improvements, more dry

- MCP server: add send-user-message tool to send user input to a running
Codex session
- Added an integration tests for the happy and sad paths

Changes:
•	Add tool definition and schema.
•	Expose tool in capabilities.
•	Route and handle tool requests with validation.
•	Tests for success, bad UUID, and missing session.


follow‑ups
• Listen path not implemented yet; the tool is present but marked “don’t
use yet” in code comments.
• Session run flag reset: clear running_session_id_set appropriately
after turn completion/errors.

This is the third PR in a stack.
Stack:
Final: #1686
Intermediate: #1751
First: #1750

.github/codex/labels/codex-rust-review.md

@@ -0,0 +1,23 @@
+Review this PR and respond with a very concise final message, formatted in Markdown.
+
+There should be a summary of the changes (1-2 sentences) and a few bullet points if necessary.
+
+Then provide the **review** (1-2 sentences plus bullet points, friendly tone).
+
+Things to look out for when doing the review:
+
+- **Make sure the pull request body explains the motivation behind the change.** If the author has failed to do this, call it out, and if you think you can deduce the motivation behind the change, propose copy.
+- Ideally, the PR body also contains a small summary of the change. For small changes, the PR title may be sufficient.
+- Each PR should ideally do one conceptual thing. For example, if a PR does a refactoring as well as introducing a new feature, push back and suggest the refactoring be done in a separate PR. This makes things easier for the reviewer, as refactoring changes can often be far-reaching, yet quick to review.
+- If the nature of the change seems to have a visual component (which is often the case for changes to `codex-rs/tui`), recommend including a screenshot or video to demonstrate the change, if appropriate.
+- Rust files should generally be organized such that the public parts of the API appear near the top of the file and helper functions go below. This is analagous to the "inverted pyramid" structure that is favored in journalism.
+- Encourage the use of small enums or the newtype pattern in Rust if it helps readability without adding significant cognitive load or lines of code.
+- Be wary of large files and offer suggestions for how to break things into more reasonably-sized files.
+- When modifying a `Cargo.toml` file, make sure that dependency lists stay alphabetically sorted. Also consider whether a new dependency is added to the appropriate place (e.g., `[dependencies]` versus `[dev-dependencies]`)
+- If you see opportunities for the changes in a diff to use more idiomatic Rust, please make specific recommendations. For example, favor the use of expressions over `return`.
+- When introducing new code, be on the lookout for code that duplicates existing code. When found, propose a way to refactor the existing code such that it should be reused.
+- Each create in the Cargo workspace in `codex-rs` has a specific purpose: make a note if you believe new code is not introduced in the correct crate.
+- When possible, try to keep the `core` crate as small as possible. Non-core but shared logic is often a good candidate for `codex-rs/common`.
+- References to existing GitHub issues and PRs are encouraged, where appropriate, though you likely do not have network access, so may not be able to help here.
+
+{CODEX_ACTION_GITHUB_EVENT_PATH} contains the JSON that triggered this GitHub workflow. It contains the `base` and `head` refs that define this PR. Both refs are available locally.

.github/workflows/codex.yml

@@ -20,7 +20,7 @@ jobs:
       (github.event_name == 'issues' && (
         (github.event.action == 'labeled' && (github.event.label.name == 'codex-attempt' || github.event.label.name == 'codex-triage'))
       )) ||
-      (github.event_name == 'pull_request' && github.event.action == 'labeled' && github.event.label.name == 'codex-review')
+      (github.event_name == 'pull_request' && github.event.action == 'labeled' && (github.event.label.name == 'codex-review' || github.event.label.name == 'codex-rust-review'))
     runs-on: ubuntu-latest
     permissions:
       contents: write # can push or create branches

.vscode/extensions.json

@@ -0,0 +1,5 @@
+{
+    "recommendations": [
+        "tamasfe.even-better-toml",
+    ]
+}

.vscode/settings.json

@@ -6,5 +6,11 @@
     "[rust]": {
         "editor.defaultFormatter": "rust-lang.rust-analyzer",
         "editor.formatOnSave": true,
-    }
+    },
+    "[toml]": {
+        "editor.defaultFormatter": "tamasfe.even-better-toml",
+        "editor.formatOnSave": true,
+    },
+    "evenBetterToml.formatter.reorderArrays": true,
+    "evenBetterToml.formatter.reorderKeys": true,
 }

NOTICE

@@ -1,2 +1,6 @@
 OpenAI Codex
 Copyright 2025 OpenAI
+
+This project includes code derived from [Ratatui](https://github.com/ratatui/ratatui), licensed under the MIT license.
+Copyright (c) 2016-2022 Florian Dehau
+Copyright (c) 2023-2025 The Ratatui Developers

README.md

@@ -95,6 +95,12 @@ codex login
 
 If you complete the process successfully, you should have a `~/.codex/auth.json` file that contains the credentials that Codex will use.
 
+To verify whether you are currently logged in, run:
+
+```
+codex login status
+```
+
 If you encounter problems with the login flow, please comment on <https://github.com/openai/codex/issues/1243>.
 
 <details>

SUMMARY.md

@@ -0,0 +1,21 @@
+You are a summarization assistant. A conversation follows between a user and a coding-focused AI (Codex). Your task is to generate a clear summary capturing:
+
+• High-level objective or problem being solved  
+• Key instructions or design decisions given by the user  
+• Main code actions or behaviors from the AI  
+• Important variables, functions, modules, or outputs discussed  
+• Any unresolved questions or next steps
+
+Produce the summary in a structured format like:
+
+**Objective:** …
+
+**User instructions:** … (bulleted)
+
+**AI actions / code behavior:** … (bulleted)
+
+**Important entities:** … (e.g. function names, variables, files)
+
+**Open issues / next steps:** … (if any)
+
+**Summary (concise):** (one or two sentences)

codex-rs/Cargo.lock

@@ -673,7 +673,9 @@ dependencies = [
  "async-channel",
  "base64 0.22.1",
  "bytes",
+ "chrono",
  "codex-apply-patch",
+ "codex-login",
  "codex-mcp-client",
  "core_test_support",
  "dirs",
@@ -791,6 +793,7 @@ dependencies = [
  "reqwest",
  "serde",
  "serde_json",
+ "tempfile",
  "tokio",
 ]
 
@@ -822,6 +825,7 @@ dependencies = [
  "serde",
  "serde_json",
  "shlex",
+ "strum_macros 0.27.2",
  "tempfile",
  "tokio",
  "tokio-test",
@@ -2639,6 +2643,7 @@ version = "0.0.0"
 dependencies = [
  "anyhow",
  "assert_cmd",
+ "codex-core",
  "codex-mcp-server",
  "mcp-types",
  "pretty_assertions",
@@ -2646,6 +2651,7 @@ dependencies = [
  "shlex",
  "tempfile",
  "tokio",
+ "uuid",
  "wiremock",
 ]
 

codex-rs/Cargo.toml

@@ -1,5 +1,4 @@
 [workspace]
-resolver = "2"
 members = [
     "ansi-escape",
     "apply-patch",
@@ -17,6 +16,7 @@ members = [
     "mcp-types",
     "tui",
 ]
+resolver = "2"
 
 [workspace.package]
 version = "0.0.0"
@@ -45,4 +45,3 @@ codegen-units = 1
 [patch.crates-io]
 # ratatui = { path = "../../ratatui" }
 ratatui = { git = "https://github.com/nornagon/ratatui", branch = "nornagon-v0.29.0-patch" }
-

codex-rs/ansi-escape/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
+edition = "2024"
 name = "codex-ansi-escape"
 version = { workspace = true }
-edition = "2024"
 
 [lib]
 name = "codex_ansi_escape"
@@ -10,7 +10,7 @@ path = "src/lib.rs"
 [dependencies]
 ansi-to-tui = "7.0.0"
 ratatui = { version = "0.29.0", features = [
-    "unstable-widget-ref",
     "unstable-rendered-line-info",
+    "unstable-widget-ref",
 ] }
 tracing = { version = "0.1.41", features = ["log"] }

codex-rs/apply-patch/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
+edition = "2024"
 name = "codex-apply-patch"
 version = { workspace = true }
-edition = "2024"
 
 [lib]
 name = "codex_apply_patch"

codex-rs/apply-patch/src/lib.rs

@@ -58,16 +58,24 @@ impl PartialEq for IoError {
 
 #[derive(Debug, PartialEq)]
 pub enum MaybeApplyPatch {
-    Body(Vec<Hunk>),
+    Body(ApplyPatchArgs),
     ShellParseError(ExtractHeredocError),
     PatchParseError(ParseError),
     NotApplyPatch,
 }
 
+/// Both the raw PATCH argument to `apply_patch` as well as the PATCH argument
+/// parsed into hunks.
+#[derive(Debug, PartialEq)]
+pub struct ApplyPatchArgs {
+    pub patch: String,
+    pub hunks: Vec<Hunk>,
+}
+
 pub fn maybe_parse_apply_patch(argv: &[String]) -> MaybeApplyPatch {
     match argv {
         [cmd, body] if cmd == "apply_patch" => match parse_patch(body) {
-            Ok(hunks) => MaybeApplyPatch::Body(hunks),
+            Ok(source) => MaybeApplyPatch::Body(source),
             Err(e) => MaybeApplyPatch::PatchParseError(e),
         },
         [bash, flag, script]
@@ -77,7 +85,7 @@ pub fn maybe_parse_apply_patch(argv: &[String]) -> MaybeApplyPatch {
         {
             match extract_heredoc_body_from_apply_patch_command(script) {
                 Ok(body) => match parse_patch(&body) {
-                    Ok(hunks) => MaybeApplyPatch::Body(hunks),
+                    Ok(source) => MaybeApplyPatch::Body(source),
                     Err(e) => MaybeApplyPatch::PatchParseError(e),
                 },
                 Err(e) => MaybeApplyPatch::ShellParseError(e),
@@ -116,11 +124,19 @@ pub enum MaybeApplyPatchVerified {
     NotApplyPatch,
 }
 
-#[derive(Debug, PartialEq)]
 /// ApplyPatchAction is the result of parsing an `apply_patch` command. By
 /// construction, all paths should be absolute paths.
+#[derive(Debug, PartialEq)]
 pub struct ApplyPatchAction {
     changes: HashMap<PathBuf, ApplyPatchFileChange>,
+
+    /// The raw patch argument that can be used with `apply_patch` as an exec
+    /// call. i.e., if the original arg was parsed in "lenient" mode with a
+    /// heredoc, this should be the value without the heredoc wrapper.
+    pub patch: String,
+
+    /// The working directory that was used to resolve relative paths in the patch.
+    pub cwd: PathBuf,
 }
 
 impl ApplyPatchAction {
@@ -140,8 +156,28 @@ impl ApplyPatchAction {
             panic!("path must be absolute");
         }
 
+        #[allow(clippy::expect_used)]
+        let filename = path
+            .file_name()
+            .expect("path should not be empty")
+            .to_string_lossy();
+        let patch = format!(
+            r#"*** Begin Patch
+*** Update File: {filename}
+@@
++ {content}
+*** End Patch"#,
+        );
         let changes = HashMap::from([(path.to_path_buf(), ApplyPatchFileChange::Add { content })]);
-        Self { changes }
+        #[allow(clippy::expect_used)]
+        Self {
+            changes,
+            cwd: path
+                .parent()
+                .expect("path should have parent")
+                .to_path_buf(),
+            patch,
+        }
     }
 }
 
@@ -149,7 +185,7 @@ impl ApplyPatchAction {
 /// patch.
 pub fn maybe_parse_apply_patch_verified(argv: &[String], cwd: &Path) -> MaybeApplyPatchVerified {
     match maybe_parse_apply_patch(argv) {
-        MaybeApplyPatch::Body(hunks) => {
+        MaybeApplyPatch::Body(ApplyPatchArgs { patch, hunks }) => {
             let mut changes = HashMap::new();
             for hunk in hunks {
                 let path = hunk.resolve_path(cwd);
@@ -183,7 +219,11 @@ pub fn maybe_parse_apply_patch_verified(argv: &[String], cwd: &Path) -> MaybeApp
                     }
                 }
             }
-            MaybeApplyPatchVerified::Body(ApplyPatchAction { changes })
+            MaybeApplyPatchVerified::Body(ApplyPatchAction {
+                changes,
+                patch,
+                cwd: cwd.to_path_buf(),
+            })
         }
         MaybeApplyPatch::ShellParseError(e) => MaybeApplyPatchVerified::ShellParseError(e),
         MaybeApplyPatch::PatchParseError(e) => MaybeApplyPatchVerified::CorrectnessError(e.into()),
@@ -264,7 +304,7 @@ pub fn apply_patch(
     stderr: &mut impl std::io::Write,
 ) -> Result<(), ApplyPatchError> {
     let hunks = match parse_patch(patch) {
-        Ok(hunks) => hunks,
+        Ok(source) => source.hunks,
         Err(e) => {
             match &e {
                 InvalidPatchError(message) => {
@@ -652,7 +692,7 @@ mod tests {
         ]);
 
         match maybe_parse_apply_patch(&args) {
-            MaybeApplyPatch::Body(hunks) => {
+            MaybeApplyPatch::Body(ApplyPatchArgs { hunks, patch: _ }) => {
                 assert_eq!(
                     hunks,
                     vec![Hunk::AddFile {
@@ -679,7 +719,7 @@ PATCH"#,
         ]);
 
         match maybe_parse_apply_patch(&args) {
-            MaybeApplyPatch::Body(hunks) => {
+            MaybeApplyPatch::Body(ApplyPatchArgs { hunks, patch: _ }) => {
                 assert_eq!(
                     hunks,
                     vec![Hunk::AddFile {
@@ -954,7 +994,7 @@ PATCH"#,
         ));
         let patch = parse_patch(&patch).unwrap();
 
-        let update_file_chunks = match patch.as_slice() {
+        let update_file_chunks = match patch.hunks.as_slice() {
             [Hunk::UpdateFile { chunks, .. }] => chunks,
             _ => panic!("Expected a single UpdateFile hunk"),
         };
@@ -992,7 +1032,7 @@ PATCH"#,
         ));
 
         let patch = parse_patch(&patch).unwrap();
-        let chunks = match patch.as_slice() {
+        let chunks = match patch.hunks.as_slice() {
             [Hunk::UpdateFile { chunks, .. }] => chunks,
             _ => panic!("Expected a single UpdateFile hunk"),
         };
@@ -1029,7 +1069,7 @@ PATCH"#,
         ));
 
         let patch = parse_patch(&patch).unwrap();
-        let chunks = match patch.as_slice() {
+        let chunks = match patch.hunks.as_slice() {
             [Hunk::UpdateFile { chunks, .. }] => chunks,
             _ => panic!("Expected a single UpdateFile hunk"),
         };
@@ -1064,7 +1104,7 @@ PATCH"#,
         ));
 
         let patch = parse_patch(&patch).unwrap();
-        let chunks = match patch.as_slice() {
+        let chunks = match patch.hunks.as_slice() {
             [Hunk::UpdateFile { chunks, .. }] => chunks,
             _ => panic!("Expected a single UpdateFile hunk"),
         };
@@ -1110,7 +1150,7 @@ PATCH"#,
 
         // Extract chunks then build the unified diff.
         let parsed = parse_patch(&patch).unwrap();
-        let chunks = match parsed.as_slice() {
+        let chunks = match parsed.hunks.as_slice() {
             [Hunk::UpdateFile { chunks, .. }] => chunks,
             _ => panic!("Expected a single UpdateFile hunk"),
         };
@@ -1193,6 +1233,8 @@ g
                         new_content: "updated session directory content\n".to_string(),
                     },
                 )]),
+                patch: argv[1].clone(),
+                cwd: session_dir.path().to_path_buf(),
             })
         );
     }

codex-rs/apply-patch/src/parser.rs

@@ -22,6 +22,7 @@
 //!
 //! The parser below is a little more lenient than the explicit spec and allows for
 //! leading/trailing whitespace around patch markers.
+use crate::ApplyPatchArgs;
 use std::path::Path;
 use std::path::PathBuf;
 
@@ -102,7 +103,7 @@ pub struct UpdateFileChunk {
     pub is_end_of_file: bool,
 }
 
-pub fn parse_patch(patch: &str) -> Result<Vec<Hunk>, ParseError> {
+pub fn parse_patch(patch: &str) -> Result<ApplyPatchArgs, ParseError> {
     let mode = if PARSE_IN_STRICT_MODE {
         ParseMode::Strict
     } else {
@@ -150,7 +151,7 @@ enum ParseMode {
     Lenient,
 }
 
-fn parse_patch_text(patch: &str, mode: ParseMode) -> Result<Vec<Hunk>, ParseError> {
+fn parse_patch_text(patch: &str, mode: ParseMode) -> Result<ApplyPatchArgs, ParseError> {
     let lines: Vec<&str> = patch.trim().lines().collect();
     let lines: &[&str] = match check_patch_boundaries_strict(&lines) {
         Ok(()) => &lines,
@@ -173,7 +174,8 @@ fn parse_patch_text(patch: &str, mode: ParseMode) -> Result<Vec<Hunk>, ParseErro
         line_number += hunk_lines;
         remaining_lines = &remaining_lines[hunk_lines..]
     }
-    Ok(hunks)
+    let patch = lines.join("\n");
+    Ok(ApplyPatchArgs { hunks, patch })
 }
 
 /// Checks the start and end lines of the patch text for `apply_patch`,
@@ -425,6 +427,7 @@ fn parse_update_file_chunk(
 }
 
 #[test]
+#[allow(clippy::unwrap_used)]
 fn test_parse_patch() {
     assert_eq!(
         parse_patch_text("bad", ParseMode::Strict),
@@ -455,8 +458,10 @@ fn test_parse_patch() {
             "*** Begin Patch\n\
              *** End Patch",
             ParseMode::Strict
-        ),
-        Ok(Vec::new())
+        )
+        .unwrap()
+        .hunks,
+        Vec::new()
     );
     assert_eq!(
         parse_patch_text(
@@ -472,8 +477,10 @@ fn test_parse_patch() {
              +    return 123\n\
              *** End Patch",
             ParseMode::Strict
-        ),
-        Ok(vec![
+        )
+        .unwrap()
+        .hunks,
+        vec![
             AddFile {
                 path: PathBuf::from("path/add.py"),
                 contents: "abc\ndef\n".to_string()
@@ -491,7 +498,7 @@ fn test_parse_patch() {
                     is_end_of_file: false
                 }]
             }
-        ])
+        ]
     );
     // Update hunk followed by another hunk (Add File).
     assert_eq!(
@@ -504,8 +511,10 @@ fn test_parse_patch() {
              +content\n\
              *** End Patch",
             ParseMode::Strict
-        ),
-        Ok(vec![
+        )
+        .unwrap()
+        .hunks,
+        vec![
             UpdateFile {
                 path: PathBuf::from("file.py"),
                 move_path: None,
@@ -520,7 +529,7 @@ fn test_parse_patch() {
                 path: PathBuf::from("other.py"),
                 contents: "content\n".to_string()
             }
-        ])
+        ]
     );
 
     // Update hunk without an explicit @@ header for the first chunk should parse.
@@ -533,8 +542,10 @@ fn test_parse_patch() {
 +bar
 *** End Patch"#,
             ParseMode::Strict
-        ),
-        Ok(vec![UpdateFile {
+        )
+        .unwrap()
+        .hunks,
+        vec![UpdateFile {
             path: PathBuf::from("file2.py"),
             move_path: None,
             chunks: vec![UpdateFileChunk {
@@ -543,7 +554,7 @@ fn test_parse_patch() {
                 new_lines: vec!["import foo".to_string(), "bar".to_string()],
                 is_end_of_file: false,
             }],
-        }])
+        }]
     );
 }
 
@@ -574,7 +585,10 @@ fn test_parse_patch_lenient() {
     );
     assert_eq!(
         parse_patch_text(&patch_text_in_heredoc, ParseMode::Lenient),
-        Ok(expected_patch.clone())
+        Ok(ApplyPatchArgs {
+            hunks: expected_patch.clone(),
+            patch: patch_text.to_string()
+        })
     );
 
     let patch_text_in_single_quoted_heredoc = format!("<<'EOF'\n{patch_text}\nEOF\n");
@@ -584,7 +598,10 @@ fn test_parse_patch_lenient() {
     );
     assert_eq!(
         parse_patch_text(&patch_text_in_single_quoted_heredoc, ParseMode::Lenient),
-        Ok(expected_patch.clone())
+        Ok(ApplyPatchArgs {
+            hunks: expected_patch.clone(),
+            patch: patch_text.to_string()
+        })
     );
 
     let patch_text_in_double_quoted_heredoc = format!("<<\"EOF\"\n{patch_text}\nEOF\n");
@@ -594,7 +611,10 @@ fn test_parse_patch_lenient() {
     );
     assert_eq!(
         parse_patch_text(&patch_text_in_double_quoted_heredoc, ParseMode::Lenient),
-        Ok(expected_patch.clone())
+        Ok(ApplyPatchArgs {
+            hunks: expected_patch.clone(),
+            patch: patch_text.to_string()
+        })
     );
 
     let patch_text_in_mismatched_quotes_heredoc = format!("<<\"EOF'\n{patch_text}\nEOF\n");

codex-rs/arg0/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
+edition = "2024"
 name = "codex-arg0"
 version = { workspace = true }
-edition = "2024"
 
