Move auth and user-agent out

codex-rs/Cargo.lock

@@ -1187,14 +1187,41 @@ dependencies = [
  "tokio-util",
 ]
 
+[[package]]
+name = "codex-auth"
+version = "0.0.0"
+dependencies = [
+ "anyhow",
+ "base64",
+ "chrono",
+ "codex-app-server-protocol",
+ "codex-client",
+ "codex-keyring-store",
+ "codex-protocol",
+ "codex-user-agent",
+ "keyring",
+ "pretty_assertions",
+ "reqwest",
+ "schemars 0.8.22",
+ "serde",
+ "serde_json",
+ "serial_test",
+ "sha2",
+ "tempfile",
+ "thiserror 2.0.17",
+ "tokio",
+ "tracing",
+]
+
 [[package]]
 name = "codex-backend-client"
 version = "0.0.0"
 dependencies = [
  "anyhow",
+ "codex-auth",
  "codex-backend-openapi-models",
- "codex-core",
  "codex-protocol",
+ "codex-user-agent",
  "pretty_assertions",
  "reqwest",
  "serde",
@@ -1369,16 +1396,16 @@ dependencies = [
  "codex-apply-patch",
  "codex-arg0",
  "codex-async-utils",
- "codex-client",
+ "codex-auth",
  "codex-core",
  "codex-execpolicy",
  "codex-file-search",
  "codex-git",
- "codex-keyring-store",
  "codex-otel",
  "codex-protocol",
  "codex-rmcp-client",
  "codex-state",
+ "codex-user-agent",
  "codex-utils-absolute-path",
  "codex-utils-cargo-bin",
  "codex-utils-pty",
@@ -1399,7 +1426,6 @@ dependencies = [
  "include_dir",
  "indexmap 2.12.0",
  "indoc",
- "keyring",
  "landlock",
  "libc",
  "maplit",
@@ -1407,7 +1433,6 @@ dependencies = [
  "multimap",
  "once_cell",
  "openssl-sys",
- "os_info",
  "predicates",
  "pretty_assertions",
  "rand 0.9.2",
@@ -1955,6 +1980,21 @@ dependencies = [
  "winsplit",
 ]
 
+[[package]]
+name = "codex-user-agent"
+version = "0.0.0"
+dependencies = [
+ "codex-client",
+ "core_test_support",
+ "os_info",
+ "pretty_assertions",
+ "regex-lite",
+ "reqwest",
+ "tokio",
+ "tracing",
+ "wiremock",
+]
+
 [[package]]
 name = "codex-utils-absolute-path"
 version = "0.0.0"

codex-rs/Cargo.toml

@@ -2,6 +2,7 @@
 members = [
     "backend-client",
     "ansi-escape",
+    "auth",
     "async-utils",
     "app-server",
     "app-server-protocol",
@@ -36,6 +37,7 @@ members = [
     "stdio-to-uds",
     "otel",
     "tui",
+    "user-agent",
     "utils/absolute-path",
     "utils/cargo-bin",
     "utils/git",
@@ -70,6 +72,7 @@ codex-app-server-protocol = { path = "app-server-protocol" }
 codex-apply-patch = { path = "apply-patch" }
 codex-arg0 = { path = "arg0" }
 codex-async-utils = { path = "async-utils" }
+codex-auth = { path = "auth" }
 codex-backend-client = { path = "backend-client" }
 codex-chatgpt = { path = "chatgpt" }
 codex-cli = { path = "cli"}
@@ -104,6 +107,7 @@ codex-utils-pty = { path = "utils/pty" }
 codex-utils-readiness = { path = "utils/readiness" }
 codex-utils-string = { path = "utils/string" }
 codex-windows-sandbox = { path = "windows-sandbox-rs" }
+codex-user-agent = { path = "user-agent" }
 core_test_support = { path = "core/tests/common" }
 exec_server_test_support = { path = "exec-server/tests/common" }
 mcp-types = { path = "mcp-types" }

codex-rs/auth/BUILD.bazel

@@ -0,0 +1,7 @@
+load("//:defs.bzl", "codex_rust_crate")
+
+codex_rust_crate(
+    name = "auth",
+    crate_name = "codex_auth",
+    crate_features = ["test-support"],
+)

codex-rs/auth/Cargo.toml

@@ -0,0 +1,48 @@
+[package]
+name = "codex-auth"
+version.workspace = true
+edition.workspace = true
+license.workspace = true
+
+[lints]
+workspace = true
+
+[features]
+test-support = []
+
+[dependencies]
+base64 = { workspace = true }
+chrono = { workspace = true, features = ["serde"] }
+codex-app-server-protocol = { workspace = true }
+codex-client = { workspace = true }
+codex-keyring-store = { workspace = true }
+codex-protocol = { workspace = true }
+codex-user-agent = { workspace = true }
+keyring = { workspace = true, features = ["crypto-rust"] }
+reqwest = { workspace = true, features = ["json", "stream"] }
+schemars = { workspace = true }
+serde = { workspace = true, features = ["derive"] }
+serde_json = { workspace = true }
+sha2 = { workspace = true }
+thiserror = { workspace = true }
+tracing = { workspace = true }
+
+[target.'cfg(target_os = "linux")'.dependencies]
+keyring = { workspace = true, features = ["linux-native-async-persistent"] }
+
+[target.'cfg(target_os = "macos")'.dependencies]
+keyring = { workspace = true, features = ["apple-native"] }
+
+[target.'cfg(target_os = "windows")'.dependencies]
+keyring = { workspace = true, features = ["windows-native"] }
+
+[target.'cfg(any(target_os = "freebsd", target_os = "openbsd"))'.dependencies]
+keyring = { workspace = true, features = ["sync-secret-service"] }
+
+[dev-dependencies]
+anyhow = { workspace = true }
+base64 = { workspace = true }
+pretty_assertions = { workspace = true }
+serial_test = { workspace = true }
+tempfile = { workspace = true }
+tokio = { workspace = true, features = ["macros", "rt"] }

