]
-# More to come here
-```
+- Full config docs: [docs/config.md](../docs/config.md)
+- MCP servers section: [docs/config.md#mcp_servers](../docs/config.md#mcp_servers) 

codex-rs/core/Cargo.toml

@@ -4,85 +4,89 @@ name = "codex-core"
 version = { workspace = true }
 
 [lib]
+doctest = false
 name = "codex_core"
 path = "src/lib.rs"
-doctest = false
 
 [lints]
 workspace = true
 
 [dependencies]
-anyhow = "1"
-async-channel = "2.3.1"
-base64 = "0.22"
-bytes = "1.10.1"
-chrono = { version = "0.4", features = ["serde"] }
-codex-apply-patch = { path = "../apply-patch" }
-codex-login = { path = "../login" }
-codex-mcp-client = { path = "../mcp-client" }
-codex-protocol = { path = "../protocol" }
-dirs = "6"
-env-flags = "0.1.1"
-eventsource-stream = "0.2.3"
-futures = "0.3"
-libc = "0.2.175"
-mcp-types = { path = "../mcp-types" }
-mime_guess = "2.0"
-os_info = "3.12.0"
-portable-pty = "0.9.0"
-rand = "0.9"
-regex-lite = "0.1.6"
-reqwest = { version = "0.12", features = ["json", "stream"] }
-serde = { version = "1", features = ["derive"] }
-serde_bytes = "0.11"
-serde_json = "1"
-sha1 = "0.10.6"
-shlex = "1.3.0"
-similar = "2.7.0"
-strum_macros = "0.27.2"
-tempfile = "3"
-thiserror = "2.0.12"
-time = { version = "0.3", features = ["formatting", "local-offset", "macros"] }
-tokio = { version = "1", features = [
+anyhow = { workspace = true }
+askama = { workspace = true }
+async-channel = { workspace = true }
+base64 = { workspace = true }
+bytes = { workspace = true }
+chrono = { workspace = true, features = ["serde"] }
+codex-apply-patch = { workspace = true }
+codex-file-search = { workspace = true }
+codex-mcp-client = { workspace = true }
+codex-protocol = { workspace = true }
+dirs = { workspace = true }
+env-flags = { workspace = true }
+eventsource-stream = { workspace = true }
+futures = { workspace = true }
+libc = { workspace = true }
+mcp-types = { workspace = true }
+os_info = { workspace = true }
+portable-pty = { workspace = true }
+rand = { workspace = true }
+regex-lite = { workspace = true }
+reqwest = { workspace = true, features = ["json", "stream"] }
+serde = { workspace = true, features = ["derive"] }
+serde_json = { workspace = true }
+sha1 = { workspace = true }
+shlex = { workspace = true }
+similar = { workspace = true }
+strum_macros = { workspace = true }
+tempfile = { workspace = true }
+thiserror = { workspace = true }
+time = { workspace = true, features = [
+    "formatting",
+    "parsing",
+    "local-offset",
+    "macros",
+] }
+tokio = { workspace = true, features = [
     "io-std",
     "macros",
     "process",
     "rt-multi-thread",
     "signal",
 ] }
-tokio-util = "0.7.16"
-toml = "0.9.5"
-toml_edit = "0.23.4"
-tracing = { version = "0.1.41", features = ["log"] }
-tree-sitter = "0.25.8"
-tree-sitter-bash = "0.25.0"
-uuid = { version = "1", features = ["serde", "v4"] }
-whoami = "1.6.1"
-wildmatch = "2.4.0"
+tokio-util = { workspace = true }
+toml = { workspace = true }
+toml_edit = { workspace = true }
+tracing = { workspace = true, features = ["log"] }
+tree-sitter = { workspace = true }
+tree-sitter-bash = { workspace = true }
+uuid = { workspace = true, features = ["serde", "v4"] }
+which = { workspace = true }
+wildmatch = { workspace = true }
 
 
 [target.'cfg(target_os = "linux")'.dependencies]
-landlock = "0.4.1"
-seccompiler = "0.5.0"
+landlock = { workspace = true }
+seccompiler = { workspace = true }
 
 # Build OpenSSL from source for musl builds.
 [target.x86_64-unknown-linux-musl.dependencies]
-openssl-sys = { version = "*", features = ["vendored"] }
+openssl-sys = { workspace = true, features = ["vendored"] }
 
 # Build OpenSSL from source for musl builds.
 [target.aarch64-unknown-linux-musl.dependencies]
-openssl-sys = { version = "*", features = ["vendored"] }
-
-[target.'cfg(target_os = "windows")'.dependencies]
-which = "6"
+openssl-sys = { workspace = true, features = ["vendored"] }
 
 [dev-dependencies]
-assert_cmd = "2"
-core_test_support = { path = "tests/common" }
-maplit = "1.0.2"
-predicates = "3"
-pretty_assertions = "1.4.1"
-tempfile = "3"
-tokio-test = "0.4"
-walkdir = "2.5.0"
-wiremock = "0.6"
+assert_cmd = { workspace = true }
+core_test_support = { workspace = true }
+maplit = { workspace = true }
+predicates = { workspace = true }
+pretty_assertions = { workspace = true }
+tempfile = { workspace = true }
+tokio-test = { workspace = true }
+walkdir = { workspace = true }
+wiremock = { workspace = true }
+
+[package.metadata.cargo-shear]
+ignored = ["openssl-sys"]

codex-rs/core/gpt_5_codex_prompt.md

@@ -0,0 +1,104 @@
+You are Codex, based on GPT-5. You are running as a coding agent in the Codex CLI on a user's computer.
+
+## General
+
+- The arguments to `shell` will be passed to execvp(). Most terminal commands should be prefixed with ["bash", "-lc"].
+- Always set the `workdir` param when using the shell function. Do not use `cd` unless absolutely necessary.
+- When searching for text or files, prefer using `rg` or `rg --files` respectively because `rg` is much faster than alternatives like `grep`. (If the `rg` command is not found, then use alternatives.)
+
+## Editing constraints
+
+- Default to ASCII when editing or creating files. Only introduce non-ASCII or other Unicode characters when there is a clear justification and the file already uses them.
+- Add succinct code comments that explain what is going on if code is not self-explanatory. You should not add comments like "Assigns the value to the variable", but a brief comment might be useful ahead of a complex code block that the user would otherwise have to spend time parsing out. Usage of these comments should be rare.
+- You may be in a dirty git worktree.
+    * NEVER revert existing changes you did not make unless explicitly requested, since these changes were made by the user.
+    * If asked to make a commit or code edits and there are unrelated changes to your work or changes that you didn't make in those files, don't revert those changes.
+    * If the changes are in files you've touched recently, you should read carefully and understand how you can work with the changes rather than reverting them.
+    * If the changes are in unrelated files, just ignore them and don't revert them.
+- While you are working, you might notice unexpected changes that you didn't make. If this happens, STOP IMMEDIATELY and ask the user how they would like to proceed.
+
+## Plan tool
+
+When using the planning tool:
+- Skip using the planning tool for straightforward tasks (roughly the easiest 25%).
+- Do not make single-step plans.
+- When you made a plan, update it after having performed one of the sub-tasks that you shared on the plan.
+
+## Codex CLI harness, sandboxing, and approvals
+
+The Codex CLI harness supports several different configurations for sandboxing and escalation approvals that the user can choose from.
+
+Filesystem sandboxing defines which files can be read or written. The options for `sandbox_mode` are:
+- **read-only**: The sandbox only permits reading files.
+- **workspace-write**: The sandbox permits reading files, and editing files in `cwd` and `writable_roots`. Editing files in other directories requires approval.
+- **danger-full-access**: No filesystem sandboxing - all commands are permitted.
+
+Network sandboxing defines whether network can be accessed without approval. Options for `network_access` are:
+- **restricted**: Requires approval
+- **enabled**: No approval needed
+
+Approvals are your mechanism to get user consent to run shell commands without the sandbox. Possible configuration options for `approval_policy` are
+- **untrusted**: The harness will escalate most commands for user approval, apart from a limited allowlist of safe "read" commands.
+- **on-failure**: The harness will allow all commands to run in the sandbox (if enabled), and failures will be escalated to the user for approval to run again without the sandbox.
+- **on-request**: Commands will be run in the sandbox by default, and you can specify in your tool call if you want to escalate a command to run without sandboxing. (Note that this mode is not always available. If it is, you'll see parameters for it in the `shell` command description.)
+- **never**: This is a non-interactive mode where you may NEVER ask the user for approval to run commands. Instead, you must always persist and work around constraints to solve the task for the user. You MUST do your utmost best to finish the task and validate your work before yielding. If this mode is paired with `danger-full-access`, take advantage of it to deliver the best outcome for the user. Further, in this mode, your default testing philosophy is overridden: Even if you don't see local patterns for testing, you may add tests and scripts to validate your work. Just remove them before yielding.
+
+When you are running with `approval_policy == on-request`, and sandboxing enabled, here are scenarios where you'll need to request approval:
+- You need to run a command that writes to a directory that requires it (e.g. running tests that write to /var)
+- You need to run a GUI app (e.g., open/xdg-open/osascript) to open browsers or files.
+- You are running sandboxed and need to run a command that requires network access (e.g. installing packages)
+- If you run a command that is important to solving the user's query, but it fails because of sandboxing, rerun the command with approval. ALWAYS proceed to use the `with_escalated_permissions` and `justification` parameters - do not message the user before requesting approval for the command.
+- You are about to take a potentially destructive action such as an `rm` or `git reset` that the user did not explicitly ask for
+- (for all of these, you should weigh alternative paths that do not require approval)
+
+When `sandbox_mode` is set to read-only, you'll need to request approval for any command that isn't a read.
+
+You will be told what filesystem sandboxing, network sandboxing, and approval mode are active in a developer or user message. If you are not told about this, assume that you are running with workspace-write, network sandboxing enabled, and approval on-failure.
+
+Although they introduce friction to the user because your work is paused until the user responds, you should leverage them when necessary to accomplish important work. If the completing the task requires escalated permissions, Do not let these settings or the sandbox deter you from attempting to accomplish the user's task unless it is set to "never", in which case never ask for approvals.
+
+When requesting approval to execute a command that will require escalated privileges:
+  - Provide the `with_escalated_permissions` parameter with the boolean value true
+  - Include a short, 1 sentence explanation for why you need to enable `with_escalated_permissions` in the justification parameter
+
+## Special user requests
+
+- If the user makes a simple request (such as asking for the time) which you can fulfill by running a terminal command (such as `date`), you should do so.
+- If the user asks for a "review", default to a code review mindset: prioritise identifying bugs, risks, behavioural regressions, and missing tests. Findings must be the primary focus of the response - keep summaries or overviews brief and only after enumerating the issues. Present findings first (ordered by severity with file/line references), follow with open questions or assumptions, and offer a change-summary only as a secondary detail. If no findings are discovered, state that explicitly and mention any residual risks or testing gaps.
+
+## Presenting your work and final message
+
+You are producing plain text that will later be styled by the CLI. Follow these rules exactly. Formatting should make results easy to scan, but not feel mechanical. Use judgment to decide how much structure adds value.
+
+- Default: be very concise; friendly coding teammate tone.
+- Ask only when needed; suggest ideas; mirror the user's style.
+- For substantial work, summarize clearly; follow final‑answer formatting.
+- Skip heavy formatting for simple confirmations.
+- Don't dump large files you've written; reference paths only.
+- No "save/copy this file" - User is on the same machine.
+- Offer logical next steps (tests, commits, build) briefly; add verify steps if you couldn't do something.
+- For code changes:
+  * Lead with a quick explanation of the change, and then give more details on the context covering where and why a change was made. Do not start this explanation with "summary", just jump right in.
+  * If there are natural next steps the user may want to take, suggest them at the end of your response. Do not make suggestions if there are no natural next steps.
+  * When suggesting multiple options, use numeric lists for the suggestions so the user can quickly respond with a single number.
+- The user does not command execution outputs. When asked to show the output of a command (e.g. `git show`), relay the important details in your answer or summarize the key lines so the user understands the result.
+
+### Final answer structure and style guidelines
+
+- Plain text; CLI handles styling. Use structure only when it helps scanability.
+- Headers: optional; short Title Case (1-3 words) wrapped in **…**; no blank line before the first bullet; add only if they truly help.
+- Bullets: use - ; merge related points; keep to one line when possible; 4–6 per list ordered by importance; keep phrasing consistent.
+- Monospace: backticks for commands/paths/env vars/code ids and inline examples; use for literal keyword bullets; never combine with **.
+- Code samples or multi-line snippets should be wrapped in fenced code blocks; add a language hint whenever obvious.
+- Structure: group related bullets; order sections general → specific → supporting; for subsections, start with a bolded keyword bullet, then items; match complexity to the task.
+- Tone: collaborative, concise, factual; present tense, active voice; self‑contained; no "above/below"; parallel wording.
+- Don'ts: no nested bullets/hierarchies; no ANSI codes; don't cram unrelated keywords; keep keyword lists short—wrap/reformat if long; avoid naming formatting styles in answers.
+- Adaptation: code explanations → precise, structured with code refs; simple tasks → lead with outcome; big changes → logical walkthrough + rationale + next actions; casual one-offs → plain sentences, no headers/bullets.
+- File References: When referencing files in your response, make sure to include the relevant start line and always follow the below rules:
+  * Use inline code to make file paths clickable.
+  * Each reference should have a stand alone path. Even if it's the same file.
+  * Accepted: absolute, workspace‑relative, a/ or b/ diff prefixes, or bare filename/suffix.
+  * Line/column (1‑based, optional): :line[:column] or #Lline[Ccolumn] (column defaults to 1).
+  * Do not use URIs like file://, vscode://, or https://.
+  * Do not provide range of lines
+  * Examples: src/app.ts, src/app.ts:42, b/server/index.js#L10, C:\repo\project\main.rs:12:5

codex-rs/core/prompt.md

@@ -14,6 +14,18 @@ Within this context, Codex refers to the open-source agentic coding interface (n
 
 Your default personality and tone is concise, direct, and friendly. You communicate efficiently, always keeping the user clearly informed about ongoing actions without unnecessary detail. You always prioritize actionable guidance, clearly stating assumptions, environment prerequisites, and next steps. Unless explicitly asked, you avoid excessively verbose explanations about your work.
 
+# AGENTS.md spec
+- Repos often contain AGENTS.md files. These files can appear anywhere within the repository.
+- These files are a way for humans to give you (the agent) instructions or tips for working within the container.
+- Some examples might be: coding conventions, info about how code is organized, or instructions for how to run or test code.
+- Instructions in AGENTS.md files:
+    - The scope of an AGENTS.md file is the entire directory tree rooted at the folder that contains it.
+    - For every file you touch in the final patch, you must obey instructions in any AGENTS.md file whose scope includes that file.
+    - Instructions about code style, structure, naming, etc. apply only to code within the AGENTS.md file's scope, unless the file states otherwise.
+    - More-deeply-nested AGENTS.md files take precedence in the case of conflicting instructions.
+    - Direct system/developer/user instructions (as part of a prompt) take precedence over AGENTS.md instructions.
+- The contents of the AGENTS.md file at the root of the repo and any directories from the CWD up to the root are included with the developer message and don't need to be re-read. When working in a subdirectory of CWD, or a directory outside the CWD, check for any AGENTS.md files that may be applicable.
+
 ## Responsiveness
 
 ### Preamble messages
@@ -134,14 +146,6 @@ If completing the user's task requires writing or modifying files, your code and
 - Do not use one-letter variable names unless explicitly requested.
 - NEVER output inline citations like "【F:README.md†L5-L14】" in your outputs. The CLI is not able to render these so they will just be broken in the UI. Instead, if you output valid filepaths, users will be able to click on them to open the files in their editor.
 
-## Testing your work
-
-If the codebase has tests or the ability to build or run, you should use them to verify that your work is complete. Generally, your testing philosophy should be to start as specific as possible to the code you changed so that you can catch issues efficiently, then make your way to broader tests as you build confidence. If there's no test for the code you changed, and if the adjacent patterns in the codebases show that there's a logical place for you to add a test, you may do so. However, do not add tests to codebases with no tests, or where the patterns don't indicate so.
-
-Once you're confident in correctness, use formatting commands to ensure that your code is well formatted. These commands can take time so you should run them on as precise a target as possible. If there are issues you can iterate up to 3 times to get formatting right, but if you still can't manage it's better to save the user time and present them a correct solution where you call out the formatting in your final message. If the codebase does not have a formatter configured, do not add one.
-
-For all of testing, running, building, and formatting, do not attempt to fix unrelated bugs. It is not your responsibility to fix them. (You may mention them to the user in your final message though.)
-
 ## Sandbox and approvals
 
 The Codex CLI harness supports several different sandboxing, and approval configurations that the user can choose from.
@@ -177,6 +181,22 @@ Note that when sandboxing is set to read-only, you'll need to request approval f
 
 You will be told what filesystem sandboxing, network sandboxing, and approval mode are active in a developer or user message. If you are not told about this, assume that you are running with workspace-write, network sandboxing ON, and approval on-failure.
 
+## Validating your work
+
+If the codebase has tests or the ability to build or run, consider using them to verify that your work is complete. 
+
+When testing, your philosophy should be to start as specific as possible to the code you changed so that you can catch issues efficiently, then make your way to broader tests as you build confidence. If there's no test for the code you changed, and if the adjacent patterns in the codebases show that there's a logical place for you to add a test, you may do so. However, do not add tests to codebases with no tests.
+
+Similarly, once you're confident in correctness, you can suggest or use formatting commands to ensure that your code is well formatted. If there are issues you can iterate up to 3 times to get formatting right, but if you still can't manage it's better to save the user time and present them a correct solution where you call out the formatting in your final message. If the codebase does not have a formatter configured, do not add one.
+
+For all of testing, running, building, and formatting, do not attempt to fix unrelated bugs. It is not your responsibility to fix them. (You may mention them to the user in your final message though.)
+
+Be mindful of whether to run validation commands proactively. In the absence of behavioral guidance:
+
+- When running in non-interactive approval modes like **never** or **on-failure**, proactively run tests, lint and do whatever you need to ensure you've completed the task.
+- When working in interactive approval modes like **untrusted**, or **on-request**, hold off on running tests or lint commands until the user is ready for you to finalize your output, because these commands take time to run and slow down iteration. Instead suggest what you want to do next, and let the user confirm first.
+- When working on test-related tasks, such as adding tests, fixing tests, or reproducing a bug to verify behavior, you may proactively run tests regardless of approval mode. Use your judgement to decide whether this is a test-related task.
+
 ## Ambition vs. precision
 
 For tasks that have no prior context (i.e. the user is starting something brand new), you should feel free to be ambitious and demonstrate creativity with your implementation.
@@ -220,7 +240,6 @@ You are producing plain text that will later be styled by the CLI. Follow these
 **Bullets**
 
 - Use `-` followed by a space for every bullet.
-- Bold the keyword, then colon + concise description.
 - Merge related points when possible; avoid a bullet for every trivial detail.
 - Keep bullets to one line unless breaking for clarity is unavoidable.
 - Group into short lists (4–6 bullets) ordered by importance.
@@ -232,6 +251,16 @@ You are producing plain text that will later be styled by the CLI. Follow these
 - Apply to inline examples and to bullet keywords if the keyword itself is a literal file/command.
 - Never mix monospace and bold markers; choose one based on whether it’s a keyword (`**`) or inline code/path (`` ` ``).
 
+**File References**
+When referencing files in your response, make sure to include the relevant start line and always follow the below rules:
+  * Use inline code to make file paths clickable.
+  * Each reference should have a stand alone path. Even if it's the same file.
+  * Accepted: absolute, workspace‑relative, a/ or b/ diff prefixes, or bare filename/suffix.
+  * Line/column (1‑based, optional): :line[:column] or #Lline[Ccolumn] (column defaults to 1).
+  * Do not use URIs like file://, vscode://, or https://.
+  * Do not provide range of lines
+  * Examples: src/app.ts, src/app.ts:42, b/server/index.js#L10, C:\repo\project\main.rs:12:5
+
 **Structure**
 
 - Place related bullets together; don’t mix unrelated concepts in the same section.

codex-rs/core/review_prompt.md

@@ -0,0 +1,87 @@
+# Review guidelines:
+
+You are acting as a reviewer for a proposed code change made by another engineer.
+
+Below are some default guidelines for determining whether the original author would appreciate the issue being flagged.
+
+These are not the final word in determining whether an issue is a bug. In many cases, you will encounter other, more specific guidelines. These may be present elsewhere in a developer message, a user message, a file, or even elsewhere in this system message.
+Those guidelines should be considered to override these general instructions.
+
+Here are the general guidelines for determining whether something is a bug and should be flagged.
+
+1. It meaningfully impacts the accuracy, performance, security, or maintainability of the code.
+2. The bug is discrete and actionable (i.e. not a general issue with the codebase or a combination of multiple issues).
+3. Fixing the bug does not demand a level of rigor that is not present in the rest of the codebase (e.g. one doesn't need very detailed comments and input validation in a repository of one-off scripts in personal projects)
+4. The bug was introduced in the commit (pre-existing bugs should not be flagged).
+5. The author of the original PR would likely fix the issue if they were made aware of it.
+6. The bug does not rely on unstated assumptions about the codebase or author's intent.
+7. It is not enough to speculate that a change may disrupt another part of the codebase, to be considered a bug, one must identify the other parts of the code that are provably affected.
+8. The bug is clearly not just an intentional change by the original author.
+
+When flagging a bug, you will also provide an accompanying comment. Once again, these guidelines are not the final word on how to construct a comment -- defer to any subsequent guidelines that you encounter.
+
+1. The comment should be clear about why the issue is a bug.
+2. The comment should appropriately communicate the severity of the issue. It should not claim that an issue is more severe than it actually is.
+3. The comment should be brief. The body should be at most 1 paragraph. It should not introduce line breaks within the natural language flow unless it is necessary for the code fragment.
+4. The comment should not include any chunks of code longer than 3 lines. Any code chunks should be wrapped in markdown inline code tags or a code block.
+5. The comment should clearly and explicitly communicate the scenarios, environments, or inputs that are necessary for the bug to arise. The comment should immediately indicate that the issue's severity depends on these factors.
+6. The comment's tone should be matter-of-fact and not accusatory or overly positive. It should read as a helpful AI assistant suggestion without sounding too much like a human reviewer.
+7. The comment should be written such that the original author can immediately grasp the idea without close reading.
+8. The comment should avoid excessive flattery and comments that are not helpful to the original author. The comment should avoid phrasing like "Great job ...", "Thanks for ...".
+
+Below are some more detailed guidelines that you should apply to this specific review.
+
+HOW MANY FINDINGS TO RETURN:
+
+Output all findings that the original author would fix if they knew about it. If there is no finding that a person would definitely love to see and fix, prefer outputting no findings. Do not stop at the first qualifying finding. Continue until you've listed every qualifying finding.
+
+GUIDELINES:
+
+- Ignore trivial style unless it obscures meaning or violates documented standards.
+- Use one comment per distinct issue (or a multi-line range if necessary).
+- Use ```suggestion blocks ONLY for concrete replacement code (minimal lines; no commentary inside the block).
+- In every ```suggestion block, preserve the exact leading whitespace of the replaced lines (spaces vs tabs, number of spaces).
+- Do NOT introduce or remove outer indentation levels unless that is the actual fix.
+
+The comments will be presented in the code review as inline comments. You should avoid providing unnecessary location details in the comment body. Always keep the line range as short as possible for interpreting the issue. Avoid ranges longer than 5–10 lines; instead, choose the most suitable subrange that pinpoints the problem.
+
+At the beginning of the finding title, tag the bug with priority level. For example "[P1] Un-padding slices along wrong tensor dimensions". [P0] – Drop everything to fix.  Blocking release, operations, or major usage. Only use for universal issues that do not depend on any assumptions about the inputs. · [P1] – Urgent. Should be addressed in the next cycle · [P2] – Normal. To be fixed eventually · [P3] – Low. Nice to have.
+
+Additionally, include a numeric priority field in the JSON output for each finding: set "priority" to 0 for P0, 1 for P1, 2 for P2, or 3 for P3. If a priority cannot be determined, omit the field or use null.
+
+At the end of your findings, output an "overall correctness" verdict of whether or not the patch should be considered "correct".
+Correct implies that existing code and tests will not break, and the patch is free of bugs and other blocking issues.
+Ignore non-blocking issues such as style, formatting, typos, documentation, and other nits.
+
+FORMATTING GUIDELINES:
+The finding description should be one paragraph.
+
+OUTPUT FORMAT:
+
+## Output schema  — MUST MATCH *exactly*
+
+```json
+{
+  "findings": [
+    {
+      "title": "<≤ 80 chars, imperative>",
+      "body": "<valid Markdown explaining *why* this is a problem; cite files/lines/functions>",
+      "confidence_score": <float 0.0-1.0>,
+      "priority": <int 0-3, optional>,
+      "code_location": {
+        "absolute_file_path": "<file path>",
+        "line_range": {"start": <int>, "end": <int>}
+      }
+    }
+  ],
+  "overall_correctness": "patch is correct" | "patch is incorrect",
+  "overall_explanation": "<1-3 sentence explanation justifying the overall_correctness verdict>",
+  "overall_confidence_score": <float 0.0-1.0>
+}
+```
+
+* **Do not** wrap the JSON in markdown fences or extra prose.
+* The code_location field is required and must include absolute_file_path and line_range.
+*Line ranges must be as short as possible for interpreting the issue (avoid ranges over 5–10 lines; pick the most suitable subrange).
+* The code_location should overlap with the diff.
+* Do not generate a PR fix.