 [lib]
 name = "codex_arg0"

codex-rs/arg0/src/lib.rs

@@ -2,6 +2,8 @@ use std::future::Future;
 use std::path::Path;
 use std::path::PathBuf;
 
+use codex_core::CODEX_APPLY_PATCH_ARG1;
+
 /// While we want to deploy the Codex CLI as a single executable for simplicity,
 /// we also want to expose some of its functionality as distinct CLIs, so we use
 /// the "arg0 trick" to determine which CLI to dispatch. This effectively allows
@@ -43,7 +45,7 @@ where
     }
 
     let argv1 = args.next().unwrap_or_default();
-    if argv1 == "--codex-run-as-apply-patch" {
+    if argv1 == CODEX_APPLY_PATCH_ARG1 {
         let patch_arg = args.next().and_then(|s| s.to_str().map(|s| s.to_owned()));
         let exit_code = match patch_arg {
             Some(patch_arg) => {
@@ -55,7 +57,7 @@ where
                 }
             }
             None => {
-                eprintln!("Error: --codex-run-as-apply-patch requires a UTF-8 PATCH argument.");
+                eprintln!("Error: {CODEX_APPLY_PATCH_ARG1} requires a UTF-8 PATCH argument.");
                 1
             }
         };

codex-rs/chatgpt/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
+edition = "2024"
 name = "codex-chatgpt"
 version = { workspace = true }
-edition = "2024"
 
 [lints]
 workspace = true
@@ -9,12 +9,12 @@ workspace = true
 [dependencies]
 anyhow = "1"
 clap = { version = "4", features = ["derive"] }
-serde = { version = "1", features = ["derive"] }
-serde_json = "1"
 codex-common = { path = "../common", features = ["cli"] }
 codex-core = { path = "../core" }
 codex-login = { path = "../login" }
 reqwest = { version = "0.12", features = ["json", "stream"] }
+serde = { version = "1", features = ["derive"] }
+serde_json = "1"
 tokio = { version = "1", features = ["full"] }
 
 [dev-dependencies]

codex-rs/chatgpt/src/chatgpt_client.rs

@@ -21,10 +21,14 @@ pub(crate) async fn chatgpt_get_request<T: DeserializeOwned>(
     let token =
         get_chatgpt_token_data().ok_or_else(|| anyhow::anyhow!("ChatGPT token not available"))?;
 
+    let account_id = token.account_id.ok_or_else(|| {
+        anyhow::anyhow!("ChatGPT account ID not available, please re-run `codex login`")
+    });
+
     let response = client
         .get(&url)
         .bearer_auth(&token.access_token)
-        .header("chatgpt-account-id", &token.account_id)
+        .header("chatgpt-account-id", account_id?)
         .header("Content-Type", "application/json")
         .header("User-Agent", "codex-cli")
         .send()

codex-rs/chatgpt/src/chatgpt_token.rs

@@ -18,7 +18,10 @@ pub fn set_chatgpt_token_data(value: TokenData) {
 
 /// Initialize the ChatGPT token from auth.json file
 pub async fn init_chatgpt_token_from_auth(codex_home: &Path) -> std::io::Result<()> {
-    let auth_json = codex_login::try_read_auth_json(codex_home).await?;
-    set_chatgpt_token_data(auth_json.tokens.clone());
+    let auth = codex_login::load_auth(codex_home, true)?;
+    if let Some(auth) = auth {
+        let token_data = auth.get_token_data().await?;
+        set_chatgpt_token_data(token_data);
+    }
     Ok(())
 }

codex-rs/chatgpt/tests/apply_command_e2e.rs

@@ -10,8 +10,13 @@ use tokio::process::Command;
 async fn create_temp_git_repo() -> anyhow::Result<TempDir> {
     let temp_dir = TempDir::new()?;
     let repo_path = temp_dir.path();
+    let envs = vec![
+        ("GIT_CONFIG_GLOBAL", "/dev/null"),
+        ("GIT_CONFIG_NOSYSTEM", "1"),
+    ];
 
     let output = Command::new("git")
+        .envs(envs.clone())
         .args(["init"])
         .current_dir(repo_path)
         .output()
@@ -25,12 +30,14 @@ async fn create_temp_git_repo() -> anyhow::Result<TempDir> {
     }
 
     Command::new("git")
+        .envs(envs.clone())
         .args(["config", "user.email", "test@example.com"])
         .current_dir(repo_path)
         .output()
         .await?;
 
     Command::new("git")
+        .envs(envs.clone())
         .args(["config", "user.name", "Test User"])
         .current_dir(repo_path)
         .output()
@@ -39,12 +46,14 @@ async fn create_temp_git_repo() -> anyhow::Result<TempDir> {
     std::fs::write(repo_path.join("README.md"), "# Test Repo\n")?;
 
     Command::new("git")
+        .envs(envs.clone())
         .args(["add", "README.md"])
         .current_dir(repo_path)
         .output()
         .await?;
 
     let output = Command::new("git")
+        .envs(envs.clone())
         .args(["commit", "-m", "Initial commit"])
         .current_dir(repo_path)
         .output()

codex-rs/cli/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
+edition = "2024"
 name = "codex-cli"
 version = { workspace = true }
-edition = "2024"
 
 [[bin]]
 name = "codex"
@@ -20,8 +20,8 @@ clap = { version = "4", features = ["derive"] }
 clap_complete = "4"
 codex-arg0 = { path = "../arg0" }
 codex-chatgpt = { path = "../chatgpt" }
-codex-core = { path = "../core" }
 codex-common = { path = "../common", features = ["cli"] }
+codex-core = { path = "../core" }
 codex-exec = { path = "../exec" }
 codex-login = { path = "../login" }
 codex-mcp-server = { path = "../mcp-server" }

codex-rs/cli/src/debug_sandbox.rs

@@ -4,10 +4,10 @@ use codex_common::CliConfigOverrides;
 use codex_core::config::Config;
 use codex_core::config::ConfigOverrides;
 use codex_core::config_types::SandboxMode;
-use codex_core::exec::StdioPolicy;
 use codex_core::exec::spawn_command_under_linux_sandbox;
-use codex_core::exec::spawn_command_under_seatbelt;
 use codex_core::exec_env::create_env;
+use codex_core::seatbelt::spawn_command_under_seatbelt;
+use codex_core::spawn::StdioPolicy;
 
 use crate::LandlockCommand;
 use crate::SeatbeltCommand;

codex-rs/cli/src/login.rs

@@ -1,25 +1,16 @@
+use std::env;
+
 use codex_common::CliConfigOverrides;
 use codex_core::config::Config;
 use codex_core::config::ConfigOverrides;
+use codex_login::AuthMode;
+use codex_login::OPENAI_API_KEY_ENV_VAR;
+use codex_login::load_auth;
+use codex_login::login_with_api_key;
 use codex_login::login_with_chatgpt;
 
 pub async fn run_login_with_chatgpt(cli_config_overrides: CliConfigOverrides) -> ! {
-    let cli_overrides = match cli_config_overrides.parse_overrides() {
-        Ok(v) => v,
-        Err(e) => {
-            eprintln!("Error parsing -c overrides: {e}");
-            std::process::exit(1);
-        }
-    };
-
-    let config_overrides = ConfigOverrides::default();
-    let config = match Config::load_with_cli_overrides(cli_overrides, config_overrides) {
-        Ok(config) => config,
-        Err(e) => {
-            eprintln!("Error loading configuration: {e}");
-            std::process::exit(1);
-        }
-    };
+    let config = load_config_or_exit(cli_config_overrides);
 
     let capture_output = false;
     match login_with_chatgpt(&config.codex_home, capture_output).await {
@@ -33,3 +24,103 @@ pub async fn run_login_with_chatgpt(cli_config_overrides: CliConfigOverrides) ->
         }
     }
 }
+
+pub async fn run_login_with_api_key(
+    cli_config_overrides: CliConfigOverrides,
+    api_key: String,
+) -> ! {
+    let config = load_config_or_exit(cli_config_overrides);
+
+    match login_with_api_key(&config.codex_home, &api_key) {
+        Ok(_) => {
+            eprintln!("Successfully logged in");
+            std::process::exit(0);
+        }
+        Err(e) => {
+            eprintln!("Error logging in: {e}");
+            std::process::exit(1);
+        }
+    }
+}
+
+pub async fn run_login_status(cli_config_overrides: CliConfigOverrides) -> ! {
+    let config = load_config_or_exit(cli_config_overrides);
+
+    match load_auth(&config.codex_home, true) {
+        Ok(Some(auth)) => match auth.mode {
+            AuthMode::ApiKey => {
+                if let Some(api_key) = auth.api_key.as_deref() {
+                    eprintln!("Logged in using an API key - {}", safe_format_key(api_key));
+
+                    if let Ok(env_api_key) = env::var(OPENAI_API_KEY_ENV_VAR) {
+                        if env_api_key == api_key {
+                            eprintln!(
+                                "   API loaded from OPENAI_API_KEY environment variable or .env file"
+                            );
+                        }
+                    }
+                } else {
+                    eprintln!("Logged in using an API key");
+                }
+                std::process::exit(0);
+            }
+            AuthMode::ChatGPT => {
+                eprintln!("Logged in using ChatGPT");
+                std::process::exit(0);
+            }
+        },
+        Ok(None) => {
+            eprintln!("Not logged in");
+            std::process::exit(1);
+        }
+        Err(e) => {
+            eprintln!("Error checking login status: {e}");
+            std::process::exit(1);
+        }
+    }
+}
+
+fn load_config_or_exit(cli_config_overrides: CliConfigOverrides) -> Config {
+    let cli_overrides = match cli_config_overrides.parse_overrides() {
+        Ok(v) => v,
+        Err(e) => {
+            eprintln!("Error parsing -c overrides: {e}");
+            std::process::exit(1);
+        }
+    };
+
+    let config_overrides = ConfigOverrides::default();
+    match Config::load_with_cli_overrides(cli_overrides, config_overrides) {
+        Ok(config) => config,
+        Err(e) => {
+            eprintln!("Error loading configuration: {e}");
+            std::process::exit(1);
+        }
+    }
+}
+
+fn safe_format_key(key: &str) -> String {
+    if key.len() <= 13 {
+        return "***".to_string();
+    }
+    let prefix = &key[..8];
+    let suffix = &key[key.len() - 5..];
+    format!("{prefix}***{suffix}")
+}
+
+#[cfg(test)]
+mod tests {
+    use super::safe_format_key;
+
+    #[test]
+    fn formats_long_key() {
+        let key = "sk-proj-1234567890ABCDE";
+        assert_eq!(safe_format_key(key), "sk-proj-***ABCDE");
+    }
+
+    #[test]
+    fn short_key_returns_stars() {
+        let key = "sk-proj-12345";
+        assert_eq!(safe_format_key(key), "***");
+    }
+}

codex-rs/cli/src/main.rs

@@ -7,6 +7,8 @@ use codex_chatgpt::apply_command::ApplyCommand;
 use codex_chatgpt::apply_command::run_apply_command;
 use codex_cli::LandlockCommand;
 use codex_cli::SeatbeltCommand;
+use codex_cli::login::run_login_status;
+use codex_cli::login::run_login_with_api_key;
 use codex_cli::login::run_login_with_chatgpt;
 use codex_cli::proto;
 use codex_common::CliConfigOverrides;
@@ -43,7 +45,7 @@ enum Subcommand {
     #[clap(visible_alias = "e")]
     Exec(ExecCli),
 
-    /// Login with ChatGPT.
+    /// Manage login.
     Login(LoginCommand),
 
     /// Experimental: run Codex as an MCP server.
@@ -90,6 +92,18 @@ enum DebugCommand {
 struct LoginCommand {
     #[clap(skip)]
     config_overrides: CliConfigOverrides,
+
+    #[arg(long = "api-key", value_name = "API_KEY")]
+    api_key: Option<String>,
+
+    #[command(subcommand)]
+    action: Option<LoginSubcommand>,
+}
+
+#[derive(Debug, clap::Subcommand)]
+enum LoginSubcommand {
+    /// Show login status.
+    Status,
 }
 
 fn main() -> anyhow::Result<()> {
@@ -106,7 +120,7 @@ async fn cli_main(codex_linux_sandbox_exe: Option<PathBuf>) -> anyhow::Result<()
         None => {
             let mut tui_cli = cli.interactive;
             prepend_config_flags(&mut tui_cli.config_overrides, cli.config_overrides);
-            let usage = codex_tui::run_main(tui_cli, codex_linux_sandbox_exe)?;
+            let usage = codex_tui::run_main(tui_cli, codex_linux_sandbox_exe).await?;
             println!("{}", codex_core::protocol::FinalOutput::from(usage));
         }
         Some(Subcommand::Exec(mut exec_cli)) => {
@@ -118,7 +132,18 @@ async fn cli_main(codex_linux_sandbox_exe: Option<PathBuf>) -> anyhow::Result<()
         }
         Some(Subcommand::Login(mut login_cli)) => {
             prepend_config_flags(&mut login_cli.config_overrides, cli.config_overrides);
-            run_login_with_chatgpt(login_cli.config_overrides).await;
+            match login_cli.action {
+                Some(LoginSubcommand::Status) => {
+                    run_login_status(login_cli.config_overrides).await;
+                }
+                None => {
+                    if let Some(api_key) = login_cli.api_key {
+                        run_login_with_api_key(login_cli.config_overrides, api_key).await;
+                    } else {
+                        run_login_with_chatgpt(login_cli.config_overrides).await;
+                    }
+                }
+            }
         }
         Some(Subcommand::Proto(mut proto_cli)) => {
             prepend_config_flags(&mut proto_cli.config_overrides, cli.config_overrides);

codex-rs/cli/src/proto.rs

@@ -9,6 +9,7 @@ use codex_core::config::Config;
 use codex_core::config::ConfigOverrides;
 use codex_core::protocol::Submission;
 use codex_core::util::notify_on_sigint;
+use codex_login::load_auth;
 use tokio::io::AsyncBufReadExt;
 use tokio::io::BufReader;
 use tracing::error;
@@ -35,8 +36,9 @@ pub async fn run_main(opts: ProtoCli) -> anyhow::Result<()> {
         .map_err(anyhow::Error::msg)?;
 
     let config = Config::load_with_cli_overrides(overrides_vec, ConfigOverrides::default())?;
+    let auth = load_auth(&config.codex_home, true)?;
     let ctrl_c = notify_on_sigint();
-    let CodexSpawnOk { codex, .. } = Codex::spawn(config, ctrl_c.clone()).await?;
+    let CodexSpawnOk { codex, .. } = Codex::spawn(config, auth, ctrl_c.clone()).await?;
     let codex = Arc::new(codex);
 
     // Task that reads JSON lines from stdin and forwards to Submission Queue

codex-rs/common/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
+edition = "2024"
 name = "codex-common"
 version = { workspace = true }
-edition = "2024"
 
 [lints]
 workspace = true
@@ -9,11 +9,11 @@ workspace = true
 [dependencies]
 clap = { version = "4", features = ["derive", "wrap_help"], optional = true }
 codex-core = { path = "../core" }
-toml = { version = "0.9", optional = true }
 serde = { version = "1", optional = true }
+toml = { version = "0.9", optional = true }
 
 [features]
 # Separate feature so that `clap` is not a mandatory dependency.
-cli = ["clap", "toml", "serde"]
+cli = ["clap", "serde", "toml"]
 elapsed = []
 sandbox_summary = []