codex-rs/auth/src/token_data.rs

@@ -0,0 +1,228 @@
+use base64::Engine;
+use serde::Deserialize;
+use serde::Serialize;
+use thiserror::Error;
+
+#[derive(Deserialize, Serialize, Clone, Debug, PartialEq, Default)]
+pub struct TokenData {
+    /// Flat info parsed from the JWT in auth.json.
+    #[serde(
+        deserialize_with = "deserialize_id_token",
+        serialize_with = "serialize_id_token"
+    )]
+    pub id_token: IdTokenInfo,
+
+    /// This is a JWT.
+    pub access_token: String,
+
+    pub refresh_token: String,
+
+    pub account_id: Option<String>,
+}
+
+/// Flat subset of useful claims in id_token from auth.json.
+#[derive(Debug, Clone, PartialEq, Eq, Default, Serialize, Deserialize)]
+pub struct IdTokenInfo {
+    pub email: Option<String>,
+    /// The ChatGPT subscription plan type
+    /// (e.g., "free", "plus", "pro", "business", "enterprise", "edu").
+    /// (Note: values may vary by backend.)
+    pub(crate) chatgpt_plan_type: Option<PlanType>,
+    /// ChatGPT user identifier associated with the token, if present.
+    pub chatgpt_user_id: Option<String>,
+    /// Organization/workspace identifier associated with the token, if present.
+    pub chatgpt_account_id: Option<String>,
+    pub raw_jwt: String,
+}
+
+impl IdTokenInfo {
+    pub fn get_chatgpt_plan_type(&self) -> Option<String> {
+        self.chatgpt_plan_type.as_ref().map(|t| match t {
+            PlanType::Known(plan) => format!("{plan:?}"),
+            PlanType::Unknown(s) => s.clone(),
+        })
+    }
+
+    pub fn is_workspace_account(&self) -> bool {
+        matches!(
+            self.chatgpt_plan_type,
+            Some(PlanType::Known(
+                KnownPlan::Team | KnownPlan::Business | KnownPlan::Enterprise | KnownPlan::Edu
+            ))
+        )
+    }
+}
+
+#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
+#[serde(untagged)]
+pub enum PlanType {
+    Known(KnownPlan),
+    Unknown(String),
+}
+
+#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
+#[serde(rename_all = "lowercase")]
+pub enum KnownPlan {
+    Free,
+    Plus,
+    Pro,
+    Team,
+    Business,
+    Enterprise,
+    Edu,
+}
+
+#[derive(Deserialize)]
+struct IdClaims {
+    #[serde(default)]
+    email: Option<String>,
+    #[serde(rename = "https://api.openai.com/auth", default)]
+    auth: Option<AuthClaims>,
+}
+
+#[derive(Deserialize)]
+struct AuthClaims {
+    #[serde(default)]
+    chatgpt_plan_type: Option<PlanType>,
+    #[serde(default)]
+    chatgpt_user_id: Option<String>,
+    #[serde(default)]
+    user_id: Option<String>,
+    #[serde(default)]
+    chatgpt_account_id: Option<String>,
+}
+
+#[derive(Debug, Error)]
+pub enum IdTokenInfoError {
+    #[error("invalid ID token format")]
+    InvalidFormat,
+    #[error(transparent)]
+    Base64(#[from] base64::DecodeError),
+    #[error(transparent)]
+    Json(#[from] serde_json::Error),
+}
+
+pub fn parse_id_token(id_token: &str) -> Result<IdTokenInfo, IdTokenInfoError> {
+    // JWT format: header.payload.signature
+    let mut parts = id_token.split('.');
+    let (_header_b64, payload_b64, _sig_b64) = match (parts.next(), parts.next(), parts.next()) {
+        (Some(h), Some(p), Some(s)) if !h.is_empty() && !p.is_empty() && !s.is_empty() => (h, p, s),
+        _ => return Err(IdTokenInfoError::InvalidFormat),
+    };
+
+    let payload_bytes = base64::engine::general_purpose::URL_SAFE_NO_PAD.decode(payload_b64)?;
+    let claims: IdClaims = serde_json::from_slice(&payload_bytes)?;
+
+    match claims.auth {
+        Some(auth) => Ok(IdTokenInfo {
+            email: claims.email,
+            raw_jwt: id_token.to_string(),
+            chatgpt_plan_type: auth.chatgpt_plan_type,
+            chatgpt_user_id: auth.chatgpt_user_id.or(auth.user_id),
+            chatgpt_account_id: auth.chatgpt_account_id,
+        }),
+        None => Ok(IdTokenInfo {
+            email: claims.email,
+            raw_jwt: id_token.to_string(),
+            chatgpt_plan_type: None,
+            chatgpt_user_id: None,
+            chatgpt_account_id: None,
+        }),
+    }
+}
+
+fn deserialize_id_token<'de, D>(deserializer: D) -> Result<IdTokenInfo, D::Error>
+where
+    D: serde::Deserializer<'de>,
+{
+    let s = String::deserialize(deserializer)?;
+    parse_id_token(&s).map_err(serde::de::Error::custom)
+}
+
+fn serialize_id_token<S>(id_token: &IdTokenInfo, serializer: S) -> Result<S::Ok, S::Error>
+where
+    S: serde::Serializer,
+{
+    serializer.serialize_str(&id_token.raw_jwt)
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use pretty_assertions::assert_eq;
+    use serde::Serialize;
+
+    #[test]
+    fn id_token_info_parses_email_and_plan() {
+        #[derive(Serialize)]
+        struct Header {
+            alg: &'static str,
+            typ: &'static str,
+        }
+        let header = Header {
+            alg: "none",
+            typ: "JWT",
+        };
+        let payload = serde_json::json!({
+            "email": "user@example.com",
+            "https://api.openai.com/auth": {
+                "chatgpt_plan_type": "pro"
+            }
+        });
+
+        fn b64url_no_pad(bytes: &[u8]) -> String {
+            base64::engine::general_purpose::URL_SAFE_NO_PAD.encode(bytes)
+        }
+
+        let header_b64 = b64url_no_pad(&serde_json::to_vec(&header).unwrap());
+        let payload_b64 = b64url_no_pad(&serde_json::to_vec(&payload).unwrap());
+        let signature_b64 = b64url_no_pad(b"sig");
+        let fake_jwt = format!("{header_b64}.{payload_b64}.{signature_b64}");
+
+        let info = parse_id_token(&fake_jwt).expect("should parse");
+        assert_eq!(info.email.as_deref(), Some("user@example.com"));
+        assert_eq!(info.get_chatgpt_plan_type().as_deref(), Some("Pro"));
+    }
+
+    #[test]
+    fn id_token_info_handles_missing_fields() {
+        #[derive(Serialize)]
+        struct Header {
+            alg: &'static str,
+            typ: &'static str,
+        }
+        let header = Header {
+            alg: "none",
+            typ: "JWT",
+        };
+        let payload = serde_json::json!({ "sub": "123" });
+
+        fn b64url_no_pad(bytes: &[u8]) -> String {
+            base64::engine::general_purpose::URL_SAFE_NO_PAD.encode(bytes)
+        }
+
+        let header_b64 = b64url_no_pad(&serde_json::to_vec(&header).unwrap());
+        let payload_b64 = b64url_no_pad(&serde_json::to_vec(&payload).unwrap());
+        let signature_b64 = b64url_no_pad(b"sig");
+        let fake_jwt = format!("{header_b64}.{payload_b64}.{signature_b64}");
+
+        let info = parse_id_token(&fake_jwt).expect("should parse");
+        assert!(info.email.is_none());
+        assert!(info.get_chatgpt_plan_type().is_none());
+    }
+
+    #[test]
+    fn workspace_account_detection_matches_workspace_plans() {
+        let workspace = IdTokenInfo {
+            chatgpt_plan_type: Some(PlanType::Known(KnownPlan::Business)),
+            ..IdTokenInfo::default()
+        };
+        assert_eq!(workspace.is_workspace_account(), true);
+
+        let personal = IdTokenInfo {
+            chatgpt_plan_type: Some(PlanType::Known(KnownPlan::Pro)),
+            ..IdTokenInfo::default()
+        };
+        assert_eq!(personal.is_workspace_account(), false);
+    }
+}