codex-rs/core/src/apply_patch.rs

@@ -109,7 +109,9 @@ pub(crate) fn convert_apply_patch_to_protocol(
             ApplyPatchFileChange::Add { content } => FileChange::Add {
                 content: content.clone(),
             },
-            ApplyPatchFileChange::Delete => FileChange::Delete,
+            ApplyPatchFileChange::Delete { content } => FileChange::Delete {
+                content: content.clone(),
+            },
             ApplyPatchFileChange::Update {
                 unified_diff,
                 move_path,

codex-rs/core/src/auth.rs

@@ -0,0 +1,659 @@
+use chrono::DateTime;
+use chrono::Utc;
+use serde::Deserialize;
+use serde::Serialize;
+use std::env;
+use std::fs::File;
+use std::fs::OpenOptions;
+use std::io::Read;
+use std::io::Write;
+#[cfg(unix)]
+use std::os::unix::fs::OpenOptionsExt;
+use std::path::Path;
+use std::path::PathBuf;
+use std::sync::Arc;
+use std::sync::Mutex;
+use std::time::Duration;
+
+use codex_protocol::mcp_protocol::AuthMode;
+
+use crate::token_data::PlanType;
+use crate::token_data::TokenData;
+use crate::token_data::parse_id_token;
+
+#[derive(Debug, Clone)]
+pub struct CodexAuth {
+    pub mode: AuthMode,
+
+    pub(crate) api_key: Option<String>,
+    pub(crate) auth_dot_json: Arc<Mutex<Option<AuthDotJson>>>,
+    pub(crate) auth_file: PathBuf,
+    pub(crate) client: reqwest::Client,
+}
+
+impl PartialEq for CodexAuth {
+    fn eq(&self, other: &Self) -> bool {
+        self.mode == other.mode
+    }
+}
+
+impl CodexAuth {
+    pub async fn refresh_token(&self) -> Result<String, std::io::Error> {
+        let token_data = self
+            .get_current_token_data()
+            .ok_or(std::io::Error::other("Token data is not available."))?;
+        let token = token_data.refresh_token;
+
+        let refresh_response = try_refresh_token(token, &self.client)
+            .await
+            .map_err(std::io::Error::other)?;
+
+        let updated = update_tokens(
+            &self.auth_file,
+            refresh_response.id_token,
+            refresh_response.access_token,
+            refresh_response.refresh_token,
+        )
+        .await?;
+
+        if let Ok(mut auth_lock) = self.auth_dot_json.lock() {
+            *auth_lock = Some(updated.clone());
+        }
+
+        let access = match updated.tokens {
+            Some(t) => t.access_token,
+            None => {
+                return Err(std::io::Error::other(
+                    "Token data is not available after refresh.",
+                ));
+            }
+        };
+        Ok(access)
+    }
+
+    /// Loads the available auth information from the auth.json.
+    pub fn from_codex_home(codex_home: &Path) -> std::io::Result<Option<CodexAuth>> {
+        load_auth(codex_home)
+    }
+
+    pub async fn get_token_data(&self) -> Result<TokenData, std::io::Error> {
+        let auth_dot_json: Option<AuthDotJson> = self.get_current_auth_json();
+        match auth_dot_json {
+            Some(AuthDotJson {
+                tokens: Some(mut tokens),
+                last_refresh: Some(last_refresh),
+                ..
+            }) => {
+                if last_refresh < Utc::now() - chrono::Duration::days(28) {
+                    let refresh_response = tokio::time::timeout(
+                        Duration::from_secs(60),
+                        try_refresh_token(tokens.refresh_token.clone(), &self.client),
+                    )
+                    .await
+                    .map_err(|_| {
+                        std::io::Error::other("timed out while refreshing OpenAI API key")
+                    })?
+                    .map_err(std::io::Error::other)?;
+
+                    let updated_auth_dot_json = update_tokens(
+                        &self.auth_file,
+                        refresh_response.id_token,
+                        refresh_response.access_token,
+                        refresh_response.refresh_token,
+                    )
+                    .await?;
+
+                    tokens = updated_auth_dot_json
+                        .tokens
+                        .clone()
+                        .ok_or(std::io::Error::other(
+                            "Token data is not available after refresh.",
+                        ))?;
+
+                    #[expect(clippy::unwrap_used)]
+                    let mut auth_lock = self.auth_dot_json.lock().unwrap();
+                    *auth_lock = Some(updated_auth_dot_json);
+                }
+
+                Ok(tokens)
+            }
+            _ => Err(std::io::Error::other("Token data is not available.")),
+        }
+    }
+
+    pub async fn get_token(&self) -> Result<String, std::io::Error> {
+        match self.mode {
+            AuthMode::ApiKey => Ok(self.api_key.clone().unwrap_or_default()),
+            AuthMode::ChatGPT => {
+                let id_token = self.get_token_data().await?.access_token;
+                Ok(id_token)
+            }
+        }
+    }
+
+    pub fn get_account_id(&self) -> Option<String> {
+        self.get_current_token_data().and_then(|t| t.account_id)
+    }
+
+    pub(crate) fn get_plan_type(&self) -> Option<PlanType> {
+        self.get_current_token_data()
+            .and_then(|t| t.id_token.chatgpt_plan_type)
+    }
+
+    fn get_current_auth_json(&self) -> Option<AuthDotJson> {
+        #[expect(clippy::unwrap_used)]
+        self.auth_dot_json.lock().unwrap().clone()
+    }
+
+    fn get_current_token_data(&self) -> Option<TokenData> {
+        self.get_current_auth_json().and_then(|t| t.tokens)
+    }
+
+    /// Consider this private to integration tests.
+    pub fn create_dummy_chatgpt_auth_for_testing() -> Self {
+        let auth_dot_json = AuthDotJson {
+            openai_api_key: None,
+            tokens: Some(TokenData {
+                id_token: Default::default(),
+                access_token: "Access Token".to_string(),
+                refresh_token: "test".to_string(),
+                account_id: Some("account_id".to_string()),
+            }),
+            last_refresh: Some(Utc::now()),
+        };
+
+        let auth_dot_json = Arc::new(Mutex::new(Some(auth_dot_json)));
+        Self {
+            api_key: None,
+            mode: AuthMode::ChatGPT,
+            auth_file: PathBuf::new(),
+            auth_dot_json,
+            client: crate::default_client::create_client(),
+        }
+    }
+
+    fn from_api_key_with_client(api_key: &str, client: reqwest::Client) -> Self {
+        Self {
+            api_key: Some(api_key.to_owned()),
+            mode: AuthMode::ApiKey,
+            auth_file: PathBuf::new(),
+            auth_dot_json: Arc::new(Mutex::new(None)),
+            client,
+        }
+    }
+
+    pub fn from_api_key(api_key: &str) -> Self {
+        Self::from_api_key_with_client(api_key, crate::default_client::create_client())
+    }
+}
+
+pub const OPENAI_API_KEY_ENV_VAR: &str = "OPENAI_API_KEY";
+
+pub fn read_openai_api_key_from_env() -> Option<String> {
+    env::var(OPENAI_API_KEY_ENV_VAR)
+        .ok()
+        .map(|value| value.trim().to_string())
+        .filter(|value| !value.is_empty())
+}
+
+pub fn get_auth_file(codex_home: &Path) -> PathBuf {
+    codex_home.join("auth.json")
+}
+
+/// Delete the auth.json file inside `codex_home` if it exists. Returns `Ok(true)`
+/// if a file was removed, `Ok(false)` if no auth file was present.
+pub fn logout(codex_home: &Path) -> std::io::Result<bool> {
+    let auth_file = get_auth_file(codex_home);
+    match std::fs::remove_file(&auth_file) {
+        Ok(_) => Ok(true),
+        Err(err) if err.kind() == std::io::ErrorKind::NotFound => Ok(false),
+        Err(err) => Err(err),
+    }
+}
+
+/// Writes an `auth.json` that contains only the API key.
+pub fn login_with_api_key(codex_home: &Path, api_key: &str) -> std::io::Result<()> {
+    let auth_dot_json = AuthDotJson {
+        openai_api_key: Some(api_key.to_string()),
+        tokens: None,
+        last_refresh: None,
+    };
+    write_auth_json(&get_auth_file(codex_home), &auth_dot_json)
+}
+
+fn load_auth(codex_home: &Path) -> std::io::Result<Option<CodexAuth>> {
+    let auth_file = get_auth_file(codex_home);
+    let client = crate::default_client::create_client();
+    let auth_dot_json = match try_read_auth_json(&auth_file) {
+        Ok(auth) => auth,
+        Err(e) => {
+            return Err(e);
+        }
+    };
+
+    let AuthDotJson {
+        openai_api_key: auth_json_api_key,
+        tokens,
+        last_refresh,
+    } = auth_dot_json;
+
+    // Prefer AuthMode.ApiKey if it's set in the auth.json.
+    if let Some(api_key) = &auth_json_api_key {
+        return Ok(Some(CodexAuth::from_api_key_with_client(api_key, client)));
+    }
+
+    Ok(Some(CodexAuth {
+        api_key: None,
+        mode: AuthMode::ChatGPT,
+        auth_file,
+        auth_dot_json: Arc::new(Mutex::new(Some(AuthDotJson {
+            openai_api_key: None,
+            tokens,
+            last_refresh,
+        }))),
+        client,
+    }))
+}
+
+/// Attempt to read and refresh the `auth.json` file in the given `CODEX_HOME` directory.
+/// Returns the full AuthDotJson structure after refreshing if necessary.
+pub fn try_read_auth_json(auth_file: &Path) -> std::io::Result<AuthDotJson> {
+    let mut file = File::open(auth_file)?;
+    let mut contents = String::new();
+    file.read_to_string(&mut contents)?;
+    let auth_dot_json: AuthDotJson = serde_json::from_str(&contents)?;
+
+    Ok(auth_dot_json)
+}
+
+pub fn write_auth_json(auth_file: &Path, auth_dot_json: &AuthDotJson) -> std::io::Result<()> {
+    let json_data = serde_json::to_string_pretty(auth_dot_json)?;
+    let mut options = OpenOptions::new();
+    options.truncate(true).write(true).create(true);
+    #[cfg(unix)]
+    {
+        options.mode(0o600);
+    }
+    let mut file = options.open(auth_file)?;
+    file.write_all(json_data.as_bytes())?;
+    file.flush()?;
+    Ok(())
+}
+
+async fn update_tokens(
+    auth_file: &Path,
+    id_token: String,
+    access_token: Option<String>,
+    refresh_token: Option<String>,
+) -> std::io::Result<AuthDotJson> {
+    let mut auth_dot_json = try_read_auth_json(auth_file)?;
+
+    let tokens = auth_dot_json.tokens.get_or_insert_with(TokenData::default);
+    tokens.id_token = parse_id_token(&id_token).map_err(std::io::Error::other)?;
+    if let Some(access_token) = access_token {
+        tokens.access_token = access_token;
+    }
+    if let Some(refresh_token) = refresh_token {
+        tokens.refresh_token = refresh_token;
+    }
+    auth_dot_json.last_refresh = Some(Utc::now());
+    write_auth_json(auth_file, &auth_dot_json)?;
+    Ok(auth_dot_json)
+}
+
+async fn try_refresh_token(
+    refresh_token: String,
+    client: &reqwest::Client,
+) -> std::io::Result<RefreshResponse> {
+    let refresh_request = RefreshRequest {
+        client_id: CLIENT_ID,
+        grant_type: "refresh_token",
+        refresh_token,
+        scope: "openid profile email",
+    };
+
+    // Use shared client factory to include standard headers
+    let response = client
+        .post("https://auth.openai.com/oauth/token")
+        .header("Content-Type", "application/json")
+        .json(&refresh_request)
+        .send()
+        .await
+        .map_err(std::io::Error::other)?;
+
+    if response.status().is_success() {
+        let refresh_response = response
+            .json::<RefreshResponse>()
+            .await
+            .map_err(std::io::Error::other)?;
+        Ok(refresh_response)
+    } else {
+        Err(std::io::Error::other(format!(
+            "Failed to refresh token: {}",
+            response.status()
+        )))
+    }
+}
+
+#[derive(Serialize)]
+struct RefreshRequest {
+    client_id: &'static str,
+    grant_type: &'static str,
+    refresh_token: String,
+    scope: &'static str,
+}
+
+#[derive(Deserialize, Clone)]
+struct RefreshResponse {
+    id_token: String,
+    access_token: Option<String>,
+    refresh_token: Option<String>,
+}
+
+/// Expected structure for $CODEX_HOME/auth.json.
+#[derive(Deserialize, Serialize, Clone, Debug, PartialEq)]
+pub struct AuthDotJson {
+    #[serde(rename = "OPENAI_API_KEY")]
+    pub openai_api_key: Option<String>,
+
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub tokens: Option<TokenData>,
+
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub last_refresh: Option<DateTime<Utc>>,
+}
+
+// Shared constant for token refresh (client id used for oauth token refresh flow)
+pub const CLIENT_ID: &str = "app_EMoamEEZ73f0CkXaXp7hrann";
+
+use std::sync::RwLock;
+
+/// Internal cached auth state.
+#[derive(Clone, Debug)]
+struct CachedAuth {
+    auth: Option<CodexAuth>,
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::token_data::IdTokenInfo;
+    use crate::token_data::KnownPlan;
+    use crate::token_data::PlanType;
+    use base64::Engine;
+    use pretty_assertions::assert_eq;
+    use serde::Serialize;
+    use serde_json::json;
+    use tempfile::tempdir;
+
+    const LAST_REFRESH: &str = "2025-08-06T20:41:36.232376Z";
+
+    #[tokio::test]
+    async fn roundtrip_auth_dot_json() {
+        let codex_home = tempdir().unwrap();
+        let _ = write_auth_file(
+            AuthFileParams {
+                openai_api_key: None,
+                chatgpt_plan_type: "pro".to_string(),
+            },
+            codex_home.path(),
+        )
+        .expect("failed to write auth file");
+
+        let file = get_auth_file(codex_home.path());
+        let auth_dot_json = try_read_auth_json(&file).unwrap();
+        write_auth_json(&file, &auth_dot_json).unwrap();
+
+        let same_auth_dot_json = try_read_auth_json(&file).unwrap();
+        assert_eq!(auth_dot_json, same_auth_dot_json);
+    }
+
+    #[test]
+    fn login_with_api_key_overwrites_existing_auth_json() {
+        let dir = tempdir().unwrap();
+        let auth_path = dir.path().join("auth.json");
+        let stale_auth = json!({
+            "OPENAI_API_KEY": "sk-old",
+            "tokens": {
+                "id_token": "stale.header.payload",
+                "access_token": "stale-access",
+                "refresh_token": "stale-refresh",
+                "account_id": "stale-acc"
+            }
+        });
+        std::fs::write(
+            &auth_path,
+            serde_json::to_string_pretty(&stale_auth).unwrap(),
+        )
+        .unwrap();
+
+        super::login_with_api_key(dir.path(), "sk-new").expect("login_with_api_key should succeed");
+
+        let auth = super::try_read_auth_json(&auth_path).expect("auth.json should parse");
+        assert_eq!(auth.openai_api_key.as_deref(), Some("sk-new"));
+        assert!(auth.tokens.is_none(), "tokens should be cleared");
+    }
+
+    #[tokio::test]
+    async fn pro_account_with_no_api_key_uses_chatgpt_auth() {
+        let codex_home = tempdir().unwrap();
+        let fake_jwt = write_auth_file(
+            AuthFileParams {
+                openai_api_key: None,
+                chatgpt_plan_type: "pro".to_string(),
+            },
+            codex_home.path(),
+        )
+        .expect("failed to write auth file");
+
+        let CodexAuth {
+            api_key,
+            mode,
+            auth_dot_json,
+            auth_file: _,
+            ..
+        } = super::load_auth(codex_home.path()).unwrap().unwrap();
+        assert_eq!(None, api_key);
+        assert_eq!(AuthMode::ChatGPT, mode);
+
+        let guard = auth_dot_json.lock().unwrap();
+        let auth_dot_json = guard.as_ref().expect("AuthDotJson should exist");
+        assert_eq!(
+            &AuthDotJson {
+                openai_api_key: None,
+                tokens: Some(TokenData {
+                    id_token: IdTokenInfo {
+                        email: Some("user@example.com".to_string()),
+                        chatgpt_plan_type: Some(PlanType::Known(KnownPlan::Pro)),
+                        raw_jwt: fake_jwt,
+                    },
+                    access_token: "test-access-token".to_string(),
+                    refresh_token: "test-refresh-token".to_string(),
+                    account_id: None,
+                }),
+                last_refresh: Some(
+                    DateTime::parse_from_rfc3339(LAST_REFRESH)
+                        .unwrap()
+                        .with_timezone(&Utc)
+                ),
+            },
+            auth_dot_json
+        )
+    }
+
+    #[tokio::test]
+    async fn loads_api_key_from_auth_json() {
+        let dir = tempdir().unwrap();
+        let auth_file = dir.path().join("auth.json");
+        std::fs::write(
+            auth_file,
+            r#"{"OPENAI_API_KEY":"sk-test-key","tokens":null,"last_refresh":null}"#,
+        )
+        .unwrap();
+
+        let auth = super::load_auth(dir.path()).unwrap().unwrap();
+        assert_eq!(auth.mode, AuthMode::ApiKey);
+        assert_eq!(auth.api_key, Some("sk-test-key".to_string()));
+
+        assert!(auth.get_token_data().await.is_err());
+    }
+
+    #[test]
+    fn logout_removes_auth_file() -> Result<(), std::io::Error> {
+        let dir = tempdir()?;
+        let auth_dot_json = AuthDotJson {
+            openai_api_key: Some("sk-test-key".to_string()),
+            tokens: None,
+            last_refresh: None,
+        };
+        write_auth_json(&get_auth_file(dir.path()), &auth_dot_json)?;
+        assert!(dir.path().join("auth.json").exists());
+        let removed = logout(dir.path())?;
+        assert!(removed);
+        assert!(!dir.path().join("auth.json").exists());
+        Ok(())
+    }
+
+    struct AuthFileParams {
+        openai_api_key: Option<String>,
+        chatgpt_plan_type: String,
+    }
+
+    fn write_auth_file(params: AuthFileParams, codex_home: &Path) -> std::io::Result<String> {
+        let auth_file = get_auth_file(codex_home);
+        // Create a minimal valid JWT for the id_token field.
+        #[derive(Serialize)]
+        struct Header {
+            alg: &'static str,
+            typ: &'static str,
+        }
+        let header = Header {
+            alg: "none",
+            typ: "JWT",
+        };
+        let payload = serde_json::json!({
+            "email": "user@example.com",
+            "email_verified": true,
+            "https://api.openai.com/auth": {
+                "chatgpt_account_id": "bc3618e3-489d-4d49-9362-1561dc53ba53",
+                "chatgpt_plan_type": params.chatgpt_plan_type,
+                "chatgpt_user_id": "user-12345",
+                "user_id": "user-12345",
+            }
+        });
+        let b64 = |b: &[u8]| base64::engine::general_purpose::URL_SAFE_NO_PAD.encode(b);
+        let header_b64 = b64(&serde_json::to_vec(&header)?);
+        let payload_b64 = b64(&serde_json::to_vec(&payload)?);
+        let signature_b64 = b64(b"sig");
+        let fake_jwt = format!("{header_b64}.{payload_b64}.{signature_b64}");
+
+        let auth_json_data = json!({
+            "OPENAI_API_KEY": params.openai_api_key,
+            "tokens": {
+                "id_token": fake_jwt,
+                "access_token": "test-access-token",
+                "refresh_token": "test-refresh-token"
+            },
+            "last_refresh": LAST_REFRESH,
+        });
+        let auth_json = serde_json::to_string_pretty(&auth_json_data)?;
+        std::fs::write(auth_file, auth_json)?;
+        Ok(fake_jwt)
+    }
+}
+
+/// Central manager providing a single source of truth for auth.json derived
+/// authentication data. It loads once (or on preference change) and then
+/// hands out cloned `CodexAuth` values so the rest of the program has a
+/// consistent snapshot.
+///
+/// External modifications to `auth.json` will NOT be observed until
+/// `reload()` is called explicitly. This matches the design goal of avoiding
+/// different parts of the program seeing inconsistent auth data mid‑run.
+#[derive(Debug)]
+pub struct AuthManager {
+    codex_home: PathBuf,
+    inner: RwLock<CachedAuth>,
+}
+
+impl AuthManager {
+    /// Create a new manager loading the initial auth using the provided
+    /// preferred auth method. Errors loading auth are swallowed; `auth()` will
+    /// simply return `None` in that case so callers can treat it as an
+    /// unauthenticated state.
+    pub fn new(codex_home: PathBuf) -> Self {
+        let auth = CodexAuth::from_codex_home(&codex_home).ok().flatten();
+        Self {
+            codex_home,
+            inner: RwLock::new(CachedAuth { auth }),
+        }
+    }
+
+    /// Create an AuthManager with a specific CodexAuth, for testing only.
+    pub fn from_auth_for_testing(auth: CodexAuth) -> Arc<Self> {
+        let cached = CachedAuth { auth: Some(auth) };
+        Arc::new(Self {
+            codex_home: PathBuf::new(),
+            inner: RwLock::new(cached),
+        })
+    }
+
+    /// Current cached auth (clone). May be `None` if not logged in or load failed.
+    pub fn auth(&self) -> Option<CodexAuth> {
+        self.inner.read().ok().and_then(|c| c.auth.clone())
+    }
+
+    /// Force a reload of the auth information from auth.json. Returns
+    /// whether the auth value changed.
+    pub fn reload(&self) -> bool {
+        let new_auth = CodexAuth::from_codex_home(&self.codex_home).ok().flatten();
+        if let Ok(mut guard) = self.inner.write() {
+            let changed = !AuthManager::auths_equal(&guard.auth, &new_auth);
+            guard.auth = new_auth;
+            changed
+        } else {
+            false
+        }
+    }
+
+    fn auths_equal(a: &Option<CodexAuth>, b: &Option<CodexAuth>) -> bool {
+        match (a, b) {
+            (None, None) => true,
+            (Some(a), Some(b)) => a == b,
+            _ => false,
+        }
+    }
+
+    /// Convenience constructor returning an `Arc` wrapper.
+    pub fn shared(codex_home: PathBuf) -> Arc<Self> {
+        Arc::new(Self::new(codex_home))
+    }
+
+    /// Attempt to refresh the current auth token (if any). On success, reload
+    /// the auth state from disk so other components observe refreshed token.
+    pub async fn refresh_token(&self) -> std::io::Result<Option<String>> {
+        let auth = match self.auth() {
+            Some(a) => a,
+            None => return Ok(None),
+        };
+        match auth.refresh_token().await {
+            Ok(token) => {
+                // Reload to pick up persisted changes.
+                self.reload();
+                Ok(Some(token))
+            }
+            Err(e) => Err(e),
+        }
+    }
+
+    /// Log out by deleting the on‑disk auth.json (if present). Returns Ok(true)
+    /// if a file was removed, Ok(false) if no auth file existed. On success,
+    /// reloads the in‑memory auth cache so callers immediately observe the
+    /// unauthenticated state.
+    pub fn logout(&self) -> std::io::Result<bool> {
+        let removed = super::auth::logout(&self.codex_home)?;
+        // Always reload to clear any cached auth (even if file absent).
+        self.reload();
+        Ok(removed)
+    }
+}

codex-rs/core/src/bash.rs

@@ -1,3 +1,4 @@
+use tree_sitter::Node;
 use tree_sitter::Parser;
 use tree_sitter::Tree;
 use tree_sitter_bash::LANGUAGE as BASH;
@@ -73,6 +74,9 @@ pub fn try_parse_word_only_commands_sequence(tree: &Tree, src: &str) -> Option<V
         }
     }
 
+    // Walk uses a stack (LIFO), so re-sort by position to restore source order.
+    command_nodes.sort_by_key(Node::start_byte);
+
     let mut commands = Vec::new();
     for node in command_nodes {
         if let Some(words) = parse_plain_command_from_node(node, src) {
@@ -150,10 +154,10 @@ mod tests {
         let src = "ls && pwd; echo 'hi there' | wc -l";
         let cmds = parse_seq(src).unwrap();
         let expected: Vec<Vec<String>> = vec![
-            vec!["wc".to_string(), "-l".to_string()],
-            vec!["echo".to_string(), "hi there".to_string()],
-            vec!["pwd".to_string()],
             vec!["ls".to_string()],
+            vec!["pwd".to_string()],
+            vec!["echo".to_string(), "hi there".to_string()],
+            vec!["wc".to_string(), "-l".to_string()],
         ];
         assert_eq!(cmds, expected);
     }

codex-rs/core/src/chat_completions.rs

@@ -43,7 +43,107 @@ pub(crate) async fn stream_chat_completions(
 
     let input = prompt.get_formatted_input();
 
+    // Pre-scan: map Reasoning blocks to the adjacent assistant anchor after the last user.
+    // - If the last emitted message is a user message, drop all reasoning.
+    // - Otherwise, for each Reasoning item after the last user message, attach it
+    //   to the immediate previous assistant message (stop turns) or the immediate
+    //   next assistant anchor (tool-call turns: function/local shell call, or assistant message).
+    let mut reasoning_by_anchor_index: std::collections::HashMap<usize, String> =
+        std::collections::HashMap::new();
+
+    // Determine the last role that would be emitted to Chat Completions.
+    let mut last_emitted_role: Option<&str> = None;
     for item in &input {
+        match item {
+            ResponseItem::Message { role, .. } => last_emitted_role = Some(role.as_str()),
+            ResponseItem::FunctionCall { .. } | ResponseItem::LocalShellCall { .. } => {
+                last_emitted_role = Some("assistant")
+            }
+            ResponseItem::FunctionCallOutput { .. } => last_emitted_role = Some("tool"),
+            ResponseItem::Reasoning { .. } | ResponseItem::Other => {}
+            ResponseItem::CustomToolCall { .. } => {}
+            ResponseItem::CustomToolCallOutput { .. } => {}
+            ResponseItem::WebSearchCall { .. } => {}
+        }
+    }
+
+    // Find the last user message index in the input.
+    let mut last_user_index: Option<usize> = None;
+    for (idx, item) in input.iter().enumerate() {
+        if let ResponseItem::Message { role, .. } = item
+            && role == "user"
+        {
+            last_user_index = Some(idx);
+        }
+    }
+
+    // Attach reasoning only if the conversation does not end with a user message.
+    if !matches!(last_emitted_role, Some("user")) {
+        for (idx, item) in input.iter().enumerate() {
+            // Only consider reasoning that appears after the last user message.
+            if let Some(u_idx) = last_user_index
+                && idx <= u_idx
+            {
+                continue;
+            }
+
+            if let ResponseItem::Reasoning {
+                content: Some(items),
+                ..
+            } = item
+            {
+                let mut text = String::new();
+                for c in items {
+                    match c {
+                        ReasoningItemContent::ReasoningText { text: t }
+                        | ReasoningItemContent::Text { text: t } => text.push_str(t),
+                    }
+                }
+                if text.trim().is_empty() {
+                    continue;
+                }
+
+                // Prefer immediate previous assistant message (stop turns)
+                let mut attached = false;
+                if idx > 0
+                    && let ResponseItem::Message { role, .. } = &input[idx - 1]
+                    && role == "assistant"
+                {
+                    reasoning_by_anchor_index
+                        .entry(idx - 1)
+                        .and_modify(|v| v.push_str(&text))
+                        .or_insert(text.clone());
+                    attached = true;
+                }
+
+                // Otherwise, attach to immediate next assistant anchor (tool-calls or assistant message)
+                if !attached && idx + 1 < input.len() {
+                    match &input[idx + 1] {
+                        ResponseItem::FunctionCall { .. } | ResponseItem::LocalShellCall { .. } => {
+                            reasoning_by_anchor_index
+                                .entry(idx + 1)
+                                .and_modify(|v| v.push_str(&text))
+                                .or_insert(text.clone());
+                        }
+                        ResponseItem::Message { role, .. } if role == "assistant" => {
+                            reasoning_by_anchor_index
+                                .entry(idx + 1)
+                                .and_modify(|v| v.push_str(&text))
+                                .or_insert(text.clone());
+                        }
+                        _ => {}
+                    }
+                }
+            }
+        }
+    }
+
+    // Track last assistant text we emitted to avoid duplicate assistant messages
+    // in the outbound Chat Completions payload (can happen if a final
+    // aggregated assistant message was recorded alongside an earlier partial).
+    let mut last_assistant_text: Option<String> = None;
+
+    for (idx, item) in input.iter().enumerate() {
         match item {
             ResponseItem::Message { role, content, .. } => {
                 let mut text = String::new();
@@ -56,7 +156,24 @@ pub(crate) async fn stream_chat_completions(
                         _ => {}
                     }
                 }
-                messages.push(json!({"role": role, "content": text}));
+                // Skip exact-duplicate assistant messages.
+                if role == "assistant" {
+                    if let Some(prev) = &last_assistant_text
+                        && prev == &text
+                    {
+                        continue;
+                    }
+                    last_assistant_text = Some(text.clone());
+                }
+
+                let mut msg = json!({"role": role, "content": text});
+                if role == "assistant"
+                    && let Some(reasoning) = reasoning_by_anchor_index.get(&idx)
+                    && let Some(obj) = msg.as_object_mut()
+                {
+                    obj.insert("reasoning".to_string(), json!(reasoning));
+                }
+                messages.push(msg);
             }
             ResponseItem::FunctionCall {
                 name,
@@ -64,7 +181,7 @@ pub(crate) async fn stream_chat_completions(
                 call_id,
                 ..
             } => {
-                messages.push(json!({
+                let mut msg = json!({
                     "role": "assistant",
                     "content": null,
                     "tool_calls": [{
@@ -75,7 +192,13 @@ pub(crate) async fn stream_chat_completions(
                             "arguments": arguments,
                         }
                     }]
-                }));
+                });
+                if let Some(reasoning) = reasoning_by_anchor_index.get(&idx)
+                    && let Some(obj) = msg.as_object_mut()
+                {
+                    obj.insert("reasoning".to_string(), json!(reasoning));
+                }
+                messages.push(msg);
             }
             ResponseItem::LocalShellCall {
                 id,
@@ -84,7 +207,7 @@ pub(crate) async fn stream_chat_completions(
                 action,
             } => {
                 // Confirm with API team.
-                messages.push(json!({
+                let mut msg = json!({
                     "role": "assistant",
                     "content": null,
                     "tool_calls": [{
@@ -93,7 +216,13 @@ pub(crate) async fn stream_chat_completions(
                         "status": status,
                         "action": action,
                     }]
-                }));
+                });
+                if let Some(reasoning) = reasoning_by_anchor_index.get(&idx)
+                    && let Some(obj) = msg.as_object_mut()
+                {
+                    obj.insert("reasoning".to_string(), json!(reasoning));
+                }
+                messages.push(msg);
             }
             ResponseItem::FunctionCallOutput { call_id, output } => {
                 messages.push(json!({
@@ -129,7 +258,9 @@ pub(crate) async fn stream_chat_completions(
                     "content": output,
                 }));
             }
-            ResponseItem::Reasoning { .. } | ResponseItem::Other => {
+            ResponseItem::Reasoning { .. }
+            | ResponseItem::WebSearchCall { .. }
+            | ResponseItem::Other => {
                 // Omit these items from the conversation history.
                 continue;
             }
@@ -329,7 +460,10 @@ async fn process_chat_sse<S>(
             // Some providers stream `reasoning` as a plain string while others
             // nest the text under an object (e.g. `{ "reasoning": { "text": "…" } }`).
             if let Some(reasoning_val) = choice.get("delta").and_then(|d| d.get("reasoning")) {
-                let mut maybe_text = reasoning_val.as_str().map(|s| s.to_string());
+                let mut maybe_text = reasoning_val
+                    .as_str()
+                    .map(str::to_string)
+                    .filter(|s| !s.is_empty());
 
                 if maybe_text.is_none() && reasoning_val.is_object() {
                     if let Some(s) = reasoning_val
@@ -348,12 +482,39 @@ async fn process_chat_sse<S>(
                 }
 
                 if let Some(reasoning) = maybe_text {
+                    // Accumulate so we can emit a terminal Reasoning item at the end.
+                    reasoning_text.push_str(&reasoning);
                     let _ = tx_event
                         .send(Ok(ResponseEvent::ReasoningContentDelta(reasoning)))
                         .await;
                 }
             }
 
+            // Some providers only include reasoning on the final message object.
+            if let Some(message_reasoning) = choice.get("message").and_then(|m| m.get("reasoning"))
+            {
+                // Accept either a plain string or an object with { text | content }
+                if let Some(s) = message_reasoning.as_str() {
+                    if !s.is_empty() {
+                        reasoning_text.push_str(s);
+                        let _ = tx_event
+                            .send(Ok(ResponseEvent::ReasoningContentDelta(s.to_string())))
+                            .await;
+                    }
+                } else if let Some(obj) = message_reasoning.as_object()
+                    && let Some(s) = obj
+                        .get("text")
+                        .and_then(|v| v.as_str())
+                        .or_else(|| obj.get("content").and_then(|v| v.as_str()))
+                    && !s.is_empty()
+                {
+                    reasoning_text.push_str(s);
+                    let _ = tx_event
+                        .send(Ok(ResponseEvent::ReasoningContentDelta(s.to_string())))
+                        .await;
+                }
+            }
+
             // Handle streaming function / tool calls.
             if let Some(tool_calls) = choice
                 .get("delta")
@@ -509,32 +670,55 @@ where
                     // do NOT emit yet. Forward any other item (e.g. FunctionCall) right
                     // away so downstream consumers see it.
 