codex-rs/config.md

@@ -110,12 +110,15 @@ stream_idle_timeout_ms = 300000    # 5m idle timeout
 ```
 
 #### request_max_retries
+
 How many times Codex will retry a failed HTTP request to the model provider. Defaults to `4`.
 
 #### stream_max_retries
+
 Number of times Codex will attempt to reconnect when a streaming response is interrupted. Defaults to `10`.
 
 #### stream_idle_timeout_ms
+
 How long Codex will wait for activity on a streaming response before treating the connection as lost. Defaults to `300_000` (5 minutes).
 
 ## model_provider

codex-rs/core/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
+edition = "2024"
 name = "codex-core"
 version = { workspace = true }
-edition = "2024"
 
 [lib]
 name = "codex_core"
@@ -15,7 +15,9 @@ anyhow = "1"
 async-channel = "2.3.1"
 base64 = "0.22"
 bytes = "1.10.1"
+chrono = { version = "0.4", features = ["serde"] }
 codex-apply-patch = { path = "../apply-patch" }
+codex-login = { path = "../login" }
 codex-mcp-client = { path = "../mcp-client" }
 dirs = "6"
 env-flags = "0.1.1"
@@ -47,8 +49,8 @@ tracing = { version = "0.1.41", features = ["log"] }
 tree-sitter = "0.25.8"
 tree-sitter-bash = "0.25.0"
 uuid = { version = "1", features = ["serde", "v4"] }
-wildmatch = "2.4.0"
 whoami = "1.6.0"
+wildmatch = "2.4.0"
 
 
 [target.'cfg(target_os = "linux")'.dependencies]

codex-rs/core/prompt.md

@@ -96,3 +96,12 @@ You can invoke apply_patch like:
 ```
 shell {"command":["apply_patch","*** Begin Patch\n*** Add File: hello.txt\n+Hello, world!\n*** End Patch\n"]}
 ```
+
+Plan updates
+
+A tool named `update_plan` is available. Use it to keep an up‑to‑date, step‑by‑step plan for the task so you can follow your progress. When making your plans, keep in mind that you are a deployed coding agent - `update_plan` calls should not involve doing anything that you aren't capable of doing. For example, `update_plan` calls should NEVER contain tasks to merge your own pull requests. Only stop to ask the user if you genuinely need their feedback on a change.
+
+- At the start of the task, call `update_plan` with an initial plan: a short list of 1‑sentence steps with a `status` for each step (`pending`, `in_progress`, or `completed`). There should always be exactly one `in_progress` step until everything is done.
+- Whenever you finish a step, call `update_plan` again, marking the finished step as `completed` and the next step as `in_progress`.
+- If your plan needs to change, call `update_plan` with the revised steps and include an `explanation` describing the change.
+- When all steps are complete, make a final `update_plan` call with all steps marked `completed`.

codex-rs/core/src/apply_patch.rs

@@ -1,277 +1,107 @@
 use crate::codex::Session;
 use crate::models::FunctionCallOutputPayload;
 use crate::models::ResponseInputItem;
-use crate::protocol::Event;
-use crate::protocol::EventMsg;
 use crate::protocol::FileChange;
-use crate::protocol::PatchApplyBeginEvent;
-use crate::protocol::PatchApplyEndEvent;
 use crate::protocol::ReviewDecision;
 use crate::safety::SafetyCheck;
 use crate::safety::assess_patch_safety;
-use anyhow::Context;
-use codex_apply_patch::AffectedPaths;
 use codex_apply_patch::ApplyPatchAction;
 use codex_apply_patch::ApplyPatchFileChange;
-use codex_apply_patch::print_summary;
 use std::collections::HashMap;
 use std::path::Path;
 use std::path::PathBuf;
 
+pub const CODEX_APPLY_PATCH_ARG1: &str = "--codex-run-as-apply-patch";
+
+pub(crate) enum InternalApplyPatchInvocation {
+    /// The `apply_patch` call was handled programmatically, without any sort
+    /// of sandbox, because the user explicitly approved it. This is the
+    /// result to use with the `shell` function call that contained `apply_patch`.
+    Output(ResponseInputItem),
+
+    /// The `apply_patch` call was approved, either automatically because it
+    /// appears that it should be allowed based on the user's sandbox policy
+    /// *or* because the user explicitly approved it. In either case, we use
+    /// exec with [`CODEX_APPLY_PATCH_ARG1`] to realize the `apply_patch` call,
+    /// but [`ApplyPatchExec::auto_approved`] is used to determine the sandbox
+    /// used with the `exec()`.
+    DelegateToExec(ApplyPatchExec),
+}
+
+pub(crate) struct ApplyPatchExec {
+    pub(crate) action: ApplyPatchAction,
+    pub(crate) user_explicitly_approved_this_action: bool,
+}
+
+impl From<ResponseInputItem> for InternalApplyPatchInvocation {
+    fn from(item: ResponseInputItem) -> Self {
+        InternalApplyPatchInvocation::Output(item)
+    }
+}
+
 pub(crate) async fn apply_patch(
     sess: &Session,
-    sub_id: String,
-    call_id: String,
+    sub_id: &str,
+    call_id: &str,
     action: ApplyPatchAction,
-) -> ResponseInputItem {
+) -> InternalApplyPatchInvocation {
     let writable_roots_snapshot = {
         #[allow(clippy::unwrap_used)]
         let guard = sess.writable_roots.lock().unwrap();
         guard.clone()
     };
 
-    let auto_approved = match assess_patch_safety(
+    match assess_patch_safety(
         &action,
         sess.approval_policy,
         &writable_roots_snapshot,
         &sess.cwd,
     ) {
-        SafetyCheck::AutoApprove { .. } => true,
+        SafetyCheck::AutoApprove { .. } => {
+            InternalApplyPatchInvocation::DelegateToExec(ApplyPatchExec {
+                action,
+                user_explicitly_approved_this_action: false,
+            })
+        }
         SafetyCheck::AskUser => {
             // Compute a readable summary of path changes to include in the
             // approval request so the user can make an informed decision.
+            //
+            // Note that it might be worth expanding this approval request to
+            // give the user the option to expand the set of writable roots so
+            // that similar patches can be auto-approved in the future during
+            // this session.
             let rx_approve = sess
-                .request_patch_approval(sub_id.clone(), call_id.clone(), &action, None, None)
+                .request_patch_approval(sub_id.to_owned(), call_id.to_owned(), &action, None, None)
                 .await;
             match rx_approve.await.unwrap_or_default() {
-                ReviewDecision::Approved | ReviewDecision::ApprovedForSession => false,
+                ReviewDecision::Approved | ReviewDecision::ApprovedForSession => {
+                    InternalApplyPatchInvocation::DelegateToExec(ApplyPatchExec {
+                        action,
+                        user_explicitly_approved_this_action: true,
+                    })
+                }
                 ReviewDecision::Denied | ReviewDecision::Abort => {
-                    return ResponseInputItem::FunctionCallOutput {
-                        call_id,
+                    ResponseInputItem::FunctionCallOutput {
+                        call_id: call_id.to_owned(),
                         output: FunctionCallOutputPayload {
                             content: "patch rejected by user".to_string(),
                             success: Some(false),
                         },
-                    };
+                    }
+                    .into()
                 }
             }
         }
-        SafetyCheck::Reject { reason } => {
-            return ResponseInputItem::FunctionCallOutput {
-                call_id,
-                output: FunctionCallOutputPayload {
-                    content: format!("patch rejected: {reason}"),
-                    success: Some(false),
-                },
-            };
-        }
-    };
-
-    // Verify write permissions before touching the filesystem.
-    let writable_snapshot = {
-        #[allow(clippy::unwrap_used)]
-        sess.writable_roots.lock().unwrap().clone()
-    };
-
-    if let Some(offending) = first_offending_path(&action, &writable_snapshot, &sess.cwd) {
-        let root = offending.parent().unwrap_or(&offending).to_path_buf();
-
-        let reason = Some(format!(
-            "grant write access to {} for this session",
-            root.display()
-        ));
-
-        let rx = sess
-            .request_patch_approval(
-                sub_id.clone(),
-                call_id.clone(),
-                &action,
-                reason.clone(),
-                Some(root.clone()),
-            )
-            .await;
-
-        if !matches!(
-            rx.await.unwrap_or_default(),
-            ReviewDecision::Approved | ReviewDecision::ApprovedForSession
-        ) {
-            return ResponseInputItem::FunctionCallOutput {
-                call_id,
-                output: FunctionCallOutputPayload {
-                    content: "patch rejected by user".to_string(),
-                    success: Some(false),
-                },
-            };
-        }
-
-        // user approved, extend writable roots for this session
-        #[allow(clippy::unwrap_used)]
-        sess.writable_roots.lock().unwrap().push(root);
-    }
-
-    let _ = sess
-        .tx_event
-        .send(Event {
-            id: sub_id.clone(),
-            msg: EventMsg::PatchApplyBegin(PatchApplyBeginEvent {
-                call_id: call_id.clone(),
-                auto_approved,
-                changes: convert_apply_patch_to_protocol(&action),
-            }),
-        })
-        .await;
-
-    let mut stdout = Vec::new();
-    let mut stderr = Vec::new();
-    // Enforce writable roots. If a write is blocked, collect offending root
-    // and prompt the user to extend permissions.
-    let mut result = apply_changes_from_apply_patch_and_report(&action, &mut stdout, &mut stderr);
-
-    if let Err(err) = &result {
-        if err.kind() == std::io::ErrorKind::PermissionDenied {
-            // Determine first offending path.
-            let offending_opt = action
-                .changes()
-                .iter()
-                .flat_map(|(path, change)| match change {
-                    ApplyPatchFileChange::Add { .. } => vec![path.as_ref()],
-                    ApplyPatchFileChange::Delete => vec![path.as_ref()],
-                    ApplyPatchFileChange::Update {
-                        move_path: Some(move_path),
-                        ..
-                    } => {
-                        vec![path.as_ref(), move_path.as_ref()]
-                    }
-                    ApplyPatchFileChange::Update {
-                        move_path: None, ..
-                    } => vec![path.as_ref()],
-                })
-                .find_map(|path: &Path| {
-                    // ApplyPatchAction promises to guarantee absolute paths.
-                    if !path.is_absolute() {
-                        panic!("apply_patch invariant failed: path is not absolute: {path:?}");
-                    }
-
-                    let writable = {
-                        #[allow(clippy::unwrap_used)]
-                        let roots = sess.writable_roots.lock().unwrap();
-                        roots.iter().any(|root| path.starts_with(root))
-                    };
-                    if writable {
-                        None
-                    } else {
-                        Some(path.to_path_buf())
-                    }
-                });
-
-            if let Some(offending) = offending_opt {
-                let root = offending.parent().unwrap_or(&offending).to_path_buf();
-
-                let reason = Some(format!(
-                    "grant write access to {} for this session",
-                    root.display()
-                ));
-                let rx = sess
-                    .request_patch_approval(
-                        sub_id.clone(),
-                        call_id.clone(),
-                        &action,
-                        reason.clone(),
-                        Some(root.clone()),
-                    )
-                    .await;
-                if matches!(
-                    rx.await.unwrap_or_default(),
-                    ReviewDecision::Approved | ReviewDecision::ApprovedForSession
-                ) {
-                    // Extend writable roots.
-                    #[allow(clippy::unwrap_used)]
-                    sess.writable_roots.lock().unwrap().push(root);
-                    stdout.clear();
-                    stderr.clear();
-                    result = apply_changes_from_apply_patch_and_report(
-                        &action,
-                        &mut stdout,
-                        &mut stderr,
-                    );
-                }
-            }
-        }
-    }
-
-    // Emit PatchApplyEnd event.
-    let success_flag = result.is_ok();
-    let _ = sess
-        .tx_event
-        .send(Event {
-            id: sub_id.clone(),
-            msg: EventMsg::PatchApplyEnd(PatchApplyEndEvent {
-                call_id: call_id.clone(),
-                stdout: String::from_utf8_lossy(&stdout).to_string(),
-                stderr: String::from_utf8_lossy(&stderr).to_string(),
-                success: success_flag,
-            }),
-        })
-        .await;
-
-    match result {
-        Ok(_) => ResponseInputItem::FunctionCallOutput {
-            call_id,
+        SafetyCheck::Reject { reason } => ResponseInputItem::FunctionCallOutput {
+            call_id: call_id.to_owned(),
             output: FunctionCallOutputPayload {
-                content: String::from_utf8_lossy(&stdout).to_string(),
-                success: None,
-            },
-        },
-        Err(e) => ResponseInputItem::FunctionCallOutput {
-            call_id,
-            output: FunctionCallOutputPayload {
-                content: format!("error: {e:#}, stderr: {}", String::from_utf8_lossy(&stderr)),
+                content: format!("patch rejected: {reason}"),
                 success: Some(false),
             },
-        },
-    }
-}
-
-/// Return the first path in `hunks` that is NOT under any of the
-/// `writable_roots` (after normalising). If all paths are acceptable,
-/// returns None.
-fn first_offending_path(
-    action: &ApplyPatchAction,
-    writable_roots: &[PathBuf],
-    cwd: &Path,
-) -> Option<PathBuf> {
-    let changes = action.changes();
-    for (path, change) in changes {
-        let candidate = match change {
-            ApplyPatchFileChange::Add { .. } => path,
-            ApplyPatchFileChange::Delete => path,
-            ApplyPatchFileChange::Update { move_path, .. } => move_path.as_ref().unwrap_or(path),
-        };
-
-        let abs = if candidate.is_absolute() {
-            candidate.clone()
-        } else {
-            cwd.join(candidate)
-        };
-
-        let mut allowed = false;
-        for root in writable_roots {
-            let root_abs = if root.is_absolute() {
-                root.clone()
-            } else {
-                cwd.join(root)
-            };
-            if abs.starts_with(&root_abs) {
-                allowed = true;
-                break;
-            }
-        }
-
-        if !allowed {
-            return Some(candidate.clone());
         }
+        .into(),
     }
-    None
 }
 
 pub(crate) fn convert_apply_patch_to_protocol(
@@ -299,85 +129,6 @@ pub(crate) fn convert_apply_patch_to_protocol(
     result
 }
 
-fn apply_changes_from_apply_patch_and_report(
-    action: &ApplyPatchAction,
-    stdout: &mut impl std::io::Write,
-    stderr: &mut impl std::io::Write,
-) -> std::io::Result<()> {
-    match apply_changes_from_apply_patch(action) {
-        Ok(affected_paths) => {
-            print_summary(&affected_paths, stdout)?;
-        }
-        Err(err) => {
-            writeln!(stderr, "{err:?}")?;
-        }
-    }
-
-    Ok(())
-}
-
-fn apply_changes_from_apply_patch(action: &ApplyPatchAction) -> anyhow::Result<AffectedPaths> {
-    let mut added: Vec<PathBuf> = Vec::new();
-    let mut modified: Vec<PathBuf> = Vec::new();
-    let mut deleted: Vec<PathBuf> = Vec::new();
-
-    let changes = action.changes();
-    for (path, change) in changes {
-        match change {
-            ApplyPatchFileChange::Add { content } => {
-                if let Some(parent) = path.parent() {
-                    if !parent.as_os_str().is_empty() {
-                        std::fs::create_dir_all(parent).with_context(|| {
-                            format!("Failed to create parent directories for {}", path.display())
-                        })?;
-                    }
-                }
-                std::fs::write(path, content)
-                    .with_context(|| format!("Failed to write file {}", path.display()))?;
-                added.push(path.clone());
-            }
-            ApplyPatchFileChange::Delete => {
-                std::fs::remove_file(path)
-                    .with_context(|| format!("Failed to delete file {}", path.display()))?;
-                deleted.push(path.clone());
-            }
-            ApplyPatchFileChange::Update {
-                unified_diff: _unified_diff,
-                move_path,
-                new_content,
-            } => {
-                if let Some(move_path) = move_path {
-                    if let Some(parent) = move_path.parent() {
-                        if !parent.as_os_str().is_empty() {
-                            std::fs::create_dir_all(parent).with_context(|| {
-                                format!(
-                                    "Failed to create parent directories for {}",
-                                    move_path.display()
-                                )
-                            })?;
-                        }
-                    }
-
-                    std::fs::rename(path, move_path)
-                        .with_context(|| format!("Failed to rename file {}", path.display()))?;
-                    std::fs::write(move_path, new_content)?;
-                    modified.push(move_path.clone());
-                    deleted.push(path.clone());
-                } else {
-                    std::fs::write(path, new_content)?;
-                    modified.push(path.clone());
-                }
-            }
-        }
-    }
-
-    Ok(AffectedPaths {
-        added,
-        modified,
-        deleted,
-    })
-}
-
 pub(crate) fn get_writable_roots(cwd: &Path) -> Vec<PathBuf> {
     let mut writable_roots = Vec::new();
     if cfg!(target_os = "macos") {

codex-rs/core/src/chat_completions.rs

@@ -30,6 +30,7 @@ use crate::util::backoff;
 pub(crate) async fn stream_chat_completions(
     prompt: &Prompt,
     model: &str,
+    include_plan_tool: bool,
     client: &reqwest::Client,
     provider: &ModelProviderInfo,
 ) -> Result<ResponseStream> {
@@ -39,6 +40,10 @@ pub(crate) async fn stream_chat_completions(
     let full_instructions = prompt.get_full_instructions(model);
     messages.push(json!({"role": "system", "content": full_instructions}));
 
+    if let Some(instr) = &prompt.user_instructions {
+        messages.push(json!({"role": "user", "content": instr}));
+    }
+
     for item in &prompt.input {
         match item {
             ResponseItem::Message { role, content, .. } => {
@@ -105,7 +110,7 @@ pub(crate) async fn stream_chat_completions(
         }
     }
 
-    let tools_json = create_tools_json_for_chat_completions_api(prompt, model)?;
+    let tools_json = create_tools_json_for_chat_completions_api(prompt, model, include_plan_tool)?;
     let payload = json!({
         "model": model,
         "messages": messages,

codex-rs/core/src/client.rs

@@ -3,6 +3,8 @@ use std::path::Path;
 use std::time::Duration;
 
 use bytes::Bytes;
+use codex_login::AuthMode;
+use codex_login::CodexAuth;
 use eventsource_stream::Eventsource;
 use futures::prelude::*;
 use reqwest::StatusCode;
@@ -28,10 +30,12 @@ use crate::config::Config;
 use crate::config_types::ReasoningEffort as ReasoningEffortConfig;
 use crate::config_types::ReasoningSummary as ReasoningSummaryConfig;
 use crate::error::CodexErr;
+use crate::error::EnvVarError;
 use crate::error::Result;
 use crate::flags::CODEX_RS_SSE_FIXTURE;
 use crate::model_provider_info::ModelProviderInfo;
 use crate::model_provider_info::WireApi;
+use crate::models::ContentItem;
 use crate::models::ResponseItem;
 use crate::openai_tools::create_tools_json_for_responses_api;
 use crate::protocol::TokenUsage;
@@ -41,6 +45,7 @@ use std::sync::Arc;
 #[derive(Clone)]
 pub struct ModelClient {
     config: Arc<Config>,
+    auth: Option<CodexAuth>,
     client: reqwest::Client,
     provider: ModelProviderInfo,
     session_id: Uuid,
@@ -51,6 +56,7 @@ pub struct ModelClient {
 impl ModelClient {
     pub fn new(
         config: Arc<Config>,
+        auth: Option<CodexAuth>,
         provider: ModelProviderInfo,
         effort: ReasoningEffortConfig,
         summary: ReasoningSummaryConfig,
@@ -58,6 +64,7 @@ impl ModelClient {
     ) -> Self {
         Self {
             config,
+            auth,
             client: reqwest::Client::new(),
             provider,
             session_id,
@@ -77,6 +84,7 @@ impl ModelClient {
                 let response_stream = stream_chat_completions(
                     prompt,
                     &self.config.model,
+                    self.config.include_plan_tool,
                     &self.client,
                     &self.provider,
                 )
@@ -114,28 +122,60 @@ impl ModelClient {
             return stream_from_fixture(path, self.provider.clone()).await;
         }
 
+        let auth = self.auth.as_ref().ok_or_else(|| {
+            CodexErr::EnvVar(EnvVarError {
+                var: "OPENAI_API_KEY".to_string(),
+                instructions: Some("Create an API key (https://platform.openai.com) and export it as an environment variable.".to_string()),
+            })
+        })?;
+
+        let store = prompt.store && auth.mode != AuthMode::ChatGPT;
+
+        let base_url = match self.provider.base_url.clone() {
+            Some(url) => url,
+            None => match auth.mode {
+                AuthMode::ChatGPT => "https://chatgpt.com/backend-api/codex".to_string(),
+                AuthMode::ApiKey => "https://api.openai.com/v1".to_string(),
+            },
+        };
+
+        let token = auth.get_token().await?;
+
         let full_instructions = prompt.get_full_instructions(&self.config.model);
-        let tools_json = create_tools_json_for_responses_api(prompt, &self.config.model)?;
+        let tools_json = create_tools_json_for_responses_api(
+            prompt,
+            &self.config.model,
+            self.config.include_plan_tool,
+        )?;
         let reasoning = create_reasoning_param_for_request(&self.config, self.effort, self.summary);
 
         // Request encrypted COT if we are not storing responses,
         // otherwise reasoning items will be referenced by ID