codex-rs/backend-client/Cargo.toml

@@ -15,7 +15,8 @@ serde_json = "1"
 reqwest = { version = "0.12", default-features = false, features = ["json", "rustls-tls"] }
 codex-backend-openapi-models = { path = "../codex-backend-openapi-models" }
 codex-protocol = { workspace = true }
-codex-core = { workspace = true }
+codex-auth = { workspace = true }
+codex-user-agent = { workspace = true }
 
 [dev-dependencies]
 pretty_assertions = "1"

codex-rs/backend-client/src/client.rs

@@ -6,12 +6,12 @@ use crate::types::RateLimitStatusPayload;
 use crate::types::RateLimitWindowSnapshot;
 use crate::types::TurnAttemptsSiblingTurnsResponse;
 use anyhow::Result;
-use codex_core::auth::CodexAuth;
-use codex_core::default_client::get_codex_user_agent;
+use codex_auth::CodexAuth;
 use codex_protocol::account::PlanType as AccountPlanType;
 use codex_protocol::protocol::CreditsSnapshot;
 use codex_protocol::protocol::RateLimitSnapshot;
 use codex_protocol::protocol::RateLimitWindow;
+use codex_user_agent::get_codex_user_agent;
 use reqwest::header::AUTHORIZATION;
 use reqwest::header::CONTENT_TYPE;
 use reqwest::header::HeaderMap;

codex-rs/core/Cargo.toml

@@ -29,15 +29,15 @@ codex-api = { workspace = true }
 codex-app-server-protocol = { workspace = true }
 codex-apply-patch = { workspace = true }
 codex-async-utils = { workspace = true }
-codex-client = { workspace = true }
+codex-auth = { workspace = true }
 codex-execpolicy = { workspace = true }
 codex-file-search = { workspace = true }
 codex-git = { workspace = true }
-codex-keyring-store = { workspace = true }
 codex-otel = { workspace = true }
 codex-protocol = { workspace = true }
 codex-rmcp-client = { workspace = true }
 codex-state = { workspace = true }
+codex-user-agent = { workspace = true }
 codex-utils-absolute-path = { workspace = true }
 codex-utils-pty = { workspace = true }
 codex-utils-readiness = { workspace = true }
@@ -53,12 +53,10 @@ http = { workspace = true }
 include_dir = { workspace = true }
 indexmap = { workspace = true }
 indoc = { workspace = true }
-keyring = { workspace = true, features = ["crypto-rust"] }
 libc = { workspace = true }
 mcp-types = { workspace = true }
 multimap = { workspace = true }
 once_cell = { workspace = true }
-os_info = { workspace = true }
 rand = { workspace = true }
 regex = { workspace = true }
 regex-lite = { workspace = true }
@@ -102,17 +100,15 @@ wildmatch = { workspace = true }
 
 [features]
 deterministic_process_ids = []
-test-support = []
+test-support = ["codex-auth/test-support"]
 
 
 [target.'cfg(target_os = "linux")'.dependencies]
-keyring = { workspace = true, features = ["linux-native-async-persistent"] }
 landlock = { workspace = true }
 seccompiler = { workspace = true }
 
 [target.'cfg(target_os = "macos")'.dependencies]
 core-foundation = "0.9"
-keyring = { workspace = true, features = ["apple-native"] }
 
 # Build OpenSSL from source for musl builds.
 [target.x86_64-unknown-linux-musl.dependencies]
@@ -122,11 +118,6 @@ openssl-sys = { workspace = true, features = ["vendored"] }
 [target.aarch64-unknown-linux-musl.dependencies]
 openssl-sys = { workspace = true, features = ["vendored"] }
 
-[target.'cfg(target_os = "windows")'.dependencies]
-keyring = { workspace = true, features = ["windows-native"] }
-
-[target.'cfg(any(target_os = "freebsd", target_os = "openbsd"))'.dependencies]
-keyring = { workspace = true, features = ["sync-secret-service"] }
 