-                    let is_assistant_delta = matches!(&item, codex_protocol::models::ResponseItem::Message { role, .. } if role == "assistant");
+                    let is_assistant_message = matches!(
+                        &item,
+                        codex_protocol::models::ResponseItem::Message { role, .. } if role == "assistant"
+                    );
 
-                    if is_assistant_delta {
-                        // Only use the final assistant message if we have not
-                        // seen any deltas; otherwise, deltas already built the
-                        // cumulative text and this would duplicate it.
-                        if this.cumulative.is_empty()
-                            && let codex_protocol::models::ResponseItem::Message { content, .. } =
-                                &item
-                            && let Some(text) = content.iter().find_map(|c| match c {
-                                codex_protocol::models::ContentItem::OutputText { text } => {
-                                    Some(text)
+                    if is_assistant_message {
+                        match this.mode {
+                            AggregateMode::AggregatedOnly => {
+                                // Only use the final assistant message if we have not
+                                // seen any deltas; otherwise, deltas already built the
+                                // cumulative text and this would duplicate it.
+                                if this.cumulative.is_empty()
+                                    && let codex_protocol::models::ResponseItem::Message {
+                                        content,
+                                        ..
+                                    } = &item
+                                    && let Some(text) = content.iter().find_map(|c| match c {
+                                        codex_protocol::models::ContentItem::OutputText {
+                                            text,
+                                        } => Some(text),
+                                        _ => None,
+                                    })
+                                {
+                                    this.cumulative.push_str(text);
                                 }
-                                _ => None,
-                            })
-                        {
-                            this.cumulative.push_str(text);
+                                // Swallow assistant message here; emit on Completed.
+                                continue;
+                            }
+                            AggregateMode::Streaming => {
+                                // In streaming mode, if we have not seen any deltas, forward
+                                // the final assistant message directly. If deltas were seen,
+                                // suppress the final message to avoid duplication.
+                                if this.cumulative.is_empty() {
+                                    return Poll::Ready(Some(Ok(ResponseEvent::OutputItemDone(
+                                        item,
+                                    ))));
+                                } else {
+                                    continue;
+                                }
+                            }
                         }
-
-                        // Swallow assistant message here; emit on Completed.
-                        continue;
                     }
 
                     // Not an assistant message – forward immediately.
                     return Poll::Ready(Some(Ok(ResponseEvent::OutputItemDone(item))));
                 }
+                Poll::Ready(Some(Ok(ResponseEvent::RateLimits(snapshot)))) => {
+                    return Poll::Ready(Some(Ok(ResponseEvent::RateLimits(snapshot))));
+                }
                 Poll::Ready(Some(Ok(ResponseEvent::Completed {
                     response_id,
                     token_usage,
@@ -561,6 +745,11 @@ where
                         emitted_any = true;
                     }
 
+                    // Always emit the final aggregated assistant message when any
+                    // content deltas have been observed. In AggregatedOnly mode this
+                    // is the sole assistant output; in Streaming mode this finalizes
+                    // the streamed deltas into a terminal OutputItemDone so callers
+                    // can persist/render the message once per turn.
                     if !this.cumulative.is_empty() {
                         let aggregated_message = codex_protocol::models::ResponseItem::Message {
                             id: None,
@@ -623,11 +812,8 @@ where
                 Poll::Ready(Some(Ok(ResponseEvent::ReasoningSummaryPartAdded))) => {
                     continue;
                 }
-                Poll::Ready(Some(Ok(ResponseEvent::WebSearchCallBegin { .. }))) => {
-                    return Poll::Ready(Some(Ok(ResponseEvent::WebSearchCallBegin {
-                        call_id: String::new(),
-                        query: None,
-                    })));
+                Poll::Ready(Some(Ok(ResponseEvent::WebSearchCallBegin { call_id }))) => {
+                    return Poll::Ready(Some(Ok(ResponseEvent::WebSearchCallBegin { call_id })));
                 }
             }
         }

codex-rs/core/src/client.rs

@@ -3,13 +3,16 @@ use std::path::Path;
 use std::sync::OnceLock;
 use std::time::Duration;
 
+use crate::AuthManager;
+use crate::auth::CodexAuth;
 use bytes::Bytes;
-use codex_login::AuthManager;
-use codex_login::AuthMode;
+use codex_protocol::mcp_protocol::AuthMode;
+use codex_protocol::mcp_protocol::ConversationId;
 use eventsource_stream::Eventsource;
 use futures::prelude::*;
 use regex_lite::Regex;
 use reqwest::StatusCode;
+use reqwest::header::HeaderMap;
 use serde::Deserialize;
 use serde::Serialize;
 use serde_json::Value;
@@ -19,7 +22,6 @@ use tokio_util::io::ReaderStream;
 use tracing::debug;
 use tracing::trace;
 use tracing::warn;
-use uuid::Uuid;
 
 use crate::chat_completions::AggregateStreamExt;
 use crate::chat_completions::stream_chat_completions;
@@ -30,6 +32,7 @@ use crate::client_common::ResponsesApiRequest;
 use crate::client_common::create_reasoning_param_for_request;
 use crate::client_common::create_text_param_for_request;
 use crate::config::Config;
+use crate::default_client::create_client;
 use crate::error::CodexErr;
 use crate::error::Result;
 use crate::error::UsageLimitReachedError;
@@ -37,9 +40,11 @@ use crate::flags::CODEX_RS_SSE_FIXTURE;
 use crate::model_family::ModelFamily;
 use crate::model_provider_info::ModelProviderInfo;
 use crate::model_provider_info::WireApi;
+use crate::openai_model_info::get_model_info;
 use crate::openai_tools::create_tools_json_for_responses_api;
+use crate::protocol::RateLimitSnapshotEvent;
 use crate::protocol::TokenUsage;
-use crate::user_agent::get_codex_user_agent;
+use crate::token_data::PlanType;
 use crate::util::backoff;
 use codex_protocol::config_types::ReasoningEffort as ReasoningEffortConfig;
 use codex_protocol::config_types::ReasoningSummary as ReasoningSummaryConfig;
@@ -54,8 +59,13 @@ struct ErrorResponse {
 #[derive(Debug, Deserialize)]
 struct Error {
     r#type: Option<String>,
+    #[allow(dead_code)]
     code: Option<String>,
     message: Option<String>,
+
+    // Optional fields available on "usage_limit_reached" and "usage_not_included" errors
+    plan_type: Option<PlanType>,
+    resets_in_seconds: Option<u64>,
 }
 
 #[derive(Debug, Clone)]
@@ -64,8 +74,8 @@ pub struct ModelClient {
     auth_manager: Option<Arc<AuthManager>>,
     client: reqwest::Client,
     provider: ModelProviderInfo,
-    session_id: Uuid,
-    effort: ReasoningEffortConfig,
+    conversation_id: ConversationId,
+    effort: Option<ReasoningEffortConfig>,
     summary: ReasoningSummaryConfig,
 }
 
@@ -74,21 +84,35 @@ impl ModelClient {
         config: Arc<Config>,
         auth_manager: Option<Arc<AuthManager>>,
         provider: ModelProviderInfo,
-        effort: ReasoningEffortConfig,
+        effort: Option<ReasoningEffortConfig>,
         summary: ReasoningSummaryConfig,
-        session_id: Uuid,
+        conversation_id: ConversationId,
     ) -> Self {
+        let client = create_client();
+
         Self {
             config,
             auth_manager,
-            client: reqwest::Client::new(),
+            client,
             provider,
-            session_id,
+            conversation_id,
             effort,
             summary,
         }
     }
 
+    pub fn get_model_context_window(&self) -> Option<u64> {
+        self.config
+            .model_context_window
+            .or_else(|| get_model_info(&self.config.model_family).map(|info| info.context_window))
+    }
+
+    pub fn get_auto_compact_token_limit(&self) -> Option<i64> {
+        self.config.model_auto_compact_token_limit.or_else(|| {
+            get_model_info(&self.config.model_family).and_then(|info| info.auto_compact_token_limit)
+        })
+    }
+
     /// Dispatches to either the Responses or Chat implementation depending on
     /// the provider config.  Public callers always invoke `stream()` – the
     /// specialised helpers are private to avoid accidental misuse.
@@ -142,37 +166,16 @@ impl ModelClient {
         }
 
         let auth_manager = self.auth_manager.clone();
-        let auth = auth_manager.as_ref().and_then(|m| m.auth());
-
-        let auth_mode = auth.as_ref().map(|a| a.mode);
-
-        let store = prompt.store && auth_mode != Some(AuthMode::ChatGPT);
 
         let full_instructions = prompt.get_full_instructions(&self.config.model_family);
-        let mut tools_json = create_tools_json_for_responses_api(&prompt.tools)?;
-        // ChatGPT backend expects the preview name for web search.
-        if auth_mode == Some(AuthMode::ChatGPT) {
-            for tool in &mut tools_json {
-                if let Some(map) = tool.as_object_mut()
-                    && map.get("type").and_then(|v| v.as_str()) == Some("web_search")
-                {
-                    map.insert(
-                        "type".to_string(),
-                        serde_json::Value::String("web_search_preview".to_string()),
-                    );
-                }
-            }
-        }
-
+        let tools_json = create_tools_json_for_responses_api(&prompt.tools)?;
         let reasoning = create_reasoning_param_for_request(
             &self.config.model_family,
             self.effort,
             self.summary,
         );
 
-        // Request encrypted COT if we are not storing responses,
-        // otherwise reasoning items will be referenced by ID
-        let include: Vec<String> = if !store && reasoning.is_some() {
+        let include: Vec<String> = if reasoning.is_some() {
             vec!["reasoning.encrypted_content".to_string()]
         } else {
             vec![]
@@ -193,6 +196,15 @@ impl ModelClient {
             None
         };
 
+        // In general, we want to explicitly send `store: false` when using the Responses API,
+        // but in practice, the Azure Responses API rejects `store: false`:
+        //
+        // - If store = false and id is sent an error is thrown that ID is not found
+        // - If store = false and id is not sent an error is thrown that ID is required
+        //
+        // For Azure, we send `store: true` and preserve reasoning item IDs.
+        let azure_workaround = self.provider.is_azure_responses_endpoint();
+
         let payload = ResponsesApiRequest {
             model: &self.config.model,
             instructions: &full_instructions,
@@ -201,25 +213,34 @@ impl ModelClient {
             tool_choice: "auto",
             parallel_tool_calls: false,
             reasoning,
-            store,
+            store: azure_workaround,
             stream: true,
             include,
-            prompt_cache_key: Some(self.session_id.to_string()),
+            prompt_cache_key: Some(self.conversation_id.to_string()),
             text,
         };
 
+        let mut payload_json = serde_json::to_value(&payload)?;
+        if azure_workaround {
+            attach_item_ids(&mut payload_json, &input_with_instructions);
+        }
+        let payload_body = serde_json::to_string(&payload_json)?;
+
         let mut attempt = 0;
         let max_retries = self.provider.request_max_retries();
 
-        trace!(
-            "POST to {}: {}",
-            self.provider.get_full_url(&auth),
-            serde_json::to_string(&payload)?
-        );
-
         loop {
             attempt += 1;
 
+            // Always fetch the latest auth in case a prior attempt refreshed the token.
+            let auth = auth_manager.as_ref().and_then(|m| m.auth());
+
+            trace!(
+                "POST to {}: {}",
+                self.provider.get_full_url(&auth),
+                payload_body.as_str()
+            );
+
             let mut req_builder = self
                 .provider
                 .create_request_builder(&self.client, &auth)
@@ -227,9 +248,11 @@ impl ModelClient {
 
             req_builder = req_builder
                 .header("OpenAI-Beta", "responses=experimental")
-                .header("session_id", self.session_id.to_string())
+                // Send session_id for compatibility.
+                .header("conversation_id", self.conversation_id.to_string())
+                .header("session_id", self.conversation_id.to_string())
                 .header(reqwest::header::ACCEPT, "text/event-stream")
-                .json(&payload);
+                .json(&payload_json);
 
             if let Some(auth) = auth.as_ref()
                 && auth.mode == AuthMode::ChatGPT
@@ -238,17 +261,13 @@ impl ModelClient {
                 req_builder = req_builder.header("chatgpt-account-id", account_id);
             }
 
-            let originator = &self.config.responses_originator_header;
-            req_builder = req_builder.header("originator", originator);
-            req_builder = req_builder.header("User-Agent", get_codex_user_agent(Some(originator)));
-
             let res = req_builder.send().await;
             if let Ok(resp) = &res {
                 trace!(
-                    "Response status: {}, request-id: {}",
+                    "Response status: {}, cf-ray: {}",
                     resp.status(),
                     resp.headers()
-                        .get("x-request-id")
+                        .get("cf-ray")
                         .map(|v| v.to_str().unwrap_or_default())
                         .unwrap_or_default()
                 );
@@ -258,6 +277,15 @@ impl ModelClient {
                 Ok(resp) if resp.status().is_success() => {
                     let (tx_event, rx_event) = mpsc::channel::<Result<ResponseEvent>>(1600);
 
+                    if let Some(snapshot) = parse_rate_limit_snapshot(resp.headers())
+                        && tx_event
+                            .send(Ok(ResponseEvent::RateLimits(snapshot)))
+                            .await
+                            .is_err()
+                    {
+                        debug!("receiver dropped rate limit snapshot event");
+                    }
+
                     // spawn task to process SSE
                     let stream = resp.bytes_stream().map_err(CodexErr::Reqwest);
                     tokio::spawn(process_sse(
@@ -303,19 +331,20 @@ impl ModelClient {
 
                     if status == StatusCode::TOO_MANY_REQUESTS {
                         let body = res.json::<ErrorResponse>().await.ok();
-                        if let Some(ErrorResponse {
-                            error:
-                                Error {
-                                    r#type: Some(error_type),
-                                    ..
-                                },
-                        }) = body
-                        {
-                            if error_type == "usage_limit_reached" {
+                        if let Some(ErrorResponse { error }) = body {
+                            if error.r#type.as_deref() == Some("usage_limit_reached") {
+                                // Prefer the plan_type provided in the error message if present
+                                // because it's more up to date than the one encoded in the auth
+                                // token.
+                                let plan_type = error
+                                    .plan_type
+                                    .or_else(|| auth.as_ref().and_then(CodexAuth::get_plan_type));
+                                let resets_in_seconds = error.resets_in_seconds;
                                 return Err(CodexErr::UsageLimitReached(UsageLimitReachedError {
-                                    plan_type: auth.and_then(|a| a.get_plan_type()),
+                                    plan_type,
+                                    resets_in_seconds,
                                 }));
-                            } else if error_type == "usage_not_included" {
+                            } else if error.r#type.as_deref() == Some("usage_not_included") {
                                 return Err(CodexErr::UsageNotIncluded);
                             }
                         }
@@ -360,7 +389,7 @@ impl ModelClient {
     }
 
     /// Returns the current reasoning effort setting.
-    pub fn get_reasoning_effort(&self) -> ReasoningEffortConfig {
+    pub fn get_reasoning_effort(&self) -> Option<ReasoningEffortConfig> {
         self.effort
     }
 
@@ -405,9 +434,15 @@ impl From<ResponseCompletedUsage> for TokenUsage {
     fn from(val: ResponseCompletedUsage) -> Self {
         TokenUsage {
             input_tokens: val.input_tokens,
-            cached_input_tokens: val.input_tokens_details.map(|d| d.cached_tokens),
+            cached_input_tokens: val
+                .input_tokens_details
+                .map(|d| d.cached_tokens)
+                .unwrap_or(0),
             output_tokens: val.output_tokens,
-            reasoning_output_tokens: val.output_tokens_details.map(|d| d.reasoning_tokens),
+            reasoning_output_tokens: val
+                .output_tokens_details
+                .map(|d| d.reasoning_tokens)
+                .unwrap_or(0),
             total_tokens: val.total_tokens,
         }
     }
@@ -423,6 +458,65 @@ struct ResponseCompletedOutputTokensDetails {
     reasoning_tokens: u64,
 }
 
+fn attach_item_ids(payload_json: &mut Value, original_items: &[ResponseItem]) {
+    let Some(input_value) = payload_json.get_mut("input") else {
+        return;
+    };
+    let serde_json::Value::Array(items) = input_value else {
+        return;
+    };
+
+    for (value, item) in items.iter_mut().zip(original_items.iter()) {
+        if let ResponseItem::Reasoning { id, .. }
+        | ResponseItem::Message { id: Some(id), .. }
+        | ResponseItem::WebSearchCall { id: Some(id), .. }
+        | ResponseItem::FunctionCall { id: Some(id), .. }
+        | ResponseItem::LocalShellCall { id: Some(id), .. }
+        | ResponseItem::CustomToolCall { id: Some(id), .. } = item
+        {
+            if id.is_empty() {
+                continue;
+            }
+
+            if let Some(obj) = value.as_object_mut() {
+                obj.insert("id".to_string(), Value::String(id.clone()));
+            }
+        }
+    }
+}
+
+fn parse_rate_limit_snapshot(headers: &HeaderMap) -> Option<RateLimitSnapshotEvent> {
+    let primary_used_percent = parse_header_f64(headers, "x-codex-primary-used-percent")?;
+    let secondary_used_percent = parse_header_f64(headers, "x-codex-secondary-used-percent")?;
+    let primary_to_secondary_ratio_percent =
+        parse_header_f64(headers, "x-codex-primary-over-secondary-limit-percent")?;
+    let primary_window_minutes = parse_header_u64(headers, "x-codex-primary-window-minutes")?;
+    let secondary_window_minutes = parse_header_u64(headers, "x-codex-secondary-window-minutes")?;
+
+    Some(RateLimitSnapshotEvent {
+        primary_used_percent,
+        secondary_used_percent,
+        primary_to_secondary_ratio_percent,
+        primary_window_minutes,
+        secondary_window_minutes,
+    })
+}
+
+fn parse_header_f64(headers: &HeaderMap, name: &str) -> Option<f64> {
+    parse_header_str(headers, name)?
+        .parse::<f64>()
+        .ok()
+        .filter(|v| v.is_finite())
+}
+
+fn parse_header_u64(headers: &HeaderMap, name: &str) -> Option<u64> {
+    parse_header_str(headers, name)?.parse::<u64>().ok()
+}
+
+fn parse_header_str<'a>(headers: &'a HeaderMap, name: &str) -> Option<&'a str> {
+    headers.get(name)?.to_str().ok()
+}
+
 async fn process_sse<S>(
     stream: S,
     tx_event: mpsc::Sender<Result<ResponseEvent>>,
@@ -593,11 +687,9 @@ async fn process_sse<S>(
             | "response.custom_tool_call_input.delta"
             | "response.custom_tool_call_input.done" // also emitted as response.output_item.done
             | "response.in_progress"
-            | "response.output_item.added"
-            | "response.output_text.done" => {
-                if event.kind == "response.output_item.added"
-                    && let Some(item) = event.item.as_ref()
-                {
+            | "response.output_text.done" => {}
+            "response.output_item.added" => {
+                if let Some(item) = event.item.as_ref() {
                     // Detect web_search_call begin and forward a synthetic event upstream.
                     if let Some(ty) = item.get("type").and_then(|v| v.as_str())
                         && ty == "web_search_call"
@@ -607,7 +699,7 @@ async fn process_sse<S>(
                             .and_then(|v| v.as_str())
                             .unwrap_or("")
                             .to_string();
-                        let ev = ResponseEvent::WebSearchCallBegin { call_id, query: None };
+                        let ev = ResponseEvent::WebSearchCallBegin { call_id };
                         if tx_event.send(Ok(ev)).await.is_err() {
                             return;
                         }
@@ -1018,6 +1110,8 @@ mod tests {
             r#type: None,
             message: Some("Rate limit reached for gpt-5 in organization org- on tokens per min (TPM): Limit 1, Used 1, Requested 19304. Please try again in 28ms. Visit https://platform.openai.com/account/rate-limits to learn more.".to_string()),
             code: Some("rate_limit_exceeded".to_string()),
+            plan_type: None,
+            resets_in_seconds: None
         };
 
         let delay = try_parse_retry_after(&err);
@@ -1030,8 +1124,43 @@ mod tests {
             r#type: None,
             message: Some("Rate limit reached for gpt-5 in organization <ORG> on tokens per min (TPM): Limit 30000, Used 6899, Requested 24050. Please try again in 1.898s. Visit https://platform.openai.com/account/rate-limits to learn more.".to_string()),
             code: Some("rate_limit_exceeded".to_string()),
+            plan_type: None,
+            resets_in_seconds: None
         };
         let delay = try_parse_retry_after(&err);
         assert_eq!(delay, Some(Duration::from_secs_f64(1.898)));
     }
+
+    #[test]
+    fn error_response_deserializes_old_schema_known_plan_type_and_serializes_back() {
+        use crate::token_data::KnownPlan;
+        use crate::token_data::PlanType;
+
+        let json = r#"{"error":{"type":"usage_limit_reached","plan_type":"pro","resets_in_seconds":3600}}"#;
+        let resp: ErrorResponse =
+            serde_json::from_str(json).expect("should deserialize old schema");
+
+        assert!(matches!(
+            resp.error.plan_type,
+            Some(PlanType::Known(KnownPlan::Pro))
+        ));
+
+        let plan_json = serde_json::to_string(&resp.error.plan_type).expect("serialize plan_type");
+        assert_eq!(plan_json, "\"pro\"");
+    }
+
+    #[test]
+    fn error_response_deserializes_old_schema_unknown_plan_type_and_serializes_back() {
+        use crate::token_data::PlanType;
+
+        let json =
+            r#"{"error":{"type":"usage_limit_reached","plan_type":"vip","resets_in_seconds":60}}"#;
+        let resp: ErrorResponse =
+            serde_json::from_str(json).expect("should deserialize old schema");
+
+        assert!(matches!(resp.error.plan_type, Some(PlanType::Unknown(ref s)) if s == "vip"));
+
+        let plan_json = serde_json::to_string(&resp.error.plan_type).expect("serialize plan_type");
+        assert_eq!(plan_json, "\"vip\"");
+    }
 }

codex-rs/core/src/client_common.rs

@@ -1,28 +1,24 @@
-use crate::config_types::Verbosity as VerbosityConfig;
 use crate::error::Result;
 use crate::model_family::ModelFamily;
 use crate::openai_tools::OpenAiTool;
+use crate::protocol::RateLimitSnapshotEvent;
 use crate::protocol::TokenUsage;
 use codex_apply_patch::APPLY_PATCH_TOOL_INSTRUCTIONS;
 use codex_protocol::config_types::ReasoningEffort as ReasoningEffortConfig;
 use codex_protocol::config_types::ReasoningSummary as ReasoningSummaryConfig;
-use codex_protocol::models::ContentItem;
+use codex_protocol::config_types::Verbosity as VerbosityConfig;
 use codex_protocol::models::ResponseItem;
 use futures::Stream;
 use serde::Serialize;
 use std::borrow::Cow;
+use std::ops::Deref;
 use std::pin::Pin;
 use std::task::Context;
 use std::task::Poll;
 use tokio::sync::mpsc;
 
-/// The `instructions` field in the payload sent to a model should always start
-/// with this content.
-const BASE_INSTRUCTIONS: &str = include_str!("../prompt.md");
-
-/// wraps user instructions message in a tag for the model to parse more easily.
-const USER_INSTRUCTIONS_START: &str = "<user_instructions>\n\n";
-const USER_INSTRUCTIONS_END: &str = "\n\n</user_instructions>";
+/// Review thread system prompt. Edit `core/src/review_prompt.md` to customize.
+pub const REVIEW_PROMPT: &str = include_str!("../review_prompt.md");
 
 /// API request payload for a single model turn
 #[derive(Default, Debug, Clone)]
@@ -30,27 +26,23 @@ pub struct Prompt {
     /// Conversation context input items.
     pub input: Vec<ResponseItem>,
 
-    /// Whether to store response on server side (disable_response_storage = !store).
-    pub store: bool,
-
     /// Tools available to the model, including additional tools sourced from
     /// external MCP servers.
-    pub tools: Vec<OpenAiTool>,
+    pub(crate) tools: Vec<OpenAiTool>,
 
     /// Optional override for the built-in BASE_INSTRUCTIONS.
     pub base_instructions_override: Option<String>,
 }
 
 impl Prompt {
-    pub(crate) fn get_full_instructions(&self, model: &ModelFamily) -> Cow<'_, str> {
+    pub(crate) fn get_full_instructions<'a>(&'a self, model: &'a ModelFamily) -> Cow<'a, str> {
         let base = self
             .base_instructions_override
             .as_deref()
-            .unwrap_or(BASE_INSTRUCTIONS);
-        let mut sections: Vec<&str> = vec![base];
-
-        // When there are no custom instructions, add apply_patch_tool_instructions if either:
-        // - the model needs special instructions (4.1), or
+            .unwrap_or(model.base_instructions.deref());
+        // When there are no custom instructions, add apply_patch_tool_instructions if:
+        // - the model needs special instructions (4.1)
+        // AND
         // - there is no apply_patch tool present
         let is_apply_patch_tool_present = self.tools.iter().any(|tool| match tool {
             OpenAiTool::Function(f) => f.name == "apply_patch",
@@ -58,27 +50,18 @@ impl Prompt {
             _ => false,
         });
         if self.base_instructions_override.is_none()
-            && (model.needs_special_apply_patch_instructions || !is_apply_patch_tool_present)
+            && model.needs_special_apply_patch_instructions
+            && !is_apply_patch_tool_present
         {
-            sections.push(APPLY_PATCH_TOOL_INSTRUCTIONS);
+            Cow::Owned(format!("{base}\n{APPLY_PATCH_TOOL_INSTRUCTIONS}"))
+        } else {
+            Cow::Borrowed(base)
         }
-        Cow::Owned(sections.join("\n"))
     }
 
     pub(crate) fn get_formatted_input(&self) -> Vec<ResponseItem> {
         self.input.clone()
     }
-
-    /// Creates a formatted user instructions message from a string
-    pub(crate) fn format_user_instructions_message(ui: &str) -> ResponseItem {
-        ResponseItem::Message {
-            id: None,
-            role: "user".to_string(),
-            content: vec![ContentItem::InputText {
-                text: format!("{USER_INSTRUCTIONS_START}{ui}{USER_INSTRUCTIONS_END}"),
-            }],
-        }
-    }
 }
 
 #[derive(Debug)]
@@ -95,14 +78,16 @@ pub enum ResponseEvent {
     ReasoningSummaryPartAdded,
     WebSearchCallBegin {
         call_id: String,
-        query: Option<String>,
     },
+    RateLimits(RateLimitSnapshotEvent),
 }
 
 #[derive(Debug, Serialize)]
 pub(crate) struct Reasoning {
-    pub(crate) effort: ReasoningEffortConfig,
-    pub(crate) summary: ReasoningSummaryConfig,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub(crate) effort: Option<ReasoningEffortConfig>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub(crate) summary: Option<ReasoningSummaryConfig>,
 }
 
 /// Controls under the `text` field in the Responses API for GPT-5.
@@ -145,7 +130,6 @@ pub(crate) struct ResponsesApiRequest<'a> {
     pub(crate) tool_choice: &'static str,
     pub(crate) parallel_tool_calls: bool,
     pub(crate) reasoning: Option<Reasoning>,
-    /// true when using the Responses API.
     pub(crate) store: bool,
     pub(crate) stream: bool,
     pub(crate) include: Vec<String>,
@@ -157,14 +141,17 @@ pub(crate) struct ResponsesApiRequest<'a> {
 
 pub(crate) fn create_reasoning_param_for_request(
     model_family: &ModelFamily,
-    effort: ReasoningEffortConfig,
+    effort: Option<ReasoningEffortConfig>,
     summary: ReasoningSummaryConfig,
 ) -> Option<Reasoning> {
-    if model_family.supports_reasoning_summaries {
-        Some(Reasoning { effort, summary })
-    } else {
-        None
+    if !model_family.supports_reasoning_summaries {
+        return None;
     }
+
+    Some(Reasoning {
+        effort,
+        summary: Some(summary),
+    })
 }
 
 pub(crate) fn create_text_param_for_request(
@@ -175,7 +162,7 @@ pub(crate) fn create_text_param_for_request(
     })
 }
 