-        let include = if !prompt.store && reasoning.is_some() {
+        let include: Vec<String> = if !store && reasoning.is_some() {
             vec!["reasoning.encrypted_content".to_string()]
         } else {
             vec![]
         };
 
+        let mut input_with_instructions = Vec::with_capacity(prompt.input.len() + 1);
+        if let Some(ui) = &prompt.user_instructions {
+            input_with_instructions.push(ResponseItem::Message {
+                id: None,
+                role: "user".to_string(),
+                content: vec![ContentItem::InputText { text: ui.clone() }],
+            });
+        }
+        input_with_instructions.extend(prompt.input.clone());
+
         let payload = ResponsesApiRequest {
             model: &self.config.model,
             instructions: &full_instructions,
-            input: &prompt.input,
+            input: &input_with_instructions,
             tools: &tools_json,
             tool_choice: "auto",
             parallel_tool_calls: false,
             reasoning,
-            store: prompt.store,
-            // TODO: make this configurable
+            store,
             stream: true,
             include,
         };
@@ -148,17 +188,34 @@ impl ModelClient {
 
         let mut attempt = 0;
         let max_retries = self.provider.request_max_retries();
+
         loop {
             attempt += 1;
 
-            let req_builder = self
-                .provider
-                .create_request_builder(&self.client)?
+            let mut req_builder = self
+                .client
+                .post(format!("{base_url}/responses"))
                 .header("OpenAI-Beta", "responses=experimental")
                 .header("session_id", self.session_id.to_string())
+                .bearer_auth(&token)
                 .header(reqwest::header::ACCEPT, "text/event-stream")
                 .json(&payload);
 
+            if auth.mode == AuthMode::ChatGPT {
+                if let Some(account_id) = auth.get_account_id().await {
+                    req_builder = req_builder.header("chatgpt-account-id", account_id);
+                }
+            }
+
+            req_builder = self.provider.apply_http_headers(req_builder);
+
+            let originator = self
+                .config
+                .internal_originator
+                .as_deref()
+                .unwrap_or("codex_cli_rs");
+            req_builder = req_builder.header("originator", originator);
+
             let res = req_builder.send().await;
             if let Ok(resp) = &res {
                 trace!(
@@ -567,7 +624,7 @@ mod tests {
 
         let provider = ModelProviderInfo {
             name: "test".to_string(),
-            base_url: "https://test.com".to_string(),
+            base_url: Some("https://test.com".to_string()),
             env_key: Some("TEST_API_KEY".to_string()),
             env_key_instructions: None,
             wire_api: WireApi::Responses,
@@ -577,6 +634,7 @@ mod tests {
             request_max_retries: Some(0),
             stream_max_retries: Some(0),
             stream_idle_timeout_ms: Some(1000),
+            requires_auth: false,
         };
 
         let events = collect_events(
@@ -626,7 +684,7 @@ mod tests {
         let sse1 = format!("event: response.output_item.done\ndata: {item1}\n\n");
         let provider = ModelProviderInfo {
             name: "test".to_string(),
-            base_url: "https://test.com".to_string(),
+            base_url: Some("https://test.com".to_string()),
             env_key: Some("TEST_API_KEY".to_string()),
             env_key_instructions: None,
             wire_api: WireApi::Responses,
@@ -636,6 +694,7 @@ mod tests {
             request_max_retries: Some(0),
             stream_max_retries: Some(0),
             stream_idle_timeout_ms: Some(1000),
+            requires_auth: false,
         };
 
         let events = collect_events(&[sse1.as_bytes()], provider).await;
@@ -728,7 +787,7 @@ mod tests {
 
             let provider = ModelProviderInfo {
                 name: "test".to_string(),
-                base_url: "https://test.com".to_string(),
+                base_url: Some("https://test.com".to_string()),
                 env_key: Some("TEST_API_KEY".to_string()),
                 env_key_instructions: None,
                 wire_api: WireApi::Responses,
@@ -738,6 +797,7 @@ mod tests {
                 request_max_retries: Some(0),
                 stream_max_retries: Some(0),
                 stream_idle_timeout_ms: Some(1000),
+                requires_auth: false,
             };
 
             let out = run_sse(evs, provider).await;

codex-rs/core/src/client_common.rs

@@ -44,9 +44,6 @@ impl Prompt {
             .as_deref()
             .unwrap_or(BASE_INSTRUCTIONS);
         let mut sections: Vec<&str> = vec![base];
-        if let Some(ref user) = self.user_instructions {
-            sections.push(user);
-        }
         if model.starts_with("gpt-4.1") {
             sections.push(APPLY_PATCH_TOOL_INSTRUCTIONS);
         }
@@ -188,3 +185,19 @@ impl Stream for ResponseStream {
         self.rx_event.poll_recv(cx)
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn get_full_instructions_no_user_content() {
+        let prompt = Prompt {
+            user_instructions: Some("custom instruction".to_string()),
+            ..Default::default()
+        };
+        let expected = format!("{BASE_INSTRUCTIONS}\n{APPLY_PATCH_TOOL_INSTRUCTIONS}");
+        let full = prompt.get_full_instructions("gpt-4.1");
+        assert_eq!(full, expected);
+    }
+}

codex-rs/core/src/codex.rs

@@ -15,6 +15,7 @@ use async_channel::Sender;
 use codex_apply_patch::ApplyPatchAction;
 use codex_apply_patch::MaybeApplyPatchVerified;
 use codex_apply_patch::maybe_parse_apply_patch_verified;
+use codex_login::CodexAuth;
 use futures::prelude::*;
 use mcp_types::CallToolResult;
 use serde::Serialize;
@@ -29,6 +30,9 @@ use tracing::trace;
 use tracing::warn;
 use uuid::Uuid;
 
+use crate::apply_patch::ApplyPatchExec;
+use crate::apply_patch::CODEX_APPLY_PATCH_ARG1;
+use crate::apply_patch::InternalApplyPatchInvocation;
 use crate::apply_patch::convert_apply_patch_to_protocol;
 use crate::apply_patch::get_writable_roots;
 use crate::apply_patch::{self};
@@ -55,6 +59,7 @@ use crate::models::ReasoningItemReasoningSummary;
 use crate::models::ResponseInputItem;
 use crate::models::ResponseItem;
 use crate::models::ShellToolCallParams;
+use crate::plan_tool::handle_update_plan;
 use crate::project_doc::get_user_instructions;
 use crate::protocol::AgentMessageDeltaEvent;
 use crate::protocol::AgentMessageEvent;
@@ -69,8 +74,11 @@ use crate::protocol::EventMsg;
 use crate::protocol::ExecApprovalRequestEvent;
 use crate::protocol::ExecCommandBeginEvent;
 use crate::protocol::ExecCommandEndEvent;
+use crate::protocol::FileChange;
 use crate::protocol::InputItem;
 use crate::protocol::Op;
+use crate::protocol::PatchApplyBeginEvent;
+use crate::protocol::PatchApplyEndEvent;
 use crate::protocol::ReviewDecision;
 use crate::protocol::SandboxPolicy;
 use crate::protocol::SessionConfiguredEvent;
@@ -79,6 +87,7 @@ use crate::protocol::TaskCompleteEvent;
 use crate::rollout::RolloutRecorder;
 use crate::safety::SafetyCheck;
 use crate::safety::assess_command_safety;
+use crate::safety::assess_safety_for_untrusted_command;
 use crate::shell;
 use crate::user_notification::UserNotification;
 use crate::util::backoff;
@@ -102,7 +111,11 @@ pub struct CodexSpawnOk {
 
 impl Codex {
     /// Spawn a new [`Codex`] and initialize the session.
-    pub async fn spawn(config: Config, ctrl_c: Arc<Notify>) -> CodexResult<CodexSpawnOk> {
+    pub async fn spawn(
+        config: Config,
+        auth: Option<CodexAuth>,
+        ctrl_c: Arc<Notify>,
+    ) -> CodexResult<CodexSpawnOk> {
         // experimental resume path (undocumented)
         let resume_path = config.experimental_resume.clone();
         info!("resume_path: {resume_path:?}");
@@ -131,7 +144,7 @@ impl Codex {
         // Generate a unique ID for the lifetime of this Codex session.
         let session_id = Uuid::new_v4();
         tokio::spawn(submission_loop(
-            session_id, config, rx_sub, tx_event, ctrl_c,
+            session_id, config, auth, rx_sub, tx_event, ctrl_c,
         ));
         let codex = Codex {
             next_id: AtomicU64::new(0),
@@ -348,14 +361,32 @@ impl Session {
         }
     }
 
-    async fn notify_exec_command_begin(&self, sub_id: &str, call_id: &str, params: &ExecParams) {
+    async fn notify_exec_command_begin(&self, exec_command_context: ExecCommandContext) {
+        let ExecCommandContext {
+            sub_id,
+            call_id,
+            command_for_display,
+            cwd,
+            apply_patch,
+        } = exec_command_context;
+        let msg = match apply_patch {
+            Some(ApplyPatchCommandContext {
+                user_explicitly_approved_this_action,
+                changes,
+            }) => EventMsg::PatchApplyBegin(PatchApplyBeginEvent {
+                call_id,
+                auto_approved: !user_explicitly_approved_this_action,
+                changes,
+            }),
+            None => EventMsg::ExecCommandBegin(ExecCommandBeginEvent {
+                call_id,
+                command: command_for_display.clone(),
+                cwd,
+            }),
+        };
         let event = Event {
             id: sub_id.to_string(),
-            msg: EventMsg::ExecCommandBegin(ExecCommandBeginEvent {
-                call_id: call_id.to_string(),
-                command: params.command.clone(),
-                cwd: params.cwd.clone(),
-            }),
+            msg,
         };
         let _ = self.tx_event.send(event).await;
     }
@@ -367,18 +398,33 @@ impl Session {
         stdout: &str,
         stderr: &str,
         exit_code: i32,
+        is_apply_patch: bool,
     ) {
+        // Because stdout and stderr could each be up to 100 KiB, we send
+        // truncated versions.
         const MAX_STREAM_OUTPUT: usize = 5 * 1024; // 5KiB
+        let stdout = stdout.chars().take(MAX_STREAM_OUTPUT).collect();
+        let stderr = stderr.chars().take(MAX_STREAM_OUTPUT).collect();
+
+        let msg = if is_apply_patch {
+            EventMsg::PatchApplyEnd(PatchApplyEndEvent {
+                call_id: call_id.to_string(),
+                stdout,
+                stderr,
+                success: exit_code == 0,
+            })
+        } else {
+            EventMsg::ExecCommandEnd(ExecCommandEndEvent {
+                call_id: call_id.to_string(),
+                stdout,
+                stderr,
+                exit_code,
+            })
+        };
+
         let event = Event {
             id: sub_id.to_string(),
-            // Because stdout and stderr could each be up to 100 KiB, we send
-            // truncated versions.
-            msg: EventMsg::ExecCommandEnd(ExecCommandEndEvent {
-                call_id: call_id.to_string(),
-                stdout: stdout.chars().take(MAX_STREAM_OUTPUT).collect(),
-                stderr: stderr.chars().take(MAX_STREAM_OUTPUT).collect(),
-                exit_code,
-            }),
+            msg,
         };
         let _ = self.tx_event.send(event).await;
     }
@@ -396,6 +442,12 @@ impl Session {
         let _ = self.tx_event.send(event).await;
     }
 
+    /// Build the full turn input by concatenating the current conversation
+    /// history with additional items for this turn.
+    pub fn turn_input_with_history(&self, extra: Vec<ResponseItem>) -> Vec<ResponseItem> {
+        [self.state.lock().unwrap().history.contents(), extra].concat()
+    }
+
     /// Returns the input if there was no task running to inject into
     pub fn inject_input(&self, input: Vec<InputItem>) -> Result<(), Vec<InputItem>> {
         let mut state = self.state.lock().unwrap();
@@ -486,6 +538,21 @@ impl State {
     }
 }
 
+#[derive(Clone, Debug)]
+pub(crate) struct ExecCommandContext {
+    pub(crate) sub_id: String,
+    pub(crate) call_id: String,
+    pub(crate) command_for_display: Vec<String>,
+    pub(crate) cwd: PathBuf,
+    pub(crate) apply_patch: Option<ApplyPatchCommandContext>,
+}
+
+#[derive(Clone, Debug)]
+pub(crate) struct ApplyPatchCommandContext {
+    pub(crate) user_explicitly_approved_this_action: bool,
+    pub(crate) changes: HashMap<PathBuf, FileChange>,
+}
+
 /// A series of Turns in response to user input.
 pub(crate) struct AgentTask {
     sess: Arc<Session>,
@@ -503,6 +570,25 @@ impl AgentTask {
             handle,
         }
     }
+    fn compact(
+        sess: Arc<Session>,
+        sub_id: String,
+        input: Vec<InputItem>,
+        compact_instructions: String,
+    ) -> Self {
+        let handle = tokio::spawn(run_compact_task(
+            Arc::clone(&sess),
+            sub_id.clone(),
+            input,
+            compact_instructions,
+        ))
+        .abort_handle();
+        Self {
+            sess,
+            sub_id,
+            handle,
+        }
+    }
 
     fn abort(self) {
         if !self.handle.is_finished() {
@@ -524,6 +610,7 @@ impl AgentTask {
 async fn submission_loop(
     mut session_id: Uuid,
     config: Arc<Config>,
+    auth: Option<CodexAuth>,
     rx_sub: Receiver<Submission>,
     tx_event: Sender<Event>,
     ctrl_c: Arc<Notify>,
@@ -635,6 +722,7 @@ async fn submission_loop(
 
                 let client = ModelClient::new(
                     config.clone(),
+                    auth.clone(),
                     provider.clone(),
                     model_reasoning_effort,
                     model_reasoning_summary,
@@ -821,6 +909,31 @@ async fn submission_loop(
                     }
                 });
             }
+            Op::Compact => {
+                let sess = match sess.as_ref() {
+                    Some(sess) => sess,
+                    None => {
+                        send_no_session_event(sub.id).await;
+                        continue;
+                    }
+                };
+
+                // Create a summarization request as user input
+                const SUMMARIZATION_PROMPT: &str = include_str!("../../../SUMMARY.md");
+
+                // Attempt to inject input into current task
+                if let Err(items) = sess.inject_input(vec![InputItem::Text {
+                    text: "Start Summarization".to_string(),
+                }]) {
+                    let task = AgentTask::compact(
+                        sess.clone(),
+                        sub.id,
+                        items,
+                        SUMMARIZATION_PROMPT.to_string(),
+                    );
+                    sess.set_task(task);
+                }
+            }
             Op::Shutdown => {
                 info!("Shutting down Codex instance");
 
@@ -882,7 +995,7 @@ async fn run_task(sess: Arc<Session>, sub_id: String, input: Vec<InputItem>) {
         return;
     }
 
-    let initial_input_for_turn = ResponseInputItem::from(input);
+    let initial_input_for_turn: ResponseInputItem = ResponseInputItem::from(input);
     sess.record_conversation_items(&[initial_input_for_turn.clone().into()])
         .await;
 
@@ -903,8 +1016,7 @@ async fn run_task(sess: Arc<Session>, sub_id: String, input: Vec<InputItem>) {
         // conversation history on each turn. The rollout file, however, should
         // only record the new items that originated in this turn so that it
         // represents an append-only log without duplicates.
-        let turn_input: Vec<ResponseItem> =
-            [sess.state.lock().unwrap().history.contents(), pending_input].concat();
+        let turn_input: Vec<ResponseItem> = sess.turn_input_with_history(pending_input);
 
         let turn_input_messages: Vec<String> = turn_input
             .iter()
@@ -1230,6 +1342,88 @@ async fn try_run_turn(
     }
 }
 
+async fn run_compact_task(
+    sess: Arc<Session>,
+    sub_id: String,
+    input: Vec<InputItem>,
+    compact_instructions: String,
+) {
+    let start_event = Event {
+        id: sub_id.clone(),
+        msg: EventMsg::TaskStarted,
+    };
+    if sess.tx_event.send(start_event).await.is_err() {
+        return;
+    }
+
+    let initial_input_for_turn: ResponseInputItem = ResponseInputItem::from(input);
+    let turn_input: Vec<ResponseItem> =
+        sess.turn_input_with_history(vec![initial_input_for_turn.clone().into()]);
+
+    let prompt = Prompt {
+        input: turn_input,
+        user_instructions: None,
+        store: !sess.disable_response_storage,
+        extra_tools: HashMap::new(),
+        base_instructions_override: Some(compact_instructions.clone()),
+    };
+
+    let max_retries = sess.client.get_provider().stream_max_retries();
+    let mut retries = 0;
+
+    loop {
+        let attempt_result = drain_to_completed(&sess, &prompt).await;
+
+        match attempt_result {
+            Ok(()) => break,
+            Err(CodexErr::Interrupted) => return,
+            Err(e) => {
+                if retries < max_retries {
+                    retries += 1;
+                    let delay = backoff(retries);
+                    sess.notify_background_event(
+                        &sub_id,
+                        format!(
+                            "stream error: {e}; retrying {retries}/{max_retries} in {delay:?}…"
+                        ),
+                    )
+                    .await;
+                    tokio::time::sleep(delay).await;
+                    continue;
+                } else {
+                    let event = Event {
+                        id: sub_id.clone(),
+                        msg: EventMsg::Error(ErrorEvent {
+                            message: e.to_string(),
+                        }),
+                    };
+                    sess.send_event(event).await;
+                    return;
+                }
+            }
+        }
+    }
+
+    sess.remove_task(&sub_id);
+    let event = Event {
+        id: sub_id.clone(),
+        msg: EventMsg::AgentMessage(AgentMessageEvent {
+            message: "Compact task completed".to_string(),
+        }),
+    };
+    sess.send_event(event).await;
+    let event = Event {
+        id: sub_id.clone(),
+        msg: EventMsg::TaskComplete(TaskCompleteEvent {
+            last_agent_message: None,
+        }),
+    };
+    sess.send_event(event).await;
+
+    let mut state = sess.state.lock().unwrap();
+    state.history.keep_last_messages(1);
+}
+
 async fn handle_response_item(
     sess: &Session,
     sub_id: &str,
@@ -1336,6 +1530,7 @@ async fn handle_function_call(
             };
             handle_container_exec_with_params(params, sess, sub_id, call_id).await
         }
+        "update_plan" => handle_update_plan(sess, arguments, sub_id, call_id).await,
         _ => {
             match sess.mcp_connection_manager.parse_tool_name(&name) {
                 Some((server, tool_name)) => {
@@ -1411,9 +1606,14 @@ async fn handle_container_exec_with_params(
     call_id: String,
 ) -> ResponseInputItem {
     // check if this was a patch, and apply it if so
-    match maybe_parse_apply_patch_verified(&params.command, &params.cwd) {
+    let apply_patch_exec = match maybe_parse_apply_patch_verified(&params.command, &params.cwd) {
         MaybeApplyPatchVerified::Body(changes) => {
-            return apply_patch::apply_patch(sess, sub_id, call_id, changes).await;
+            match apply_patch::apply_patch(sess, &sub_id, &call_id, changes).await {
+                InternalApplyPatchInvocation::Output(item) => return item,
+                InternalApplyPatchInvocation::DelegateToExec(apply_patch_exec) => {
+                    Some(apply_patch_exec)
+                }
+            }
         }
         MaybeApplyPatchVerified::CorrectnessError(parse_error) => {
             // It looks like an invocation of `apply_patch`, but we
@@ -1429,20 +1629,67 @@ async fn handle_container_exec_with_params(
         }
         MaybeApplyPatchVerified::ShellParseError(error) => {
             trace!("Failed to parse shell command, {error:?}");
+            None
         }
-        MaybeApplyPatchVerified::NotApplyPatch => (),
-    }
-
-    // safety checks
-    let safety = {
-        let state = sess.state.lock().unwrap();
-        assess_command_safety(
-            &params.command,
-            sess.approval_policy,
-            &sess.sandbox_policy,
-            &state.approved_commands,
-        )
+        MaybeApplyPatchVerified::NotApplyPatch => None,
     };
+
+    let (params, safety, command_for_display) = match &apply_patch_exec {
+        Some(ApplyPatchExec {
+            action: ApplyPatchAction { patch, cwd, .. },
+            user_explicitly_approved_this_action,
+        }) => {
+            let path_to_codex = std::env::current_exe()
+                .ok()
+                .map(|p| p.to_string_lossy().to_string());
+            let Some(path_to_codex) = path_to_codex else {
+                return ResponseInputItem::FunctionCallOutput {
+                    call_id,
+                    output: FunctionCallOutputPayload {
+                        content: "failed to determine path to codex executable".to_string(),
+                        success: None,
+                    },
+                };
+            };
+
+            let params = ExecParams {
+                command: vec![
+                    path_to_codex,
+                    CODEX_APPLY_PATCH_ARG1.to_string(),
+                    patch.clone(),
+                ],
+                cwd: cwd.clone(),
+                timeout_ms: params.timeout_ms,
+                env: HashMap::new(),
+            };
+            let safety = if *user_explicitly_approved_this_action {
+                SafetyCheck::AutoApprove {
+                    sandbox_type: SandboxType::None,
+                }
+            } else {
+                assess_safety_for_untrusted_command(sess.approval_policy, &sess.sandbox_policy)
+            };
+            (
+                params,
+                safety,
+                vec!["apply_patch".to_string(), patch.clone()],
+            )
+        }
+        None => {
+            let safety = {
+                let state = sess.state.lock().unwrap();
+                assess_command_safety(
+                    &params.command,
+                    sess.approval_policy,
+                    &sess.sandbox_policy,
+                    &state.approved_commands,
+                )
+            };
+            let command_for_display = params.command.clone();
+            (params, safety, command_for_display)
+        }
+    };
+
     let sandbox_type = match safety {
         SafetyCheck::AutoApprove { sandbox_type } => sandbox_type,