 [dev-dependencies]
 assert_cmd = { workspace = true }

codex-rs/core/src/default_client.rs

@@ -1,295 +1 @@
-use crate::spawn::CODEX_SANDBOX_ENV_VAR;
-use codex_client::CodexHttpClient;
-pub use codex_client::CodexRequestBuilder;
-use reqwest::header::HeaderValue;
-use std::sync::LazyLock;
-use std::sync::Mutex;
-use std::sync::RwLock;
-
-/// Set this to add a suffix to the User-Agent string.
-///
-/// It is not ideal that we're using a global singleton for this.
-/// This is primarily designed to differentiate MCP clients from each other.
-/// Because there can only be one MCP server per process, it should be safe for this to be a global static.
-/// However, future users of this should use this with caution as a result.
-/// In addition, we want to be confident that this value is used for ALL clients and doing that requires a
-/// lot of wiring and it's easy to miss code paths by doing so.
-/// See https://github.com/openai/codex/pull/3388/files for an example of what that would look like.
-/// Finally, we want to make sure this is set for ALL mcp clients without needing to know a special env var
-/// or having to set data that they already specified in the mcp initialize request somewhere else.
-///
-/// A space is automatically added between the suffix and the rest of the User-Agent string.
-/// The full user agent string is returned from the mcp initialize response.
-/// Parenthesis will be added by Codex. This should only specify what goes inside of the parenthesis.
-pub static USER_AGENT_SUFFIX: LazyLock<Mutex<Option<String>>> = LazyLock::new(|| Mutex::new(None));
-pub const DEFAULT_ORIGINATOR: &str = "codex_cli_rs";
-pub const CODEX_INTERNAL_ORIGINATOR_OVERRIDE_ENV_VAR: &str = "CODEX_INTERNAL_ORIGINATOR_OVERRIDE";
-
-#[derive(Debug, Clone)]
-pub struct Originator {
-    pub value: String,
-    pub header_value: HeaderValue,
-}
-static ORIGINATOR: LazyLock<RwLock<Option<Originator>>> = LazyLock::new(|| RwLock::new(None));
-
-#[derive(Debug)]
-pub enum SetOriginatorError {
-    InvalidHeaderValue,
-    AlreadyInitialized,
-}
-
-fn get_originator_value(provided: Option<String>) -> Originator {
-    let value = std::env::var(CODEX_INTERNAL_ORIGINATOR_OVERRIDE_ENV_VAR)
-        .ok()
-        .or(provided)
-        .unwrap_or(DEFAULT_ORIGINATOR.to_string());
-
-    match HeaderValue::from_str(&value) {
-        Ok(header_value) => Originator {
-            value,
-            header_value,
-        },
-        Err(e) => {
-            tracing::error!("Unable to turn originator override {value} into header value: {e}");
-            Originator {
-                value: DEFAULT_ORIGINATOR.to_string(),
-                header_value: HeaderValue::from_static(DEFAULT_ORIGINATOR),
-            }
-        }
-    }
-}
-
-pub fn set_default_originator(value: String) -> Result<(), SetOriginatorError> {
-    if HeaderValue::from_str(&value).is_err() {
-        return Err(SetOriginatorError::InvalidHeaderValue);
-    }
-    let originator = get_originator_value(Some(value));
-    let Ok(mut guard) = ORIGINATOR.write() else {
-        return Err(SetOriginatorError::AlreadyInitialized);
-    };
-    if guard.is_some() {
-        return Err(SetOriginatorError::AlreadyInitialized);
-    }
-    *guard = Some(originator);
-    Ok(())
-}
-
-pub fn originator() -> Originator {
-    if let Ok(guard) = ORIGINATOR.read()
-        && let Some(originator) = guard.as_ref()
-    {
-        return originator.clone();
-    }
-
-    if std::env::var(CODEX_INTERNAL_ORIGINATOR_OVERRIDE_ENV_VAR).is_ok() {
-        let originator = get_originator_value(None);
-        if let Ok(mut guard) = ORIGINATOR.write() {
-            match guard.as_ref() {
-                Some(originator) => return originator.clone(),
-                None => *guard = Some(originator.clone()),
-            }
-        }
-        return originator;
-    }
-
-    get_originator_value(None)
-}
-
-pub fn is_first_party_originator(originator_value: &str) -> bool {
-    originator_value == DEFAULT_ORIGINATOR
-        || originator_value == "codex_vscode"
-        || originator_value.starts_with("Codex ")
-}
-
-pub fn get_codex_user_agent() -> String {
-    let build_version = env!("CARGO_PKG_VERSION");
-    let os_info = os_info::get();
-    let originator = originator();
-    let prefix = format!(
-        "{}/{build_version} ({} {}; {}) {}",
-        originator.value.as_str(),
-        os_info.os_type(),
-        os_info.version(),
-        os_info.architecture().unwrap_or("unknown"),
-        crate::terminal::user_agent()
-    );
-    let suffix = USER_AGENT_SUFFIX
-        .lock()
-        .ok()
-        .and_then(|guard| guard.clone());
-    let suffix = suffix
-        .as_deref()
-        .map(str::trim)
-        .filter(|value| !value.is_empty())
-        .map_or_else(String::new, |value| format!(" ({value})"));
-
-    let candidate = format!("{prefix}{suffix}");
-    sanitize_user_agent(candidate, &prefix)
-}
-
-/// Sanitize the user agent string.
-///
-/// Invalid characters are replaced with an underscore.
-///
-/// If the user agent fails to parse, it falls back to fallback and then to ORIGINATOR.
-fn sanitize_user_agent(candidate: String, fallback: &str) -> String {
-    if HeaderValue::from_str(candidate.as_str()).is_ok() {
-        return candidate;
-    }
-
-    let sanitized: String = candidate
-        .chars()
-        .map(|ch| if matches!(ch, ' '..='~') { ch } else { '_' })
-        .collect();
-    if !sanitized.is_empty() && HeaderValue::from_str(sanitized.as_str()).is_ok() {
-        tracing::warn!(
-            "Sanitized Codex user agent because provided suffix contained invalid header characters"
-        );
-        sanitized
-    } else if HeaderValue::from_str(fallback).is_ok() {
-        tracing::warn!(
-            "Falling back to base Codex user agent because provided suffix could not be sanitized"
-        );
-        fallback.to_string()
-    } else {
-        tracing::warn!(
-            "Falling back to default Codex originator because base user agent string is invalid"
-        );
-        originator().value
-    }
-}
-
-/// Create an HTTP client with default `originator` and `User-Agent` headers set.
-pub fn create_client() -> CodexHttpClient {
-    let inner = build_reqwest_client();
-    CodexHttpClient::new(inner)
-}
-
-pub fn build_reqwest_client() -> reqwest::Client {
-    use reqwest::header::HeaderMap;
-
-    let mut headers = HeaderMap::new();
-    headers.insert("originator", originator().header_value);
-    let ua = get_codex_user_agent();
-
-    let mut builder = reqwest::Client::builder()
-        // Set UA via dedicated helper to avoid header validation pitfalls
-        .user_agent(ua)
-        .default_headers(headers);
-    if is_sandboxed() {
-        builder = builder.no_proxy();
-    }
-
-    builder.build().unwrap_or_else(|_| reqwest::Client::new())
-}
-
-fn is_sandboxed() -> bool {
-    std::env::var(CODEX_SANDBOX_ENV_VAR).as_deref() == Ok("seatbelt")
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use core_test_support::skip_if_no_network;
-    use pretty_assertions::assert_eq;
-
-    #[test]
-    fn test_get_codex_user_agent() {
-        let user_agent = get_codex_user_agent();
-        let originator = originator().value;
-        let prefix = format!("{originator}/");
-        assert!(user_agent.starts_with(&prefix));
-    }
-
-    #[test]
-    fn is_first_party_originator_matches_known_values() {
-        assert_eq!(is_first_party_originator(DEFAULT_ORIGINATOR), true);
-        assert_eq!(is_first_party_originator("codex_vscode"), true);
-        assert_eq!(is_first_party_originator("Codex Something Else"), true);
-        assert_eq!(is_first_party_originator("codex_cli"), false);
-        assert_eq!(is_first_party_originator("Other"), false);
-    }
-
-    #[tokio::test]
-    async fn test_create_client_sets_default_headers() {
-        skip_if_no_network!();
-
-        use wiremock::Mock;
-        use wiremock::MockServer;
-        use wiremock::ResponseTemplate;
-        use wiremock::matchers::method;
-        use wiremock::matchers::path;
-
-        let client = create_client();
-
-        // Spin up a local mock server and capture a request.
-        let server = MockServer::start().await;
-        Mock::given(method("GET"))
-            .and(path("/"))
-            .respond_with(ResponseTemplate::new(200))
-            .mount(&server)
-            .await;
-
-        let resp = client
-            .get(server.uri())
-            .send()
-            .await
-            .expect("failed to send request");
-        assert!(resp.status().is_success());
-
-        let requests = server
-            .received_requests()
-            .await
-            .expect("failed to fetch received requests");
-        assert!(!requests.is_empty());
-        let headers = &requests[0].headers;
-
-        // originator header is set to the provided value
-        let originator_header = headers
-            .get("originator")
-            .expect("originator header missing");
-        assert_eq!(originator_header.to_str().unwrap(), originator().value);
-
-        // User-Agent matches the computed Codex UA for that originator
-        let expected_ua = get_codex_user_agent();
-        let ua_header = headers
-            .get("user-agent")
-            .expect("user-agent header missing");
-        assert_eq!(ua_header.to_str().unwrap(), expected_ua);
-    }
-
-    #[test]
-    fn test_invalid_suffix_is_sanitized() {
-        let prefix = "codex_cli_rs/0.0.0";
-        let suffix = "bad\rsuffix";
-
-        assert_eq!(
-            sanitize_user_agent(format!("{prefix} ({suffix})"), prefix),
-            "codex_cli_rs/0.0.0 (bad_suffix)"
-        );
-    }
-
-    #[test]
-    fn test_invalid_suffix_is_sanitized2() {
-        let prefix = "codex_cli_rs/0.0.0";
-        let suffix = "bad\0suffix";
-
-        assert_eq!(
-            sanitize_user_agent(format!("{prefix} ({suffix})"), prefix),
-            "codex_cli_rs/0.0.0 (bad_suffix)"
-        );
-    }
-
-    #[test]
-    #[cfg(target_os = "macos")]
-    fn test_macos() {
-        use regex_lite::Regex;
-        let user_agent = get_codex_user_agent();
-        let originator = regex_lite::escape(originator().value.as_str());
-        let re = Regex::new(&format!(
-            r"^{originator}/\d+\.\d+\.\d+ \(Mac OS \d+\.\d+\.\d+; (x86_64|arm64)\) (\S+)$"
-        ))
-        .unwrap();
-        assert!(re.is_match(&user_agent));
-    }
-}
+pub use codex_user_agent::*;