-pub(crate) struct ResponseStream {
+pub struct ResponseStream {
     pub(crate) rx_event: mpsc::Receiver<Result<ResponseEvent>>,
 }
 
@@ -190,18 +177,64 @@ impl Stream for ResponseStream {
 #[cfg(test)]
 mod tests {
     use crate::model_family::find_family_for_model;
+    use pretty_assertions::assert_eq;
 
     use super::*;
 
+    struct InstructionsTestCase {
+        pub slug: &'static str,
+        pub expects_apply_patch_instructions: bool,
+    }
     #[test]
     fn get_full_instructions_no_user_content() {
         let prompt = Prompt {
             ..Default::default()
         };
-        let expected = format!("{BASE_INSTRUCTIONS}\n{APPLY_PATCH_TOOL_INSTRUCTIONS}");
-        let model_family = find_family_for_model("gpt-4.1").expect("known model slug");
-        let full = prompt.get_full_instructions(&model_family);
-        assert_eq!(full, expected);
+        let test_cases = vec![
+            InstructionsTestCase {
+                slug: "gpt-3.5",
+                expects_apply_patch_instructions: true,
+            },
+            InstructionsTestCase {
+                slug: "gpt-4.1",
+                expects_apply_patch_instructions: true,
+            },
+            InstructionsTestCase {
+                slug: "gpt-4o",
+                expects_apply_patch_instructions: true,
+            },
+            InstructionsTestCase {
+                slug: "gpt-5",
+                expects_apply_patch_instructions: true,
+            },
+            InstructionsTestCase {
+                slug: "codex-mini-latest",
+                expects_apply_patch_instructions: true,
+            },
+            InstructionsTestCase {
+                slug: "gpt-oss:120b",
+                expects_apply_patch_instructions: false,
+            },
+            InstructionsTestCase {
+                slug: "gpt-5-codex",
+                expects_apply_patch_instructions: false,
+            },
+        ];
+        for test_case in test_cases {
+            let model_family = find_family_for_model(test_case.slug).expect("known model slug");
+            let expected = if test_case.expects_apply_patch_instructions {
+                format!(
+                    "{}\n{}",
+                    model_family.clone().base_instructions,
+                    APPLY_PATCH_TOOL_INSTRUCTIONS
+                )
+            } else {
+                model_family.clone().base_instructions
+            };
+
+            let full = prompt.get_full_instructions(&model_family);
+            assert_eq!(full, expected);
+        }
     }
 
     #[test]
@@ -216,7 +249,7 @@ mod tests {
             tool_choice: "auto",
             parallel_tool_calls: false,
             reasoning: None,
-            store: true,
+            store: false,
             stream: true,
             include: vec![],
             prompt_cache_key: None,
@@ -246,7 +279,7 @@ mod tests {
             tool_choice: "auto",
             parallel_tool_calls: false,
             reasoning: None,
-            store: true,
+            store: false,
             stream: true,
             include: vec![],
             prompt_cache_key: None,

codex-rs/core/src/codex/compact.rs

@@ -0,0 +1,441 @@
+use std::sync::Arc;
+
+use super::AgentTask;
+use super::Session;
+use super::TurnContext;
+use super::get_last_assistant_message_from_turn;
+use crate::Prompt;
+use crate::client_common::ResponseEvent;
+use crate::error::CodexErr;
+use crate::error::Result as CodexResult;
+use crate::protocol::AgentMessageEvent;
+use crate::protocol::CompactedItem;
+use crate::protocol::ErrorEvent;
+use crate::protocol::Event;
+use crate::protocol::EventMsg;
+use crate::protocol::InputItem;
+use crate::protocol::InputMessageKind;
+use crate::protocol::TaskCompleteEvent;
+use crate::protocol::TaskStartedEvent;
+use crate::protocol::TurnContextItem;
+use crate::truncate::truncate_middle;
+use crate::util::backoff;
+use askama::Template;
+use codex_protocol::models::ContentItem;
+use codex_protocol::models::ResponseInputItem;
+use codex_protocol::models::ResponseItem;
+use codex_protocol::protocol::RolloutItem;
+use futures::prelude::*;
+
+pub(super) const COMPACT_TRIGGER_TEXT: &str = "Start Summarization";
+const SUMMARIZATION_PROMPT: &str = include_str!("../../templates/compact/prompt.md");
+const COMPACT_USER_MESSAGE_MAX_TOKENS: usize = 20_000;
+
+#[derive(Template)]
+#[template(path = "compact/history_bridge.md", escape = "none")]
+struct HistoryBridgeTemplate<'a> {
+    user_messages_text: &'a str,
+    summary_text: &'a str,
+}
+
+pub(super) async fn spawn_compact_task(
+    sess: Arc<Session>,
+    turn_context: Arc<TurnContext>,
+    sub_id: String,
+    input: Vec<InputItem>,
+) {
+    let task = AgentTask::compact(
+        sess.clone(),
+        turn_context,
+        sub_id,
+        input,
+        SUMMARIZATION_PROMPT.to_string(),
+    );
+    sess.set_task(task).await;
+}
+
+pub(super) async fn run_inline_auto_compact_task(
+    sess: Arc<Session>,
+    turn_context: Arc<TurnContext>,
+) {
+    let sub_id = sess.next_internal_sub_id();
+    let input = vec![InputItem::Text {
+        text: COMPACT_TRIGGER_TEXT.to_string(),
+    }];
+    run_compact_task_inner(
+        sess,
+        turn_context,
+        sub_id,
+        input,
+        SUMMARIZATION_PROMPT.to_string(),
+        false,
+    )
+    .await;
+}
+
+pub(super) async fn run_compact_task(
+    sess: Arc<Session>,
+    turn_context: Arc<TurnContext>,
+    sub_id: String,
+    input: Vec<InputItem>,
+    compact_instructions: String,
+) {
+    let start_event = Event {
+        id: sub_id.clone(),
+        msg: EventMsg::TaskStarted(TaskStartedEvent {
+            model_context_window: turn_context.client.get_model_context_window(),
+        }),
+    };
+    sess.send_event(start_event).await;
+    run_compact_task_inner(
+        sess.clone(),
+        turn_context,
+        sub_id.clone(),
+        input,
+        compact_instructions,
+        true,
+    )
+    .await;
+    let event = Event {
+        id: sub_id,
+        msg: EventMsg::TaskComplete(TaskCompleteEvent {
+            last_agent_message: None,
+        }),
+    };
+    sess.send_event(event).await;
+}
+
+async fn run_compact_task_inner(
+    sess: Arc<Session>,
+    turn_context: Arc<TurnContext>,
+    sub_id: String,
+    input: Vec<InputItem>,
+    compact_instructions: String,
+    remove_task_on_completion: bool,
+) {
+    let initial_input_for_turn: ResponseInputItem = ResponseInputItem::from(input);
+    let instructions_override = compact_instructions;
+    let turn_input = sess
+        .turn_input_with_history(vec![initial_input_for_turn.clone().into()])
+        .await;
+
+    let prompt = Prompt {
+        input: turn_input,
+        tools: Vec::new(),
+        base_instructions_override: Some(instructions_override),
+    };
+
+    let max_retries = turn_context.client.get_provider().stream_max_retries();
+    let mut retries = 0;
+
+    let rollout_item = RolloutItem::TurnContext(TurnContextItem {
+        cwd: turn_context.cwd.clone(),
+        approval_policy: turn_context.approval_policy,
+        sandbox_policy: turn_context.sandbox_policy.clone(),
+        model: turn_context.client.get_model(),
+        effort: turn_context.client.get_reasoning_effort(),
+        summary: turn_context.client.get_reasoning_summary(),
+    });
+    sess.persist_rollout_items(&[rollout_item]).await;
+
+    loop {
+        let attempt_result = drain_to_completed(&sess, turn_context.as_ref(), &prompt).await;
+
+        match attempt_result {
+            Ok(()) => {
+                break;
+            }
+            Err(CodexErr::Interrupted) => {
+                return;
+            }
+            Err(e) => {
+                if retries < max_retries {
+                    retries += 1;
+                    let delay = backoff(retries);
+                    sess.notify_stream_error(
+                        &sub_id,
+                        format!(
+                            "stream error: {e}; retrying {retries}/{max_retries} in {delay:?}…"
+                        ),
+                    )
+                    .await;
+                    tokio::time::sleep(delay).await;
+                    continue;
+                } else {
+                    let event = Event {
+                        id: sub_id.clone(),
+                        msg: EventMsg::Error(ErrorEvent {
+                            message: e.to_string(),
+                        }),
+                    };
+                    sess.send_event(event).await;
+                    return;
+                }
+            }
+        }
+    }
+
+    if remove_task_on_completion {
+        sess.remove_task(&sub_id).await;
+    }
+    let history_snapshot = {
+        let state = sess.state.lock().await;
+        state.history.contents()
+    };
+    let summary_text = get_last_assistant_message_from_turn(&history_snapshot).unwrap_or_default();
+    let user_messages = collect_user_messages(&history_snapshot);
+    let initial_context = sess.build_initial_context(turn_context.as_ref());
+    let new_history = build_compacted_history(initial_context, &user_messages, &summary_text);
+    {
+        let mut state = sess.state.lock().await;
+        state.history.replace(new_history);
+    }
+
+    let rollout_item = RolloutItem::Compacted(CompactedItem {
+        message: summary_text.clone(),
+    });
+    sess.persist_rollout_items(&[rollout_item]).await;
+
+    let event = Event {
+        id: sub_id.clone(),
+        msg: EventMsg::AgentMessage(AgentMessageEvent {
+            message: "Compact task completed".to_string(),
+        }),
+    };
+    sess.send_event(event).await;
+}
+
+pub fn content_items_to_text(content: &[ContentItem]) -> Option<String> {
+    let mut pieces = Vec::new();
+    for item in content {
+        match item {
+            ContentItem::InputText { text } | ContentItem::OutputText { text } => {
+                if !text.is_empty() {
+                    pieces.push(text.as_str());
+                }
+            }
+            ContentItem::InputImage { .. } => {}
+        }
+    }
+    if pieces.is_empty() {
+        None
+    } else {
+        Some(pieces.join("\n"))
+    }
+}
+
+pub(crate) fn collect_user_messages(items: &[ResponseItem]) -> Vec<String> {
+    items
+        .iter()
+        .filter_map(|item| match item {
+            ResponseItem::Message { role, content, .. } if role == "user" => {
+                content_items_to_text(content)
+            }
+            _ => None,
+        })
+        .filter(|text| !is_session_prefix_message(text))
+        .collect()
+}
+
+pub fn is_session_prefix_message(text: &str) -> bool {
+    matches!(
+        InputMessageKind::from(("user", text)),
+        InputMessageKind::UserInstructions | InputMessageKind::EnvironmentContext
+    )
+}
+
+pub(crate) fn build_compacted_history(
+    initial_context: Vec<ResponseItem>,
+    user_messages: &[String],
+    summary_text: &str,
+) -> Vec<ResponseItem> {
+    let mut history = initial_context;
+    let mut user_messages_text = if user_messages.is_empty() {
+        "(none)".to_string()
+    } else {
+        user_messages.join("\n\n")
+    };
+    // Truncate the concatenated prior user messages so the bridge message
+    // stays well under the context window (approx. 4 bytes/token).
+    let max_bytes = COMPACT_USER_MESSAGE_MAX_TOKENS * 4;
+    if user_messages_text.len() > max_bytes {
+        user_messages_text = truncate_middle(&user_messages_text, max_bytes).0;
+    }
+    let summary_text = if summary_text.is_empty() {
+        "(no summary available)".to_string()
+    } else {
+        summary_text.to_string()
+    };
+    let Ok(bridge) = HistoryBridgeTemplate {
+        user_messages_text: &user_messages_text,
+        summary_text: &summary_text,
+    }
+    .render() else {
+        return vec![];
+    };
+    history.push(ResponseItem::Message {
+        id: None,
+        role: "user".to_string(),
+        content: vec![ContentItem::InputText { text: bridge }],
+    });
+    history
+}
+
+async fn drain_to_completed(
+    sess: &Session,
+    turn_context: &TurnContext,
+    prompt: &Prompt,
+) -> CodexResult<()> {
+    let mut stream = turn_context.client.clone().stream(prompt).await?;
+    loop {
+        let maybe_event = stream.next().await;
+        let Some(event) = maybe_event else {
+            return Err(CodexErr::Stream(
+                "stream closed before response.completed".into(),
+                None,
+            ));
+        };
+        match event {
+            Ok(ResponseEvent::OutputItemDone(item)) => {
+                let mut state = sess.state.lock().await;
+                state.history.record_items(std::slice::from_ref(&item));
+            }
+            Ok(ResponseEvent::Completed { .. }) => {
+                return Ok(());
+            }
+            Ok(_) => continue,
+            Err(e) => return Err(e),
+        }
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use pretty_assertions::assert_eq;
+
+    #[test]
+    fn content_items_to_text_joins_non_empty_segments() {
+        let items = vec![
+            ContentItem::InputText {
+                text: "hello".to_string(),
+            },
+            ContentItem::OutputText {
+                text: String::new(),
+            },
+            ContentItem::OutputText {
+                text: "world".to_string(),
+            },
+        ];
+
+        let joined = content_items_to_text(&items);
+
+        assert_eq!(Some("hello\nworld".to_string()), joined);
+    }
+
+    #[test]
+    fn content_items_to_text_ignores_image_only_content() {
+        let items = vec![ContentItem::InputImage {
+            image_url: "file://image.png".to_string(),
+        }];
+
+        let joined = content_items_to_text(&items);
+
+        assert_eq!(None, joined);
+    }
+
+    #[test]
+    fn collect_user_messages_extracts_user_text_only() {
+        let items = vec![
+            ResponseItem::Message {
+                id: Some("assistant".to_string()),
+                role: "assistant".to_string(),
+                content: vec![ContentItem::OutputText {
+                    text: "ignored".to_string(),
+                }],
+            },
+            ResponseItem::Message {
+                id: Some("user".to_string()),
+                role: "user".to_string(),
+                content: vec![
+                    ContentItem::InputText {
+                        text: "first".to_string(),
+                    },
+                    ContentItem::OutputText {
+                        text: "second".to_string(),
+                    },
+                ],
+            },
+            ResponseItem::Other,
+        ];
+
+        let collected = collect_user_messages(&items);
+
+        assert_eq!(vec!["first\nsecond".to_string()], collected);
+    }
+
+    #[test]
+    fn collect_user_messages_filters_session_prefix_entries() {
+        let items = vec![
+            ResponseItem::Message {
+                id: None,
+                role: "user".to_string(),
+                content: vec![ContentItem::InputText {
+                    text: "<user_instructions>do things</user_instructions>".to_string(),
+                }],
+            },
+            ResponseItem::Message {
+                id: None,
+                role: "user".to_string(),
+                content: vec![ContentItem::InputText {
+                    text: "<ENVIRONMENT_CONTEXT>cwd=/tmp</ENVIRONMENT_CONTEXT>".to_string(),
+                }],
+            },
+            ResponseItem::Message {
+                id: None,
+                role: "user".to_string(),
+                content: vec![ContentItem::InputText {
+                    text: "real user message".to_string(),
+                }],
+            },
+        ];
+
+        let collected = collect_user_messages(&items);
+
+        assert_eq!(vec!["real user message".to_string()], collected);
+    }
+
+    #[test]
+    fn build_compacted_history_truncates_overlong_user_messages() {
+        // Prepare a very large prior user message so the aggregated
+        // `user_messages_text` exceeds the truncation threshold used by
+        // `build_compacted_history` (80k bytes).
+        let big = "X".repeat(200_000);
+        let history = build_compacted_history(Vec::new(), std::slice::from_ref(&big), "SUMMARY");
+
+        // Expect exactly one bridge message added to history (plus any initial context we provided, which is none).
+        assert_eq!(history.len(), 1);
+
+        // Extract the text content of the bridge message.
+        let bridge_text = match &history[0] {
+            ResponseItem::Message { role, content, .. } if role == "user" => {
+                content_items_to_text(content).unwrap_or_default()
+            }
+            other => panic!("unexpected item in history: {other:?}"),
+        };
+
+        // The bridge should contain the truncation marker and not the full original payload.
+        assert!(
+            bridge_text.contains("tokens truncated"),
+            "expected truncation marker in bridge message"
+        );
+        assert!(
+            !bridge_text.contains(&big),
+            "bridge should not include the full oversized user text"
+        );
+        assert!(
+            bridge_text.contains("SUMMARY"),
+            "bridge should include the provided summary text"
+        );
+    }
+}

codex-rs/core/src/config_edit.rs

@@ -0,0 +1,748 @@
+use crate::config::CONFIG_TOML_FILE;
+use anyhow::Result;
+use std::path::Path;
+use tempfile::NamedTempFile;
+use toml_edit::DocumentMut;
+
+pub const CONFIG_KEY_MODEL: &str = "model";
+pub const CONFIG_KEY_EFFORT: &str = "model_reasoning_effort";
+
+#[derive(Copy, Clone)]
+enum NoneBehavior {
+    Skip,
+    Remove,
+}
+
+/// Persist overrides into `config.toml` using explicit key segments per
+/// override. This avoids ambiguity with keys that contain dots or spaces.
+pub async fn persist_overrides(
+    codex_home: &Path,
+    profile: Option<&str>,
+    overrides: &[(&[&str], &str)],
+) -> Result<()> {
+    let with_options: Vec<(&[&str], Option<&str>)> = overrides
+        .iter()
+        .map(|(segments, value)| (*segments, Some(*value)))
+        .collect();
+
+    persist_overrides_with_behavior(codex_home, profile, &with_options, NoneBehavior::Skip).await
+}
+
+/// Persist overrides where values may be optional. Any entries with `None`
+/// values are skipped. If all values are `None`, this becomes a no-op and
+/// returns `Ok(())` without touching the file.
+pub async fn persist_non_null_overrides(
+    codex_home: &Path,
+    profile: Option<&str>,
+    overrides: &[(&[&str], Option<&str>)],
+) -> Result<()> {
+    persist_overrides_with_behavior(codex_home, profile, overrides, NoneBehavior::Skip).await
+}
+
+/// Persist overrides where `None` values clear any existing values from the
+/// configuration file.
+pub async fn persist_overrides_and_clear_if_none(
+    codex_home: &Path,
+    profile: Option<&str>,
+    overrides: &[(&[&str], Option<&str>)],
+) -> Result<()> {
+    persist_overrides_with_behavior(codex_home, profile, overrides, NoneBehavior::Remove).await
+}
+
+/// Apply a single override onto a `toml_edit` document while preserving
+/// existing formatting/comments.
+/// The key is expressed as explicit segments to correctly handle keys that
+/// contain dots or spaces.
+fn apply_toml_edit_override_segments(
+    doc: &mut DocumentMut,
+    segments: &[&str],
+    value: toml_edit::Item,
+) {
+    use toml_edit::Item;
+
+    if segments.is_empty() {
+        return;
+    }
+
+    let mut current = doc.as_table_mut();
+    for seg in &segments[..segments.len() - 1] {
+        if !current.contains_key(seg) {
+            current[*seg] = Item::Table(toml_edit::Table::new());
+            if let Some(t) = current[*seg].as_table_mut() {
+                t.set_implicit(true);
+            }
+        }
+
+        let maybe_item = current.get_mut(seg);
+        let Some(item) = maybe_item else { return };
+
+        if !item.is_table() {
+            *item = Item::Table(toml_edit::Table::new());
+            if let Some(t) = item.as_table_mut() {
+                t.set_implicit(true);
+            }
+        }
+
+        let Some(tbl) = item.as_table_mut() else {
+            return;
+        };
+        current = tbl;
+    }
+
+    let last = segments[segments.len() - 1];
+    current[last] = value;
+}
+
+async fn persist_overrides_with_behavior(
+    codex_home: &Path,
+    profile: Option<&str>,
+    overrides: &[(&[&str], Option<&str>)],
+    none_behavior: NoneBehavior,
+) -> Result<()> {
+    if overrides.is_empty() {
+        return Ok(());
+    }
+
+    let should_skip = match none_behavior {
+        NoneBehavior::Skip => overrides.iter().all(|(_, value)| value.is_none()),
+        NoneBehavior::Remove => false,
+    };
+
+    if should_skip {
+        return Ok(());
+    }
+
+    let config_path = codex_home.join(CONFIG_TOML_FILE);
+
+    let read_result = tokio::fs::read_to_string(&config_path).await;
+    let mut doc = match read_result {
+        Ok(contents) => contents.parse::<DocumentMut>()?,
+        Err(e) if e.kind() == std::io::ErrorKind::NotFound => {
+            if overrides
+                .iter()
+                .all(|(_, value)| value.is_none() && matches!(none_behavior, NoneBehavior::Remove))
+            {
+                return Ok(());
+            }
+
+            tokio::fs::create_dir_all(codex_home).await?;
+            DocumentMut::new()
+        }
+        Err(e) => return Err(e.into()),
+    };
+
+    let effective_profile = if let Some(p) = profile {
+        Some(p.to_owned())
+    } else {
+        doc.get("profile")
+            .and_then(|i| i.as_str())
+            .map(str::to_string)
+    };
+
+    let mut mutated = false;
+
+    for (segments, value) in overrides.iter().copied() {
+        let mut seg_buf: Vec<&str> = Vec::new();
+        let segments_to_apply: &[&str];
+
+        if let Some(ref name) = effective_profile {
+            if segments.first().copied() == Some("profiles") {
+                segments_to_apply = segments;
+            } else {
+                seg_buf.reserve(2 + segments.len());
+                seg_buf.push("profiles");
+                seg_buf.push(name.as_str());
+                seg_buf.extend_from_slice(segments);
+                segments_to_apply = seg_buf.as_slice();
+            }
+        } else {
+            segments_to_apply = segments;
+        }
+
+        match value {
+            Some(v) => {
+                let item_value = toml_edit::value(v);
+                apply_toml_edit_override_segments(&mut doc, segments_to_apply, item_value);
+                mutated = true;
+            }
+            None => {
+                if matches!(none_behavior, NoneBehavior::Remove)
+                    && remove_toml_edit_segments(&mut doc, segments_to_apply)
+                {
+                    mutated = true;
+                }
+            }
+        }
+    }
+
+    if !mutated {
+        return Ok(());
+    }
+
+    let tmp_file = NamedTempFile::new_in(codex_home)?;
+    tokio::fs::write(tmp_file.path(), doc.to_string()).await?;
+    tmp_file.persist(config_path)?;
+
+    Ok(())
+}
+
+fn remove_toml_edit_segments(doc: &mut DocumentMut, segments: &[&str]) -> bool {
+    use toml_edit::Item;
+
+    if segments.is_empty() {
+        return false;
+    }
+
+    let mut current = doc.as_table_mut();
+    for seg in &segments[..segments.len() - 1] {
+        let Some(item) = current.get_mut(seg) else {
+            return false;
+        };
+
+        match item {
+            Item::Table(table) => {
+                current = table;
+            }
+            _ => {
+                return false;
+            }
+        }
+    }
+
+    current.remove(segments[segments.len() - 1]).is_some()
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use pretty_assertions::assert_eq;
+    use tempfile::tempdir;
+
+    /// Verifies model and effort are written at top-level when no profile is set.
+    #[tokio::test]
+    async fn set_default_model_and_effort_top_level_when_no_profile() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        persist_overrides(
+            codex_home,
+            None,
+            &[
+                (&[CONFIG_KEY_MODEL], "gpt-5-codex"),
+                (&[CONFIG_KEY_EFFORT], "high"),
+            ],
+        )
+        .await
+        .expect("persist");
+
+        let contents = read_config(codex_home).await;
+        let expected = r#"model = "gpt-5-codex"
+model_reasoning_effort = "high"
+"#;
+        assert_eq!(contents, expected);
+    }
+
+    /// Verifies values are written under the active profile when `profile` is set.
+    #[tokio::test]
+    async fn set_defaults_update_profile_when_profile_set() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        // Seed config with a profile selection but without profiles table
+        let seed = "profile = \"o3\"\n";
+        tokio::fs::write(codex_home.join(CONFIG_TOML_FILE), seed)
+            .await
+            .expect("seed write");
+
+        persist_overrides(
+            codex_home,
+            None,
+            &[
+                (&[CONFIG_KEY_MODEL], "o3"),
+                (&[CONFIG_KEY_EFFORT], "minimal"),
+            ],
+        )
+        .await
+        .expect("persist");
+
+        let contents = read_config(codex_home).await;
+        let expected = r#"profile = "o3"
+
+[profiles.o3]
+model = "o3"
+model_reasoning_effort = "minimal"
+"#;
+        assert_eq!(contents, expected);
+    }
+
+    /// Verifies profile names with dots/spaces are preserved via explicit segments.
+    #[tokio::test]
+    async fn set_defaults_update_profile_with_dot_and_space() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        // Seed config with a profile name that contains a dot and a space
+        let seed = "profile = \"my.team name\"\n";
+        tokio::fs::write(codex_home.join(CONFIG_TOML_FILE), seed)
+            .await
+            .expect("seed write");
+
+        persist_overrides(
+            codex_home,
+            None,
+            &[
+                (&[CONFIG_KEY_MODEL], "o3"),
+                (&[CONFIG_KEY_EFFORT], "minimal"),
+            ],
+        )
+        .await
+        .expect("persist");
+
+        let contents = read_config(codex_home).await;
+        let expected = r#"profile = "my.team name"
+
+[profiles."my.team name"]
+model = "o3"
+model_reasoning_effort = "minimal"
+"#;
+        assert_eq!(contents, expected);
+    }
+
+    /// Verifies explicit profile override writes under that profile even without active profile.
+    #[tokio::test]
+    async fn set_defaults_update_when_profile_override_supplied() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        // No profile key in config.toml
+        tokio::fs::write(codex_home.join(CONFIG_TOML_FILE), "")
+            .await
+            .expect("seed write");
+
+        // Persist with an explicit profile override
+        persist_overrides(
+            codex_home,
+            Some("o3"),
+            &[(&[CONFIG_KEY_MODEL], "o3"), (&[CONFIG_KEY_EFFORT], "high")],
+        )
+        .await
+        .expect("persist");
+
+        let contents = read_config(codex_home).await;
+        let expected = r#"[profiles.o3]
+model = "o3"
+model_reasoning_effort = "high"
+"#;
+        assert_eq!(contents, expected);
+    }
+
+    /// Verifies nested tables are created as needed when applying overrides.
+    #[tokio::test]
+    async fn persist_overrides_creates_nested_tables() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        persist_overrides(
+            codex_home,
+            None,
+            &[
+                (&["a", "b", "c"], "v"),
+                (&["x"], "y"),
+                (&["profiles", "p1", CONFIG_KEY_MODEL], "gpt-5-codex"),
+            ],
+        )
+        .await
+        .expect("persist");
+
+        let contents = read_config(codex_home).await;
+        let expected = r#"x = "y"
+
+[a.b]
+c = "v"
+
+[profiles.p1]
+model = "gpt-5-codex"
+"#;
+        assert_eq!(contents, expected);
+    }
+
+    /// Verifies a scalar key becomes a table when nested keys are written.
+    #[tokio::test]
+    async fn persist_overrides_replaces_scalar_with_table() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+        let seed = "foo = \"bar\"\n";
+        tokio::fs::write(codex_home.join(CONFIG_TOML_FILE), seed)
+            .await
+            .expect("seed write");
+
+        persist_overrides(codex_home, None, &[(&["foo", "bar", "baz"], "ok")])
+            .await
+            .expect("persist");
+
+        let contents = read_config(codex_home).await;
+        let expected = r#"[foo.bar]
+baz = "ok"
+"#;
+        assert_eq!(contents, expected);
+    }
+
+    /// Verifies comments and spacing are preserved when writing under active profile.
+    #[tokio::test]
+    async fn set_defaults_preserve_comments() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        // Seed a config with comments and spacing we expect to preserve
+        let seed = r#"# Global comment
+# Another line
+
+profile = "o3"
+
+# Profile settings
+[profiles.o3]
+# keep me
+existing = "keep"
+"#;
+        tokio::fs::write(codex_home.join(CONFIG_TOML_FILE), seed)
+            .await
+            .expect("seed write");
+
+        // Apply defaults; since profile is set, it should write under [profiles.o3]
+        persist_overrides(
+            codex_home,
+            None,
+            &[(&[CONFIG_KEY_MODEL], "o3"), (&[CONFIG_KEY_EFFORT], "high")],
+        )
+        .await
+        .expect("persist");
+
+        let contents = read_config(codex_home).await;
+        let expected = r#"# Global comment
+# Another line
+
+profile = "o3"
+
+# Profile settings
+[profiles.o3]
+# keep me
+existing = "keep"
+model = "o3"
+model_reasoning_effort = "high"
+"#;
+        assert_eq!(contents, expected);
+    }
+
+    /// Verifies comments and spacing are preserved when writing at top level.
+    #[tokio::test]
+    async fn set_defaults_preserve_global_comments() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        // Seed a config WITHOUT a profile, containing comments and spacing
+        let seed = r#"# Top-level comments
+# should be preserved
+
+existing = "keep"
+"#;
+        tokio::fs::write(codex_home.join(CONFIG_TOML_FILE), seed)
+            .await
+            .expect("seed write");
+
+        // Since there is no profile, the defaults should be written at top-level
+        persist_overrides(
+            codex_home,
+            None,
+            &[
+                (&[CONFIG_KEY_MODEL], "gpt-5-codex"),
+                (&[CONFIG_KEY_EFFORT], "minimal"),
+            ],
+        )
+        .await
+        .expect("persist");
+
+        let contents = read_config(codex_home).await;
+        let expected = r#"# Top-level comments
+# should be preserved
+
+existing = "keep"
+model = "gpt-5-codex"
+model_reasoning_effort = "minimal"
+"#;
+        assert_eq!(contents, expected);
+    }
+
+    /// Verifies errors on invalid TOML propagate and file is not clobbered.
+    #[tokio::test]
+    async fn persist_overrides_errors_on_parse_failure() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        // Write an intentionally invalid TOML file
+        let invalid = "invalid = [unclosed";
+        tokio::fs::write(codex_home.join(CONFIG_TOML_FILE), invalid)
+            .await
+            .expect("seed write");
+
+        // Attempting to persist should return an error and must not clobber the file.
+        let res = persist_overrides(codex_home, None, &[(&["x"], "y")]).await;
+        assert!(res.is_err(), "expected parse error to propagate");
+
+        // File should be unchanged
+        let contents = read_config(codex_home).await;
+        assert_eq!(contents, invalid);
+    }
+
+    /// Verifies changing model only preserves existing effort at top-level.
+    #[tokio::test]
+    async fn changing_only_model_preserves_existing_effort_top_level() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        // Seed with an effort value only
+        let seed = "model_reasoning_effort = \"minimal\"\n";
+        tokio::fs::write(codex_home.join(CONFIG_TOML_FILE), seed)
+            .await
+            .expect("seed write");
+
+        // Change only the model
+        persist_overrides(codex_home, None, &[(&[CONFIG_KEY_MODEL], "o3")])
+            .await
+            .expect("persist");
+
+        let contents = read_config(codex_home).await;
+        let expected = r#"model_reasoning_effort = "minimal"
+model = "o3"
+"#;
+        assert_eq!(contents, expected);
+    }
+
+    /// Verifies changing effort only preserves existing model at top-level.
+    #[tokio::test]
+    async fn changing_only_effort_preserves_existing_model_top_level() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        // Seed with a model value only
+        let seed = "model = \"gpt-5-codex\"\n";
+        tokio::fs::write(codex_home.join(CONFIG_TOML_FILE), seed)
+            .await
+            .expect("seed write");
+
+        // Change only the effort
+        persist_overrides(codex_home, None, &[(&[CONFIG_KEY_EFFORT], "high")])
+            .await
+            .expect("persist");
+
+        let contents = read_config(codex_home).await;
+        let expected = r#"model = "gpt-5-codex"
+model_reasoning_effort = "high"
+"#;
+        assert_eq!(contents, expected);
+    }
+
+    /// Verifies changing model only preserves existing effort in active profile.
+    #[tokio::test]
+    async fn changing_only_model_preserves_effort_in_active_profile() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        // Seed with an active profile and an existing effort under that profile
+        let seed = r#"profile = "p1"
+
+[profiles.p1]
+model_reasoning_effort = "low"
+"#;
+        tokio::fs::write(codex_home.join(CONFIG_TOML_FILE), seed)
+            .await
+            .expect("seed write");
+
+        persist_overrides(codex_home, None, &[(&[CONFIG_KEY_MODEL], "o4-mini")])
+            .await
+            .expect("persist");
+
+        let contents = read_config(codex_home).await;
+        let expected = r#"profile = "p1"
+
+[profiles.p1]
+model_reasoning_effort = "low"
+model = "o4-mini"
+"#;
+        assert_eq!(contents, expected);
+    }
+
+    /// Verifies changing effort only preserves existing model in a profile override.
+    #[tokio::test]
+    async fn changing_only_effort_preserves_model_in_profile_override() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        // No active profile key; we'll target an explicit override
+        let seed = r#"[profiles.team]
+model = "gpt-5-codex"
+"#;
+        tokio::fs::write(codex_home.join(CONFIG_TOML_FILE), seed)
+            .await
+            .expect("seed write");
+
+        persist_overrides(
+            codex_home,
+            Some("team"),
+            &[(&[CONFIG_KEY_EFFORT], "minimal")],
+        )
+        .await
+        .expect("persist");
+
+        let contents = read_config(codex_home).await;
+        let expected = r#"[profiles.team]
+model = "gpt-5-codex"
+model_reasoning_effort = "minimal"
+"#;
+        assert_eq!(contents, expected);
+    }
+
+    /// Verifies `persist_non_null_overrides` skips `None` entries and writes only present values at top-level.
+    #[tokio::test]
+    async fn persist_non_null_skips_none_top_level() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        persist_non_null_overrides(
+            codex_home,
+            None,
+            &[
+                (&[CONFIG_KEY_MODEL], Some("gpt-5-codex")),
+                (&[CONFIG_KEY_EFFORT], None),
+            ],
+        )
+        .await
+        .expect("persist");
+
+        let contents = read_config(codex_home).await;
+        let expected = "model = \"gpt-5-codex\"\n";
+        assert_eq!(contents, expected);
+    }
+
+    /// Verifies no-op behavior when all provided overrides are `None` (no file created/modified).
+    #[tokio::test]
+    async fn persist_non_null_noop_when_all_none() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        persist_non_null_overrides(
+            codex_home,
+            None,
+            &[(&["a"], None), (&["profiles", "p", "x"], None)],
+        )
+        .await
+        .expect("persist");
+
+        // Should not create config.toml on a pure no-op
+        assert!(!codex_home.join(CONFIG_TOML_FILE).exists());
+    }
+
+    /// Verifies entries are written under the specified profile and `None` entries are skipped.
+    #[tokio::test]
+    async fn persist_non_null_respects_profile_override() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        persist_non_null_overrides(
+            codex_home,
+            Some("team"),
+            &[
+                (&[CONFIG_KEY_MODEL], Some("o3")),
+                (&[CONFIG_KEY_EFFORT], None),
+            ],
+        )
+        .await
+        .expect("persist");
+
+        let contents = read_config(codex_home).await;
+        let expected = r#"[profiles.team]
+model = "o3"
+"#;
+        assert_eq!(contents, expected);
+    }
+
+    #[tokio::test]
+    async fn persist_clear_none_removes_top_level_value() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        let seed = r#"model = "gpt-5-codex"
+model_reasoning_effort = "medium"
+"#;
+        tokio::fs::write(codex_home.join(CONFIG_TOML_FILE), seed)
+            .await
+            .expect("seed write");
+
+        persist_overrides_and_clear_if_none(
+            codex_home,
+            None,
+            &[
+                (&[CONFIG_KEY_MODEL], None),
+                (&[CONFIG_KEY_EFFORT], Some("high")),
+            ],
+        )
+        .await
+        .expect("persist");
+
+        let contents = read_config(codex_home).await;
+        let expected = "model_reasoning_effort = \"high\"\n";
+        assert_eq!(contents, expected);
+    }
+
+    #[tokio::test]
+    async fn persist_clear_none_respects_active_profile() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        let seed = r#"profile = "team"
+
+[profiles.team]
+model = "gpt-4"
+model_reasoning_effort = "minimal"
+"#;
+        tokio::fs::write(codex_home.join(CONFIG_TOML_FILE), seed)
+            .await
+            .expect("seed write");
+
+        persist_overrides_and_clear_if_none(
+            codex_home,
+            None,
+            &[
+                (&[CONFIG_KEY_MODEL], None),
+                (&[CONFIG_KEY_EFFORT], Some("high")),
+            ],
+        )
+        .await
+        .expect("persist");
+
+        let contents = read_config(codex_home).await;
+        let expected = r#"profile = "team"
+
+[profiles.team]
+model_reasoning_effort = "high"
+"#;
+        assert_eq!(contents, expected);
+    }
+
+    #[tokio::test]
+    async fn persist_clear_none_noop_when_file_missing() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        persist_overrides_and_clear_if_none(codex_home, None, &[(&[CONFIG_KEY_MODEL], None)])
+            .await
+            .expect("persist");
+
+        assert!(!codex_home.join(CONFIG_TOML_FILE).exists());
+    }
+
+    // Test helper moved to bottom per review guidance.
+    async fn read_config(codex_home: &Path) -> String {
+        let p = codex_home.join(CONFIG_TOML_FILE);
+        tokio::fs::read_to_string(p).await.unwrap_or_default()
+    }
+}