         SafetyCheck::AskUser => {
@@ -1487,7 +1734,22 @@ async fn handle_container_exec_with_params(
         }
     };
 
-    sess.notify_exec_command_begin(&sub_id, &call_id, &params)
+    let exec_command_context = ExecCommandContext {
+        sub_id: sub_id.clone(),
+        call_id: call_id.clone(),
+        command_for_display: command_for_display.clone(),
+        cwd: params.cwd.clone(),
+        apply_patch: apply_patch_exec.map(
+            |ApplyPatchExec {
+                 action,
+                 user_explicitly_approved_this_action,
+             }| ApplyPatchCommandContext {
+                user_explicitly_approved_this_action,
+                changes: convert_apply_patch_to_protocol(&action),
+            },
+        ),
+    };
+    sess.notify_exec_command_begin(exec_command_context.clone())
         .await;
 
     let params = maybe_run_with_user_profile(params, sess);
@@ -1509,8 +1771,15 @@ async fn handle_container_exec_with_params(
                 duration,
             } = output;
 
-            sess.notify_exec_command_end(&sub_id, &call_id, &stdout, &stderr, exit_code)
-                .await;
+            sess.notify_exec_command_end(
+                &sub_id,
+                &call_id,
+                &stdout,
+                &stderr,
+                exit_code,
+                exec_command_context.apply_patch.is_some(),
+            )
+            .await;
 
             let is_success = exit_code == 0;
             let content = format_exec_output(
@@ -1528,7 +1797,7 @@ async fn handle_container_exec_with_params(
             }
         }
         Err(CodexErr::Sandbox(error)) => {
-            handle_sandbox_error(error, sandbox_type, params, sess, sub_id, call_id).await
+            handle_sandbox_error(params, exec_command_context, error, sandbox_type, sess).await
         }
         Err(e) => {
             // Handle non-sandbox errors
@@ -1544,13 +1813,17 @@ async fn handle_container_exec_with_params(
 }
 
 async fn handle_sandbox_error(
+    params: ExecParams,
+    exec_command_context: ExecCommandContext,
     error: SandboxErr,
     sandbox_type: SandboxType,
-    params: ExecParams,
     sess: &Session,
-    sub_id: String,
-    call_id: String,
 ) -> ResponseInputItem {
+    let call_id = exec_command_context.call_id.clone();
+    let sub_id = exec_command_context.sub_id.clone();
+    let cwd = exec_command_context.cwd.clone();
+    let is_apply_patch = exec_command_context.apply_patch.is_some();
+
     // Early out if the user never wants to be asked for approval; just return to the model immediately
     if sess.approval_policy == AskForApproval::Never {
         return ResponseInputItem::FunctionCallOutput {
@@ -1580,7 +1853,7 @@ async fn handle_sandbox_error(
             sub_id.clone(),
             call_id.clone(),
             params.command.clone(),
-            params.cwd.clone(),
+            cwd.clone(),
             Some("command failed; retry without sandbox?".to_string()),
         )
         .await;
@@ -1596,8 +1869,7 @@ async fn handle_sandbox_error(
             sess.notify_background_event(&sub_id, "retrying command without sandbox")
                 .await;
 
-            sess.notify_exec_command_begin(&sub_id, &call_id, &params)
-                .await;
+            sess.notify_exec_command_begin(exec_command_context).await;
 
             // This is an escalated retry; the policy will not be
             // examined and the sandbox has been set to `None`.
@@ -1619,8 +1891,15 @@ async fn handle_sandbox_error(
                         duration,
                     } = retry_output;
 
-                    sess.notify_exec_command_end(&sub_id, &call_id, &stdout, &stderr, exit_code)
-                        .await;
+                    sess.notify_exec_command_end(
+                        &sub_id,
+                        &call_id,
+                        &stdout,
+                        &stderr,
+                        exit_code,
+                        is_apply_patch,
+                    )
+                    .await;
 
                     let is_success = exit_code == 0;
                     let content = format_exec_output(
@@ -1710,3 +1989,20 @@ fn get_last_assistant_message_from_turn(responses: &[ResponseItem]) -> Option<St
         }
     })
 }
+
+async fn drain_to_completed(sess: &Session, prompt: &Prompt) -> CodexResult<()> {
+    let mut stream = sess.client.clone().stream(prompt).await?;
+    loop {
+        let maybe_event = stream.next().await;
+        let Some(event) = maybe_event else {
+            return Err(CodexErr::Stream(
+                "stream closed before response.completed".into(),
+            ));
+        };
+        match event {
+            Ok(ResponseEvent::Completed { .. }) => return Ok(()),
+            Ok(_) => continue,
+            Err(e) => return Err(e),
+        }
+    }
+}

codex-rs/core/src/codex_wrapper.rs

@@ -6,6 +6,7 @@ use crate::config::Config;
 use crate::protocol::Event;
 use crate::protocol::EventMsg;
 use crate::util::notify_on_sigint;
+use codex_login::load_auth;
 use tokio::sync::Notify;
 use uuid::Uuid;
 
@@ -25,11 +26,12 @@ pub struct CodexConversation {
 /// that callers can surface the information to the UI.
 pub async fn init_codex(config: Config) -> anyhow::Result<CodexConversation> {
     let ctrl_c = notify_on_sigint();
+    let auth = load_auth(&config.codex_home, true)?;
     let CodexSpawnOk {
         codex,
         init_id,
         session_id,
-    } = Codex::spawn(config, ctrl_c.clone()).await?;
+    } = Codex::spawn(config, auth, ctrl_c.clone()).await?;
 
     // The first event must be `SessionInitialized`. Validate and forward it to
     // the caller so that they can display it in the conversation history.

codex-rs/core/src/config.rs

@@ -143,6 +143,12 @@ pub struct Config {
 
     /// Experimental rollout resume path (absolute path to .jsonl; undocumented).
     pub experimental_resume: Option<PathBuf>,
+
+    /// Include an experimental plan tool that the model can use to update its current plan and status of each step.
+    pub include_plan_tool: bool,
+
+    /// The value for the `originator` header included with Responses API requests.
+    pub internal_originator: Option<String>,
 }
 
 impl Config {
@@ -333,6 +339,9 @@ pub struct ConfigToml {
 
     /// Experimental path to a file whose contents replace the built-in BASE_INSTRUCTIONS.
     pub experimental_instructions_file: Option<PathBuf>,
+
+    /// The value for the `originator` header included with Responses API requests.
+    pub internal_originator: Option<String>,
 }
 
 impl ConfigToml {
@@ -366,6 +375,7 @@ pub struct ConfigOverrides {
     pub config_profile: Option<String>,
     pub codex_linux_sandbox_exe: Option<PathBuf>,
     pub base_instructions: Option<String>,
+    pub include_plan_tool: Option<bool>,
 }
 
 impl Config {
@@ -388,6 +398,7 @@ impl Config {
             config_profile: config_profile_key,
             codex_linux_sandbox_exe,
             base_instructions,
+            include_plan_tool,
         } = overrides;
 
         let config_profile = match config_profile_key.as_ref().or(cfg.profile.as_ref()) {
@@ -465,9 +476,14 @@ impl Config {
 
         let experimental_resume = cfg.experimental_resume;
 
-        let base_instructions = base_instructions.or(Self::get_base_instructions(
+        // Load base instructions override from a file if specified. If the
+        // path is relative, resolve it against the effective cwd so the
+        // behaviour matches other path-like config values.
+        let file_base_instructions = Self::get_base_instructions(
             cfg.experimental_instructions_file.as_ref(),
-        ));
+            &resolved_cwd,
+        )?;
+        let base_instructions = base_instructions.or(file_base_instructions);
 
         let config = Self {
             model,
@@ -518,6 +534,8 @@ impl Config {
                 .unwrap_or("https://chatgpt.com/backend-api/".to_string()),
 
             experimental_resume,
+            include_plan_tool: include_plan_tool.unwrap_or(false),
+            internal_originator: cfg.internal_originator,
         };
         Ok(config)
     }
@@ -539,13 +557,46 @@ impl Config {
         })
     }
 
-    fn get_base_instructions(path: Option<&PathBuf>) -> Option<String> {
-        let path = path.as_ref()?;
+    fn get_base_instructions(
+        path: Option<&PathBuf>,
+        cwd: &Path,
+    ) -> std::io::Result<Option<String>> {
+        let p = match path.as_ref() {
+            None => return Ok(None),
+            Some(p) => p,
+        };
 
-        std::fs::read_to_string(path)
-            .ok()
-            .map(|s| s.trim().to_string())
-            .filter(|s| !s.is_empty())
+        // Resolve relative paths against the provided cwd to make CLI
+        // overrides consistent regardless of where the process was launched
+        // from.
+        let full_path = if p.is_relative() {
+            cwd.join(p)
+        } else {
+            p.to_path_buf()
+        };
+
+        let contents = std::fs::read_to_string(&full_path).map_err(|e| {
+            std::io::Error::new(
+                e.kind(),
+                format!(
+                    "failed to read experimental instructions file {}: {e}",
+                    full_path.display()
+                ),
+            )
+        })?;
+
+        let s = contents.trim().to_string();
+        if s.is_empty() {
+            Err(std::io::Error::new(
+                std::io::ErrorKind::InvalidData,
+                format!(
+                    "experimental instructions file is empty: {}",
+                    full_path.display()
+                ),
+            ))
+        } else {
+            Ok(Some(s))
+        }
     }
 }
 
@@ -751,7 +802,7 @@ disable_response_storage = true
 
         let openai_chat_completions_provider = ModelProviderInfo {
             name: "OpenAI using Chat Completions".to_string(),
-            base_url: "https://api.openai.com/v1".to_string(),
+            base_url: Some("https://api.openai.com/v1".to_string()),
             env_key: Some("OPENAI_API_KEY".to_string()),
             wire_api: crate::WireApi::Chat,
             env_key_instructions: None,
@@ -761,6 +812,7 @@ disable_response_storage = true
             request_max_retries: Some(4),
             stream_max_retries: Some(10),
             stream_idle_timeout_ms: Some(300_000),
+            requires_auth: false,
         };
         let model_provider_map = {
             let mut model_provider_map = built_in_model_providers();
@@ -791,7 +843,7 @@ disable_response_storage = true
     ///
     /// 1. custom command-line argument, e.g. `--model o3`
     /// 2. as part of a profile, where the `--profile` is specified via a CLI
-    ///    (or in the config file itelf)
+    ///    (or in the config file itself)
     /// 3. as an entry in `config.toml`, e.g. `model = "o3"`
     /// 4. the default value for a required field defined in code, e.g.,
     ///    `crate::flags::OPENAI_DEFAULT_MODEL`
@@ -841,6 +893,8 @@ disable_response_storage = true
                 chatgpt_base_url: "https://chatgpt.com/backend-api/".to_string(),
                 experimental_resume: None,
                 base_instructions: None,
+                include_plan_tool: false,
+                internal_originator: None,
             },
             o3_profile_config
         );
@@ -889,6 +943,8 @@ disable_response_storage = true
             chatgpt_base_url: "https://chatgpt.com/backend-api/".to_string(),
             experimental_resume: None,
             base_instructions: None,
+            include_plan_tool: false,
+            internal_originator: None,
         };
 
         assert_eq!(expected_gpt3_profile_config, gpt3_profile_config);
@@ -952,6 +1008,8 @@ disable_response_storage = true
             chatgpt_base_url: "https://chatgpt.com/backend-api/".to_string(),
             experimental_resume: None,
             base_instructions: None,
+            include_plan_tool: false,
+            internal_originator: None,
         };
 
         assert_eq!(expected_zdr_profile_config, zdr_profile_config);

codex-rs/core/src/config_types.rs

@@ -78,7 +78,7 @@ pub enum HistoryPersistence {
 #[derive(Deserialize, Debug, Clone, PartialEq, Default)]
 pub struct Tui {}
 
-#[derive(Deserialize, Debug, Clone, Copy, PartialEq, Default)]
+#[derive(Deserialize, Debug, Clone, Copy, PartialEq, Default, Serialize)]
 #[serde(rename_all = "kebab-case")]
 pub enum SandboxMode {
     #[serde(rename = "read-only")]

codex-rs/core/src/conversation_history.rs

@@ -30,6 +30,34 @@ impl ConversationHistory {
             }
         }
     }
+
+    pub(crate) fn keep_last_messages(&mut self, n: usize) {
+        if n == 0 {
+            self.items.clear();
+            return;
+        }
+
+        // Collect the last N message items (assistant/user), newest to oldest.
+        let mut kept: Vec<ResponseItem> = Vec::with_capacity(n);
+        for item in self.items.iter().rev() {
+            if let ResponseItem::Message { role, content, .. } = item {
+                kept.push(ResponseItem::Message {
+                    // we need to remove the id or the model will complain that messages are sent without
+                    // their reasonings
+                    id: None,
+                    role: role.clone(),
+                    content: content.clone(),
+                });
+                if kept.len() == n {
+                    break;
+                }
+            }
+        }
+
+        // Preserve chronological order (oldest to newest) within the kept slice.
+        kept.reverse();
+        self.items = kept;
+    }
 }
 
 /// Anything that is not a system message or "reasoning" message is considered

codex-rs/core/src/exec.rs

@@ -6,7 +6,6 @@ use std::io;
 use std::path::Path;
 use std::path::PathBuf;
 use std::process::ExitStatus;
-use std::process::Stdio;
 use std::sync::Arc;
 use std::time::Duration;
 use std::time::Instant;
@@ -15,14 +14,15 @@ use tokio::io::AsyncRead;
 use tokio::io::AsyncReadExt;
 use tokio::io::BufReader;
 use tokio::process::Child;
-use tokio::process::Command;
 use tokio::sync::Notify;
-use tracing::trace;
 
 use crate::error::CodexErr;
 use crate::error::Result;
 use crate::error::SandboxErr;
 use crate::protocol::SandboxPolicy;
+use crate::seatbelt::spawn_command_under_seatbelt;
+use crate::spawn::StdioPolicy;
+use crate::spawn::spawn_child_async;
 
 // Maximum we send for each stream, which is either:
 // - 10KiB OR
@@ -37,24 +37,6 @@ const DEFAULT_TIMEOUT_MS: u64 = 10_000;
 const SIGKILL_CODE: i32 = 9;
 const TIMEOUT_CODE: i32 = 64;
 
-const MACOS_SEATBELT_BASE_POLICY: &str = include_str!("seatbelt_base_policy.sbpl");
-
-/// When working with `sandbox-exec`, only consider `sandbox-exec` in `/usr/bin`
-/// to defend against an attacker trying to inject a malicious version on the
-/// PATH. If /usr/bin/sandbox-exec has been tampered with, then the attacker
-/// already has root access.
-const MACOS_PATH_TO_SEATBELT_EXECUTABLE: &str = "/usr/bin/sandbox-exec";
-
-/// Experimental environment variable that will be set to some non-empty value
-/// if both of the following are true:
-///
-/// 1. The process was spawned by Codex as part of a shell tool call.
-/// 2. SandboxPolicy.has_full_network_access() was false for the tool call.
-///
-/// We may try to have just one environment variable for all sandboxing
-/// attributes, so this may change in the future.
-pub const CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR: &str = "CODEX_SANDBOX_NETWORK_DISABLED";
-
 #[derive(Debug, Clone)]
 pub struct ExecParams {
     pub command: Vec<String>,
@@ -168,27 +150,6 @@ pub async fn process_exec_tool_call(
     }
 }
 
-pub async fn spawn_command_under_seatbelt(
-    command: Vec<String>,
-    sandbox_policy: &SandboxPolicy,
-    cwd: PathBuf,
-    stdio_policy: StdioPolicy,
-    env: HashMap<String, String>,
-) -> std::io::Result<Child> {
-    let args = create_seatbelt_command_args(command, sandbox_policy, &cwd);
-    let arg0 = None;
-    spawn_child_async(
-        PathBuf::from(MACOS_PATH_TO_SEATBELT_EXECUTABLE),
-        args,
-        arg0,
-        cwd,
-        sandbox_policy,
-        stdio_policy,
-        env,
-    )
-    .await
-}
-
 /// Spawn a shell tool command under the Linux Landlock+seccomp sandbox helper
 /// (codex-linux-sandbox).
 ///
@@ -248,65 +209,6 @@ fn create_linux_sandbox_command_args(
     linux_cmd
 }
 
-fn create_seatbelt_command_args(
-    command: Vec<String>,
-    sandbox_policy: &SandboxPolicy,
-    cwd: &Path,
-) -> Vec<String> {
-    let (file_write_policy, extra_cli_args) = {
-        if sandbox_policy.has_full_disk_write_access() {
-            // Allegedly, this is more permissive than `(allow file-write*)`.
-            (
-                r#"(allow file-write* (regex #"^/"))"#.to_string(),
-                Vec::<String>::new(),
-            )
-        } else {
-            let writable_roots = sandbox_policy.get_writable_roots_with_cwd(cwd);
-            let (writable_folder_policies, cli_args): (Vec<String>, Vec<String>) = writable_roots
-                .iter()
-                .enumerate()
-                .map(|(index, root)| {
-                    let param_name = format!("WRITABLE_ROOT_{index}");
-                    let policy: String = format!("(subpath (param \"{param_name}\"))");
-                    let cli_arg = format!("-D{param_name}={}", root.to_string_lossy());
-                    (policy, cli_arg)
-                })
-                .unzip();
-            if writable_folder_policies.is_empty() {
-                ("".to_string(), Vec::<String>::new())
-            } else {
-                let file_write_policy = format!(
-                    "(allow file-write*\n{}\n)",
-                    writable_folder_policies.join(" ")
-                );
-                (file_write_policy, cli_args)
-            }
-        }
-    };
-
-    let file_read_policy = if sandbox_policy.has_full_disk_read_access() {
-        "; allow read-only file operations\n(allow file-read*)"
-    } else {
-        ""
-    };
-
-    // TODO(mbolin): apply_patch calls must also honor the SandboxPolicy.
-    let network_policy = if sandbox_policy.has_full_network_access() {
-        "(allow network-outbound)\n(allow network-inbound)\n(allow system-socket)"
-    } else {
-        ""
-    };
-
-    let full_policy = format!(
-        "{MACOS_SEATBELT_BASE_POLICY}\n{file_read_policy}\n{file_write_policy}\n{network_policy}"
-    );
-    let mut seatbelt_args: Vec<String> = vec!["-p".to_string(), full_policy];
-    seatbelt_args.extend(extra_cli_args);
-    seatbelt_args.push("--".to_string());
-    seatbelt_args.extend(command);
-    seatbelt_args
-}
-
 #[derive(Debug)]
 pub struct RawExecToolCallOutput {
     pub exit_status: ExitStatus,
@@ -352,90 +254,6 @@ async fn exec(
     consume_truncated_output(child, ctrl_c, timeout_ms).await
 }
 
-#[derive(Debug, Clone, Copy)]
-pub enum StdioPolicy {
-    RedirectForShellTool,
-    Inherit,
-}
-
-/// Spawns the appropriate child process for the ExecParams and SandboxPolicy,
-/// ensuring the args and environment variables used to create the `Command`
-/// (and `Child`) honor the configuration.
-///
-/// For now, we take `SandboxPolicy` as a parameter to spawn_child() because
-/// we need to determine whether to set the
-/// `CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR` environment variable.
-async fn spawn_child_async(
-    program: PathBuf,
-    args: Vec<String>,
-    #[cfg_attr(not(unix), allow(unused_variables))] arg0: Option<&str>,
-    cwd: PathBuf,
-    sandbox_policy: &SandboxPolicy,
-    stdio_policy: StdioPolicy,
-    env: HashMap<String, String>,
-) -> std::io::Result<Child> {
-    trace!(
-        "spawn_child_async: {program:?} {args:?} {arg0:?} {cwd:?} {sandbox_policy:?} {stdio_policy:?} {env:?}"
-    );
-
-    let mut cmd = Command::new(&program);
-    #[cfg(unix)]
-    cmd.arg0(arg0.map_or_else(|| program.to_string_lossy().to_string(), String::from));
-    cmd.args(args);
-    cmd.current_dir(cwd);
-    cmd.env_clear();
-    cmd.envs(env);
-
-    if !sandbox_policy.has_full_network_access() {
-        cmd.env(CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR, "1");
-    }
-
-    // If this Codex process dies (including being killed via SIGKILL), we want
-    // any child processes that were spawned as part of a `"shell"` tool call
-    // to also be terminated.
-
-    // This relies on prctl(2), so it only works on Linux.
-    #[cfg(target_os = "linux")]
-    unsafe {
-        cmd.pre_exec(|| {
-            // This prctl call effectively requests, "deliver SIGTERM when my
-            // current parent dies."
-            if libc::prctl(libc::PR_SET_PDEATHSIG, libc::SIGTERM) == -1 {
-                return Err(io::Error::last_os_error());
-            }
-
-            // Though if there was a race condition and this pre_exec() block is
-            // run _after_ the parent (i.e., the Codex process) has already
-            // exited, then the parent is the _init_ process (which will never
-            // die), so we should just terminate the child process now.
-            if libc::getppid() == 1 {
-                libc::raise(libc::SIGTERM);
-            }
-            Ok(())
-        });
-    }
-
-    match stdio_policy {
-        StdioPolicy::RedirectForShellTool => {
-            // Do not create a file descriptor for stdin because otherwise some
-            // commands may hang forever waiting for input. For example, ripgrep has
-            // a heuristic where it may try to read from stdin as explained here:
-            // https://github.com/BurntSushi/ripgrep/blob/e2362d4d5185d02fa857bf381e7bd52e66fafc73/crates/core/flags/hiargs.rs#L1101-L1103
-            cmd.stdin(Stdio::null());
-
-            cmd.stdout(Stdio::piped()).stderr(Stdio::piped());
-        }
-        StdioPolicy::Inherit => {
-            // Inherit stdin, stdout, and stderr from the parent process.
-            cmd.stdin(Stdio::inherit())
-                .stdout(Stdio::inherit())
-                .stderr(Stdio::inherit());
-        }
-    }
-
-    cmd.kill_on_drop(true).spawn()
-}
-
 /// Consumes the output of a child process, truncating it so it is suitable for
 /// use as the output of a `shell` tool call. Also enforces specified timeout.
 pub(crate) async fn consume_truncated_output(

codex-rs/core/src/git_info.rs

@@ -111,9 +111,14 @@ mod tests {
     // Helper function to create a test git repository
     async fn create_test_git_repo(temp_dir: &TempDir) -> PathBuf {
         let repo_path = temp_dir.path().to_path_buf();
+        let envs = vec![