codex-rs/core/src/error.rs

@@ -8,6 +8,8 @@ use chrono::Datelike;
 use chrono::Local;
 use chrono::Utc;
 use codex_async_utils::CancelErr;
+pub use codex_auth::RefreshTokenFailedError;
+pub use codex_auth::RefreshTokenFailedReason;
 use codex_protocol::ThreadId;
 use codex_protocol::protocol::CodexErrorInfo;
 use codex_protocol::protocol::ErrorEvent;
@@ -253,30 +255,6 @@ impl std::fmt::Display for ResponseStreamFailed {
     }
 }
 
-#[derive(Debug, Clone, PartialEq, Eq, Error)]
-#[error("{message}")]
-pub struct RefreshTokenFailedError {
-    pub reason: RefreshTokenFailedReason,
-    pub message: String,
-}
-
-impl RefreshTokenFailedError {
-    pub fn new(reason: RefreshTokenFailedReason, message: impl Into<String>) -> Self {
-        Self {
-            reason,
-            message: message.into(),
-        }
-    }
-}
-
-#[derive(Debug, Clone, Copy, PartialEq, Eq)]
-pub enum RefreshTokenFailedReason {
-    Expired,
-    Exhausted,
-    Revoked,
-    Other,
-}
-
 #[derive(Debug)]
 pub struct UnexpectedResponseError {
     pub status: StatusCode,