codex-rs/core/src/config_profile.rs

@@ -1,10 +1,10 @@
 use serde::Deserialize;
 use std::path::PathBuf;
 
-use crate::config_types::Verbosity;
 use crate::protocol::AskForApproval;
 use codex_protocol::config_types::ReasoningEffort;
 use codex_protocol::config_types::ReasoningSummary;
+use codex_protocol::config_types::Verbosity;
 
 /// Collection of common configuration options that a user can define as a unit
 /// in `config.toml`.
@@ -15,10 +15,23 @@ pub struct ConfigProfile {
     /// [`ModelProviderInfo`] to use.
     pub model_provider: Option<String>,
     pub approval_policy: Option<AskForApproval>,
-    pub disable_response_storage: Option<bool>,
     pub model_reasoning_effort: Option<ReasoningEffort>,
     pub model_reasoning_summary: Option<ReasoningSummary>,
     pub model_verbosity: Option<Verbosity>,
     pub chatgpt_base_url: Option<String>,
     pub experimental_instructions_file: Option<PathBuf>,
 }
+
+impl From<ConfigProfile> for codex_protocol::mcp_protocol::Profile {
+    fn from(config_profile: ConfigProfile) -> Self {
+        Self {
+            model: config_profile.model,
+            model_provider: config_profile.model_provider,
+            approval_policy: config_profile.approval_policy,
+            model_reasoning_effort: config_profile.model_reasoning_effort,
+            model_reasoning_summary: config_profile.model_reasoning_summary,
+            model_verbosity: config_profile.model_verbosity,
+            chatgpt_base_url: config_profile.chatgpt_base_url,
+        }
+    }
+}

codex-rs/core/src/config_types.rs

@@ -5,13 +5,15 @@
 
 use std::collections::HashMap;
 use std::path::PathBuf;
+use std::time::Duration;
 use wildmatch::WildMatchPattern;
 
 use serde::Deserialize;
+use serde::Deserializer;
 use serde::Serialize;
-use strum_macros::Display;
+use serde::de::Error as SerdeError;
 
-#[derive(Deserialize, Debug, Clone, PartialEq)]
+#[derive(Serialize, Debug, Clone, PartialEq)]
 pub struct McpServerConfig {
     pub command: String,
 
@@ -20,6 +22,85 @@ pub struct McpServerConfig {
 
     #[serde(default)]
     pub env: Option<HashMap<String, String>>,
+
+    /// Startup timeout in seconds for initializing MCP server & initially listing tools.
+    #[serde(
+        default,
+        with = "option_duration_secs",
+        skip_serializing_if = "Option::is_none"
+    )]
+    pub startup_timeout_sec: Option<Duration>,
+
+    /// Default timeout for MCP tool calls initiated via this server.
+    #[serde(default, with = "option_duration_secs")]
+    pub tool_timeout_sec: Option<Duration>,
+}
+
+impl<'de> Deserialize<'de> for McpServerConfig {
+    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
+    where
+        D: Deserializer<'de>,
+    {
+        #[derive(Deserialize)]
+        struct RawMcpServerConfig {
+            command: String,
+            #[serde(default)]
+            args: Vec<String>,
+            #[serde(default)]
+            env: Option<HashMap<String, String>>,
+            #[serde(default)]
+            startup_timeout_sec: Option<f64>,
+            #[serde(default)]
+            startup_timeout_ms: Option<u64>,
+            #[serde(default, with = "option_duration_secs")]
+            tool_timeout_sec: Option<Duration>,
+        }
+
+        let raw = RawMcpServerConfig::deserialize(deserializer)?;
+
+        let startup_timeout_sec = match (raw.startup_timeout_sec, raw.startup_timeout_ms) {
+            (Some(sec), _) => {
+                let duration = Duration::try_from_secs_f64(sec).map_err(SerdeError::custom)?;
+                Some(duration)
+            }
+            (None, Some(ms)) => Some(Duration::from_millis(ms)),
+            (None, None) => None,
+        };
+
+        Ok(Self {
+            command: raw.command,
+            args: raw.args,
+            env: raw.env,
+            startup_timeout_sec,
+            tool_timeout_sec: raw.tool_timeout_sec,
+        })
+    }
+}
+
+mod option_duration_secs {
+    use serde::Deserialize;
+    use serde::Deserializer;
+    use serde::Serializer;
+    use std::time::Duration;
+
+    pub fn serialize<S>(value: &Option<Duration>, serializer: S) -> Result<S::Ok, S::Error>
+    where
+        S: Serializer,
+    {
+        match value {
+            Some(duration) => serializer.serialize_some(&duration.as_secs_f64()),
+            None => serializer.serialize_none(),
+        }
+    }
+
+    pub fn deserialize<'de, D>(deserializer: D) -> Result<Option<Duration>, D::Error>
+    where
+        D: Deserializer<'de>,
+    {
+        let secs = Option::<f64>::deserialize(deserializer)?;
+        secs.map(|secs| Duration::try_from_secs_f64(secs).map_err(serde::de::Error::custom))
+            .transpose()
+    }
 }
 
 #[derive(Deserialize, Debug, Copy, Clone, PartialEq)]
@@ -74,9 +155,27 @@ pub enum HistoryPersistence {
     None,
 }
 
+#[derive(Debug, Clone, PartialEq, Eq, Deserialize)]
+#[serde(untagged)]
+pub enum Notifications {
+    Enabled(bool),
+    Custom(Vec<String>),
+}
+
+impl Default for Notifications {
+    fn default() -> Self {
+        Self::Enabled(false)
+    }
+}
+
 /// Collection of settings that are specific to the TUI.
 #[derive(Deserialize, Debug, Clone, PartialEq, Default)]
-pub struct Tui {}
+pub struct Tui {
+    /// Enable desktop notifications from the TUI when the terminal is unfocused.
+    /// Defaults to `false`.
+    #[serde(default)]
+    pub notifications: Notifications,
+}
 
 #[derive(Deserialize, Debug, Clone, PartialEq, Default)]
 pub struct SandboxWorkspaceWrite {
@@ -90,6 +189,17 @@ pub struct SandboxWorkspaceWrite {
     pub exclude_slash_tmp: bool,
 }
 
+impl From<SandboxWorkspaceWrite> for codex_protocol::mcp_protocol::SandboxSettings {
+    fn from(sandbox_workspace_write: SandboxWorkspaceWrite) -> Self {
+        Self {
+            writable_roots: sandbox_workspace_write.writable_roots,
+            network_access: Some(sandbox_workspace_write.network_access),
+            exclude_tmpdir_env_var: Some(sandbox_workspace_write.exclude_tmpdir_env_var),
+            exclude_slash_tmp: Some(sandbox_workspace_write.exclude_slash_tmp),
+        }
+    }
+}
+
 #[derive(Deserialize, Debug, Clone, PartialEq, Default)]
 #[serde(rename_all = "kebab-case")]
 pub enum ShellEnvironmentPolicyInherit {
@@ -186,42 +296,10 @@ impl From<ShellEnvironmentPolicyToml> for ShellEnvironmentPolicy {
     }
 }
 
-/// See https://platform.openai.com/docs/guides/reasoning?api-mode=responses#get-started-with-reasoning
-#[derive(Debug, Serialize, Deserialize, Default, Clone, Copy, PartialEq, Eq, Display)]
-#[serde(rename_all = "lowercase")]
-#[strum(serialize_all = "lowercase")]
-pub enum ReasoningEffort {
-    Low,
+#[derive(Deserialize, Debug, Clone, PartialEq, Eq, Default, Hash)]
+#[serde(rename_all = "kebab-case")]
+pub enum ReasoningSummaryFormat {
     #[default]
-    Medium,
-    High,
-    /// Option to disable reasoning.
     None,
-}
-
-/// A summary of the reasoning performed by the model. This can be useful for
-/// debugging and understanding the model's reasoning process.
-/// See https://platform.openai.com/docs/guides/reasoning?api-mode=responses#reasoning-summaries
-#[derive(Debug, Serialize, Deserialize, Default, Clone, Copy, PartialEq, Eq, Display)]
-#[serde(rename_all = "lowercase")]
-#[strum(serialize_all = "lowercase")]
-pub enum ReasoningSummary {
-    #[default]
-    Auto,
-    Concise,
-    Detailed,
-    /// Option to disable reasoning summaries.
-    None,
-}
-
-/// Controls output length/detail on GPT-5 models via the Responses API.
-/// Serialized with lowercase values to match the OpenAI API.
-#[derive(Debug, Serialize, Deserialize, Default, Clone, Copy, PartialEq, Eq, Display)]
-#[serde(rename_all = "lowercase")]
-#[strum(serialize_all = "lowercase")]
-pub enum Verbosity {
-    Low,
-    #[default]
-    Medium,
-    High,
+    Experimental,
 }

codex-rs/core/src/conversation_history.rs

@@ -28,78 +28,12 @@ impl ConversationHistory {
                 continue;
             }
 
-            // Merge adjacent assistant messages into a single history entry.
-            // This prevents duplicates when a partial assistant message was
-            // streamed into history earlier in the turn and the final full
-            // message is recorded at turn end.
-            match (&*item, self.items.last_mut()) {
-                (
-                    ResponseItem::Message {
-                        role: new_role,
-                        content: new_content,
-                        ..
-                    },
-                    Some(ResponseItem::Message {
-                        role: last_role,
-                        content: last_content,
-                        ..
-                    }),
-                ) if new_role == "assistant" && last_role == "assistant" => {
-                    append_text_content(last_content, new_content);
-                }
-                _ => {
-                    self.items.push(item.clone());
-                }
-            }
+            self.items.push(item.clone());
         }
     }
 
-    /// Append a text `delta` to the latest assistant message, creating a new
-    /// assistant entry if none exists yet (e.g. first delta for this turn).
-    pub(crate) fn append_assistant_text(&mut self, delta: &str) {
-        match self.items.last_mut() {
-            Some(ResponseItem::Message { role, content, .. }) if role == "assistant" => {
-                append_text_delta(content, delta);
-            }
-            _ => {
-                // Start a new assistant message with the delta.
-                self.items.push(ResponseItem::Message {
-                    id: None,
-                    role: "assistant".to_string(),
-                    content: vec![codex_protocol::models::ContentItem::OutputText {
-                        text: delta.to_string(),
-                    }],
-                });
-            }
-        }
-    }
-
-    pub(crate) fn keep_last_messages(&mut self, n: usize) {
-        if n == 0 {
-            self.items.clear();
-            return;
-        }
-
-        // Collect the last N message items (assistant/user), newest to oldest.
-        let mut kept: Vec<ResponseItem> = Vec::with_capacity(n);
-        for item in self.items.iter().rev() {
-            if let ResponseItem::Message { role, content, .. } = item {
-                kept.push(ResponseItem::Message {
-                    // we need to remove the id or the model will complain that messages are sent without
-                    // their reasonings
-                    id: None,
-                    role: role.clone(),
-                    content: content.clone(),
-                });
-                if kept.len() == n {
-                    break;
-                }
-            }
-        }
-
-        // Preserve chronological order (oldest to newest) within the kept slice.
-        kept.reverse();
-        self.items = kept;
+    pub(crate) fn replace(&mut self, items: Vec<ResponseItem>) {
+        self.items = items;
     }
 }
 
@@ -113,39 +47,12 @@ fn is_api_message(message: &ResponseItem) -> bool {
         | ResponseItem::CustomToolCall { .. }
         | ResponseItem::CustomToolCallOutput { .. }
         | ResponseItem::LocalShellCall { .. }
-        | ResponseItem::Reasoning { .. } => true,
+        | ResponseItem::Reasoning { .. }
+        | ResponseItem::WebSearchCall { .. } => true,
         ResponseItem::Other => false,
     }
 }
 
-/// Helper to append the textual content from `src` into `dst` in place.
-fn append_text_content(
-    dst: &mut Vec<codex_protocol::models::ContentItem>,
-    src: &Vec<codex_protocol::models::ContentItem>,
-) {
-    for c in src {
-        if let codex_protocol::models::ContentItem::OutputText { text } = c {
-            append_text_delta(dst, text);
-        }
-    }
-}
-
-/// Append a single text delta to the last OutputText item in `content`, or
-/// push a new OutputText item if none exists.
-fn append_text_delta(content: &mut Vec<codex_protocol::models::ContentItem>, delta: &str) {
-    if let Some(codex_protocol::models::ContentItem::OutputText { text }) = content
-        .iter_mut()
-        .rev()
-        .find(|c| matches!(c, codex_protocol::models::ContentItem::OutputText { .. }))
-    {
-        text.push_str(delta);
-    } else {
-        content.push(codex_protocol::models::ContentItem::OutputText {
-            text: delta.to_string(),
-        });
-    }
-}
-
 #[cfg(test)]
 mod tests {
     use super::*;
@@ -171,49 +78,6 @@ mod tests {
         }
     }
 
-    #[test]
-    fn merges_adjacent_assistant_messages() {
-        let mut h = ConversationHistory::default();
-        let a1 = assistant_msg("Hello");
-        let a2 = assistant_msg(", world!");
-        h.record_items([&a1, &a2]);
-
-        let items = h.contents();
-        assert_eq!(
-            items,
-            vec![ResponseItem::Message {
-                id: None,
-                role: "assistant".to_string(),
-                content: vec![ContentItem::OutputText {
-                    text: "Hello, world!".to_string()
-                }]
-            }]
-        );
-    }
-
-    #[test]
-    fn append_assistant_text_creates_and_appends() {
-        let mut h = ConversationHistory::default();
-        h.append_assistant_text("Hello");
-        h.append_assistant_text(", world");
-
-        // Now record a final full assistant message and verify it merges.
-        let final_msg = assistant_msg("!");
-        h.record_items([&final_msg]);
-
-        let items = h.contents();
-        assert_eq!(
-            items,
-            vec![ResponseItem::Message {
-                id: None,
-                role: "assistant".to_string(),
-                content: vec![ContentItem::OutputText {
-                    text: "Hello, world!".to_string()
-                }]
-            }]
-        );
-    }
-
     #[test]
     fn filters_non_api_messages() {
         let mut h = ConversationHistory::default();

codex-rs/core/src/conversation_manager.rs

@@ -1,14 +1,10 @@
-use std::collections::HashMap;
-use std::sync::Arc;
-
-use codex_login::AuthManager;
-use codex_login::CodexAuth;
-use tokio::sync::RwLock;
-use uuid::Uuid;
-
+use crate::AuthManager;
+use crate::CodexAuth;
 use crate::codex::Codex;
 use crate::codex::CodexSpawnOk;
 use crate::codex::INITIAL_SUBMIT_ID;
+use crate::codex::compact::content_items_to_text;
+use crate::codex::compact::is_session_prefix_message;
 use crate::codex_conversation::CodexConversation;
 use crate::config::Config;
 use crate::error::CodexErr;
@@ -16,12 +12,20 @@ use crate::error::Result as CodexResult;
 use crate::protocol::Event;
 use crate::protocol::EventMsg;
 use crate::protocol::SessionConfiguredEvent;
+use crate::rollout::RolloutRecorder;
+use codex_protocol::mcp_protocol::ConversationId;
 use codex_protocol::models::ResponseItem;
+use codex_protocol::protocol::InitialHistory;
+use codex_protocol::protocol::RolloutItem;
+use std::collections::HashMap;
+use std::path::PathBuf;
+use std::sync::Arc;
+use tokio::sync::RwLock;
 
 /// Represents a newly created Codex conversation, including the first event
 /// (which is [`EventMsg::SessionConfigured`]).
 pub struct NewConversation {
-    pub conversation_id: Uuid,
+    pub conversation_id: ConversationId,
     pub conversation: Arc<CodexConversation>,
     pub session_configured: SessionConfiguredEvent,
 }
@@ -29,7 +33,7 @@ pub struct NewConversation {
 /// [`ConversationManager`] is responsible for creating conversations and
 /// maintaining them in memory.
 pub struct ConversationManager {
-    conversations: Arc<RwLock<HashMap<Uuid, Arc<CodexConversation>>>>,
+    conversations: Arc<RwLock<HashMap<ConversationId, Arc<CodexConversation>>>>,
     auth_manager: Arc<AuthManager>,
 }
 
@@ -44,7 +48,7 @@ impl ConversationManager {
     /// Construct with a dummy AuthManager containing the provided CodexAuth.
     /// Used for integration tests: should not be used by ordinary business logic.
     pub fn with_auth(auth: CodexAuth) -> Self {
-        Self::new(codex_login::AuthManager::from_auth_for_testing(auth))
+        Self::new(crate::AuthManager::from_auth_for_testing(auth))
     }
 
     pub async fn new_conversation(&self, config: Config) -> CodexResult<NewConversation> {
@@ -59,18 +63,15 @@ impl ConversationManager {
     ) -> CodexResult<NewConversation> {
         let CodexSpawnOk {
             codex,
-            session_id: conversation_id,
-        } = {
-            let initial_history = None;
-            Codex::spawn(config, auth_manager, initial_history).await?
-        };
+            conversation_id,
+        } = Codex::spawn(config, auth_manager, InitialHistory::New).await?;
         self.finalize_spawn(codex, conversation_id).await
     }
 
     async fn finalize_spawn(
         &self,
         codex: Codex,
-        conversation_id: Uuid,
+        conversation_id: ConversationId,
     ) -> CodexResult<NewConversation> {
         // The first event must be `SessionInitialized`. Validate and forward it
         // to the caller so that they can display it in the conversation
@@ -101,7 +102,7 @@ impl ConversationManager {
 
     pub async fn get_conversation(
         &self,
-        conversation_id: Uuid,
+        conversation_id: ConversationId,
     ) -> CodexResult<Arc<CodexConversation>> {
         let conversations = self.conversations.read().await;
         conversations
@@ -110,67 +111,97 @@ impl ConversationManager {
             .ok_or_else(|| CodexErr::ConversationNotFound(conversation_id))
     }
 
-    /// Fork an existing conversation by dropping the last `drop_last_messages`
-    /// user/assistant messages from its transcript and starting a new
+    pub async fn resume_conversation_from_rollout(
+        &self,
+        config: Config,
+        rollout_path: PathBuf,
+        auth_manager: Arc<AuthManager>,
+    ) -> CodexResult<NewConversation> {
+        let initial_history = RolloutRecorder::get_rollout_history(&rollout_path).await?;
+        let CodexSpawnOk {
+            codex,
+            conversation_id,
+        } = Codex::spawn(config, auth_manager, initial_history).await?;
+        self.finalize_spawn(codex, conversation_id).await
+    }
+
+    /// Removes the conversation from the manager's internal map, though the
+    /// conversation is stored as `Arc<CodexConversation>`, it is possible that
+    /// other references to it exist elsewhere. Returns the conversation if the
+    /// conversation was found and removed.
+    pub async fn remove_conversation(
+        &self,
+        conversation_id: &ConversationId,
+    ) -> Option<Arc<CodexConversation>> {
+        self.conversations.write().await.remove(conversation_id)
+    }
+
+    /// Fork an existing conversation by taking messages up to the given position
+    /// (not including the message at the given position) and starting a new
     /// conversation with identical configuration (unless overridden by the
     /// caller's `config`). The new conversation will have a fresh id.
     pub async fn fork_conversation(
         &self,
-        conversation_history: Vec<ResponseItem>,
-        num_messages_to_drop: usize,
+        nth_user_message: usize,
         config: Config,
+        path: PathBuf,
     ) -> CodexResult<NewConversation> {
         // Compute the prefix up to the cut point.
-        let truncated_history =
-            truncate_after_dropping_last_messages(conversation_history, num_messages_to_drop);
+        let history = RolloutRecorder::get_rollout_history(&path).await?;
+        let history = truncate_before_nth_user_message(history, nth_user_message);
 
         // Spawn a new conversation with the computed initial history.
         let auth_manager = self.auth_manager.clone();
         let CodexSpawnOk {
             codex,
-            session_id: conversation_id,
-        } = Codex::spawn(config, auth_manager, Some(truncated_history)).await?;
+            conversation_id,
+        } = Codex::spawn(config, auth_manager, history).await?;
 
         self.finalize_spawn(codex, conversation_id).await
     }
 }
 
-/// Return a prefix of `items` obtained by dropping the last `n` user messages
-/// and all items that follow them.
-fn truncate_after_dropping_last_messages(items: Vec<ResponseItem>, n: usize) -> Vec<ResponseItem> {
-    if n == 0 || items.is_empty() {
-        return items;
-    }
+/// Return a prefix of `items` obtained by cutting strictly before the nth user message
+/// (0-based) and all items that follow it.
+fn truncate_before_nth_user_message(history: InitialHistory, n: usize) -> InitialHistory {
+    // Work directly on rollout items, and cut the vector at the nth user message input.
+    let items: Vec<RolloutItem> = history.get_rollout_items();
 