+            ("GIT_CONFIG_GLOBAL", "/dev/null"),
+            ("GIT_CONFIG_NOSYSTEM", "1"),
+        ];
 
         // Initialize git repo
         Command::new("git")
+            .envs(envs.clone())
             .args(["init"])
             .current_dir(&repo_path)
             .output()
@@ -122,6 +127,7 @@ mod tests {
 
         // Configure git user (required for commits)
         Command::new("git")
+            .envs(envs.clone())
             .args(["config", "user.name", "Test User"])
             .current_dir(&repo_path)
             .output()
@@ -129,6 +135,7 @@ mod tests {
             .expect("Failed to set git user name");
 
         Command::new("git")
+            .envs(envs.clone())
             .args(["config", "user.email", "test@example.com"])
             .current_dir(&repo_path)
             .output()
@@ -140,6 +147,7 @@ mod tests {
         fs::write(&test_file, "test content").expect("Failed to write test file");
 
         Command::new("git")
+            .envs(envs.clone())
             .args(["add", "."])
             .current_dir(&repo_path)
             .output()
@@ -147,6 +155,7 @@ mod tests {
             .expect("Failed to add files");
 
         Command::new("git")
+            .envs(envs.clone())
             .args(["commit", "-m", "Initial commit"])
             .current_dir(&repo_path)
             .output()

codex-rs/core/src/lib.rs

@@ -30,16 +30,20 @@ mod message_history;
 mod model_provider_info;
 pub use model_provider_info::ModelProviderInfo;
 pub use model_provider_info::WireApi;
+pub use model_provider_info::built_in_model_providers;
 mod models;
-pub mod openai_api_key;
 mod openai_model_info;
 mod openai_tools;
+pub mod plan_tool;
 mod project_doc;
 pub mod protocol;
 mod rollout;
 mod safety;
+pub mod seatbelt;
 pub mod shell;
+pub mod spawn;
 mod user_notification;
 pub mod util;
 
+pub use apply_patch::CODEX_APPLY_PATCH_ARG1;
 pub use client_common::model_supports_reasoning_summaries;

codex-rs/core/src/mcp_tool_call.rs

@@ -1,4 +1,5 @@
 use std::time::Duration;
+use std::time::Instant;
 
 use tracing::error;
 
@@ -7,6 +8,7 @@ use crate::models::FunctionCallOutputPayload;
 use crate::models::ResponseInputItem;
 use crate::protocol::Event;
 use crate::protocol::EventMsg;
+use crate::protocol::McpInvocation;
 use crate::protocol::McpToolCallBeginEvent;
 use crate::protocol::McpToolCallEndEvent;
 
@@ -41,21 +43,28 @@ pub(crate) async fn handle_mcp_tool_call(
         }
     };
 
-    let tool_call_begin_event = EventMsg::McpToolCallBegin(McpToolCallBeginEvent {
-        call_id: call_id.clone(),
+    let invocation = McpInvocation {
         server: server.clone(),
         tool: tool_name.clone(),
         arguments: arguments_value.clone(),
+    };
+
+    let tool_call_begin_event = EventMsg::McpToolCallBegin(McpToolCallBeginEvent {
+        call_id: call_id.clone(),
+        invocation: invocation.clone(),
     });
     notify_mcp_tool_call_event(sess, sub_id, tool_call_begin_event).await;
 
+    let start = Instant::now();
     // Perform the tool call.
     let result = sess
-        .call_tool(&server, &tool_name, arguments_value, timeout)
+        .call_tool(&server, &tool_name, arguments_value.clone(), timeout)
         .await
         .map_err(|e| format!("tool call error: {e}"));
     let tool_call_end_event = EventMsg::McpToolCallEnd(McpToolCallEndEvent {
         call_id: call_id.clone(),
+        invocation,
+        duration: start.elapsed(),
         result: result.clone(),
     });
 

codex-rs/core/src/model_provider_info.rs

@@ -12,11 +12,6 @@ use std::env::VarError;
 use std::time::Duration;
 
 use crate::error::EnvVarError;
-use crate::openai_api_key::get_openai_api_key;
-
-/// Value for the `OpenAI-Originator` header that is sent with requests to
-/// OpenAI.
-const OPENAI_ORIGINATOR_HEADER: &str = "codex_cli_rs";
 const DEFAULT_STREAM_IDLE_TIMEOUT_MS: u64 = 300_000;
 const DEFAULT_STREAM_MAX_RETRIES: u64 = 10;
 const DEFAULT_REQUEST_MAX_RETRIES: u64 = 4;
@@ -30,7 +25,7 @@ const DEFAULT_REQUEST_MAX_RETRIES: u64 = 4;
 #[derive(Debug, Clone, Copy, Default, PartialEq, Eq, Serialize, Deserialize)]
 #[serde(rename_all = "lowercase")]
 pub enum WireApi {
-    /// The experimental "Responses" API exposed by OpenAI at `/v1/responses`.
+    /// The Responses API exposed by OpenAI at `/v1/responses`.
     Responses,
 
     /// Regular Chat Completions compatible with `/v1/chat/completions`.
@@ -44,7 +39,7 @@ pub struct ModelProviderInfo {
     /// Friendly display name.
     pub name: String,
     /// Base URL for the provider's OpenAI-compatible API.
-    pub base_url: String,
+    pub base_url: Option<String>,
     /// Environment variable that stores the user's API key for this provider.
     pub env_key: Option<String>,
 
@@ -78,6 +73,10 @@ pub struct ModelProviderInfo {
     /// Idle timeout (in milliseconds) to wait for activity on a streaming response before treating
     /// the connection as lost.
     pub stream_idle_timeout_ms: Option<u64>,
+
+    /// Whether this provider requires some form of standard authentication (API key, ChatGPT token).
+    #[serde(default)]
+    pub requires_auth: bool,
 }
 
 impl ModelProviderInfo {
@@ -93,11 +92,11 @@ impl ModelProviderInfo {
         &'a self,
         client: &'a reqwest::Client,
     ) -> crate::error::Result<reqwest::RequestBuilder> {
-        let api_key = self.api_key()?;
-
         let url = self.get_full_url();
 
         let mut builder = client.post(url);
+
+        let api_key = self.api_key()?;
         if let Some(key) = api_key {
             builder = builder.bearer_auth(key);
         }
@@ -117,9 +116,15 @@ impl ModelProviderInfo {
                     .join("&");
                 format!("?{full_params}")
             });
-        let base_url = &self.base_url;
+        let base_url = self
+            .base_url
+            .clone()
+            .unwrap_or("https://api.openai.com/v1".to_string());
+
         match self.wire_api {
-            WireApi::Responses => format!("{base_url}/responses{query_string}"),
+            WireApi::Responses => {
+                format!("{base_url}/responses{query_string}")
+            }
             WireApi::Chat => format!("{base_url}/chat/completions{query_string}"),
         }
     }
@@ -127,7 +132,10 @@ impl ModelProviderInfo {
     /// Apply provider-specific HTTP headers (both static and environment-based)
     /// onto an existing `reqwest::RequestBuilder` and return the updated
     /// builder.
-    fn apply_http_headers(&self, mut builder: reqwest::RequestBuilder) -> reqwest::RequestBuilder {
+    pub fn apply_http_headers(
+        &self,
+        mut builder: reqwest::RequestBuilder,
+    ) -> reqwest::RequestBuilder {
         if let Some(extra) = &self.http_headers {
             for (k, v) in extra {
                 builder = builder.header(k, v);
@@ -152,11 +160,7 @@ impl ModelProviderInfo {
     fn api_key(&self) -> crate::error::Result<Option<String>> {
         match &self.env_key {
             Some(env_key) => {
-                let env_value = if env_key == crate::openai_api_key::OPENAI_API_KEY_ENV_VAR {
-                    get_openai_api_key().map_or_else(|| Err(VarError::NotPresent), Ok)
-                } else {
-                    std::env::var(env_key)
-                };
+                let env_value = std::env::var(env_key);
                 env_value
                     .and_then(|v| {
                         if v.trim().is_empty() {
@@ -204,47 +208,45 @@ pub fn built_in_model_providers() -> HashMap<String, ModelProviderInfo> {
     // providers are bundled with Codex CLI, so we only include the OpenAI
     // provider by default. Users are encouraged to add to `model_providers`
     // in config.toml to add their own providers.
-    [
-        (
-            "openai",
-            P {
-                name: "OpenAI".into(),
-                // Allow users to override the default OpenAI endpoint by
-                // exporting `OPENAI_BASE_URL`. This is useful when pointing
-                // Codex at a proxy, mock server, or Azure-style deployment
-                // without requiring a full TOML override for the built-in
-                // OpenAI provider.
-                base_url: std::env::var("OPENAI_BASE_URL")
-                    .ok()
-                    .filter(|v| !v.trim().is_empty())
-                    .unwrap_or_else(|| "https://api.openai.com/v1".to_string()),
-                env_key: Some("OPENAI_API_KEY".into()),
-                env_key_instructions: Some("Create an API key (https://platform.openai.com) and export it as an environment variable.".into()),
-                wire_api: WireApi::Responses,
-                query_params: None,
-                http_headers: Some(
-                    [
-                        ("originator".to_string(), OPENAI_ORIGINATOR_HEADER.to_string()),
-                        ("version".to_string(), env!("CARGO_PKG_VERSION").to_string()),
-                    ]
-                        .into_iter()
-                        .collect(),
-                ),
-                env_http_headers: Some(
-                    [
-                        ("OpenAI-Organization".to_string(), "OPENAI_ORGANIZATION".to_string()),
-                        ("OpenAI-Project".to_string(), "OPENAI_PROJECT".to_string()),
-                    ]
-                        .into_iter()
-                        .collect(),
-                ),
-                // Use global defaults for retry/timeout unless overridden in config.toml.
-                request_max_retries: None,
-                stream_max_retries: None,
-                stream_idle_timeout_ms: None,
-            },
-        ),
-    ]
+    [(
+        "openai",
+        P {
+            name: "OpenAI".into(),
+            // Allow users to override the default OpenAI endpoint by
+            // exporting `OPENAI_BASE_URL`. This is useful when pointing
+            // Codex at a proxy, mock server, or Azure-style deployment
+            // without requiring a full TOML override for the built-in
+            // OpenAI provider.
+            base_url: std::env::var("OPENAI_BASE_URL")
+                .ok()
+                .filter(|v| !v.trim().is_empty()),
+            env_key: None,
+            env_key_instructions: None,
+            wire_api: WireApi::Responses,
+            query_params: None,
+            http_headers: Some(
+                [("version".to_string(), env!("CARGO_PKG_VERSION").to_string())]
+                    .into_iter()
+                    .collect(),
+            ),
+            env_http_headers: Some(
+                [
+                    (
+                        "OpenAI-Organization".to_string(),
+                        "OPENAI_ORGANIZATION".to_string(),
+                    ),
+                    ("OpenAI-Project".to_string(), "OPENAI_PROJECT".to_string()),
+                ]
+                .into_iter()
+                .collect(),
+            ),
+            // Use global defaults for retry/timeout unless overridden in config.toml.
+            request_max_retries: None,
+            stream_max_retries: None,
+            stream_idle_timeout_ms: None,
+            requires_auth: true,
+        },
+    )]
     .into_iter()
     .map(|(k, v)| (k.to_string(), v))
     .collect()
@@ -264,7 +266,7 @@ base_url = "http://localhost:11434/v1"
         "#;
         let expected_provider = ModelProviderInfo {
             name: "Ollama".into(),
-            base_url: "http://localhost:11434/v1".into(),
+            base_url: Some("http://localhost:11434/v1".into()),
             env_key: None,
             env_key_instructions: None,
             wire_api: WireApi::Chat,
@@ -274,6 +276,7 @@ base_url = "http://localhost:11434/v1"
             request_max_retries: None,
             stream_max_retries: None,
             stream_idle_timeout_ms: None,
+            requires_auth: false,
         };
 
         let provider: ModelProviderInfo = toml::from_str(azure_provider_toml).unwrap();
@@ -290,7 +293,7 @@ query_params = { api-version = "2025-04-01-preview" }
         "#;
         let expected_provider = ModelProviderInfo {
             name: "Azure".into(),
-            base_url: "https://xxxxx.openai.azure.com/openai".into(),
+            base_url: Some("https://xxxxx.openai.azure.com/openai".into()),
             env_key: Some("AZURE_OPENAI_API_KEY".into()),
             env_key_instructions: None,
             wire_api: WireApi::Chat,
@@ -302,6 +305,7 @@ query_params = { api-version = "2025-04-01-preview" }
             request_max_retries: None,
             stream_max_retries: None,
             stream_idle_timeout_ms: None,
+            requires_auth: false,
         };
 
         let provider: ModelProviderInfo = toml::from_str(azure_provider_toml).unwrap();
@@ -319,7 +323,7 @@ env_http_headers = { "X-Example-Env-Header" = "EXAMPLE_ENV_VAR" }
         "#;
         let expected_provider = ModelProviderInfo {
             name: "Example".into(),
-            base_url: "https://example.com".into(),
+            base_url: Some("https://example.com".into()),
             env_key: Some("API_KEY".into()),
             env_key_instructions: None,
             wire_api: WireApi::Chat,
@@ -333,6 +337,7 @@ env_http_headers = { "X-Example-Env-Header" = "EXAMPLE_ENV_VAR" }
             request_max_retries: None,
             stream_max_retries: None,
             stream_idle_timeout_ms: None,
+            requires_auth: false,
         };
 
         let provider: ModelProviderInfo = toml::from_str(azure_provider_toml).unwrap();

codex-rs/core/src/openai_api_key.rs

@@ -1,24 +0,0 @@
-use std::env;
-use std::sync::LazyLock;
-use std::sync::RwLock;
-
-pub const OPENAI_API_KEY_ENV_VAR: &str = "OPENAI_API_KEY";
-
-static OPENAI_API_KEY: LazyLock<RwLock<Option<String>>> = LazyLock::new(|| {
-    let val = env::var(OPENAI_API_KEY_ENV_VAR)
-        .ok()
-        .and_then(|s| if s.is_empty() { None } else { Some(s) });
-    RwLock::new(val)
-});
-
-pub fn get_openai_api_key() -> Option<String> {
-    #![allow(clippy::unwrap_used)]
-    OPENAI_API_KEY.read().unwrap().clone()
-}
-
-pub fn set_openai_api_key(value: String) {
-    #![allow(clippy::unwrap_used)]
-    if !value.is_empty() {
-        *OPENAI_API_KEY.write().unwrap() = Some(value);
-    }
-}

codex-rs/core/src/openai_tools.rs

@@ -4,13 +4,14 @@ use std::collections::BTreeMap;
 use std::sync::LazyLock;
 
 use crate::client_common::Prompt;
+use crate::plan_tool::PLAN_TOOL;
 
 #[derive(Debug, Clone, Serialize)]
 pub(crate) struct ResponsesApiTool {
-    name: &'static str,
-    description: &'static str,
-    strict: bool,
-    parameters: JsonSchema,
+    pub(crate) name: &'static str,
+    pub(crate) description: &'static str,
+    pub(crate) strict: bool,
+    pub(crate) parameters: JsonSchema,
 }
 
 /// When serialized as JSON, this produces a valid "Tool" in the OpenAI
@@ -74,6 +75,7 @@ static DEFAULT_CODEX_MODEL_TOOLS: LazyLock<Vec<OpenAiTool>> =
 pub(crate) fn create_tools_json_for_responses_api(
     prompt: &Prompt,
     model: &str,
+    include_plan_tool: bool,
 ) -> crate::error::Result<Vec<serde_json::Value>> {
     // Assemble tool list: built-in tools + any extra tools from the prompt.
     let default_tools = if model.starts_with("codex") {
@@ -93,6 +95,10 @@ pub(crate) fn create_tools_json_for_responses_api(
             .map(|(name, tool)| mcp_tool_to_openai_tool(name, tool)),
     );
 
+    if include_plan_tool {
+        tools_json.push(serde_json::to_value(PLAN_TOOL.clone())?);
+    }
+
     Ok(tools_json)
 }
 
@@ -102,10 +108,12 @@ pub(crate) fn create_tools_json_for_responses_api(
 pub(crate) fn create_tools_json_for_chat_completions_api(
     prompt: &Prompt,
     model: &str,
+    include_plan_tool: bool,
 ) -> crate::error::Result<Vec<serde_json::Value>> {
     // We start with the JSON for the Responses API and than rewrite it to match
     // the chat completions tool call format.
-    let responses_api_tools_json = create_tools_json_for_responses_api(prompt, model)?;
+    let responses_api_tools_json =
+        create_tools_json_for_responses_api(prompt, model, include_plan_tool)?;
     let tools_json = responses_api_tools_json
         .into_iter()
         .filter_map(|mut tool| {

codex-rs/core/src/plan_tool.rs

@@ -0,0 +1,126 @@
+use std::collections::BTreeMap;
+use std::sync::LazyLock;
+
+use serde::Deserialize;
+use serde::Serialize;
+
+use crate::codex::Session;
+use crate::models::FunctionCallOutputPayload;
+use crate::models::ResponseInputItem;
+use crate::openai_tools::JsonSchema;
+use crate::openai_tools::OpenAiTool;
+use crate::openai_tools::ResponsesApiTool;
+use crate::protocol::Event;
+use crate::protocol::EventMsg;
+
+// Types for the TODO tool arguments matching codex-vscode/todo-mcp/src/main.rs
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[serde(rename_all = "snake_case")]
+pub enum StepStatus {
+    Pending,
+    InProgress,
+    Completed,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[serde(deny_unknown_fields)]
+pub struct PlanItemArg {
+    pub step: String,
+    pub status: StepStatus,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[serde(deny_unknown_fields)]
+pub struct UpdatePlanArgs {
+    #[serde(default)]
+    pub explanation: Option<String>,
+    pub plan: Vec<PlanItemArg>,
+}
+
+pub(crate) static PLAN_TOOL: LazyLock<OpenAiTool> = LazyLock::new(|| {
+    let mut plan_item_props = BTreeMap::new();
+    plan_item_props.insert("step".to_string(), JsonSchema::String);
+    plan_item_props.insert("status".to_string(), JsonSchema::String);
+
+    let plan_items_schema = JsonSchema::Array {
+        items: Box::new(JsonSchema::Object {
+            properties: plan_item_props,
+            required: &["step", "status"],
+            additional_properties: false,
+        }),
+    };
+
+    let mut properties = BTreeMap::new();
+    properties.insert("explanation".to_string(), JsonSchema::String);
+    properties.insert("plan".to_string(), plan_items_schema);
+
+    OpenAiTool::Function(ResponsesApiTool {
+        name: "update_plan",
+        description: r#"Use the update_plan tool to keep the user updated on the current plan for the task.
+After understanding the user's task, call the update_plan tool with an initial plan. An example of a plan:
+1. Explore the codebase to find relevant files (status: in_progress)
+2. Implement the feature in the XYZ component (status: pending)
+3. Commit changes and make a pull request (status: pending)
+Each step should be a short, 1-sentence description.
+Until all the steps are finished, there should always be exactly one in_progress step in the plan.
+Call the update_plan tool whenever you finish a step, marking the completed step as `completed` and marking the next step as `in_progress`.
+Before running a command, consider whether or not you have completed the previous step, and make sure to mark it as completed before moving on to the next step.
+Sometimes, you may need to change plans in the middle of a task: call `update_plan` with the updated plan and make sure to provide an `explanation` of the rationale when doing so.
+When all steps are completed, call update_plan one last time with all steps marked as `completed`."#,
+        strict: false,
+        parameters: JsonSchema::Object {
+            properties,
+            required: &["plan"],
+            additional_properties: false,
+        },
+    })
+});
+
+/// This function doesn't do anything useful. However, it gives the model a structured way to record its plan that clients can read and render.
+/// So it's the _inputs_ to this function that are useful to clients, not the outputs and neither are actually useful for the model other
+/// than forcing it to come up and document a plan (TBD how that affects performance).
+pub(crate) async fn handle_update_plan(
+    session: &Session,
+    arguments: String,
+    sub_id: String,
+    call_id: String,
+) -> ResponseInputItem {
+    match parse_update_plan_arguments(arguments, &call_id) {
+        Ok(args) => {
+            let output = ResponseInputItem::FunctionCallOutput {
+                call_id,
+                output: FunctionCallOutputPayload {
+                    content: "Plan updated".to_string(),
+                    success: Some(true),
+                },
+            };
+            session
+                .send_event(Event {
+                    id: sub_id.to_string(),
+                    msg: EventMsg::PlanUpdate(args),
+                })
+                .await;
+            output
+        }
+        Err(output) => *output,
+    }
+}
+
+fn parse_update_plan_arguments(
+    arguments: String,
+    call_id: &str,
+) -> Result<UpdatePlanArgs, Box<ResponseInputItem>> {
+    match serde_json::from_str::<UpdatePlanArgs>(&arguments) {
+        Ok(args) => Ok(args),
+        Err(e) => {
+            let output = ResponseInputItem::FunctionCallOutput {
+                call_id: call_id.to_string(),
+                output: FunctionCallOutputPayload {
+                    content: format!("failed to parse function arguments: {e}"),
+                    success: None,
+                },
+            };
+            Err(Box::new(output))
+        }
+    }
+}

codex-rs/core/src/protocol.rs

@@ -7,7 +7,8 @@ use std::collections::HashMap;
 use std::fmt;
 use std::path::Path;
 use std::path::PathBuf;
-use std::str::FromStr; // Added for FinalOutput Display implementation
+use std::str::FromStr;
+use std::time::Duration;
 
 use mcp_types::CallToolResult;
 use serde::Deserialize;
@@ -19,6 +20,7 @@ use crate::config_types::ReasoningEffort as ReasoningEffortConfig;
 use crate::config_types::ReasoningSummary as ReasoningSummaryConfig;
 use crate::message_history::HistoryEntry;
 use crate::model_provider_info::ModelProviderInfo;
+use crate::plan_tool::UpdatePlanArgs;
 
 /// Submission Queue Entry - requests from user
 #[derive(Debug, Clone, Deserialize, Serialize)]
@@ -119,6 +121,10 @@ pub enum Op {
     /// Request a single history entry identified by `log_id` + `offset`.
     GetHistoryEntryRequest { offset: usize, log_id: u64 },
 
+    /// Request the agent to summarize the current conversation context.
+    /// The agent will use its existing context (either conversation history or previous response id)
+    /// to generate a summary which will be returned as an AgentMessage event.
+    Compact,
     /// Request to shut down codex instance.
     Shutdown,
 }
@@ -335,6 +341,8 @@ pub enum EventMsg {
     /// Response to GetHistoryEntryRequest.
     GetHistoryEntryResponse(GetHistoryEntryResponseEvent),
 
+    PlanUpdate(UpdatePlanArgs),
+
     /// Notification that the agent is shutting down.
     ShutdownComplete,
 }