codex-rs/core/src/token_data.rs

@@ -1,228 +1 @@
-use base64::Engine;
-use serde::Deserialize;
-use serde::Serialize;
-use thiserror::Error;
-
-#[derive(Deserialize, Serialize, Clone, Debug, PartialEq, Default)]
-pub struct TokenData {
-    /// Flat info parsed from the JWT in auth.json.
-    #[serde(
-        deserialize_with = "deserialize_id_token",
-        serialize_with = "serialize_id_token"
-    )]
-    pub id_token: IdTokenInfo,
-
-    /// This is a JWT.
-    pub access_token: String,
-
-    pub refresh_token: String,
-
-    pub account_id: Option<String>,
-}
-
-/// Flat subset of useful claims in id_token from auth.json.
-#[derive(Debug, Clone, PartialEq, Eq, Default, Serialize, Deserialize)]
-pub struct IdTokenInfo {
-    pub email: Option<String>,
-    /// The ChatGPT subscription plan type
-    /// (e.g., "free", "plus", "pro", "business", "enterprise", "edu").
-    /// (Note: values may vary by backend.)
-    pub(crate) chatgpt_plan_type: Option<PlanType>,
-    /// ChatGPT user identifier associated with the token, if present.
-    pub chatgpt_user_id: Option<String>,
-    /// Organization/workspace identifier associated with the token, if present.
-    pub chatgpt_account_id: Option<String>,
-    pub raw_jwt: String,
-}
-
-impl IdTokenInfo {
-    pub fn get_chatgpt_plan_type(&self) -> Option<String> {
-        self.chatgpt_plan_type.as_ref().map(|t| match t {
-            PlanType::Known(plan) => format!("{plan:?}"),
-            PlanType::Unknown(s) => s.clone(),
-        })
-    }
-
-    pub fn is_workspace_account(&self) -> bool {
-        matches!(
-            self.chatgpt_plan_type,
-            Some(PlanType::Known(
-                KnownPlan::Team | KnownPlan::Business | KnownPlan::Enterprise | KnownPlan::Edu
-            ))
-        )
-    }
-}
-
-#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
-#[serde(untagged)]
-pub(crate) enum PlanType {
-    Known(KnownPlan),
-    Unknown(String),
-}
-
-#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
-#[serde(rename_all = "lowercase")]
-pub(crate) enum KnownPlan {
-    Free,
-    Plus,
-    Pro,
-    Team,
-    Business,
-    Enterprise,
-    Edu,
-}
-
-#[derive(Deserialize)]
-struct IdClaims {
-    #[serde(default)]
-    email: Option<String>,
-    #[serde(rename = "https://api.openai.com/auth", default)]
-    auth: Option<AuthClaims>,
-}
-
-#[derive(Deserialize)]
-struct AuthClaims {
-    #[serde(default)]
-    chatgpt_plan_type: Option<PlanType>,
-    #[serde(default)]
-    chatgpt_user_id: Option<String>,
-    #[serde(default)]
-    user_id: Option<String>,
-    #[serde(default)]
-    chatgpt_account_id: Option<String>,
-}
-
-#[derive(Debug, Error)]
-pub enum IdTokenInfoError {
-    #[error("invalid ID token format")]
-    InvalidFormat,
-    #[error(transparent)]
-    Base64(#[from] base64::DecodeError),
-    #[error(transparent)]
-    Json(#[from] serde_json::Error),
-}
-
-pub fn parse_id_token(id_token: &str) -> Result<IdTokenInfo, IdTokenInfoError> {
-    // JWT format: header.payload.signature
-    let mut parts = id_token.split('.');
-    let (_header_b64, payload_b64, _sig_b64) = match (parts.next(), parts.next(), parts.next()) {
-        (Some(h), Some(p), Some(s)) if !h.is_empty() && !p.is_empty() && !s.is_empty() => (h, p, s),
-        _ => return Err(IdTokenInfoError::InvalidFormat),
-    };
-
-    let payload_bytes = base64::engine::general_purpose::URL_SAFE_NO_PAD.decode(payload_b64)?;
-    let claims: IdClaims = serde_json::from_slice(&payload_bytes)?;
-
-    match claims.auth {
-        Some(auth) => Ok(IdTokenInfo {
-            email: claims.email,
-            raw_jwt: id_token.to_string(),
-            chatgpt_plan_type: auth.chatgpt_plan_type,
-            chatgpt_user_id: auth.chatgpt_user_id.or(auth.user_id),
-            chatgpt_account_id: auth.chatgpt_account_id,
-        }),
-        None => Ok(IdTokenInfo {
-            email: claims.email,
-            raw_jwt: id_token.to_string(),
-            chatgpt_plan_type: None,
-            chatgpt_user_id: None,
-            chatgpt_account_id: None,
-        }),
-    }
-}
-
-fn deserialize_id_token<'de, D>(deserializer: D) -> Result<IdTokenInfo, D::Error>
-where
-    D: serde::Deserializer<'de>,
-{
-    let s = String::deserialize(deserializer)?;
-    parse_id_token(&s).map_err(serde::de::Error::custom)
-}
-
-fn serialize_id_token<S>(id_token: &IdTokenInfo, serializer: S) -> Result<S::Ok, S::Error>
-where
-    S: serde::Serializer,
-{
-    serializer.serialize_str(&id_token.raw_jwt)
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use pretty_assertions::assert_eq;
-    use serde::Serialize;
-
-    #[test]
-    fn id_token_info_parses_email_and_plan() {
-        #[derive(Serialize)]
-        struct Header {
-            alg: &'static str,
-            typ: &'static str,
-        }
-        let header = Header {
-            alg: "none",
-            typ: "JWT",
-        };
-        let payload = serde_json::json!({
-            "email": "user@example.com",
-            "https://api.openai.com/auth": {
-                "chatgpt_plan_type": "pro"
-            }
-        });
-
-        fn b64url_no_pad(bytes: &[u8]) -> String {
-            base64::engine::general_purpose::URL_SAFE_NO_PAD.encode(bytes)
-        }
-
-        let header_b64 = b64url_no_pad(&serde_json::to_vec(&header).unwrap());
-        let payload_b64 = b64url_no_pad(&serde_json::to_vec(&payload).unwrap());
-        let signature_b64 = b64url_no_pad(b"sig");
-        let fake_jwt = format!("{header_b64}.{payload_b64}.{signature_b64}");
-
-        let info = parse_id_token(&fake_jwt).expect("should parse");
-        assert_eq!(info.email.as_deref(), Some("user@example.com"));
-        assert_eq!(info.get_chatgpt_plan_type().as_deref(), Some("Pro"));
-    }
-
-    #[test]
-    fn id_token_info_handles_missing_fields() {
-        #[derive(Serialize)]
-        struct Header {
-            alg: &'static str,
-            typ: &'static str,
-        }
-        let header = Header {
-            alg: "none",
-            typ: "JWT",
-        };
-        let payload = serde_json::json!({ "sub": "123" });
-
-        fn b64url_no_pad(bytes: &[u8]) -> String {
-            base64::engine::general_purpose::URL_SAFE_NO_PAD.encode(bytes)
-        }
-
-        let header_b64 = b64url_no_pad(&serde_json::to_vec(&header).unwrap());
-        let payload_b64 = b64url_no_pad(&serde_json::to_vec(&payload).unwrap());
-        let signature_b64 = b64url_no_pad(b"sig");
-        let fake_jwt = format!("{header_b64}.{payload_b64}.{signature_b64}");
-
-        let info = parse_id_token(&fake_jwt).expect("should parse");
-        assert!(info.email.is_none());
-        assert!(info.get_chatgpt_plan_type().is_none());
-    }
-
-    #[test]
-    fn workspace_account_detection_matches_workspace_plans() {
-        let workspace = IdTokenInfo {
-            chatgpt_plan_type: Some(PlanType::Known(KnownPlan::Business)),
-            ..IdTokenInfo::default()
-        };
-        assert_eq!(workspace.is_workspace_account(), true);
-
-        let personal = IdTokenInfo {
-            chatgpt_plan_type: Some(PlanType::Known(KnownPlan::Pro)),
-            ..IdTokenInfo::default()
-        };
-        assert_eq!(personal.is_workspace_account(), false);
-    }
-}
+pub use codex_auth::token_data::*;

codex-rs/core/src/util.rs

@@ -3,7 +3,6 @@ use std::path::PathBuf;
 use std::time::Duration;
 
 use rand::Rng;
-use tracing::debug;
 use tracing::error;
 
 const INITIAL_DELAY_MS: u64 = 200;
@@ -49,21 +48,6 @@ pub(crate) fn error_or_panic(message: impl std::string::ToString) {
     }
 }
 
-pub(crate) fn try_parse_error_message(text: &str) -> String {
-    debug!("Parsing server error response: {}", text);
-    let json = serde_json::from_str::<serde_json::Value>(text).unwrap_or_default();
-    if let Some(error) = json.get("error")
-        && let Some(message) = error.get("message")
-        && let Some(message_str) = message.as_str()
-    {
-        return message_str.to_string();
-    }
-    if text.is_empty() {
-        return "Unknown error".to_string();
-    }
-    text.to_string()
-}
-
 pub fn resolve_path(base: &Path, path: &PathBuf) -> PathBuf {
     if path.is_absolute() {
         path.clone()
@@ -74,37 +58,11 @@ pub fn resolve_path(base: &Path, path: &PathBuf) -> PathBuf {
 