-    // Walk backwards counting only `user` Message items, find cut index.
-    let mut count = 0usize;
-    let mut cut_index = 0usize;
-    for (idx, item) in items.iter().enumerate().rev() {
-        if let ResponseItem::Message { role, .. } = item
+    // Find indices of user message inputs in rollout order.
+    let mut user_positions: Vec<usize> = Vec::new();
+    for (idx, item) in items.iter().enumerate() {
+        if let RolloutItem::ResponseItem(ResponseItem::Message { role, content, .. }) = item
             && role == "user"
+            && content_items_to_text(content).is_some_and(|text| !is_session_prefix_message(&text))
         {
-            count += 1;
-            if count == n {
-                // Cut everything from this user message to the end.
-                cut_index = idx;
-                break;
-            }
+            user_positions.push(idx);
         }
     }
-    if count < n {
-        // If fewer than n messages exist, drop everything.
-        Vec::new()
+
+    // If fewer than or equal to n user messages exist, treat as empty (out of range).
+    if user_positions.len() <= n {
+        return InitialHistory::New;
+    }
+
+    // Cut strictly before the nth user message (do not keep the nth itself).
+    let cut_idx = user_positions[n];
+    let rolled: Vec<RolloutItem> = items.into_iter().take(cut_idx).collect();
+
+    if rolled.is_empty() {
+        InitialHistory::New
     } else {
-        items.into_iter().take(cut_index).collect()
+        InitialHistory::Forked(rolled)
     }
 }
 
 #[cfg(test)]
 mod tests {
     use super::*;
+    use crate::codex::make_session_and_context;
     use codex_protocol::models::ContentItem;
     use codex_protocol::models::ReasoningItemReasoningSummary;
     use codex_protocol::models::ResponseItem;
+    use pretty_assertions::assert_eq;
 
     fn user_msg(text: &str) -> ResponseItem {
         ResponseItem::Message {
@@ -216,13 +247,60 @@ mod tests {
             assistant_msg("a4"),
         ];
 
-        let truncated = truncate_after_dropping_last_messages(items.clone(), 1);
+        // Wrap as InitialHistory::Forked with response items only.
+        let initial: Vec<RolloutItem> = items
+            .iter()
+            .cloned()
+            .map(RolloutItem::ResponseItem)
+            .collect();
+        let truncated = truncate_before_nth_user_message(InitialHistory::Forked(initial), 1);
+        let got_items = truncated.get_rollout_items();
+        let expected_items = vec![
+            RolloutItem::ResponseItem(items[0].clone()),
+            RolloutItem::ResponseItem(items[1].clone()),
+            RolloutItem::ResponseItem(items[2].clone()),
+        ];
         assert_eq!(
-            truncated,
-            vec![items[0].clone(), items[1].clone(), items[2].clone()]
+            serde_json::to_value(&got_items).unwrap(),
+            serde_json::to_value(&expected_items).unwrap()
         );
 
-        let truncated2 = truncate_after_dropping_last_messages(items, 2);
-        assert!(truncated2.is_empty());
+        let initial2: Vec<RolloutItem> = items
+            .iter()
+            .cloned()
+            .map(RolloutItem::ResponseItem)
+            .collect();
+        let truncated2 = truncate_before_nth_user_message(InitialHistory::Forked(initial2), 2);
+        assert!(matches!(truncated2, InitialHistory::New));
+    }
+
+    #[test]
+    fn ignores_session_prefix_messages_when_truncating() {
+        let (session, turn_context) = make_session_and_context();
+        let mut items = session.build_initial_context(&turn_context);
+        items.push(user_msg("feature request"));
+        items.push(assistant_msg("ack"));
+        items.push(user_msg("second question"));
+        items.push(assistant_msg("answer"));
+
+        let rollout_items: Vec<RolloutItem> = items
+            .iter()
+            .cloned()
+            .map(RolloutItem::ResponseItem)
+            .collect();
+
+        let truncated = truncate_before_nth_user_message(InitialHistory::Forked(rollout_items), 1);
+        let got_items = truncated.get_rollout_items();
+
+        let expected: Vec<RolloutItem> = vec![
+            RolloutItem::ResponseItem(items[0].clone()),
+            RolloutItem::ResponseItem(items[1].clone()),
+            RolloutItem::ResponseItem(items[2].clone()),
+        ];
+
+        assert_eq!(
+            serde_json::to_value(&got_items).unwrap(),
+            serde_json::to_value(&expected).unwrap()
+        );
     }
 }

codex-rs/core/src/custom_prompts.rs

@@ -0,0 +1,127 @@
+use codex_protocol::custom_prompts::CustomPrompt;
+use std::collections::HashSet;
+use std::path::Path;
+use std::path::PathBuf;
+use tokio::fs;
+
+/// Return the default prompts directory: `$CODEX_HOME/prompts`.
+/// If `CODEX_HOME` cannot be resolved, returns `None`.
+pub fn default_prompts_dir() -> Option<PathBuf> {
+    crate::config::find_codex_home()
+        .ok()
+        .map(|home| home.join("prompts"))
+}
+
+/// Discover prompt files in the given directory, returning entries sorted by name.
+/// Non-files are ignored. If the directory does not exist or cannot be read, returns empty.
+pub async fn discover_prompts_in(dir: &Path) -> Vec<CustomPrompt> {
+    discover_prompts_in_excluding(dir, &HashSet::new()).await
+}
+
+/// Discover prompt files in the given directory, excluding any with names in `exclude`.
+/// Returns entries sorted by name. Non-files are ignored. Missing/unreadable dir yields empty.
+pub async fn discover_prompts_in_excluding(
+    dir: &Path,
+    exclude: &HashSet<String>,
+) -> Vec<CustomPrompt> {
+    let mut out: Vec<CustomPrompt> = Vec::new();
+    let mut entries = match fs::read_dir(dir).await {
+        Ok(entries) => entries,
+        Err(_) => return out,
+    };
+
+    while let Ok(Some(entry)) = entries.next_entry().await {
+        let path = entry.path();
+        let is_file = entry
+            .file_type()
+            .await
+            .map(|ft| ft.is_file())
+            .unwrap_or(false);
+        if !is_file {
+            continue;
+        }
+        // Only include Markdown files with a .md extension.
+        let is_md = path
+            .extension()
+            .and_then(|s| s.to_str())
+            .map(|ext| ext.eq_ignore_ascii_case("md"))
+            .unwrap_or(false);
+        if !is_md {
+            continue;
+        }
+        let Some(name) = path
+            .file_stem()
+            .and_then(|s| s.to_str())
+            .map(str::to_string)
+        else {
+            continue;
+        };
+        if exclude.contains(&name) {
+            continue;
+        }
+        let content = match fs::read_to_string(&path).await {
+            Ok(s) => s,
+            Err(_) => continue,
+        };
+        out.push(CustomPrompt {
+            name,
+            path,
+            content,
+        });
+    }
+    out.sort_by(|a, b| a.name.cmp(&b.name));
+    out
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use std::fs;
+    use tempfile::tempdir;
+
+    #[tokio::test]
+    async fn empty_when_dir_missing() {
+        let tmp = tempdir().expect("create TempDir");
+        let missing = tmp.path().join("nope");
+        let found = discover_prompts_in(&missing).await;
+        assert!(found.is_empty());
+    }
+
+    #[tokio::test]
+    async fn discovers_and_sorts_files() {
+        let tmp = tempdir().expect("create TempDir");
+        let dir = tmp.path();
+        fs::write(dir.join("b.md"), b"b").unwrap();
+        fs::write(dir.join("a.md"), b"a").unwrap();
+        fs::create_dir(dir.join("subdir")).unwrap();
+        let found = discover_prompts_in(dir).await;
+        let names: Vec<String> = found.into_iter().map(|e| e.name).collect();
+        assert_eq!(names, vec!["a", "b"]);
+    }
+
+    #[tokio::test]
+    async fn excludes_builtins() {
+        let tmp = tempdir().expect("create TempDir");
+        let dir = tmp.path();
+        fs::write(dir.join("init.md"), b"ignored").unwrap();
+        fs::write(dir.join("foo.md"), b"ok").unwrap();
+        let mut exclude = HashSet::new();
+        exclude.insert("init".to_string());
+        let found = discover_prompts_in_excluding(dir, &exclude).await;
+        let names: Vec<String> = found.into_iter().map(|e| e.name).collect();
+        assert_eq!(names, vec!["foo"]);
+    }
+
+    #[tokio::test]
+    async fn skips_non_utf8_files() {
+        let tmp = tempdir().expect("create TempDir");
+        let dir = tmp.path();
+        // Valid UTF-8 file
+        fs::write(dir.join("good.md"), b"hello").unwrap();
+        // Invalid UTF-8 content in .md file (e.g., lone 0xFF byte)
+        fs::write(dir.join("bad.md"), vec![0xFF, 0xFE, b'\n']).unwrap();
+        let found = discover_prompts_in(dir).await;
+        let names: Vec<String> = found.into_iter().map(|e| e.name).collect();
+        assert_eq!(names, vec!["good"]);
+    }
+}

codex-rs/core/src/default_client.rs

@@ -0,0 +1,212 @@
+use reqwest::header::HeaderValue;
+use std::sync::LazyLock;
+use std::sync::Mutex;
+
+/// Set this to add a suffix to the User-Agent string.
+///
+/// It is not ideal that we're using a global singleton for this.
+/// This is primarily designed to differentiate MCP clients from each other.
+/// Because there can only be one MCP server per process, it should be safe for this to be a global static.
+/// However, future users of this should use this with caution as a result.
+/// In addition, we want to be confident that this value is used for ALL clients and doing that requires a
+/// lot of wiring and it's easy to miss code paths by doing so.
+/// See https://github.com/openai/codex/pull/3388/files for an example of what that would look like.
+/// Finally, we want to make sure this is set for ALL mcp clients without needing to know a special env var
+/// or having to set data that they already specified in the mcp initialize request somewhere else.
+///
+/// A space is automatically added between the suffix and the rest of the User-Agent string.
+/// The full user agent string is returned from the mcp initialize response.
+/// Parenthesis will be added by Codex. This should only specify what goes inside of the parenthesis.
+pub static USER_AGENT_SUFFIX: LazyLock<Mutex<Option<String>>> = LazyLock::new(|| Mutex::new(None));
+
+pub const CODEX_INTERNAL_ORIGINATOR_OVERRIDE_ENV_VAR: &str = "CODEX_INTERNAL_ORIGINATOR_OVERRIDE";
+
+#[derive(Debug, Clone)]
+pub struct Originator {
+    pub value: String,
+    pub header_value: HeaderValue,
+}
+
+pub static ORIGINATOR: LazyLock<Originator> = LazyLock::new(|| {
+    let default = "codex_cli_rs";
+    let value = std::env::var(CODEX_INTERNAL_ORIGINATOR_OVERRIDE_ENV_VAR)
+        .unwrap_or_else(|_| default.to_string());
+
+    match HeaderValue::from_str(&value) {
+        Ok(header_value) => Originator {
+            value,
+            header_value,
+        },
+        Err(e) => {
+            tracing::error!("Unable to turn originator override {value} into header value: {e}");
+            Originator {
+                value: default.to_string(),
+                header_value: HeaderValue::from_static(default),
+            }
+        }
+    }
+});
+
+pub fn get_codex_user_agent() -> String {
+    let build_version = env!("CARGO_PKG_VERSION");
+    let os_info = os_info::get();
+    let prefix = format!(
+        "{}/{build_version} ({} {}; {}) {}",
+        ORIGINATOR.value.as_str(),
+        os_info.os_type(),
+        os_info.version(),
+        os_info.architecture().unwrap_or("unknown"),
+        crate::terminal::user_agent()
+    );
+    let suffix = USER_AGENT_SUFFIX
+        .lock()
+        .ok()
+        .and_then(|guard| guard.clone());
+    let suffix = suffix
+        .as_deref()
+        .map(str::trim)
+        .filter(|value| !value.is_empty())
+        .map_or_else(String::new, |value| format!(" ({value})"));
+
+    let candidate = format!("{prefix}{suffix}");
+    sanitize_user_agent(candidate, &prefix)
+}
+
+/// Sanitize the user agent string.
+///
+/// Invalid characters are replaced with an underscore.
+///
+/// If the user agent fails to parse, it falls back to fallback and then to ORIGINATOR.
+fn sanitize_user_agent(candidate: String, fallback: &str) -> String {
+    if HeaderValue::from_str(candidate.as_str()).is_ok() {
+        return candidate;
+    }
+
+    let sanitized: String = candidate
+        .chars()
+        .map(|ch| if matches!(ch, ' '..='~') { ch } else { '_' })
+        .collect();
+    if !sanitized.is_empty() && HeaderValue::from_str(sanitized.as_str()).is_ok() {
+        tracing::warn!(
+            "Sanitized Codex user agent because provided suffix contained invalid header characters"
+        );
+        sanitized
+    } else if HeaderValue::from_str(fallback).is_ok() {
+        tracing::warn!(
+            "Falling back to base Codex user agent because provided suffix could not be sanitized"
+        );
+        fallback.to_string()
+    } else {
+        tracing::warn!(
+            "Falling back to default Codex originator because base user agent string is invalid"
+        );
+        ORIGINATOR.value.clone()
+    }
+}
+
+/// Create a reqwest client with default `originator` and `User-Agent` headers set.
+pub fn create_client() -> reqwest::Client {
+    use reqwest::header::HeaderMap;
+
+    let mut headers = HeaderMap::new();
+    headers.insert("originator", ORIGINATOR.header_value.clone());
+    let ua = get_codex_user_agent();
+
+    reqwest::Client::builder()
+        // Set UA via dedicated helper to avoid header validation pitfalls
+        .user_agent(ua)
+        .default_headers(headers)
+        .build()
+        .unwrap_or_else(|_| reqwest::Client::new())
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_get_codex_user_agent() {
+        let user_agent = get_codex_user_agent();
+        assert!(user_agent.starts_with("codex_cli_rs/"));
+    }
+
+    #[tokio::test]
+    async fn test_create_client_sets_default_headers() {
+        use wiremock::Mock;
+        use wiremock::MockServer;
+        use wiremock::ResponseTemplate;
+        use wiremock::matchers::method;
+        use wiremock::matchers::path;
+
+        let client = create_client();
+
+        // Spin up a local mock server and capture a request.
+        let server = MockServer::start().await;
+        Mock::given(method("GET"))
+            .and(path("/"))
+            .respond_with(ResponseTemplate::new(200))
+            .mount(&server)
+            .await;
+
+        let resp = client
+            .get(server.uri())
+            .send()
+            .await
+            .expect("failed to send request");
+        assert!(resp.status().is_success());
+
+        let requests = server
+            .received_requests()
+            .await
+            .expect("failed to fetch received requests");
+        assert!(!requests.is_empty());
+        let headers = &requests[0].headers;
+
+        // originator header is set to the provided value
+        let originator_header = headers
+            .get("originator")
+            .expect("originator header missing");
+        assert_eq!(originator_header.to_str().unwrap(), "codex_cli_rs");
+
+        // User-Agent matches the computed Codex UA for that originator
+        let expected_ua = get_codex_user_agent();
+        let ua_header = headers
+            .get("user-agent")
+            .expect("user-agent header missing");
+        assert_eq!(ua_header.to_str().unwrap(), expected_ua);
+    }
+
+    #[test]
+    fn test_invalid_suffix_is_sanitized() {
+        let prefix = "codex_cli_rs/0.0.0";
+        let suffix = "bad\rsuffix";
+
+        assert_eq!(
+            sanitize_user_agent(format!("{prefix} ({suffix})"), prefix),
+            "codex_cli_rs/0.0.0 (bad_suffix)"
+        );
+    }
+
+    #[test]
+    fn test_invalid_suffix_is_sanitized2() {
+        let prefix = "codex_cli_rs/0.0.0";
+        let suffix = "bad\0suffix";
+
+        assert_eq!(
+            sanitize_user_agent(format!("{prefix} ({suffix})"), prefix),
+            "codex_cli_rs/0.0.0 (bad_suffix)"
+        );
+    }
+
+    #[test]
+    #[cfg(target_os = "macos")]
+    fn test_macos() {
+        use regex_lite::Regex;
+        let user_agent = get_codex_user_agent();
+        let re = Regex::new(
+            r"^codex_cli_rs/\d+\.\d+\.\d+ \(Mac OS \d+\.\d+\.\d+; (x86_64|arm64)\) (\S+)$",
+        )
+        .unwrap();
+        assert!(re.is_match(&user_agent));
+    }
+}

codex-rs/core/src/environment_context.rs

@@ -2,18 +2,17 @@ use serde::Deserialize;
 use serde::Serialize;
 use strum_macros::Display as DeriveDisplay;
 
+use crate::codex::TurnContext;
 use crate::protocol::AskForApproval;
 use crate::protocol::SandboxPolicy;
 use crate::shell::Shell;
 use codex_protocol::config_types::SandboxMode;
 use codex_protocol::models::ContentItem;
 use codex_protocol::models::ResponseItem;
+use codex_protocol::protocol::ENVIRONMENT_CONTEXT_CLOSE_TAG;
+use codex_protocol::protocol::ENVIRONMENT_CONTEXT_OPEN_TAG;
 use std::path::PathBuf;
 
-/// wraps environment context message in a tag for the model to parse more easily.
-pub(crate) const ENVIRONMENT_CONTEXT_START: &str = "<environment_context>";
-pub(crate) const ENVIRONMENT_CONTEXT_END: &str = "</environment_context>";
-
 #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, DeriveDisplay)]
 #[serde(rename_all = "kebab-case")]
 #[strum(serialize_all = "kebab-case")]
@@ -28,6 +27,7 @@ pub(crate) struct EnvironmentContext {
     pub approval_policy: Option<AskForApproval>,
     pub sandbox_mode: Option<SandboxMode>,
     pub network_access: Option<NetworkAccess>,
+    pub writable_roots: Option<Vec<PathBuf>>,
     pub shell: Option<Shell>,
 }
 
@@ -59,9 +59,52 @@ impl EnvironmentContext {
                 }
                 None => None,
             },
+            writable_roots: match sandbox_policy {
+                Some(SandboxPolicy::WorkspaceWrite { writable_roots, .. }) => {
+                    if writable_roots.is_empty() {
+                        None
+                    } else {
+                        Some(writable_roots)
+                    }
+                }
+                _ => None,
+            },
             shell,
         }
     }
+
+    /// Compares two environment contexts, ignoring the shell. Useful when
+    /// comparing turn to turn, since the initial environment_context will
+    /// include the shell, and then it is not configurable from turn to turn.
+    pub fn equals_except_shell(&self, other: &EnvironmentContext) -> bool {
+        let EnvironmentContext {
+            cwd,
+            approval_policy,
+            sandbox_mode,
+            network_access,
+            writable_roots,
+            // should compare all fields except shell
+            shell: _,
+        } = other;
+
+        self.cwd == *cwd
+            && self.approval_policy == *approval_policy
+            && self.sandbox_mode == *sandbox_mode
+            && self.network_access == *network_access
+            && self.writable_roots == *writable_roots
+    }
+}
+
+impl From<&TurnContext> for EnvironmentContext {
+    fn from(turn_context: &TurnContext) -> Self {
+        Self::new(
+            Some(turn_context.cwd.clone()),
+            Some(turn_context.approval_policy),
+            Some(turn_context.sandbox_policy.clone()),
+            // Shell is not configurable from turn to turn
+            None,
+        )
+    }
 }
 
 impl EnvironmentContext {
@@ -74,36 +117,45 @@ impl EnvironmentContext {
     ///   <cwd>...</cwd>
     ///   <approval_policy>...</approval_policy>
     ///   <sandbox_mode>...</sandbox_mode>
+    ///   <writable_roots>...</writable_roots>
     ///   <network_access>...</network_access>
     ///   <shell>...</shell>
     /// </environment_context>
     /// ```
     pub fn serialize_to_xml(self) -> String {
-        let mut lines = vec![ENVIRONMENT_CONTEXT_START.to_string()];
+        let mut lines = vec![ENVIRONMENT_CONTEXT_OPEN_TAG.to_string()];
         if let Some(cwd) = self.cwd {
             lines.push(format!("  <cwd>{}</cwd>", cwd.to_string_lossy()));
         }
         if let Some(approval_policy) = self.approval_policy {
             lines.push(format!(
-                "  <approval_policy>{}</approval_policy>",
-                approval_policy
+                "  <approval_policy>{approval_policy}</approval_policy>"
             ));
         }
         if let Some(sandbox_mode) = self.sandbox_mode {
-            lines.push(format!("  <sandbox_mode>{}</sandbox_mode>", sandbox_mode));
+            lines.push(format!("  <sandbox_mode>{sandbox_mode}</sandbox_mode>"));
         }
         if let Some(network_access) = self.network_access {
             lines.push(format!(
-                "  <network_access>{}</network_access>",
-                network_access
+                "  <network_access>{network_access}</network_access>"
             ));
         }
+        if let Some(writable_roots) = self.writable_roots {
+            lines.push("  <writable_roots>".to_string());
+            for writable_root in writable_roots {
+                lines.push(format!(
+                    "    <root>{}</root>",
+                    writable_root.to_string_lossy()
+                ));
+            }
+            lines.push("  </writable_roots>".to_string());
+        }
         if let Some(shell) = self.shell
             && let Some(shell_name) = shell.name()
         {
-            lines.push(format!("  <shell>{}</shell>", shell_name));
+            lines.push(format!("  <shell>{shell_name}</shell>"));
         }
-        lines.push(ENVIRONMENT_CONTEXT_END.to_string());
+        lines.push(ENVIRONMENT_CONTEXT_CLOSE_TAG.to_string());
         lines.join("\n")
     }
 }
@@ -119,3 +171,158 @@ impl From<EnvironmentContext> for ResponseItem {
         }
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use crate::shell::BashShell;
+    use crate::shell::ZshShell;
+
+    use super::*;
+    use pretty_assertions::assert_eq;
+
+    fn workspace_write_policy(writable_roots: Vec<&str>, network_access: bool) -> SandboxPolicy {
+        SandboxPolicy::WorkspaceWrite {
+            writable_roots: writable_roots.into_iter().map(PathBuf::from).collect(),
+            network_access,
+            exclude_tmpdir_env_var: false,
+            exclude_slash_tmp: false,
+        }
+    }
+
+    #[test]
+    fn serialize_workspace_write_environment_context() {
+        let context = EnvironmentContext::new(
+            Some(PathBuf::from("/repo")),
+            Some(AskForApproval::OnRequest),
+            Some(workspace_write_policy(vec!["/repo", "/tmp"], false)),
+            None,
+        );
+
+        let expected = r#"<environment_context>
+  <cwd>/repo</cwd>
+  <approval_policy>on-request</approval_policy>
+  <sandbox_mode>workspace-write</sandbox_mode>
+  <network_access>restricted</network_access>
+  <writable_roots>
+    <root>/repo</root>
+    <root>/tmp</root>
+  </writable_roots>
+</environment_context>"#;
+
+        assert_eq!(context.serialize_to_xml(), expected);
+    }
+
+    #[test]
+    fn serialize_read_only_environment_context() {
+        let context = EnvironmentContext::new(
+            None,
+            Some(AskForApproval::Never),
+            Some(SandboxPolicy::ReadOnly),
+            None,
+        );
+
+        let expected = r#"<environment_context>
+  <approval_policy>never</approval_policy>
+  <sandbox_mode>read-only</sandbox_mode>
+  <network_access>restricted</network_access>
+</environment_context>"#;
+
+        assert_eq!(context.serialize_to_xml(), expected);
+    }
+
+    #[test]
+    fn serialize_full_access_environment_context() {
+        let context = EnvironmentContext::new(
+            None,
+            Some(AskForApproval::OnFailure),
+            Some(SandboxPolicy::DangerFullAccess),
+            None,
+        );
+
+        let expected = r#"<environment_context>
+  <approval_policy>on-failure</approval_policy>
+  <sandbox_mode>danger-full-access</sandbox_mode>
+  <network_access>enabled</network_access>
+</environment_context>"#;
+
+        assert_eq!(context.serialize_to_xml(), expected);
+    }
+
+    #[test]
+    fn equals_except_shell_compares_approval_policy() {
+        // Approval policy
+        let context1 = EnvironmentContext::new(
+            Some(PathBuf::from("/repo")),
+            Some(AskForApproval::OnRequest),
+            Some(workspace_write_policy(vec!["/repo"], false)),
+            None,
+        );
+        let context2 = EnvironmentContext::new(
+            Some(PathBuf::from("/repo")),
+            Some(AskForApproval::Never),
+            Some(workspace_write_policy(vec!["/repo"], true)),
+            None,
+        );
+        assert!(!context1.equals_except_shell(&context2));
+    }
+
+    #[test]
+    fn equals_except_shell_compares_sandbox_policy() {
+        let context1 = EnvironmentContext::new(
+            Some(PathBuf::from("/repo")),
+            Some(AskForApproval::OnRequest),
+            Some(SandboxPolicy::new_read_only_policy()),
+            None,
+        );
+        let context2 = EnvironmentContext::new(
+            Some(PathBuf::from("/repo")),
+            Some(AskForApproval::OnRequest),
+            Some(SandboxPolicy::new_workspace_write_policy()),
+            None,
+        );
+
+        assert!(!context1.equals_except_shell(&context2));
+    }
+
+    #[test]
+    fn equals_except_shell_compares_workspace_write_policy() {
+        let context1 = EnvironmentContext::new(
+            Some(PathBuf::from("/repo")),
+            Some(AskForApproval::OnRequest),
+            Some(workspace_write_policy(vec!["/repo", "/tmp", "/var"], false)),
+            None,
+        );
+        let context2 = EnvironmentContext::new(
+            Some(PathBuf::from("/repo")),
+            Some(AskForApproval::OnRequest),
+            Some(workspace_write_policy(vec!["/repo", "/tmp"], true)),
+            None,
+        );
+
+        assert!(!context1.equals_except_shell(&context2));
+    }
+
+    #[test]
+    fn equals_except_shell_ignores_shell() {
+        let context1 = EnvironmentContext::new(
+            Some(PathBuf::from("/repo")),
+            Some(AskForApproval::OnRequest),
+            Some(workspace_write_policy(vec!["/repo"], false)),
+            Some(Shell::Bash(BashShell {
+                shell_path: "/bin/bash".into(),
+                bashrc_path: "/home/user/.bashrc".into(),
+            })),
+        );
+        let context2 = EnvironmentContext::new(
+            Some(PathBuf::from("/repo")),
+            Some(AskForApproval::OnRequest),
+            Some(workspace_write_policy(vec!["/repo"], false)),
+            Some(Shell::Zsh(ZshShell {
+                shell_path: "/bin/zsh".into(),
+                zshrc_path: "/home/user/.zshrc".into(),
+            })),
+        );
+
+        assert!(context1.equals_except_shell(&context2));
+    }
+}

codex-rs/core/src/error.rs

@@ -1,18 +1,24 @@
+use crate::exec::ExecToolCallOutput;
+use crate::token_data::KnownPlan;
+use crate::token_data::PlanType;
+use codex_protocol::mcp_protocol::ConversationId;
 use reqwest::StatusCode;
 use serde_json;
 use std::io;
 use std::time::Duration;
 use thiserror::Error;
 use tokio::task::JoinError;
-use uuid::Uuid;
 
 pub type Result<T> = std::result::Result<T, CodexErr>;
 
 #[derive(Error, Debug)]
 pub enum SandboxErr {
     /// Error from sandbox execution
-    #[error("sandbox denied exec error, exit code: {0}, stdout: {1}, stderr: {2}")]
-    Denied(i32, String, String),
+    #[error(
+        "sandbox denied exec error, exit code: {}, stdout: {}, stderr: {}",
+        .output.exit_code, .output.stdout.text, .output.stderr.text
+    )]
+    Denied { output: Box<ExecToolCallOutput> },
 
     /// Error from linux seccomp filter setup
     #[cfg(target_os = "linux")]
@@ -26,7 +32,7 @@ pub enum SandboxErr {
 
     /// Command timed out
     #[error("command timed out")]
-    Timeout,
+    Timeout { output: Box<ExecToolCallOutput> },
 
     /// Command was killed by a signal
     #[error("command was killed by a signal")]
@@ -49,7 +55,7 @@ pub enum CodexErr {
     Stream(String, Option<Duration>),
 
     #[error("no conversation with id: {0}")]
-    ConversationNotFound(Uuid),
+    ConversationNotFound(ConversationId),
 
     #[error("session configured event was not the first event in the stream")]
     SessionConfiguredNotFirstEvent,
@@ -127,25 +133,88 @@ pub enum CodexErr {
 