@@ -411,9 +419,7 @@ pub struct AgentReasoningDeltaEvent {
 }
 
 #[derive(Debug, Clone, Deserialize, Serialize)]
-pub struct McpToolCallBeginEvent {
-    /// Identifier so this can be paired with the McpToolCallEnd event.
-    pub call_id: String,
+pub struct McpInvocation {
     /// Name of the MCP server as defined in the config.
     pub server: String,
     /// Name of the tool as given by the MCP server.
@@ -422,10 +428,19 @@ pub struct McpToolCallBeginEvent {
     pub arguments: Option<serde_json::Value>,
 }
 
+#[derive(Debug, Clone, Deserialize, Serialize)]
+pub struct McpToolCallBeginEvent {
+    /// Identifier so this can be paired with the McpToolCallEnd event.
+    pub call_id: String,
+    pub invocation: McpInvocation,
+}
+
 #[derive(Debug, Clone, Deserialize, Serialize)]
 pub struct McpToolCallEndEvent {
     /// Identifier for the corresponding McpToolCallBegin that finished.
     pub call_id: String,
+    pub invocation: McpInvocation,
+    pub duration: Duration,
     /// Result of the tool call. Note this could be an error.
     pub result: Result<CallToolResult, String>,
 }

codex-rs/core/src/safety.rs

@@ -41,11 +41,13 @@ pub fn assess_patch_safety(
         }
     }
 
-    if is_write_patch_constrained_to_writable_paths(action, writable_roots, cwd) {
-        SafetyCheck::AutoApprove {
-            sandbox_type: SandboxType::None,
-        }
-    } else if policy == AskForApproval::OnFailure {
+    // Even though the patch *appears* to be constrained to writable paths, it
+    // is possible that paths in the patch are hard links to files outside the
+    // writable roots, so we should still run `apply_patch` in a sandbox in that
+    // case.
+    if is_write_patch_constrained_to_writable_paths(action, writable_roots, cwd)
+        || policy == AskForApproval::OnFailure
+    {
         // Only auto‑approve when we can actually enforce a sandbox. Otherwise
         // fall back to asking the user because the patch may touch arbitrary
         // paths outside the project.
@@ -75,9 +77,6 @@ pub fn assess_command_safety(
     sandbox_policy: &SandboxPolicy,
     approved: &HashSet<Vec<String>>,
 ) -> SafetyCheck {
-    use AskForApproval::*;
-    use SandboxPolicy::*;
-
     // A command is "trusted" because either:
     // - it belongs to a set of commands we consider "safe" by default, or
     // - the user has explicitly approved the command for this session
@@ -97,6 +96,16 @@ pub fn assess_command_safety(
         };
     }
 
+    assess_safety_for_untrusted_command(approval_policy, sandbox_policy)
+}
+
+pub(crate) fn assess_safety_for_untrusted_command(
+    approval_policy: AskForApproval,
+    sandbox_policy: &SandboxPolicy,
+) -> SafetyCheck {
+    use AskForApproval::*;
+    use SandboxPolicy::*;
+
     match (approval_policy, sandbox_policy) {
         (UnlessTrusted, _) => {
             // Even though the user may have opted into DangerFullAccess,

codex-rs/core/src/seatbelt.rs

@@ -0,0 +1,96 @@
+use std::collections::HashMap;
+use std::path::Path;
+use std::path::PathBuf;
+use tokio::process::Child;
+
+use crate::protocol::SandboxPolicy;
+use crate::spawn::StdioPolicy;
+use crate::spawn::spawn_child_async;
+
+const MACOS_SEATBELT_BASE_POLICY: &str = include_str!("seatbelt_base_policy.sbpl");
+
+/// When working with `sandbox-exec`, only consider `sandbox-exec` in `/usr/bin`
+/// to defend against an attacker trying to inject a malicious version on the
+/// PATH. If /usr/bin/sandbox-exec has been tampered with, then the attacker
+/// already has root access.
+const MACOS_PATH_TO_SEATBELT_EXECUTABLE: &str = "/usr/bin/sandbox-exec";
+
+pub async fn spawn_command_under_seatbelt(
+    command: Vec<String>,
+    sandbox_policy: &SandboxPolicy,
+    cwd: PathBuf,
+    stdio_policy: StdioPolicy,
+    env: HashMap<String, String>,
+) -> std::io::Result<Child> {
+    let args = create_seatbelt_command_args(command, sandbox_policy, &cwd);
+    let arg0 = None;
+    spawn_child_async(
+        PathBuf::from(MACOS_PATH_TO_SEATBELT_EXECUTABLE),
+        args,
+        arg0,
+        cwd,
+        sandbox_policy,
+        stdio_policy,
+        env,
+    )
+    .await
+}
+
+fn create_seatbelt_command_args(
+    command: Vec<String>,
+    sandbox_policy: &SandboxPolicy,
+    cwd: &Path,
+) -> Vec<String> {
+    let (file_write_policy, extra_cli_args) = {
+        if sandbox_policy.has_full_disk_write_access() {
+            // Allegedly, this is more permissive than `(allow file-write*)`.
+            (
+                r#"(allow file-write* (regex #"^/"))"#.to_string(),
+                Vec::<String>::new(),
+            )
+        } else {
+            let writable_roots = sandbox_policy.get_writable_roots_with_cwd(cwd);
+            let (writable_folder_policies, cli_args): (Vec<String>, Vec<String>) = writable_roots
+                .iter()
+                .enumerate()
+                .map(|(index, root)| {
+                    let param_name = format!("WRITABLE_ROOT_{index}");
+                    let policy: String = format!("(subpath (param \"{param_name}\"))");
+                    let cli_arg = format!("-D{param_name}={}", root.to_string_lossy());
+                    (policy, cli_arg)
+                })
+                .unzip();
+            if writable_folder_policies.is_empty() {
+                ("".to_string(), Vec::<String>::new())
+            } else {
+                let file_write_policy = format!(
+                    "(allow file-write*\n{}\n)",
+                    writable_folder_policies.join(" ")
+                );
+                (file_write_policy, cli_args)
+            }
+        }
+    };
+
+    let file_read_policy = if sandbox_policy.has_full_disk_read_access() {
+        "; allow read-only file operations\n(allow file-read*)"
+    } else {
+        ""
+    };
+
+    // TODO(mbolin): apply_patch calls must also honor the SandboxPolicy.
+    let network_policy = if sandbox_policy.has_full_network_access() {
+        "(allow network-outbound)\n(allow network-inbound)\n(allow system-socket)"
+    } else {
+        ""
+    };
+
+    let full_policy = format!(
+        "{MACOS_SEATBELT_BASE_POLICY}\n{file_read_policy}\n{file_write_policy}\n{network_policy}"
+    );
+    let mut seatbelt_args: Vec<String> = vec!["-p".to_string(), full_policy];
+    seatbelt_args.extend(extra_cli_args);
+    seatbelt_args.push("--".to_string());
+    seatbelt_args.extend(command);
+    seatbelt_args
+}

codex-rs/core/src/shell.rs

@@ -20,8 +20,13 @@ impl Shell {
                     return None;
                 }
 
-                let mut result = vec![zsh.shell_path.clone(), "-c".to_string()];
-                if let Ok(joined) = shlex::try_join(command.iter().map(|s| s.as_str())) {
+                let mut result = vec![zsh.shell_path.clone()];
+                result.push("-lc".to_string());
+
+                let joined = strip_bash_lc(&command)
+                    .or_else(|| shlex::try_join(command.iter().map(|s| s.as_str())).ok());
+
+                if let Some(joined) = joined {
                     result.push(format!("source {} && ({joined})", zsh.zshrc_path));
                 } else {
                     return None;
@@ -33,6 +38,19 @@ impl Shell {
     }
 }
 
+fn strip_bash_lc(command: &Vec<String>) -> Option<String> {
+    match command.as_slice() {
+        // exactly three items
+        [first, second, third]
+            // first two must be "bash", "-lc"
+            if first == "bash" && second == "-lc" =>
+        {
+            Some(third.clone())
+        }
+        _ => None,
+    }
+}
+
 #[cfg(target_os = "macos")]
 pub async fn default_user_shell() -> Shell {
     use tokio::process::Command;
@@ -119,15 +137,29 @@ mod tests {
         let cases = vec![
             (
                 vec!["myecho"],
-                vec![shell_path, "-c", "source ZSHRC_PATH && (myecho)"],
+                vec![shell_path, "-lc", "source ZSHRC_PATH && (myecho)"],
                 Some("It works!\n"),
             ),
+            (
+                vec!["myecho"],
+                vec![shell_path, "-lc", "source ZSHRC_PATH && (myecho)"],
+                Some("It works!\n"),
+            ),
+            (
+                vec!["bash", "-c", "echo 'single' \"double\""],
+                vec![
+                    shell_path,
+                    "-lc",
+                    "source ZSHRC_PATH && (bash -c \"echo 'single' \\\"double\\\"\")",
+                ],
+                Some("single double\n"),
+            ),
             (
                 vec!["bash", "-lc", "echo 'single' \"double\""],
                 vec![
                     shell_path,
-                    "-c",
-                    "source ZSHRC_PATH && (bash -lc \"echo 'single' \\\"double\\\"\")",
+                    "-lc",
+                    "source ZSHRC_PATH && (echo 'single' \"double\")",
                 ],
                 Some("single double\n"),
             ),

codex-rs/core/src/spawn.rs

@@ -0,0 +1,102 @@
+use std::collections::HashMap;
+use std::path::PathBuf;
+use std::process::Stdio;
+use tokio::process::Child;
+use tokio::process::Command;
+use tracing::trace;
+
+use crate::protocol::SandboxPolicy;
+
+/// Experimental environment variable that will be set to some non-empty value
+/// if both of the following are true:
+///
+/// 1. The process was spawned by Codex as part of a shell tool call.
+/// 2. SandboxPolicy.has_full_network_access() was false for the tool call.
+///
+/// We may try to have just one environment variable for all sandboxing
+/// attributes, so this may change in the future.
+pub const CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR: &str = "CODEX_SANDBOX_NETWORK_DISABLED";
+
+#[derive(Debug, Clone, Copy)]
+pub enum StdioPolicy {
+    RedirectForShellTool,
+    Inherit,
+}
+
+/// Spawns the appropriate child process for the ExecParams and SandboxPolicy,
+/// ensuring the args and environment variables used to create the `Command`
+/// (and `Child`) honor the configuration.
+///
+/// For now, we take `SandboxPolicy` as a parameter to spawn_child() because
+/// we need to determine whether to set the
+/// `CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR` environment variable.
+pub(crate) async fn spawn_child_async(
+    program: PathBuf,
+    args: Vec<String>,
+    #[cfg_attr(not(unix), allow(unused_variables))] arg0: Option<&str>,
+    cwd: PathBuf,
+    sandbox_policy: &SandboxPolicy,
+    stdio_policy: StdioPolicy,
+    env: HashMap<String, String>,
+) -> std::io::Result<Child> {
+    trace!(
+        "spawn_child_async: {program:?} {args:?} {arg0:?} {cwd:?} {sandbox_policy:?} {stdio_policy:?} {env:?}"
+    );
+
+    let mut cmd = Command::new(&program);
+    #[cfg(unix)]
+    cmd.arg0(arg0.map_or_else(|| program.to_string_lossy().to_string(), String::from));
+    cmd.args(args);
+    cmd.current_dir(cwd);
+    cmd.env_clear();
+    cmd.envs(env);
+
+    if !sandbox_policy.has_full_network_access() {
+        cmd.env(CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR, "1");
+    }
+
+    // If this Codex process dies (including being killed via SIGKILL), we want
+    // any child processes that were spawned as part of a `"shell"` tool call
+    // to also be terminated.
+
+    // This relies on prctl(2), so it only works on Linux.
+    #[cfg(target_os = "linux")]
+    unsafe {
+        cmd.pre_exec(|| {
+            // This prctl call effectively requests, "deliver SIGTERM when my
+            // current parent dies."
+            if libc::prctl(libc::PR_SET_PDEATHSIG, libc::SIGTERM) == -1 {
+                return Err(std::io::Error::last_os_error());
+            }
+
+            // Though if there was a race condition and this pre_exec() block is
+            // run _after_ the parent (i.e., the Codex process) has already
+            // exited, then the parent is the _init_ process (which will never
+            // die), so we should just terminate the child process now.
+            if libc::getppid() == 1 {
+                libc::raise(libc::SIGTERM);
+            }
+            Ok(())
+        });
+    }
+
+    match stdio_policy {
+        StdioPolicy::RedirectForShellTool => {
+            // Do not create a file descriptor for stdin because otherwise some
+            // commands may hang forever waiting for input. For example, ripgrep has
+            // a heuristic where it may try to read from stdin as explained here:
+            // https://github.com/BurntSushi/ripgrep/blob/e2362d4d5185d02fa857bf381e7bd52e66fafc73/crates/core/flags/hiargs.rs#L1101-L1103
+            cmd.stdin(Stdio::null());
+
+            cmd.stdout(Stdio::piped()).stderr(Stdio::piped());
+        }
+        StdioPolicy::Inherit => {
+            // Inherit stdin, stdout, and stderr from the parent process.
+            cmd.stdin(Stdio::inherit())
+                .stdout(Stdio::inherit())
+                .stderr(Stdio::inherit());
+        }
+    }
+
+    cmd.kill_on_drop(true).spawn()
+}

codex-rs/core/tests/cli_stream.rs

@@ -1,7 +1,7 @@
 #![expect(clippy::unwrap_used)]
 
 use assert_cmd::Command as AssertCommand;
-use codex_core::exec::CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR;
+use codex_core::spawn::CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR;
 use std::time::Duration;
 use std::time::Instant;
 use tempfile::TempDir;
@@ -81,6 +81,96 @@ async fn chat_mode_stream_cli() {
     server.verify().await;
 }
 
+/// Verify that passing `-c experimental_instructions_file=...` to the CLI
+/// overrides the built-in base instructions by inspecting the request body
+/// received by a mock OpenAI Responses endpoint.
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn exec_cli_applies_experimental_instructions_file() {
+    if std::env::var(CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR).is_ok() {
+        println!(
+            "Skipping test because it cannot execute when network is disabled in a Codex sandbox."
+        );
+        return;
+    }
+
+    // Start mock server which will capture the request and return a minimal
+    // SSE stream for a single turn.
+    let server = MockServer::start().await;
+    let sse = concat!(
+        "data: {\"type\":\"response.created\",\"response\":{}}\n\n",
+        "data: {\"type\":\"response.completed\",\"response\":{\"id\":\"r1\"}}\n\n"
+    );
+    Mock::given(method("POST"))
+        .and(path("/v1/responses"))
+        .respond_with(
+            ResponseTemplate::new(200)
+                .insert_header("content-type", "text/event-stream")
+                .set_body_raw(sse, "text/event-stream"),
+        )
+        .expect(1)
+        .mount(&server)
+        .await;
+
+    // Create a temporary instructions file with a unique marker we can assert
+    // appears in the outbound request payload.
+    let custom = TempDir::new().unwrap();
+    let marker = "cli-experimental-instructions-marker";
+    let custom_path = custom.path().join("instr.md");
+    std::fs::write(&custom_path, marker).unwrap();
+    let custom_path_str = custom_path.to_string_lossy().replace('\\', "/");
+
+    // Build a provider override that points at the mock server and instructs
+    // Codex to use the Responses API with the dummy env var.
+    let provider_override = format!(
+        "model_providers.mock={{ name = \"mock\", base_url = \"{}/v1\", env_key = \"PATH\", wire_api = \"responses\" }}",
+        server.uri()
+    );
+
+    let home = TempDir::new().unwrap();
+    let mut cmd = AssertCommand::new("cargo");
+    cmd.arg("run")
+        .arg("-p")
+        .arg("codex-cli")
+        .arg("--quiet")
+        .arg("--")
+        .arg("exec")
+        .arg("--skip-git-repo-check")
+        .arg("-c")
+        .arg(&provider_override)
+        .arg("-c")
+        .arg("model_provider=\"mock\"")
+        .arg("-c")
+        .arg(format!(
+            "experimental_instructions_file=\"{custom_path_str}\""
+        ))
+        .arg("-C")
+        .arg(env!("CARGO_MANIFEST_DIR"))
+        .arg("hello?\n");
+    cmd.env("CODEX_HOME", home.path())
+        .env("OPENAI_API_KEY", "dummy")
+        .env("OPENAI_BASE_URL", format!("{}/v1", server.uri()));
+
+    let output = cmd.output().unwrap();
+    println!("Status: {}", output.status);
+    println!("Stdout:\n{}", String::from_utf8_lossy(&output.stdout));
+    println!("Stderr:\n{}", String::from_utf8_lossy(&output.stderr));
+    assert!(output.status.success());
+
+    // Inspect the captured request and verify our custom base instructions were
+    // included in the `instructions` field.
+    let request = &server.received_requests().await.unwrap()[0];
+    let body = request.body_json::<serde_json::Value>().unwrap();
+    let instructions = body
+        .get("instructions")
+        .and_then(|v| v.as_str())
+        .unwrap_or_default()
+        .to_string();
+    assert!(
+        instructions.contains(marker),
+        "instructions did not contain custom marker; got: {instructions}"
+    );
+}
+
 /// Tests streaming responses through the CLI using a local SSE fixture file.
 /// This test:
 /// 1. Uses a pre-recorded SSE response fixture instead of a live server
@@ -370,9 +460,14 @@ async fn integration_git_info_unit_test() {
     // 1. Create temp directory for git repo
     let temp_dir = TempDir::new().unwrap();
     let git_repo = temp_dir.path().to_path_buf();
+    let envs = vec![
+        ("GIT_CONFIG_GLOBAL", "/dev/null"),
+        ("GIT_CONFIG_NOSYSTEM", "1"),
+    ];
 
     // 2. Initialize a git repository with some content
     let init_output = std::process::Command::new("git")
+        .envs(envs.clone())
         .args(["init"])
         .current_dir(&git_repo)
         .output()
@@ -381,12 +476,14 @@ async fn integration_git_info_unit_test() {
 
     // Configure git user (required for commits)
     std::process::Command::new("git")
+        .envs(envs.clone())
         .args(["config", "user.name", "Integration Test"])
         .current_dir(&git_repo)
         .output()
         .unwrap();
 
     std::process::Command::new("git")
+        .envs(envs.clone())
         .args(["config", "user.email", "test@example.com"])
         .current_dir(&git_repo)
         .output()
@@ -397,12 +494,14 @@ async fn integration_git_info_unit_test() {
     std::fs::write(&test_file, "integration test content").unwrap();
 
     std::process::Command::new("git")
+        .envs(envs.clone())
         .args(["add", "."])
         .current_dir(&git_repo)
         .output()
         .unwrap();
 
     let commit_output = std::process::Command::new("git")
+        .envs(envs.clone())
         .args(["commit", "-m", "Integration test commit"])
         .current_dir(&git_repo)
         .output()
@@ -411,6 +510,7 @@ async fn integration_git_info_unit_test() {
 
     // Create a branch to test branch detection
     std::process::Command::new("git")
+        .envs(envs.clone())
         .args(["checkout", "-b", "integration-test-branch"])
         .current_dir(&git_repo)
         .output()
@@ -418,6 +518,7 @@ async fn integration_git_info_unit_test() {
 
     // Add a remote to test repository URL detection
     std::process::Command::new("git")
+        .envs(envs.clone())
         .args([
             "remote",
             "add",

codex-rs/core/tests/client.rs

@@ -1,11 +1,19 @@
+use std::path::PathBuf;
+
+use chrono::Utc;
 use codex_core::Codex;
 use codex_core::CodexSpawnOk;
 use codex_core::ModelProviderInfo;
-use codex_core::exec::CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR;
+use codex_core::built_in_model_providers;
 use codex_core::protocol::EventMsg;
 use codex_core::protocol::InputItem;
 use codex_core::protocol::Op;
 use codex_core::protocol::SessionConfiguredEvent;
+use codex_core::spawn::CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR;
+use codex_login::AuthDotJson;
+use codex_login::AuthMode;
+use codex_login::CodexAuth;
+use codex_login::TokenData;
 use core_test_support::load_default_config_for_test;
 use core_test_support::load_sse_fixture_with_id;
 use core_test_support::wait_for_event;
@@ -48,32 +56,23 @@ async fn includes_session_id_and_model_headers_in_request() {
         .await;
 
     let model_provider = ModelProviderInfo {
-        name: "openai".into(),
-        base_url: format!("{}/v1", server.uri()),
-        // Environment variable that should exist in the test environment.
-        // ModelClient will return an error if the environment variable for the
-        // provider is not set.
-        env_key: Some("PATH".into()),
-        env_key_instructions: None,
-        wire_api: codex_core::WireApi::Responses,
-        query_params: None,
-        http_headers: Some(
-            [("originator".to_string(), "codex_cli_rs".to_string())]
-                .into_iter()
-                .collect(),
-        ),
-        env_http_headers: None,
-        request_max_retries: Some(0),
-        stream_max_retries: Some(0),
-        stream_idle_timeout_ms: None,
+        base_url: Some(format!("{}/v1", server.uri())),
+        ..built_in_model_providers()["openai"].clone()
     };
 
     // Init session
     let codex_home = TempDir::new().unwrap();
     let mut config = load_default_config_for_test(&codex_home);
     config.model_provider = model_provider;
+
     let ctrl_c = std::sync::Arc::new(tokio::sync::Notify::new());
-    let CodexSpawnOk { codex, .. } = Codex::spawn(config, ctrl_c.clone()).await.unwrap();
+    let CodexSpawnOk { codex, .. } = Codex::spawn(
+        config,
+        Some(CodexAuth::from_api_key("Test API Key".to_string())),
+        ctrl_c.clone(),
+    )
+    .await
+    .unwrap();
 
     codex
         .submit(Op::UserInput {
@@ -95,15 +94,20 @@ async fn includes_session_id_and_model_headers_in_request() {
 
     // get request from the server
     let request = &server.received_requests().await.unwrap()[0];
-    let request_body = request.headers.get("session_id").unwrap();
-    let originator = request.headers.get("originator").unwrap();
+    let request_session_id = request.headers.get("session_id").unwrap();
+    let request_authorization = request.headers.get("authorization").unwrap();
+    let request_originator = request.headers.get("originator").unwrap();
 
     assert!(current_session_id.is_some());
     assert_eq!(
-        request_body.to_str().unwrap(),
+        request_session_id.to_str().unwrap(),
         current_session_id.as_ref().unwrap()
     );
-    assert_eq!(originator.to_str().unwrap(), "codex_cli_rs");
+    assert_eq!(request_originator.to_str().unwrap(), "codex_cli_rs");
+    assert_eq!(
+        request_authorization.to_str().unwrap(),
+        "Bearer Test API Key"
+    );
 }
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
@@ -126,22 +130,9 @@ async fn includes_base_instructions_override_in_request() {