 #[cfg(test)]
 mod tests {
-    use super::*;
-
-    #[test]
-    fn test_try_parse_error_message() {
-        let text = r#"{
-  "error": {
-    "message": "Your refresh token has already been used to generate a new access token. Please try signing in again.",
-    "type": "invalid_request_error",
-    "param": null,
-    "code": "refresh_token_reused"
-  }
-}"#;
-        let message = try_parse_error_message(text);
-        assert_eq!(
-            message,
-            "Your refresh token has already been used to generate a new access token. Please try signing in again."
-        );
-    }
-
-    #[test]
-    fn test_try_parse_error_message_no_error() {
-        let text = r#"{"message": "test"}"#;
-        let message = try_parse_error_message(text);
-        assert_eq!(message, r#"{"message": "test"}"#);
-    }
-
     #[test]
     fn feedback_tags_macro_compiles() {
         #[derive(Debug)]
         struct OnlyDebug;
 
-        feedback_tags!(model = "gpt-5", cached = true, debug_only = OnlyDebug);
+        crate::feedback_tags!(model = "gpt-5", cached = true, debug_only = OnlyDebug);
     }
 }

codex-rs/user-agent/BUILD.bazel

@@ -0,0 +1,6 @@
+load("//:defs.bzl", "codex_rust_crate")
+
+codex_rust_crate(
+    name = "user-agent",
+    crate_name = "codex_user_agent",
+)

codex-rs/user-agent/Cargo.toml

@@ -0,0 +1,21 @@
+[package]
+name = "codex-user-agent"
+version.workspace = true
+edition.workspace = true
+license.workspace = true
+
+[lints]
+workspace = true
+
+[dependencies]
+codex-client = { workspace = true }
+os_info = { workspace = true }
+reqwest = { workspace = true }
+tracing = { workspace = true }
+
+[dev-dependencies]
+core_test_support = { workspace = true }
+pretty_assertions = { workspace = true }
+regex-lite = { workspace = true }
+tokio = { workspace = true, features = ["macros", "rt"] }
+wiremock = { workspace = true }