 #[derive(Debug)]
 pub struct UsageLimitReachedError {
-    pub plan_type: Option<String>,
+    pub(crate) plan_type: Option<PlanType>,
+    pub(crate) resets_in_seconds: Option<u64>,
 }
 
 impl std::fmt::Display for UsageLimitReachedError {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        if let Some(plan_type) = &self.plan_type
-            && plan_type == "plus"
-        {
-            write!(
-                f,
-                "You've hit your usage limit. Upgrade to Pro (https://openai.com/chatgpt/pricing), or wait for limits to reset (every 5h and every week.)."
-            )?;
-        } else {
-            write!(
-                f,
-                "You've hit your usage limit. Limits reset every 5h and every week."
-            )?;
-        }
-        Ok(())
+        let message = match self.plan_type.as_ref() {
+            Some(PlanType::Known(KnownPlan::Plus)) => format!(
+                "You've hit your usage limit. Upgrade to Pro (https://openai.com/chatgpt/pricing){}",
+                retry_suffix_after_or(self.resets_in_seconds)
+            ),
+            Some(PlanType::Known(KnownPlan::Team)) | Some(PlanType::Known(KnownPlan::Business)) => {
+                format!(
+                    "You've hit your usage limit. To get more access now, send a request to your admin{}",
+                    retry_suffix_after_or(self.resets_in_seconds)
+                )
+            }
+            Some(PlanType::Known(KnownPlan::Free)) => {
+                "To use Codex with your ChatGPT plan, upgrade to Plus: https://openai.com/chatgpt/pricing."
+                    .to_string()
+            }
+            Some(PlanType::Known(KnownPlan::Pro))
+            | Some(PlanType::Known(KnownPlan::Enterprise))
+            | Some(PlanType::Known(KnownPlan::Edu)) => format!(
+                "You've hit your usage limit.{}",
+                retry_suffix(self.resets_in_seconds)
+            ),
+            Some(PlanType::Unknown(_)) | None => format!(
+                "You've hit your usage limit.{}",
+                retry_suffix(self.resets_in_seconds)
+            ),
+        };
+
+        write!(f, "{message}")
+    }
+}
+
+fn retry_suffix(resets_in_seconds: Option<u64>) -> String {
+    if let Some(secs) = resets_in_seconds {
+        let reset_duration = format_reset_duration(secs);
+        format!(" Try again in {reset_duration}.")
+    } else {
+        " Try again later.".to_string()
+    }
+}
+
+fn retry_suffix_after_or(resets_in_seconds: Option<u64>) -> String {
+    if let Some(secs) = resets_in_seconds {
+        let reset_duration = format_reset_duration(secs);
+        format!(" or try again in {reset_duration}.")
+    } else {
+        " or try again later.".to_string()
+    }
+}
+
+fn format_reset_duration(total_secs: u64) -> String {
+    let days = total_secs / 86_400;
+    let hours = (total_secs % 86_400) / 3_600;
+    let minutes = (total_secs % 3_600) / 60;
+
+    let mut parts: Vec<String> = Vec::new();
+    if days > 0 {
+        let unit = if days == 1 { "day" } else { "days" };
+        parts.push(format!("{days} {unit}"));
+    }
+    if hours > 0 {
+        let unit = if hours == 1 { "hour" } else { "hours" };
+        parts.push(format!("{hours} {unit}"));
+    }
+    if minutes > 0 {
+        let unit = if minutes == 1 { "minute" } else { "minutes" };
+        parts.push(format!("{minutes} {unit}"));
+    }
+
+    if parts.is_empty() {
+        return "less than a minute".to_string();
+    }
+
+    match parts.len() {
+        1 => parts[0].clone(),
+        2 => format!("{} {}", parts[0], parts[1]),
+        _ => format!("{} {} {}", parts[0], parts[1], parts[2]),
     }
 }
 
@@ -180,7 +249,12 @@ impl CodexErr {
 
 pub fn get_error_message_ui(e: &CodexErr) -> String {
     match e {
-        CodexErr::Sandbox(SandboxErr::Denied(_, _, stderr)) => stderr.to_string(),
+        CodexErr::Sandbox(SandboxErr::Denied { output }) => output.stderr.text.clone(),
+        // Timeouts are not sandbox errors from a UX perspective; present them plainly
+        CodexErr::Sandbox(SandboxErr::Timeout { output }) => format!(
+            "error: command timed out after {} ms",
+            output.duration.as_millis()
+        ),
         _ => e.to_string(),
     }
 }
@@ -192,31 +266,120 @@ mod tests {
     #[test]
     fn usage_limit_reached_error_formats_plus_plan() {
         let err = UsageLimitReachedError {
-            plan_type: Some("plus".to_string()),
+            plan_type: Some(PlanType::Known(KnownPlan::Plus)),
+            resets_in_seconds: None,
         };
         assert_eq!(
             err.to_string(),
-            "You've hit your usage limit. Upgrade to Pro (https://openai.com/chatgpt/pricing), or wait for limits to reset (every 5h and every week.)."
+            "You've hit your usage limit. Upgrade to Pro (https://openai.com/chatgpt/pricing) or try again later."
+        );
+    }
+
+    #[test]
+    fn usage_limit_reached_error_formats_free_plan() {
+        let err = UsageLimitReachedError {
+            plan_type: Some(PlanType::Known(KnownPlan::Free)),
+            resets_in_seconds: Some(3600),
+        };
+        assert_eq!(
+            err.to_string(),
+            "To use Codex with your ChatGPT plan, upgrade to Plus: https://openai.com/chatgpt/pricing."
         );
     }
 
     #[test]
     fn usage_limit_reached_error_formats_default_when_none() {
-        let err = UsageLimitReachedError { plan_type: None };
+        let err = UsageLimitReachedError {
+            plan_type: None,
+            resets_in_seconds: None,
+        };
         assert_eq!(
             err.to_string(),
-            "You've hit your usage limit. Limits reset every 5h and every week."
+            "You've hit your usage limit. Try again later."
+        );
+    }
+
+    #[test]
+    fn usage_limit_reached_error_formats_team_plan() {
+        let err = UsageLimitReachedError {
+            plan_type: Some(PlanType::Known(KnownPlan::Team)),
+            resets_in_seconds: Some(3600),
+        };
+        assert_eq!(
+            err.to_string(),
+            "You've hit your usage limit. To get more access now, send a request to your admin or try again in 1 hour."
+        );
+    }
+
+    #[test]
+    fn usage_limit_reached_error_formats_business_plan_without_reset() {
+        let err = UsageLimitReachedError {
+            plan_type: Some(PlanType::Known(KnownPlan::Business)),
+            resets_in_seconds: None,
+        };
+        assert_eq!(
+            err.to_string(),
+            "You've hit your usage limit. To get more access now, send a request to your admin or try again later."
         );
     }
 
     #[test]
     fn usage_limit_reached_error_formats_default_for_other_plans() {
         let err = UsageLimitReachedError {
-            plan_type: Some("pro".to_string()),
+            plan_type: Some(PlanType::Known(KnownPlan::Pro)),
+            resets_in_seconds: None,
         };
         assert_eq!(
             err.to_string(),
-            "You've hit your usage limit. Limits reset every 5h and every week."
+            "You've hit your usage limit. Try again later."
+        );
+    }
+
+    #[test]
+    fn usage_limit_reached_includes_minutes_when_available() {
+        let err = UsageLimitReachedError {
+            plan_type: None,
+            resets_in_seconds: Some(5 * 60),
+        };
+        assert_eq!(
+            err.to_string(),
+            "You've hit your usage limit. Try again in 5 minutes."
+        );
+    }
+
+    #[test]
+    fn usage_limit_reached_includes_hours_and_minutes() {
+        let err = UsageLimitReachedError {
+            plan_type: Some(PlanType::Known(KnownPlan::Plus)),
+            resets_in_seconds: Some(3 * 3600 + 32 * 60),
+        };
+        assert_eq!(
+            err.to_string(),
+            "You've hit your usage limit. Upgrade to Pro (https://openai.com/chatgpt/pricing) or try again in 3 hours 32 minutes."
+        );
+    }
+
+    #[test]
+    fn usage_limit_reached_includes_days_hours_minutes() {
+        let err = UsageLimitReachedError {
+            plan_type: None,
+            resets_in_seconds: Some(2 * 86_400 + 3 * 3600 + 5 * 60),
+        };
+        assert_eq!(
+            err.to_string(),
+            "You've hit your usage limit. Try again in 2 days 3 hours 5 minutes."
+        );
+    }
+
+    #[test]
+    fn usage_limit_reached_less_than_minute() {
+        let err = UsageLimitReachedError {
+            plan_type: None,
+            resets_in_seconds: Some(30),
+        };
+        assert_eq!(
+            err.to_string(),
+            "You've hit your usage limit. Try again in less than a minute."
         );
     }
 }

codex-rs/core/src/event_mapping.rs

@@ -0,0 +1,167 @@
+use crate::protocol::AgentMessageEvent;
+use crate::protocol::AgentReasoningEvent;
+use crate::protocol::AgentReasoningRawContentEvent;
+use crate::protocol::EventMsg;
+use crate::protocol::InputMessageKind;
+use crate::protocol::UserMessageEvent;
+use crate::protocol::WebSearchEndEvent;
+use codex_protocol::models::ContentItem;
+use codex_protocol::models::ReasoningItemContent;
+use codex_protocol::models::ReasoningItemReasoningSummary;
+use codex_protocol::models::ResponseItem;
+use codex_protocol::models::WebSearchAction;
+
+/// Convert a `ResponseItem` into zero or more `EventMsg` values that the UI can render.
+///
+/// When `show_raw_agent_reasoning` is false, raw reasoning content events are omitted.
+pub(crate) fn map_response_item_to_event_messages(
+    item: &ResponseItem,
+    show_raw_agent_reasoning: bool,
+) -> Vec<EventMsg> {
+    match item {
+        ResponseItem::Message { role, content, .. } => {
+            // Do not surface system messages as user events.
+            if role == "system" {
+                return Vec::new();
+            }
+
+            let mut events: Vec<EventMsg> = Vec::new();
+            let mut message_parts: Vec<String> = Vec::new();
+            let mut images: Vec<String> = Vec::new();
+            let mut kind: Option<InputMessageKind> = None;
+
+            for content_item in content.iter() {
+                match content_item {
+                    ContentItem::InputText { text } => {
+                        if kind.is_none() {
+                            let trimmed = text.trim_start();
+                            kind = if trimmed.starts_with("<environment_context>") {
+                                Some(InputMessageKind::EnvironmentContext)
+                            } else if trimmed.starts_with("<user_instructions>") {
+                                Some(InputMessageKind::UserInstructions)
+                            } else {
+                                Some(InputMessageKind::Plain)
+                            };
+                        }
+                        message_parts.push(text.clone());
+                    }
+                    ContentItem::InputImage { image_url } => {
+                        images.push(image_url.clone());
+                    }
+                    ContentItem::OutputText { text } => {
+                        events.push(EventMsg::AgentMessage(AgentMessageEvent {
+                            message: text.clone(),
+                        }));
+                    }
+                }
+            }
+
+            if !message_parts.is_empty() || !images.is_empty() {
+                let message = if message_parts.is_empty() {
+                    String::new()
+                } else {
+                    message_parts.join("")
+                };
+                let images = if images.is_empty() {
+                    None
+                } else {
+                    Some(images)
+                };
+
+                events.push(EventMsg::UserMessage(UserMessageEvent {
+                    message,
+                    kind,
+                    images,
+                }));
+            }
+
+            events
+        }
+
+        ResponseItem::Reasoning {
+            summary, content, ..
+        } => {
+            let mut events = Vec::new();
+            for ReasoningItemReasoningSummary::SummaryText { text } in summary {
+                events.push(EventMsg::AgentReasoning(AgentReasoningEvent {
+                    text: text.clone(),
+                }));
+            }
+            if let Some(items) = content.as_ref().filter(|_| show_raw_agent_reasoning) {
+                for c in items {
+                    let text = match c {
+                        ReasoningItemContent::ReasoningText { text }
+                        | ReasoningItemContent::Text { text } => text,
+                    };
+                    events.push(EventMsg::AgentReasoningRawContent(
+                        AgentReasoningRawContentEvent { text: text.clone() },
+                    ));
+                }
+            }
+            events
+        }
+
+        ResponseItem::WebSearchCall { id, action, .. } => match action {
+            WebSearchAction::Search { query } => {
+                let call_id = id.clone().unwrap_or_else(|| "".to_string());
+                vec![EventMsg::WebSearchEnd(WebSearchEndEvent {
+                    call_id,
+                    query: query.clone(),
+                })]
+            }
+            WebSearchAction::Other => Vec::new(),
+        },
+
+        // Variants that require side effects are handled by higher layers and do not emit events here.
+        ResponseItem::FunctionCall { .. }
+        | ResponseItem::FunctionCallOutput { .. }
+        | ResponseItem::LocalShellCall { .. }
+        | ResponseItem::CustomToolCall { .. }
+        | ResponseItem::CustomToolCallOutput { .. }
+        | ResponseItem::Other => Vec::new(),
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::map_response_item_to_event_messages;
+    use crate::protocol::EventMsg;
+    use crate::protocol::InputMessageKind;
+    use codex_protocol::models::ContentItem;
+    use codex_protocol::models::ResponseItem;
+    use pretty_assertions::assert_eq;
+
+    #[test]
+    fn maps_user_message_with_text_and_two_images() {
+        let img1 = "https://example.com/one.png".to_string();
+        let img2 = "https://example.com/two.jpg".to_string();
+
+        let item = ResponseItem::Message {
+            id: None,
+            role: "user".to_string(),
+            content: vec![
+                ContentItem::InputText {
+                    text: "Hello world".to_string(),
+                },
+                ContentItem::InputImage {
+                    image_url: img1.clone(),
+                },
+                ContentItem::InputImage {
+                    image_url: img2.clone(),
+                },
+            ],
+        };
+
+        let events = map_response_item_to_event_messages(&item, false);
+        assert_eq!(events.len(), 1, "expected a single user message event");
+
+        match &events[0] {
+            EventMsg::UserMessage(user) => {
+                assert_eq!(user.message, "Hello world");
+                assert!(matches!(user.kind, Some(InputMessageKind::Plain)));
+                assert_eq!(user.images, Some(vec![img1, img2]));
+            }
+            other => panic!("expected UserMessage, got {other:?}"),
+        }
+    }
+}

codex-rs/core/src/exec.rs

@@ -3,6 +3,7 @@ use std::os::unix::process::ExitStatusExt;
 
 use std::collections::HashMap;
 use std::io;
+use std::path::Path;
 use std::path::PathBuf;
 use std::process::ExitStatus;
 use std::time::Duration;
@@ -26,7 +27,6 @@ use crate::protocol::SandboxPolicy;
 use crate::seatbelt::spawn_command_under_seatbelt;
 use crate::spawn::StdioPolicy;
 use crate::spawn::spawn_child_async;
-use serde_bytes::ByteBuf;
 
 const DEFAULT_TIMEOUT_MS: u64 = 10_000;
 
@@ -35,12 +35,17 @@ const DEFAULT_TIMEOUT_MS: u64 = 10_000;
 const SIGKILL_CODE: i32 = 9;
 const TIMEOUT_CODE: i32 = 64;
 const EXIT_CODE_SIGNAL_BASE: i32 = 128; // conventional shell: 128 + signal
+const EXEC_TIMEOUT_EXIT_CODE: i32 = 124; // conventional timeout exit code
 
 // I/O buffer sizing
 const READ_CHUNK_SIZE: usize = 8192; // bytes per read
 const AGGREGATE_BUFFER_INITIAL_CAPACITY: usize = 8 * 1024; // 8 KiB
 
-#[derive(Debug, Clone)]
+/// Limit the number of ExecCommandOutputDelta events emitted per exec call.
+/// Aggregation still collects full output; only the live event stream is capped.
+pub(crate) const MAX_EXEC_OUTPUT_DELTAS_PER_CALL: usize = 10_000;
+
+#[derive(Clone, Debug)]
 pub struct ExecParams {
     pub command: Vec<String>,
     pub cwd: PathBuf,
@@ -78,33 +83,41 @@ pub async fn process_exec_tool_call(
     params: ExecParams,
     sandbox_type: SandboxType,
     sandbox_policy: &SandboxPolicy,
+    sandbox_cwd: &Path,
     codex_linux_sandbox_exe: &Option<PathBuf>,
     stdout_stream: Option<StdoutStream>,
 ) -> Result<ExecToolCallOutput> {
     let start = Instant::now();
 
+    let timeout_duration = params.timeout_duration();
+
     let raw_output_result: std::result::Result<RawExecToolCallOutput, CodexErr> = match sandbox_type
     {
         SandboxType::None => exec(params, sandbox_policy, stdout_stream.clone()).await,
         SandboxType::MacosSeatbelt => {
-            let timeout = params.timeout_duration();
             let ExecParams {
-                command, cwd, env, ..
+                command,
+                cwd: command_cwd,
+                env,
+                ..
             } = params;
             let child = spawn_command_under_seatbelt(
                 command,
+                command_cwd,
                 sandbox_policy,
-                cwd,
+                sandbox_cwd,
                 StdioPolicy::RedirectForShellTool,
                 env,
             )
             .await?;
-            consume_truncated_output(child, timeout, stdout_stream.clone()).await
+            consume_truncated_output(child, timeout_duration, stdout_stream.clone()).await
         }
         SandboxType::LinuxSeccomp => {
-            let timeout = params.timeout_duration();
             let ExecParams {
-                command, cwd, env, ..
+                command,
+                cwd: command_cwd,
+                env,
+                ..
             } = params;
 
             let codex_linux_sandbox_exe = codex_linux_sandbox_exe
@@ -113,48 +126,64 @@ pub async fn process_exec_tool_call(
             let child = spawn_command_under_linux_sandbox(
                 codex_linux_sandbox_exe,
                 command,
+                command_cwd,
                 sandbox_policy,
-                cwd,
+                sandbox_cwd,
                 StdioPolicy::RedirectForShellTool,
                 env,
             )
             .await?;
 
-            consume_truncated_output(child, timeout, stdout_stream).await
+            consume_truncated_output(child, timeout_duration, stdout_stream).await
         }
     };
     let duration = start.elapsed();
     match raw_output_result {
         Ok(raw_output) => {
-            let stdout = raw_output.stdout.from_utf8_lossy();
-            let stderr = raw_output.stderr.from_utf8_lossy();
+            #[allow(unused_mut)]
+            let mut timed_out = raw_output.timed_out;
 
             #[cfg(target_family = "unix")]
-            match raw_output.exit_status.signal() {
-                Some(TIMEOUT_CODE) => return Err(CodexErr::Sandbox(SandboxErr::Timeout)),
-                Some(signal) => {
-                    return Err(CodexErr::Sandbox(SandboxErr::Signal(signal)));
+            {
+                if let Some(signal) = raw_output.exit_status.signal() {
+                    if signal == TIMEOUT_CODE {
+                        timed_out = true;
+                    } else {
+                        return Err(CodexErr::Sandbox(SandboxErr::Signal(signal)));
+                    }
                 }
-                None => {}
             }
 
-            let exit_code = raw_output.exit_status.code().unwrap_or(-1);
-
-            if exit_code != 0 && is_likely_sandbox_denied(sandbox_type, exit_code) {
-                return Err(CodexErr::Sandbox(SandboxErr::Denied(
-                    exit_code,
-                    stdout.text,
-                    stderr.text,
-                )));
+            let mut exit_code = raw_output.exit_status.code().unwrap_or(-1);
+            if timed_out {
+                exit_code = EXEC_TIMEOUT_EXIT_CODE;
             }
 
-            Ok(ExecToolCallOutput {
+            let stdout = raw_output.stdout.from_utf8_lossy();
+            let stderr = raw_output.stderr.from_utf8_lossy();
+            let aggregated_output = raw_output.aggregated_output.from_utf8_lossy();
+            let exec_output = ExecToolCallOutput {
                 exit_code,
                 stdout,
                 stderr,
-                aggregated_output: raw_output.aggregated_output.from_utf8_lossy(),
+                aggregated_output,
                 duration,
-            })
+                timed_out,
+            };
+
+            if timed_out {
+                return Err(CodexErr::Sandbox(SandboxErr::Timeout {
+                    output: Box::new(exec_output),
+                }));
+            }
+
+            if exit_code != 0 && is_likely_sandbox_denied(sandbox_type, exit_code) {
+                return Err(CodexErr::Sandbox(SandboxErr::Denied {
+                    output: Box::new(exec_output),
+                }));
+            }
+
+            Ok(exec_output)
         }
         Err(err) => {
             tracing::error!("exec error: {err}");
@@ -194,6 +223,7 @@ struct RawExecToolCallOutput {
     pub stdout: StreamOutput<Vec<u8>>,
     pub stderr: StreamOutput<Vec<u8>>,
     pub aggregated_output: StreamOutput<Vec<u8>>,
+    pub timed_out: bool,
 }
 
 impl StreamOutput<String> {
@@ -226,6 +256,7 @@ pub struct ExecToolCallOutput {
     pub stderr: StreamOutput<String>,
     pub aggregated_output: StreamOutput<String>,
     pub duration: Duration,
+    pub timed_out: bool,
 }
 
 async fn exec(
@@ -295,22 +326,24 @@ async fn consume_truncated_output(
         Some(agg_tx.clone()),
     ));
 
-    let exit_status = tokio::select! {
+    let (exit_status, timed_out) = tokio::select! {
         result = tokio::time::timeout(timeout, child.wait()) => {
             match result {
-                Ok(Ok(exit_status)) => exit_status,
-                Ok(e) => e?,
+                Ok(status_result) => {
+                    let exit_status = status_result?;
+                    (exit_status, false)
+                }
                 Err(_) => {
                     // timeout
                     child.start_kill()?;
                     // Debatable whether `child.wait().await` should be called here.
-                    synthetic_exit_status(EXIT_CODE_SIGNAL_BASE + TIMEOUT_CODE)
+                    (synthetic_exit_status(EXIT_CODE_SIGNAL_BASE + TIMEOUT_CODE), true)
                 }
             }
         }
         _ = tokio::signal::ctrl_c() => {
             child.start_kill()?;
-            synthetic_exit_status(EXIT_CODE_SIGNAL_BASE + SIGKILL_CODE)
+            (synthetic_exit_status(EXIT_CODE_SIGNAL_BASE + SIGKILL_CODE), false)
         }
     };
 
@@ -333,6 +366,7 @@ async fn consume_truncated_output(
         stdout,
         stderr,
         aggregated_output,
+        timed_out,
     })
 }
 
@@ -344,6 +378,7 @@ async fn read_capped<R: AsyncRead + Unpin + Send + 'static>(
 ) -> io::Result<StreamOutput<Vec<u8>>> {
     let mut buf = Vec::with_capacity(AGGREGATE_BUFFER_INITIAL_CAPACITY);
     let mut tmp = [0u8; READ_CHUNK_SIZE];
+    let mut emitted_deltas: usize = 0;
 
     // No caps: append all bytes
 
@@ -353,7 +388,9 @@ async fn read_capped<R: AsyncRead + Unpin + Send + 'static>(
             break;
         }
 
-        if let Some(stream) = &stream {
+        if let Some(stream) = &stream
+            && emitted_deltas < MAX_EXEC_OUTPUT_DELTAS_PER_CALL
+        {
             let chunk = tmp[..n].to_vec();
             let msg = EventMsg::ExecCommandOutputDelta(ExecCommandOutputDeltaEvent {
                 call_id: stream.call_id.clone(),
@@ -362,7 +399,7 @@ async fn read_capped<R: AsyncRead + Unpin + Send + 'static>(
                 } else {
                     ExecOutputStream::Stdout
                 },
-                chunk: ByteBuf::from(chunk),
+                chunk,
             });
             let event = Event {
                 id: stream.sub_id.clone(),
@@ -370,6 +407,7 @@ async fn read_capped<R: AsyncRead + Unpin + Send + 'static>(
             };
             #[allow(clippy::let_unit_value)]
             let _ = stream.tx_event.send(event).await;
+            emitted_deltas += 1;
         }
 
         if let Some(tx) = &aggregate_tx {

codex-rs/core/src/exec_command/exec_command_session.rs

@@ -24,6 +24,9 @@ pub(crate) struct ExecCommandSession {
 
     /// JoinHandle for the child wait task.
     wait_handle: StdMutex<Option<JoinHandle<()>>>,
+
+    /// Tracks whether the underlying process has exited.
+    exit_status: std::sync::Arc<std::sync::atomic::AtomicBool>,
 }
 
 impl ExecCommandSession {
@@ -34,15 +37,21 @@ impl ExecCommandSession {
         reader_handle: JoinHandle<()>,
         writer_handle: JoinHandle<()>,
         wait_handle: JoinHandle<()>,
-    ) -> Self {
-        Self {
-            writer_tx,
-            output_tx,
-            killer: StdMutex::new(Some(killer)),
-            reader_handle: StdMutex::new(Some(reader_handle)),
-            writer_handle: StdMutex::new(Some(writer_handle)),
-            wait_handle: StdMutex::new(Some(wait_handle)),
-        }
+        exit_status: std::sync::Arc<std::sync::atomic::AtomicBool>,
+    ) -> (Self, broadcast::Receiver<Vec<u8>>) {
+        let initial_output_rx = output_tx.subscribe();
+        (
+            Self {
+                writer_tx,
+                output_tx,
+                killer: StdMutex::new(Some(killer)),
+                reader_handle: StdMutex::new(Some(reader_handle)),
+                writer_handle: StdMutex::new(Some(writer_handle)),
+                wait_handle: StdMutex::new(Some(wait_handle)),
+                exit_status,
+            },
+            initial_output_rx,
+        )
     }
 
     pub(crate) fn writer_sender(&self) -> mpsc::Sender<Vec<u8>> {
@@ -52,6 +61,10 @@ impl ExecCommandSession {
     pub(crate) fn output_receiver(&self) -> broadcast::Receiver<Vec<u8>> {
         self.output_tx.subscribe()
     }
+
+    pub(crate) fn has_exited(&self) -> bool {
+        self.exit_status.load(std::sync::atomic::Ordering::SeqCst)
+    }
 }
 
 impl Drop for ExecCommandSession {

codex-rs/core/src/exec_command/mod.rs

@@ -6,6 +6,7 @@ mod session_manager;
 
 pub use exec_command_params::ExecCommandParams;
 pub use exec_command_params::WriteStdinParams;
+pub(crate) use exec_command_session::ExecCommandSession;
 pub use responses_api::EXEC_COMMAND_TOOL_NAME;
 pub use responses_api::WRITE_STDIN_TOOL_NAME;
 pub use responses_api::create_exec_command_tool_for_responses_api;

codex-rs/core/src/exec_command/session_manager.rs

@@ -3,6 +3,7 @@ use std::io::ErrorKind;
 use std::io::Read;
 use std::sync::Arc;
 use std::sync::Mutex as StdMutex;
+use std::sync::atomic::AtomicBool;
 use std::sync::atomic::AtomicU32;
 
 use portable_pty::CommandBuilder;
@@ -19,6 +20,7 @@ use crate::exec_command::exec_command_params::ExecCommandParams;
 use crate::exec_command::exec_command_params::WriteStdinParams;
 use crate::exec_command::exec_command_session::ExecCommandSession;
 use crate::exec_command::session_id::SessionId;
+use crate::truncate::truncate_middle;
 use codex_protocol::models::FunctionCallOutputPayload;
 
 #[derive(Debug, Default)]
@@ -91,18 +93,16 @@ impl SessionManager {
                 .fetch_add(1, std::sync::atomic::Ordering::SeqCst),
         );
 
-        let (session, mut exit_rx) =
-            create_exec_command_session(params.clone())
-                .await
-                .map_err(|err| {
-                    format!(
-                        "failed to create exec command session for session id {}: {err}",
-                        session_id.0
-                    )
-                })?;
+        let (session, mut output_rx, mut exit_rx) = create_exec_command_session(params.clone())
+            .await
+            .map_err(|err| {
+                format!(
+                    "failed to create exec command session for session id {}: {err}",
+                    session_id.0
+                )
+            })?;
 
         // Insert into session map.
-        let mut output_rx = session.output_receiver();
         self.sessions.lock().await.insert(session_id, session);
 
         // Collect output until either timeout expires or process exits.
@@ -243,7 +243,11 @@ impl SessionManager {
 /// Spawn PTY and child process per spawn_exec_command_session logic.
 async fn create_exec_command_session(
     params: ExecCommandParams,
-) -> anyhow::Result<(ExecCommandSession, oneshot::Receiver<i32>)> {
+) -> anyhow::Result<(
+    ExecCommandSession,
+    tokio::sync::broadcast::Receiver<Vec<u8>>,
+    oneshot::Receiver<i32>,
+)> {
     let ExecCommandParams {
         cmd,
         yield_time_ms: _,
@@ -277,7 +281,6 @@ async fn create_exec_command_session(
     let (writer_tx, mut writer_rx) = mpsc::channel::<Vec<u8>>(128);
     // Broadcast for streaming PTY output to readers: subscribers receive from subscription time.
     let (output_tx, _) = tokio::sync::broadcast::channel::<Vec<u8>>(256);
-
     // Reader task: drain PTY and forward chunks to output channel.
     let mut reader = pair.master.try_clone_reader()?;
     let output_tx_clone = output_tx.clone();
@@ -327,139 +330,28 @@ async fn create_exec_command_session(
 