codex-rs/user-agent/src/lib.rs

@@ -0,0 +1,303 @@
+mod terminal;
+
+use codex_client::CodexHttpClient;
+pub use codex_client::CodexRequestBuilder;
+use reqwest::header::HeaderValue;
+use std::sync::LazyLock;
+use std::sync::Mutex;
+use std::sync::RwLock;
+
+pub use terminal::Multiplexer;
+pub use terminal::TerminalInfo;
+pub use terminal::TerminalName;
+pub use terminal::terminal_info;
+pub use terminal::user_agent;
+
+/// Set this to add a suffix to the User-Agent string.
+///
+/// It is not ideal that we're using a global singleton for this.
+/// This is primarily designed to differentiate MCP clients from each other.
+/// Because there can only be one MCP server per process, it should be safe for this to be a global static.
+/// However, future users of this should use this with caution as a result.
+/// In addition, we want to be confident that this value is used for ALL clients and doing that requires a
+/// lot of wiring and it's easy to miss code paths by doing so.
+/// See https://github.com/openai/codex/pull/3388/files for an example of what that would look like.
+/// Finally, we want to make sure this is set for ALL mcp clients without needing to know a special env var
+/// or having to set data that they already specified in the mcp initialize request somewhere else.
+///
+/// A space is automatically added between the suffix and the rest of the User-Agent string.
+/// The full user agent string is returned from the mcp initialize response.
+/// Parenthesis will be added by Codex. This should only specify what goes inside of the parenthesis.
+pub static USER_AGENT_SUFFIX: LazyLock<Mutex<Option<String>>> = LazyLock::new(|| Mutex::new(None));
+pub const DEFAULT_ORIGINATOR: &str = "codex_cli_rs";
+pub const CODEX_INTERNAL_ORIGINATOR_OVERRIDE_ENV_VAR: &str = "CODEX_INTERNAL_ORIGINATOR_OVERRIDE";
+const CODEX_SANDBOX_ENV_VAR: &str = "CODEX_SANDBOX";
+
+#[derive(Debug, Clone)]
+pub struct Originator {
+    pub value: String,
+    pub header_value: HeaderValue,
+}
+static ORIGINATOR: LazyLock<RwLock<Option<Originator>>> = LazyLock::new(|| RwLock::new(None));
+
+#[derive(Debug)]
+pub enum SetOriginatorError {
+    InvalidHeaderValue,
+    AlreadyInitialized,
+}
+
+fn get_originator_value(provided: Option<String>) -> Originator {
+    let value = std::env::var(CODEX_INTERNAL_ORIGINATOR_OVERRIDE_ENV_VAR)
+        .ok()
+        .or(provided)
+        .unwrap_or(DEFAULT_ORIGINATOR.to_string());
+
+    match HeaderValue::from_str(&value) {
+        Ok(header_value) => Originator {
+            value,
+            header_value,
+        },
+        Err(e) => {
+            tracing::error!("Unable to turn originator override {value} into header value: {e}");
+            Originator {
+                value: DEFAULT_ORIGINATOR.to_string(),
+                header_value: HeaderValue::from_static(DEFAULT_ORIGINATOR),
+            }
+        }
+    }
+}
+
+pub fn set_default_originator(value: String) -> Result<(), SetOriginatorError> {
+    if HeaderValue::from_str(&value).is_err() {
+        return Err(SetOriginatorError::InvalidHeaderValue);
+    }
+    let originator = get_originator_value(Some(value));
+    let Ok(mut guard) = ORIGINATOR.write() else {
+        return Err(SetOriginatorError::AlreadyInitialized);
+    };
+    if guard.is_some() {
+        return Err(SetOriginatorError::AlreadyInitialized);
+    }
+    *guard = Some(originator);
+    Ok(())
+}
+
+pub fn originator() -> Originator {
+    if let Ok(guard) = ORIGINATOR.read()
+        && let Some(originator) = guard.as_ref()
+    {
+        return originator.clone();
+    }
+
+    if std::env::var(CODEX_INTERNAL_ORIGINATOR_OVERRIDE_ENV_VAR).is_ok() {
+        let originator = get_originator_value(None);
+        if let Ok(mut guard) = ORIGINATOR.write() {
+            match guard.as_ref() {
+                Some(originator) => return originator.clone(),
+                None => *guard = Some(originator.clone()),
+            }
+        }
+        return originator;
+    }
+
+    get_originator_value(None)
+}
+
+pub fn is_first_party_originator(originator_value: &str) -> bool {
+    originator_value == DEFAULT_ORIGINATOR
+        || originator_value == "codex_vscode"
+        || originator_value.starts_with("Codex ")
+}
+
+pub fn get_codex_user_agent() -> String {
+    let build_version = env!("CARGO_PKG_VERSION");
+    let os_info = os_info::get();
+    let originator = originator();
+    let prefix = format!(
+        "{}/{build_version} ({} {}; {}) {}",
+        originator.value.as_str(),
+        os_info.os_type(),
+        os_info.version(),
+        os_info.architecture().unwrap_or("unknown"),
+        user_agent()
+    );
+    let suffix = USER_AGENT_SUFFIX
+        .lock()
+        .ok()
+        .and_then(|guard| guard.clone());
+    let suffix = suffix
+        .as_deref()
+        .map(str::trim)
+        .filter(|value| !value.is_empty())
+        .map_or_else(String::new, |value| format!(" ({value})"));
+
+    let candidate = format!("{prefix}{suffix}");
+    sanitize_user_agent(candidate, &prefix)
+}
+
+/// Sanitize the user agent string.
+///
+/// Invalid characters are replaced with an underscore.
+///
+/// If the user agent fails to parse, it falls back to fallback and then to ORIGINATOR.
+fn sanitize_user_agent(candidate: String, fallback: &str) -> String {
+    if HeaderValue::from_str(candidate.as_str()).is_ok() {
+        return candidate;
+    }
+
+    let sanitized: String = candidate
+        .chars()
+        .map(|ch| if matches!(ch, ' '..='~') { ch } else { '_' })
+        .collect();
+    if !sanitized.is_empty() && HeaderValue::from_str(sanitized.as_str()).is_ok() {
+        tracing::warn!(
+            "Sanitized Codex user agent because provided suffix contained invalid header characters"
+        );
+        sanitized
+    } else if HeaderValue::from_str(fallback).is_ok() {
+        tracing::warn!(
+            "Falling back to base Codex user agent because provided suffix could not be sanitized"
+        );
+        fallback.to_string()
+    } else {
+        tracing::warn!(
+            "Falling back to default Codex originator because base user agent string is invalid"
+        );
+        originator().value
+    }
+}
+
+/// Create an HTTP client with default `originator` and `User-Agent` headers set.
+pub fn create_client() -> CodexHttpClient {
+    let inner = build_reqwest_client();
+    CodexHttpClient::new(inner)
+}
+
+pub fn build_reqwest_client() -> reqwest::Client {
+    use reqwest::header::HeaderMap;
+
+    let mut headers = HeaderMap::new();
+    headers.insert("originator", originator().header_value);
+    let ua = get_codex_user_agent();
+
+    let mut builder = reqwest::Client::builder()
+        // Set UA via dedicated helper to avoid header validation pitfalls
+        .user_agent(ua)
+        .default_headers(headers);
+    if is_sandboxed() {
+        builder = builder.no_proxy();
+    }
+
+    builder.build().unwrap_or_else(|_| reqwest::Client::new())
+}
+
+fn is_sandboxed() -> bool {
+    std::env::var(CODEX_SANDBOX_ENV_VAR).as_deref() == Ok("seatbelt")
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use core_test_support::skip_if_no_network;
+    use pretty_assertions::assert_eq;
+
+    #[test]
+    fn test_get_codex_user_agent() {
+        let user_agent = get_codex_user_agent();
+        let originator = originator().value;
+        let prefix = format!("{originator}/");
+        assert!(user_agent.starts_with(&prefix));
+    }
+
+    #[test]
+    fn is_first_party_originator_matches_known_values() {
+        assert_eq!(is_first_party_originator(DEFAULT_ORIGINATOR), true);
+        assert_eq!(is_first_party_originator("codex_vscode"), true);
+        assert_eq!(is_first_party_originator("Codex Something Else"), true);
+        assert_eq!(is_first_party_originator("codex_cli"), false);
+        assert_eq!(is_first_party_originator("Other"), false);
+    }
+
+    #[tokio::test]
+    async fn test_create_client_sets_default_headers() {
+        skip_if_no_network!();
+
+        use wiremock::Mock;
+        use wiremock::MockServer;
+        use wiremock::ResponseTemplate;
+        use wiremock::matchers::method;
+        use wiremock::matchers::path;
+
+        let client = create_client();
+
+        // Spin up a local mock server and capture a request.
+        let server = MockServer::start().await;
+        Mock::given(method("GET"))
+            .and(path("/"))
+            .respond_with(ResponseTemplate::new(200))
+            .mount(&server)
+            .await;
+
+        let resp = client
+            .get(server.uri())
+            .send()
+            .await
+            .expect("failed to send request");
+        assert!(resp.status().is_success());
+
+        let requests = server
+            .received_requests()
+            .await
+            .expect("failed to fetch received requests");
+        assert!(!requests.is_empty());
+        let headers = &requests[0].headers;
+
+        // originator header is set to the provided value
+        let originator_header = headers
+            .get("originator")
+            .expect("originator header missing");
+        assert_eq!(originator_header.to_str().unwrap(), originator().value);
+
+        // User-Agent matches the computed Codex UA for that originator
+        let expected_ua = get_codex_user_agent();
+        let ua_header = headers
+            .get("user-agent")
+            .expect("user-agent header missing");
+        assert_eq!(ua_header.to_str().unwrap(), expected_ua);
+    }
+
+    #[test]
+    fn test_invalid_suffix_is_sanitized() {
+        let prefix = "codex_cli_rs/0.0.0";
+        let suffix = "bad\rsuffix";
+
+        assert_eq!(
+            sanitize_user_agent(format!("{prefix} ({suffix})"), prefix),
+            "codex_cli_rs/0.0.0 (bad_suffix)"
+        );
+    }
+
+    #[test]
+    fn test_invalid_suffix_is_sanitized2() {
+        let prefix = "codex_cli_rs/0.0.0";
+        let suffix = "bad\0suffix";
+
+        assert_eq!(
+            sanitize_user_agent(format!("{prefix} ({suffix})"), prefix),
+            "codex_cli_rs/0.0.0 (bad_suffix)"
+        );
+    }
+
+    #[test]
+    #[cfg(target_os = "macos")]
+    fn test_macos() {
+        use regex_lite::Regex;
+        let user_agent = get_codex_user_agent();
+        let originator = regex_lite::escape(originator().value.as_str());
+        let re = Regex::new(&format!(
+            r"^{originator}/\d+\.\d+\.\d+ \(Mac OS \d+\.\d+\.\d+; (x86_64|arm64)\) (\S+)$"
+        ))
+        .unwrap();
+        assert!(re.is_match(&user_agent));
+    }
+}