     // Keep the child alive until it exits, then signal exit code.
     let (exit_tx, exit_rx) = oneshot::channel::<i32>();
+    let exit_status = Arc::new(AtomicBool::new(false));
+    let wait_exit_status = exit_status.clone();
     let wait_handle = tokio::task::spawn_blocking(move || {
         let code = match child.wait() {
             Ok(status) => status.exit_code() as i32,
             Err(_) => -1,
         };
+        wait_exit_status.store(true, std::sync::atomic::Ordering::SeqCst);
         let _ = exit_tx.send(code);
     });
 
     // Create and store the session with channels.
-    let session = ExecCommandSession::new(
+    let (session, initial_output_rx) = ExecCommandSession::new(
         writer_tx,
         output_tx,
         killer,
         reader_handle,
         writer_handle,
         wait_handle,
+        exit_status,
     );
-    Ok((session, exit_rx))
-}
-
-/// Truncate the middle of a UTF-8 string to at most `max_bytes` bytes,
-/// preserving the beginning and the end. Returns the possibly truncated
-/// string and `Some(original_token_count)` (estimated at 4 bytes/token)
-/// if truncation occurred; otherwise returns the original string and `None`.
-fn truncate_middle(s: &str, max_bytes: usize) -> (String, Option<u64>) {
-    // No truncation needed
-    if s.len() <= max_bytes {
-        return (s.to_string(), None);
-    }
-    let est_tokens = (s.len() as u64).div_ceil(4);
-    if max_bytes == 0 {
-        // Cannot keep any content; still return a full marker (never truncated).
-        return (
-            format!("…{} tokens truncated…", est_tokens),
-            Some(est_tokens),
-        );
-    }
-
-    // Helper to truncate a string to a given byte length on a char boundary.
-    fn truncate_on_boundary(input: &str, max_len: usize) -> &str {
-        if input.len() <= max_len {
-            return input;
-        }
-        let mut end = max_len;
-        while end > 0 && !input.is_char_boundary(end) {
-            end -= 1;
-        }
-        &input[..end]
-    }
-
-    // Given a left/right budget, prefer newline boundaries; otherwise fall back
-    // to UTF-8 char boundaries.
-    fn pick_prefix_end(s: &str, left_budget: usize) -> usize {
-        if let Some(head) = s.get(..left_budget)
-            && let Some(i) = head.rfind('\n')
-        {
-            return i + 1; // keep the newline so suffix starts on a fresh line
-        }
-        truncate_on_boundary(s, left_budget).len()
-    }
-
-    fn pick_suffix_start(s: &str, right_budget: usize) -> usize {
-        let start_tail = s.len().saturating_sub(right_budget);
-        if let Some(tail) = s.get(start_tail..)
-            && let Some(i) = tail.find('\n')
-        {
-            return start_tail + i + 1; // start after newline
-        }
-        // Fall back to a char boundary at or after start_tail.
-        let mut idx = start_tail.min(s.len());
-        while idx < s.len() && !s.is_char_boundary(idx) {
-            idx += 1;
-        }
-        idx
-    }
-
-    // Refine marker length and budgets until stable. Marker is never truncated.
-    let mut guess_tokens = est_tokens; // worst-case: everything truncated
-    for _ in 0..4 {
-        let marker = format!("…{} tokens truncated…", guess_tokens);
-        let marker_len = marker.len();
-        let keep_budget = max_bytes.saturating_sub(marker_len);
-        if keep_budget == 0 {
-            // No room for any content within the cap; return a full, untruncated marker
-            // that reflects the entire truncated content.
-            return (
-                format!("…{} tokens truncated…", est_tokens),
-                Some(est_tokens),
-            );
-        }
-
-        let left_budget = keep_budget / 2;
-        let right_budget = keep_budget - left_budget;
-        let prefix_end = pick_prefix_end(s, left_budget);
-        let mut suffix_start = pick_suffix_start(s, right_budget);
-        if suffix_start < prefix_end {
-            suffix_start = prefix_end;
-        }
-        let kept_content_bytes = prefix_end + (s.len() - suffix_start);
-        let truncated_content_bytes = s.len().saturating_sub(kept_content_bytes);
-        let new_tokens = (truncated_content_bytes as u64).div_ceil(4);
-        if new_tokens == guess_tokens {
-            let mut out = String::with_capacity(marker_len + kept_content_bytes + 1);
-            out.push_str(&s[..prefix_end]);
-            out.push_str(&marker);
-            // Place marker on its own line for symmetry when we keep line boundaries.
-            out.push('\n');
-            out.push_str(&s[suffix_start..]);
-            return (out, Some(est_tokens));
-        }
-        guess_tokens = new_tokens;
-    }
-
-    // Fallback: use last guess to build output.
-    let marker = format!("…{} tokens truncated…", guess_tokens);
-    let marker_len = marker.len();
-    let keep_budget = max_bytes.saturating_sub(marker_len);
-    if keep_budget == 0 {
-        return (
-            format!("…{} tokens truncated…", est_tokens),
-            Some(est_tokens),
-        );
-    }
-    let left_budget = keep_budget / 2;
-    let right_budget = keep_budget - left_budget;
-    let prefix_end = pick_prefix_end(s, left_budget);
-    let suffix_start = pick_suffix_start(s, right_budget);
-    let mut out = String::with_capacity(marker_len + prefix_end + (s.len() - suffix_start) + 1);
-    out.push_str(&s[..prefix_end]);
-    out.push_str(&marker);
-    out.push('\n');
-    out.push_str(&s[suffix_start..]);
-    (out, Some(est_tokens))
+    Ok((session, initial_output_rx, exit_rx))
 }
 
 #[cfg(test)]
@@ -625,50 +517,4 @@ Output:
 abc"#;
         assert_eq!(expected, text);
     }
-
-    #[test]
-    fn truncate_middle_no_newlines_fallback() {
-        // A long string with no newlines that exceeds the cap.
-        let s = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
-        let max_bytes = 16; // force truncation
-        let (out, original) = truncate_middle(s, max_bytes);
-        // For very small caps, we return the full, untruncated marker,
-        // even if it exceeds the cap.
-        assert_eq!(out, "…16 tokens truncated…");
-        // Original string length is 62 bytes => ceil(62/4) = 16 tokens.
-        assert_eq!(original, Some(16));
-    }
-
-    #[test]
-    fn truncate_middle_prefers_newline_boundaries() {
-        // Build a multi-line string of 20 numbered lines (each "NNN\n").
-        let mut s = String::new();
-        for i in 1..=20 {
-            s.push_str(&format!("{i:03}\n"));
-        }
-        // Total length: 20 lines * 4 bytes per line = 80 bytes.
-        assert_eq!(s.len(), 80);
-
-        // Choose a cap that forces truncation while leaving room for
-        // a few lines on each side after accounting for the marker.
-        let max_bytes = 64;
-        // Expect exact output: first 4 lines, marker, last 4 lines, and correct token estimate (80/4 = 20).
-        assert_eq!(
-            truncate_middle(&s, max_bytes),
-            (
-                r#"001
-002
-003
-004
-…12 tokens truncated…
-017
-018
-019
-020
-"#
-                .to_string(),
-                Some(20)
-            )
-        );
-    }
 }

codex-rs/core/src/git_info.rs

@@ -3,6 +3,7 @@ use std::path::Path;
 use std::path::PathBuf;
 
 use codex_protocol::mcp_protocol::GitSha;
+use codex_protocol::protocol::GitInfo;
 use futures::future::join_all;
 use serde::Deserialize;
 use serde::Serialize;
@@ -10,24 +11,39 @@ use tokio::process::Command;
 use tokio::time::Duration as TokioDuration;
 use tokio::time::timeout;
 
-use crate::util::is_inside_git_repo;
+/// Return `true` if the project folder specified by the `Config` is inside a
+/// Git repository.
+///
+/// The check walks up the directory hierarchy looking for a `.git` file or
+/// directory (note `.git` can be a file that contains a `gitdir` entry). This
+/// approach does **not** require the `git` binary or the `git2` crate and is
+/// therefore fairly lightweight.
+///
+/// Note that this does **not** detect *work‑trees* created with
+/// `git worktree add` where the checkout lives outside the main repository
+/// directory. If you need Codex to work from such a checkout simply pass the
+/// `--allow-no-git-exec` CLI flag that disables the repo requirement.
+pub fn get_git_repo_root(base_dir: &Path) -> Option<PathBuf> {
+    let mut dir = base_dir.to_path_buf();
+
+    loop {
+        if dir.join(".git").exists() {
+            return Some(dir);
+        }
+
+        // Pop one component (go up one directory).  `pop` returns false when
+        // we have reached the filesystem root.
+        if !dir.pop() {
+            break;
+        }
+    }
+
+    None
+}
 
 /// Timeout for git commands to prevent freezing on large repositories
 const GIT_COMMAND_TIMEOUT: TokioDuration = TokioDuration::from_secs(5);
 
-#[derive(Serialize, Deserialize, Clone, Debug)]
-pub struct GitInfo {
-    /// Current commit hash (SHA)
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub commit_hash: Option<String>,
-    /// Current branch name
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub branch: Option<String>,
-    /// Repository URL (if available from remote)
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub repository_url: Option<String>,
-}
-
 #[derive(Serialize, Deserialize, Clone, Debug)]
 pub struct GitDiffToRemote {
     pub sha: GitSha,
@@ -92,11 +108,64 @@ pub async fn collect_git_info(cwd: &Path) -> Option<GitInfo> {
     Some(git_info)
 }
 
+/// A minimal commit summary entry used for pickers (subject + timestamp + sha).
+#[derive(Clone, Debug, Serialize, Deserialize)]
+pub struct CommitLogEntry {
+    pub sha: String,
+    /// Unix timestamp (seconds since epoch) of the commit time (committer time).
+    pub timestamp: i64,
+    /// Single-line subject of the commit message.
+    pub subject: String,
+}
+
+/// Return the last `limit` commits reachable from HEAD for the current branch.
+/// Each entry contains the SHA, commit timestamp (seconds), and subject line.
+/// Returns an empty vector if not in a git repo or on error/timeout.
+pub async fn recent_commits(cwd: &Path, limit: usize) -> Vec<CommitLogEntry> {
+    // Ensure we're in a git repo first to avoid noisy errors.
+    let Some(out) = run_git_command_with_timeout(&["rev-parse", "--git-dir"], cwd).await else {
+        return Vec::new();
+    };
+    if !out.status.success() {
+        return Vec::new();
+    }
+
+    let fmt = "%H%x1f%ct%x1f%s"; // <sha> <US> <commit_time> <US> <subject>
+    let n = limit.max(1).to_string();
+    let Some(log_out) =
+        run_git_command_with_timeout(&["log", "-n", &n, &format!("--pretty=format:{fmt}")], cwd)
+            .await
+    else {
+        return Vec::new();
+    };
+    if !log_out.status.success() {
+        return Vec::new();
+    }
+
+    let text = String::from_utf8_lossy(&log_out.stdout);
+    let mut entries: Vec<CommitLogEntry> = Vec::new();
+    for line in text.lines() {
+        let mut parts = line.split('\u{001f}');
+        let sha = parts.next().unwrap_or("").trim();
+        let ts_s = parts.next().unwrap_or("").trim();
+        let subject = parts.next().unwrap_or("").trim();
+        if sha.is_empty() || ts_s.is_empty() {
+            continue;
+        }
+        let timestamp = ts_s.parse::<i64>().unwrap_or(0);
+        entries.push(CommitLogEntry {
+            sha: sha.to_string(),
+            timestamp,
+            subject: subject.to_string(),
+        });
+    }
+
+    entries
+}
+
 /// Returns the closest git sha to HEAD that is on a remote as well as the diff to that sha.
 pub async fn git_diff_to_remote(cwd: &Path) -> Option<GitDiffToRemote> {
-    if !is_inside_git_repo(cwd) {
-        return None;
-    }
+    get_git_repo_root(cwd)?;
 
     let remotes = get_git_remotes(cwd).await?;
     let branches = branch_ancestry(cwd).await?;
@@ -131,7 +200,7 @@ async fn get_git_remotes(cwd: &Path) -> Option<Vec<String>> {
     let mut remotes: Vec<String> = String::from_utf8(output.stdout)
         .ok()?
         .lines()
-        .map(|s| s.to_string())
+        .map(str::to_string)
         .collect();
     if let Some(pos) = remotes.iter().position(|r| r == "origin") {
         let origin = remotes.remove(pos);
@@ -188,6 +257,11 @@ async fn get_default_branch(cwd: &Path) -> Option<String> {
     }
 
     // No remote-derived default; try common local defaults if they exist
+    get_default_branch_local(cwd).await
+}
+
+/// Attempt to determine the repository's default branch name from local branches.
+async fn get_default_branch_local(cwd: &Path) -> Option<String> {
     for candidate in ["main", "master"] {
         if let Some(verify) = run_git_command_with_timeout(
             &[
@@ -385,7 +459,9 @@ async fn find_closest_sha(cwd: &Path, branches: &[String], remotes: &[String]) -
 }
 
 async fn diff_against_sha(cwd: &Path, sha: &GitSha) -> Option<String> {
-    let output = run_git_command_with_timeout(&["diff", &sha.0], cwd).await?;
+    let output =
+        run_git_command_with_timeout(&["diff", "--no-textconv", "--no-ext-diff", &sha.0], cwd)
+            .await?;
     // 0 is success and no diff.
     // 1 is success but there is a diff.
     let exit_ok = output.status.code().is_some_and(|c| c == 0 || c == 1);
@@ -401,15 +477,26 @@ async fn diff_against_sha(cwd: &Path, sha: &GitSha) -> Option<String> {
         let untracked: Vec<String> = String::from_utf8(untracked_output.stdout)
             .ok()?
             .lines()
-            .map(|s| s.to_string())
+            .map(str::to_string)
             .filter(|s| !s.is_empty())
             .collect();
 
         if !untracked.is_empty() {
+            // Use platform-appropriate null device and guard paths with `--`.
+            let null_device: &str = if cfg!(windows) { "NUL" } else { "/dev/null" };
             let futures_iter = untracked.into_iter().map(|file| async move {
                 let file_owned = file;
-                let args_vec: Vec<&str> =
-                    vec!["diff", "--binary", "--no-index", "/dev/null", &file_owned];
+                let args_vec: Vec<&str> = vec![
+                    "diff",
+                    "--no-textconv",
+                    "--no-ext-diff",
+                    "--binary",
+                    "--no-index",
+                    // -- ensures that filenames that start with - are not treated as options.
+                    "--",
+                    null_device,
+                    &file_owned,
+                ];
                 run_git_command_with_timeout(&args_vec, cwd).await
             });
             let results = join_all(futures_iter).await;
@@ -427,7 +514,7 @@ async fn diff_against_sha(cwd: &Path, sha: &GitSha) -> Option<String> {
 }
 
 /// Resolve the path that should be used for trust checks. Similar to
-/// `[utils::is_inside_git_repo]`, but resolves to the root of the main
+/// `[get_git_repo_root]`, but resolves to the root of the main
 /// repository. Handles worktrees.
 pub fn resolve_root_git_project_for_trust(cwd: &Path) -> Option<PathBuf> {
     let base = if cwd.is_dir() { cwd } else { cwd.parent()? };
@@ -458,6 +545,46 @@ pub fn resolve_root_git_project_for_trust(cwd: &Path) -> Option<PathBuf> {
     git_dir_path.parent().map(Path::to_path_buf)
 }
 
+/// Returns a list of local git branches.
+/// Includes the default branch at the beginning of the list, if it exists.
+pub async fn local_git_branches(cwd: &Path) -> Vec<String> {
+    let mut branches: Vec<String> = if let Some(out) =
+        run_git_command_with_timeout(&["branch", "--format=%(refname:short)"], cwd).await
+        && out.status.success()
+    {
+        String::from_utf8_lossy(&out.stdout)
+            .lines()
+            .map(|s| s.trim().to_string())
+            .filter(|s| !s.is_empty())
+            .collect()
+    } else {
+        Vec::new()
+    };
+
+    branches.sort_unstable();
+
+    if let Some(base) = get_default_branch_local(cwd).await
+        && let Some(pos) = branches.iter().position(|name| name == &base)
+    {
+        let base_branch = branches.remove(pos);
+        branches.insert(0, base_branch);
+    }
+
+    branches
+}
+
+/// Returns the current checked out branch name.
+pub async fn current_branch_name(cwd: &Path) -> Option<String> {
+    let out = run_git_command_with_timeout(&["branch", "--show-current"], cwd).await?;
+    if !out.status.success() {
+        return None;
+    }
+    String::from_utf8(out.stdout)
+        .ok()
+        .map(|s| s.trim().to_string())
+        .filter(|name| !name.is_empty())
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;
@@ -524,6 +651,80 @@ mod tests {
         repo_path
     }
 
+    #[tokio::test]
+    async fn test_recent_commits_non_git_directory_returns_empty() {
+        let temp_dir = TempDir::new().expect("Failed to create temp dir");
+        let entries = recent_commits(temp_dir.path(), 10).await;
+        assert!(entries.is_empty(), "expected no commits outside a git repo");
+    }
+
+    #[tokio::test]
+    async fn test_recent_commits_orders_and_limits() {
+        use tokio::time::Duration;
+        use tokio::time::sleep;
+
+        let temp_dir = TempDir::new().expect("Failed to create temp dir");
+        let repo_path = create_test_git_repo(&temp_dir).await;
+
+        // Make three distinct commits with small delays to ensure ordering by timestamp.
+        fs::write(repo_path.join("file.txt"), "one").unwrap();
+        Command::new("git")
+            .args(["add", "file.txt"])
+            .current_dir(&repo_path)
+            .output()
+            .await
+            .expect("git add");
+        Command::new("git")
+            .args(["commit", "-m", "first change"])
+            .current_dir(&repo_path)
+            .output()
+            .await
+            .expect("git commit 1");
+
+        sleep(Duration::from_millis(1100)).await;
+
+        fs::write(repo_path.join("file.txt"), "two").unwrap();
+        Command::new("git")
+            .args(["add", "file.txt"])
+            .current_dir(&repo_path)
+            .output()
+            .await
+            .expect("git add 2");
+        Command::new("git")
+            .args(["commit", "-m", "second change"])
+            .current_dir(&repo_path)
+            .output()
+            .await
+            .expect("git commit 2");
+
+        sleep(Duration::from_millis(1100)).await;
+
+        fs::write(repo_path.join("file.txt"), "three").unwrap();
+        Command::new("git")
+            .args(["add", "file.txt"])
+            .current_dir(&repo_path)
+            .output()
+            .await
+            .expect("git add 3");
+        Command::new("git")
+            .args(["commit", "-m", "third change"])
+            .current_dir(&repo_path)
+            .output()
+            .await
+            .expect("git commit 3");
+
+        // Request the latest 3 commits; should be our three changes in reverse time order.
+        let entries = recent_commits(&repo_path, 3).await;
+        assert_eq!(entries.len(), 3);
+        assert_eq!(entries[0].subject, "third change");
+        assert_eq!(entries[1].subject, "second change");
+        assert_eq!(entries[2].subject, "first change");
+        // Basic sanity on SHA formatting
+        for e in entries {
+            assert!(e.sha.len() >= 7 && e.sha.chars().all(|c| c.is_ascii_hexdigit()));
+        }
+    }
+
     async fn create_test_git_repo_with_remote(temp_dir: &TempDir) -> (PathBuf, String) {
         let repo_path = create_test_git_repo(temp_dir).await;
         let remote_path = temp_dir.path().join("remote.git");
@@ -775,7 +976,7 @@ mod tests {
     async fn resolve_root_git_project_for_trust_regular_repo_returns_repo_root() {
         let temp_dir = TempDir::new().expect("Failed to create temp dir");
         let repo_path = create_test_git_repo(&temp_dir).await;
-        let expected = std::fs::canonicalize(&repo_path).unwrap().to_path_buf();
+        let expected = std::fs::canonicalize(&repo_path).unwrap();
 
         assert_eq!(
             resolve_root_git_project_for_trust(&repo_path),
@@ -783,10 +984,7 @@ mod tests {
         );
         let nested = repo_path.join("sub/dir");
         std::fs::create_dir_all(&nested).unwrap();
-        assert_eq!(
-            resolve_root_git_project_for_trust(&nested),
-            Some(expected.clone())
-        );
+        assert_eq!(resolve_root_git_project_for_trust(&nested), Some(expected));
     }
 
     #[tokio::test]

codex-rs/core/src/internal_storage.rs

@@ -0,0 +1,89 @@
+use anyhow::Context;
+use serde::Deserialize;
+use serde::Serialize;
+use std::io::ErrorKind;
+use std::path::Path;
+use std::path::PathBuf;
+
+pub(crate) const INTERNAL_STORAGE_FILE: &str = "internal_storage.json";
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct InternalStorage {
+    #[serde(skip)]
+    storage_path: PathBuf,
+    #[serde(default = "default_gpt_5_codex_model_prompt_seen")]
+    pub gpt_5_codex_model_prompt_seen: bool,
+}
+
+const fn default_gpt_5_codex_model_prompt_seen() -> bool {
+    true
+}
+
+impl Default for InternalStorage {
+    fn default() -> Self {
+        Self {
+            storage_path: PathBuf::new(),
+            gpt_5_codex_model_prompt_seen: default_gpt_5_codex_model_prompt_seen(),
+        }
+    }
+}
+
+// TODO(jif) generalise all the file writers and build proper async channel inserters.
+impl InternalStorage {
+    pub fn load(codex_home: &Path) -> Self {
+        let storage_path = codex_home.join(INTERNAL_STORAGE_FILE);
+
+        match std::fs::read_to_string(&storage_path) {
+            Ok(serialized) => match serde_json::from_str::<Self>(&serialized) {
+                Ok(mut storage) => {
+                    storage.storage_path = storage_path;
+                    storage
+                }
+                Err(error) => {
+                    tracing::warn!("failed to parse internal storage: {error:?}");
+                    Self::empty(storage_path)
+                }
+            },
+            Err(error) => {
+                if error.kind() == ErrorKind::NotFound {
+                    tracing::debug!(
+                        "internal storage not found at {}; initializing defaults",
+                        storage_path.display()
+                    );
+                } else {
+                    tracing::warn!("failed to read internal storage: {error:?}");
+                }
+                Self::empty(storage_path)
+            }
+        }
+    }
+
+    fn empty(storage_path: PathBuf) -> Self {
+        Self {
+            storage_path,
+            ..Default::default()
+        }
+    }
+
+    pub async fn persist(&self) -> anyhow::Result<()> {
+        let serialized = serde_json::to_string_pretty(self)?;
+
+        if let Some(parent) = self.storage_path.parent() {
+            tokio::fs::create_dir_all(parent).await.with_context(|| {
+                format!(
+                    "failed to create internal storage directory at {}",
+                    parent.display()
+                )
+            })?;
+        }
+
+        tokio::fs::write(&self.storage_path, serialized)
+            .await
+            .with_context(|| {
+                format!(
+                    "failed to persist internal storage at {}",
+                    self.storage_path.display()
+                )
+            })
+    }
+}

codex-rs/core/src/is_safe_command.rs

@@ -160,9 +160,10 @@ fn is_valid_sed_n_arg(arg: Option<&str>) -> bool {
 #[cfg(test)]
 mod tests {
     use super::*;
+    use std::string::ToString;
 
     fn vec_str(args: &[&str]) -> Vec<String> {
-        args.iter().map(|s| s.to_string()).collect()
+        args.iter().map(ToString::to_string).collect()
     }
 
     #[test]

codex-rs/core/src/landlock.rs

@@ -16,21 +16,22 @@ use tokio::process::Child;
 pub async fn spawn_command_under_linux_sandbox<P>(
     codex_linux_sandbox_exe: P,
     command: Vec<String>,
+    command_cwd: PathBuf,
     sandbox_policy: &SandboxPolicy,
-    cwd: PathBuf,
+    sandbox_policy_cwd: &Path,
     stdio_policy: StdioPolicy,
     env: HashMap<String, String>,
 ) -> std::io::Result<Child>
 where
     P: AsRef<Path>,
 {
-    let args = create_linux_sandbox_command_args(command, sandbox_policy, &cwd);
+    let args = create_linux_sandbox_command_args(command, sandbox_policy, sandbox_policy_cwd);
     let arg0 = Some("codex-linux-sandbox");
     spawn_child_async(
         codex_linux_sandbox_exe.as_ref().to_path_buf(),
         args,
         arg0,
-        cwd,
+        command_cwd,
         sandbox_policy,
         stdio_policy,
         env,
@@ -42,10 +43,13 @@ where
 fn create_linux_sandbox_command_args(
     command: Vec<String>,
     sandbox_policy: &SandboxPolicy,
-    cwd: &Path,
+    sandbox_policy_cwd: &Path,
 ) -> Vec<String> {
     #[expect(clippy::expect_used)]
-    let sandbox_policy_cwd = cwd.to_str().expect("cwd must be valid UTF-8").to_string();
+    let sandbox_policy_cwd = sandbox_policy_cwd
+        .to_str()
+        .expect("cwd must be valid UTF-8")
+        .to_string();
 
     #[expect(clippy::expect_used)]
     let sandbox_policy_json =

codex-rs/core/src/lib.rs

@@ -6,17 +6,21 @@
 #![deny(clippy::print_stdout, clippy::print_stderr)]
 
 mod apply_patch;
-mod bash;
+pub mod auth;
+pub mod bash;
 mod chat_completions;
 mod client;
 mod client_common;
 pub mod codex;
 mod codex_conversation;
+pub mod token_data;
 pub use codex_conversation::CodexConversation;
 pub mod config;
+pub mod config_edit;
 pub mod config_profile;
 pub mod config_types;
 mod conversation_history;
+pub mod custom_prompts;
 mod environment_context;
 pub mod error;
 pub mod exec;
@@ -24,6 +28,7 @@ mod exec_command;
 pub mod exec_env;
 mod flags;
 pub mod git_info;
+pub mod internal_storage;
 mod is_safe_command;
 pub mod landlock;
 mod mcp_connection_manager;
@@ -31,14 +36,24 @@ mod mcp_tool_call;
 mod message_history;
 mod model_provider_info;
 pub mod parse_command;
+mod truncate;
+mod unified_exec;
+mod user_instructions;
 pub use model_provider_info::BUILT_IN_OSS_MODEL_PROVIDER_ID;
 pub use model_provider_info::ModelProviderInfo;
 pub use model_provider_info::WireApi;
 pub use model_provider_info::built_in_model_providers;
 pub use model_provider_info::create_oss_provider_with_base_url;
 mod conversation_manager;
+mod event_mapping;
+pub mod review_format;
+pub use codex_protocol::protocol::InitialHistory;
 pub use conversation_manager::ConversationManager;
 pub use conversation_manager::NewConversation;
+// Re-export common auth types for workspace consumers
+pub use auth::AuthManager;
+pub use auth::CodexAuth;
+pub mod default_client;
 pub mod model_family;
 mod openai_model_info;
 mod openai_tools;
@@ -52,9 +67,17 @@ pub mod spawn;
 pub mod terminal;
 mod tool_apply_patch;
 pub mod turn_diff_tracker;
-pub mod user_agent;
+pub use rollout::ARCHIVED_SESSIONS_SUBDIR;
+pub use rollout::RolloutRecorder;
+pub use rollout::SESSIONS_SUBDIR;
+pub use rollout::SessionMeta;
+pub use rollout::find_conversation_path_by_id_str;
+pub use rollout::list::ConversationItem;
+pub use rollout::list::ConversationsPage;
+pub use rollout::list::Cursor;
 mod user_notification;
 pub mod util;
+
 pub use apply_patch::CODEX_APPLY_PATCH_ARG1;
 pub use safety::get_platform_sandbox;
 // Re-export the protocol types from the standalone `codex-protocol` crate so existing
@@ -63,3 +86,17 @@ pub use codex_protocol::protocol;
 // Re-export protocol config enums to ensure call sites can use the same types
 // as those in the protocol crate when constructing protocol messages.
 pub use codex_protocol::config_types as protocol_config_types;
+
+pub use client::ModelClient;
+pub use client_common::Prompt;
+pub use client_common::REVIEW_PROMPT;
+pub use client_common::ResponseEvent;
+pub use client_common::ResponseStream;
+pub use codex::compact::content_items_to_text;
+pub use codex::compact::is_session_prefix_message;
+pub use codex_protocol::models::ContentItem;
+pub use codex_protocol::models::LocalShellAction;
+pub use codex_protocol::models::LocalShellExecAction;
+pub use codex_protocol::models::LocalShellStatus;
+pub use codex_protocol::models::ReasoningItemContent;
+pub use codex_protocol::models::ResponseItem;