         .await;
 
     let model_provider = ModelProviderInfo {
-        name: "openai".into(),
-        base_url: format!("{}/v1", server.uri()),
-        // Environment variable that should exist in the test environment.
-        // ModelClient will return an error if the environment variable for the
-        // provider is not set.
-        env_key: Some("PATH".into()),
-        env_key_instructions: None,
-        wire_api: codex_core::WireApi::Responses,
-        query_params: None,
-        http_headers: None,
-        env_http_headers: None,
-        request_max_retries: Some(0),
-        stream_max_retries: Some(0),
-        stream_idle_timeout_ms: None,
+        base_url: Some(format!("{}/v1", server.uri())),
+        ..built_in_model_providers()["openai"].clone()
     };
-
     let codex_home = TempDir::new().unwrap();
     let mut config = load_default_config_for_test(&codex_home);
 
@@ -149,7 +140,13 @@ async fn includes_base_instructions_override_in_request() {
     config.model_provider = model_provider;
 
     let ctrl_c = std::sync::Arc::new(tokio::sync::Notify::new());
-    let CodexSpawnOk { codex, .. } = Codex::spawn(config, ctrl_c.clone()).await.unwrap();
+    let CodexSpawnOk { codex, .. } = Codex::spawn(
+        config,
+        Some(CodexAuth::from_api_key("Test API Key".to_string())),
+        ctrl_c.clone(),
+    )
+    .await
+    .unwrap();
 
     codex
         .submit(Op::UserInput {
@@ -172,3 +169,227 @@ async fn includes_base_instructions_override_in_request() {
             .contains("test instructions")
     );
 }
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn originator_config_override_is_used() {
+    #![allow(clippy::unwrap_used)]
+
+    // Mock server
+    let server = MockServer::start().await;
+
+    let first = ResponseTemplate::new(200)
+        .insert_header("content-type", "text/event-stream")
+        .set_body_raw(sse_completed("resp1"), "text/event-stream");
+
+    Mock::given(method("POST"))
+        .and(path("/v1/responses"))
+        .respond_with(first)
+        .expect(1)
+        .mount(&server)
+        .await;
+
+    let model_provider = ModelProviderInfo {
+        base_url: Some(format!("{}/v1", server.uri())),
+        ..built_in_model_providers()["openai"].clone()
+    };
+
+    let codex_home = TempDir::new().unwrap();
+    let mut config = load_default_config_for_test(&codex_home);
+    config.model_provider = model_provider;
+    config.internal_originator = Some("my_override".to_string());
+
+    let ctrl_c = std::sync::Arc::new(tokio::sync::Notify::new());
+    let CodexSpawnOk { codex, .. } = Codex::spawn(
+        config,
+        Some(CodexAuth::from_api_key("Test API Key".to_string())),
+        ctrl_c.clone(),
+    )
+    .await
+    .unwrap();
+
+    codex
+        .submit(Op::UserInput {
+            items: vec![InputItem::Text {
+                text: "hello".into(),
+            }],
+        })
+        .await
+        .unwrap();
+
+    wait_for_event(&codex, |ev| matches!(ev, EventMsg::TaskComplete(_))).await;
+
+    let request = &server.received_requests().await.unwrap()[0];
+    let request_originator = request.headers.get("originator").unwrap();
+    assert_eq!(request_originator.to_str().unwrap(), "my_override");
+}
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn chatgpt_auth_sends_correct_request() {
+    #![allow(clippy::unwrap_used)]
+
+    if std::env::var(CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR).is_ok() {
+        println!(
+            "Skipping test because it cannot execute when network is disabled in a Codex sandbox."
+        );
+        return;
+    }
+
+    // Mock server
+    let server = MockServer::start().await;
+
+    // First request – must NOT include `previous_response_id`.
+    let first = ResponseTemplate::new(200)
+        .insert_header("content-type", "text/event-stream")
+        .set_body_raw(sse_completed("resp1"), "text/event-stream");
+
+    Mock::given(method("POST"))
+        .and(path("/api/codex/responses"))
+        .respond_with(first)
+        .expect(1)
+        .mount(&server)
+        .await;
+
+    let model_provider = ModelProviderInfo {
+        base_url: Some(format!("{}/api/codex", server.uri())),
+        ..built_in_model_providers()["openai"].clone()
+    };
+
+    // Init session
+    let codex_home = TempDir::new().unwrap();
+    let mut config = load_default_config_for_test(&codex_home);
+    config.model_provider = model_provider;
+    let ctrl_c = std::sync::Arc::new(tokio::sync::Notify::new());
+    let CodexSpawnOk { codex, .. } = Codex::spawn(
+        config,
+        Some(auth_from_token("Access Token".to_string())),
+        ctrl_c.clone(),
+    )
+    .await
+    .unwrap();
+
+    codex
+        .submit(Op::UserInput {
+            items: vec![InputItem::Text {
+                text: "hello".into(),
+            }],
+        })
+        .await
+        .unwrap();
+
+    let EventMsg::SessionConfigured(SessionConfiguredEvent { session_id, .. }) =
+        wait_for_event(&codex, |ev| matches!(ev, EventMsg::SessionConfigured(_))).await
+    else {
+        unreachable!()
+    };
+
+    let current_session_id = Some(session_id.to_string());
+    wait_for_event(&codex, |ev| matches!(ev, EventMsg::TaskComplete(_))).await;
+
+    // get request from the server
+    let request = &server.received_requests().await.unwrap()[0];
+    let request_session_id = request.headers.get("session_id").unwrap();
+    let request_authorization = request.headers.get("authorization").unwrap();
+    let request_originator = request.headers.get("originator").unwrap();
+    let request_chatgpt_account_id = request.headers.get("chatgpt-account-id").unwrap();
+    let request_body = request.body_json::<serde_json::Value>().unwrap();
+
+    assert!(current_session_id.is_some());
+    assert_eq!(
+        request_session_id.to_str().unwrap(),
+        current_session_id.as_ref().unwrap()
+    );
+    assert_eq!(request_originator.to_str().unwrap(), "codex_cli_rs");
+    assert_eq!(
+        request_authorization.to_str().unwrap(),
+        "Bearer Access Token"
+    );
+    assert_eq!(request_chatgpt_account_id.to_str().unwrap(), "account_id");
+    assert!(!request_body["store"].as_bool().unwrap());
+    assert!(request_body["stream"].as_bool().unwrap());
+    assert_eq!(
+        request_body["include"][0].as_str().unwrap(),
+        "reasoning.encrypted_content"
+    );
+}
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn includes_user_instructions_message_in_request() {
+    #![allow(clippy::unwrap_used)]
+
+    let server = MockServer::start().await;
+
+    let first = ResponseTemplate::new(200)
+        .insert_header("content-type", "text/event-stream")
+        .set_body_raw(sse_completed("resp1"), "text/event-stream");
+
+    Mock::given(method("POST"))
+        .and(path("/v1/responses"))
+        .respond_with(first)
+        .expect(1)
+        .mount(&server)
+        .await;
+
+    let model_provider = ModelProviderInfo {
+        base_url: Some(format!("{}/v1", server.uri())),
+        ..built_in_model_providers()["openai"].clone()
+    };
+
+    let codex_home = TempDir::new().unwrap();
+    let mut config = load_default_config_for_test(&codex_home);
+    config.model_provider = model_provider;
+    config.user_instructions = Some("be nice".to_string());
+
+    let ctrl_c = std::sync::Arc::new(tokio::sync::Notify::new());
+    let CodexSpawnOk { codex, .. } = Codex::spawn(
+        config,
+        Some(CodexAuth::from_api_key("Test API Key".to_string())),
+        ctrl_c.clone(),
+    )
+    .await
+    .unwrap();
+
+    codex
+        .submit(Op::UserInput {
+            items: vec![InputItem::Text {
+                text: "hello".into(),
+            }],
+        })
+        .await
+        .unwrap();
+
+    wait_for_event(&codex, |ev| matches!(ev, EventMsg::TaskComplete(_))).await;
+
+    let request = &server.received_requests().await.unwrap()[0];
+    let request_body = request.body_json::<serde_json::Value>().unwrap();
+
+    assert!(
+        !request_body["instructions"]
+            .as_str()
+            .unwrap()
+            .contains("be nice")
+    );
+    assert_eq!(request_body["input"][0]["role"], "user");
+    assert!(
+        request_body["input"][0]["content"][0]["text"]
+            .as_str()
+            .unwrap()
+            .starts_with("be nice")
+    );
+}
+fn auth_from_token(id_token: String) -> CodexAuth {
+    CodexAuth::new(
+        None,
+        AuthMode::ChatGPT,
+        PathBuf::new(),
+        Some(AuthDotJson {
+            openai_api_key: None,
+            tokens: Some(TokenData {
+                id_token,
+                access_token: "Access Token".to_string(),
+                refresh_token: "test".to_string(),
+                account_id: Some("account_id".to_string()),
+            }),
+            last_refresh: Some(Utc::now()),
+        }),
+    )
+}

codex-rs/core/tests/compact.rs

@@ -0,0 +1,254 @@
+#![expect(clippy::unwrap_used)]
+
+use codex_core::Codex;
+use codex_core::CodexSpawnOk;
+use codex_core::ModelProviderInfo;
+use codex_core::built_in_model_providers;
+use codex_core::protocol::EventMsg;
+use codex_core::protocol::InputItem;
+use codex_core::protocol::Op;
+use codex_core::spawn::CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR;
+use codex_login::CodexAuth;
+use core_test_support::load_default_config_for_test;
+use core_test_support::wait_for_event;
+use serde_json::Value;
+use tempfile::TempDir;
+use wiremock::Mock;
+use wiremock::MockServer;
+use wiremock::ResponseTemplate;
+use wiremock::matchers::method;
+use wiremock::matchers::path;
+
+use pretty_assertions::assert_eq;
+
+// --- Test helpers -----------------------------------------------------------
+
+/// Build an SSE stream body from a list of JSON events.
+fn sse(events: Vec<Value>) -> String {
+    use std::fmt::Write as _;
+    let mut out = String::new();
+    for ev in events {
+        let kind = ev.get("type").and_then(|v| v.as_str()).unwrap();
+        writeln!(&mut out, "event: {kind}").unwrap();
+        if !ev.as_object().map(|o| o.len() == 1).unwrap_or(false) {
+            write!(&mut out, "data: {ev}\n\n").unwrap();
+        } else {
+            out.push('\n');
+        }
+    }
+    out
+}
+
+/// Convenience: SSE event for a completed response with a specific id.
+fn ev_completed(id: &str) -> Value {
+    serde_json::json!({
+        "type": "response.completed",
+        "response": {
+            "id": id,
+            "usage": {"input_tokens":0,"input_tokens_details":null,"output_tokens":0,"output_tokens_details":null,"total_tokens":0}
+        }
+    })
+}
+
+/// Convenience: SSE event for a single assistant message output item.
+fn ev_assistant_message(id: &str, text: &str) -> Value {
+    serde_json::json!({
+        "type": "response.output_item.done",
+        "item": {
+            "type": "message",
+            "role": "assistant",
+            "id": id,
+            "content": [{"type": "output_text", "text": text}]
+        }
+    })
+}
+
+fn sse_response(body: String) -> ResponseTemplate {
+    ResponseTemplate::new(200)
+        .insert_header("content-type", "text/event-stream")
+        .set_body_raw(body, "text/event-stream")
+}
+
+async fn mount_sse_once<M>(server: &MockServer, matcher: M, body: String)
+where
+    M: wiremock::Match + Send + Sync + 'static,
+{
+    Mock::given(method("POST"))
+        .and(path("/v1/responses"))
+        .and(matcher)
+        .respond_with(sse_response(body))
+        .expect(1)
+        .mount(server)
+        .await;
+}
+
+const FIRST_REPLY: &str = "FIRST_REPLY";
+const SUMMARY_TEXT: &str = "SUMMARY_ONLY_CONTEXT";
+const SUMMARIZE_TRIGGER: &str = "Start Summarization";
+const THIRD_USER_MSG: &str = "next turn";
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn summarize_context_three_requests_and_instructions() {
+    if std::env::var(CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR).is_ok() {
+        println!(
+            "Skipping test because it cannot execute when network is disabled in a Codex sandbox."
+        );
+        return;
+    }
+
+    // Set up a mock server that we can inspect after the run.
+    let server = MockServer::start().await;
+
+    // SSE 1: assistant replies normally so it is recorded in history.
+    let sse1 = sse(vec![
+        ev_assistant_message("m1", FIRST_REPLY),
+        ev_completed("r1"),
+    ]);
+
+    // SSE 2: summarizer returns a summary message.
+    let sse2 = sse(vec![
+        ev_assistant_message("m2", SUMMARY_TEXT),
+        ev_completed("r2"),
+    ]);
+
+    // SSE 3: minimal completed; we only need to capture the request body.
+    let sse3 = sse(vec![ev_completed("r3")]);
+
+    // Mount three expectations, one per request, matched by body content.
+    let first_matcher = |req: &wiremock::Request| {
+        let body = std::str::from_utf8(&req.body).unwrap_or("");
+        body.contains("\"text\":\"hello world\"")
+            && !body.contains(&format!("\"text\":\"{SUMMARIZE_TRIGGER}\""))
+    };
+    mount_sse_once(&server, first_matcher, sse1).await;
+
+    let second_matcher = |req: &wiremock::Request| {
+        let body = std::str::from_utf8(&req.body).unwrap_or("");
+        body.contains(&format!("\"text\":\"{SUMMARIZE_TRIGGER}\""))
+    };
+    mount_sse_once(&server, second_matcher, sse2).await;
+
+    let third_matcher = |req: &wiremock::Request| {
+        let body = std::str::from_utf8(&req.body).unwrap_or("");
+        body.contains(&format!("\"text\":\"{THIRD_USER_MSG}\""))
+    };
+    mount_sse_once(&server, third_matcher, sse3).await;
+
+    // Build config pointing to the mock server and spawn Codex.
+    let model_provider = ModelProviderInfo {
+        base_url: Some(format!("{}/v1", server.uri())),
+        ..built_in_model_providers()["openai"].clone()
+    };
+    let home = TempDir::new().unwrap();
+    let mut config = load_default_config_for_test(&home);
+    config.model_provider = model_provider;
+    let ctrl_c = std::sync::Arc::new(tokio::sync::Notify::new());
+    let CodexSpawnOk { codex, .. } = Codex::spawn(
+        config,
+        Some(CodexAuth::from_api_key("dummy".to_string())),
+        ctrl_c.clone(),
+    )
+    .await
+    .unwrap();
+
+    // 1) Normal user input – should hit server once.
+    codex
+        .submit(Op::UserInput {
+            items: vec![InputItem::Text {
+                text: "hello world".into(),
+            }],
+        })
+        .await
+        .unwrap();
+    wait_for_event(&codex, |ev| matches!(ev, EventMsg::TaskComplete(_))).await;
+
+    // 2) Summarize – second hit with summarization instructions.
+    codex.submit(Op::Compact).await.unwrap();
+    wait_for_event(&codex, |ev| matches!(ev, EventMsg::TaskComplete(_))).await;
+
+    // 3) Next user input – third hit; history should include only the summary.
+    codex
+        .submit(Op::UserInput {
+            items: vec![InputItem::Text {
+                text: THIRD_USER_MSG.into(),
+            }],
+        })
+        .await
+        .unwrap();
+    wait_for_event(&codex, |ev| matches!(ev, EventMsg::TaskComplete(_))).await;
+
+    // Inspect the three captured requests.
+    let requests = server.received_requests().await.unwrap();
+    assert_eq!(requests.len(), 3, "expected exactly three requests");
+
+    let req1 = &requests[0];
+    let req2 = &requests[1];
+    let req3 = &requests[2];
+
+    let body1 = req1.body_json::<serde_json::Value>().unwrap();
+    let body2 = req2.body_json::<serde_json::Value>().unwrap();
+    let body3 = req3.body_json::<serde_json::Value>().unwrap();
+
+    // System instructions should change for the summarization turn.
+    let instr1 = body1.get("instructions").and_then(|v| v.as_str()).unwrap();
+    let instr2 = body2.get("instructions").and_then(|v| v.as_str()).unwrap();
+    assert_ne!(
+        instr1, instr2,
+        "summarization should override base instructions"
+    );
+    assert!(
+        instr2.contains("You are a summarization assistant"),
+        "summarization instructions not applied"
+    );
+
+    // The summarization request should include the injected user input marker.
+    let input2 = body2.get("input").and_then(|v| v.as_array()).unwrap();
+    // The last item is the user message created from the injected input.
+    let last2 = input2.last().unwrap();
+    assert_eq!(last2.get("type").unwrap().as_str().unwrap(), "message");
+    assert_eq!(last2.get("role").unwrap().as_str().unwrap(), "user");
+    let text2 = last2["content"][0]["text"].as_str().unwrap();
+    assert!(text2.contains(SUMMARIZE_TRIGGER));
+
+    // Third request must contain only the summary from step 2 as prior history plus new user msg.
+    let input3 = body3.get("input").and_then(|v| v.as_array()).unwrap();
+    println!("third request body: {body3}");
+    assert!(
+        input3.len() >= 2,
+        "expected summary + new user message in third request"
+    );
+
+    // Collect all (role, text) message tuples.
+    let mut messages: Vec<(String, String)> = Vec::new();
+    for item in input3 {
+        if item["type"].as_str() == Some("message") {
+            let role = item["role"].as_str().unwrap_or_default().to_string();
+            let text = item["content"][0]["text"]
+                .as_str()
+                .unwrap_or_default()
+                .to_string();
+            messages.push((role, text));
+        }
+    }
+
+    // Exactly one assistant message should remain after compaction and the new user message is present.
+    let assistant_count = messages.iter().filter(|(r, _)| r == "assistant").count();
+    assert_eq!(
+        assistant_count, 1,
+        "exactly one assistant message should remain after compaction"
+    );
+    assert!(
+        messages
+            .iter()
+            .any(|(r, t)| r == "user" && t == THIRD_USER_MSG),
+        "third request should include the new user message"
+    );
+    assert!(
+        !messages.iter().any(|(_, t)| t.contains("hello world")),
+        "third request should not include the original user input"
+    );
+    assert!(
+        !messages.iter().any(|(_, t)| t.contains(SUMMARIZE_TRIGGER)),
+        "third request should not include the summarize trigger"
+    );
+}

codex-rs/core/tests/live_agent.rs

@@ -50,7 +50,7 @@ async fn spawn_codex() -> Result<Codex, CodexErr> {
     config.model_provider.request_max_retries = Some(2);
     config.model_provider.stream_max_retries = Some(2);
     let CodexSpawnOk { codex: agent, .. } =
-        Codex::spawn(config, std::sync::Arc::new(Notify::new())).await?;
+        Codex::spawn(config, None, std::sync::Arc::new(Notify::new())).await?;
 
     Ok(agent)
 }

codex-rs/core/tests/stream_no_completed.rs

@@ -6,10 +6,11 @@ use std::time::Duration;
 use codex_core::Codex;
 use codex_core::CodexSpawnOk;
 use codex_core::ModelProviderInfo;
-use codex_core::exec::CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR;
 use codex_core::protocol::EventMsg;
 use codex_core::protocol::InputItem;
 use codex_core::protocol::Op;
+use codex_core::spawn::CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR;
+use codex_login::CodexAuth;
 use core_test_support::load_default_config_for_test;
 use core_test_support::load_sse_fixture;
 use core_test_support::load_sse_fixture_with_id;
@@ -75,7 +76,7 @@ async fn retries_on_early_close() {
 
     let model_provider = ModelProviderInfo {
         name: "openai".into(),
-        base_url: format!("{}/v1", server.uri()),
+        base_url: Some(format!("{}/v1", server.uri())),
         // Environment variable that should exist in the test environment.
         // ModelClient will return an error if the environment variable for the
         // provider is not set.
@@ -89,13 +90,20 @@ async fn retries_on_early_close() {
         request_max_retries: Some(0),
         stream_max_retries: Some(1),
         stream_idle_timeout_ms: Some(2000),
+        requires_auth: false,
     };
 
     let ctrl_c = std::sync::Arc::new(tokio::sync::Notify::new());
     let codex_home = TempDir::new().unwrap();
     let mut config = load_default_config_for_test(&codex_home);
     config.model_provider = model_provider;
-    let CodexSpawnOk { codex, .. } = Codex::spawn(config, ctrl_c).await.unwrap();
+    let CodexSpawnOk { codex, .. } = Codex::spawn(
+        config,
+        Some(CodexAuth::from_api_key("Test API Key".to_string())),
+        ctrl_c,
+    )
+    .await
+    .unwrap();
 
     codex
         .submit(Op::UserInput {

codex-rs/exec/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
+edition = "2024"
 name = "codex-exec"
 version = { workspace = true }
-edition = "2024"
 
 [[bin]]
 name = "codex-exec"
@@ -19,12 +19,12 @@ anyhow = "1"
 chrono = "0.4.40"
 clap = { version = "4", features = ["derive"] }
 codex-arg0 = { path = "../arg0" }
-codex-core = { path = "../core" }
 codex-common = { path = "../common", features = [
     "cli",
     "elapsed",
     "sandbox_summary",
 ] }
+codex-core = { path = "../core" }
 owo-colors = "4.2.0"
 serde_json = "1"
 shlex = "1.3.0"

codex-rs/exec/src/event_processor_with_human_output.rs

@@ -1,5 +1,7 @@
+use codex_common::elapsed::format_duration;
 use codex_common::elapsed::format_elapsed;
 use codex_core::config::Config;
+use codex_core::plan_tool::UpdatePlanArgs;
 use codex_core::protocol::AgentMessageDeltaEvent;
 use codex_core::protocol::AgentMessageEvent;
 use codex_core::protocol::AgentReasoningDeltaEvent;
@@ -10,6 +12,7 @@ use codex_core::protocol::EventMsg;
 use codex_core::protocol::ExecCommandBeginEvent;
 use codex_core::protocol::ExecCommandEndEvent;
 use codex_core::protocol::FileChange;
+use codex_core::protocol::McpInvocation;
 use codex_core::protocol::McpToolCallBeginEvent;
 use codex_core::protocol::McpToolCallEndEvent;
 use codex_core::protocol::PatchApplyBeginEvent;
@@ -37,11 +40,6 @@ pub(crate) struct EventProcessorWithHumanOutput {
     call_id_to_command: HashMap<String, ExecCommandBegin>,
     call_id_to_patch: HashMap<String, PatchApplyBegin>,
 
-    /// Tracks in-flight MCP tool calls so we can calculate duration and print
-    /// a concise summary when the corresponding `McpToolCallEnd` event is
-    /// received.
-    call_id_to_tool_call: HashMap<String, McpToolCallBegin>,
-
     // To ensure that --color=never is respected, ANSI escapes _must_ be added
     // using .style() with one of these fields. If you need a new style, add a
     // new field here.
@@ -69,7 +67,6 @@ impl EventProcessorWithHumanOutput {
     ) -> Self {
         let call_id_to_command = HashMap::new();
         let call_id_to_patch = HashMap::new();
-        let call_id_to_tool_call = HashMap::new();
 
         if with_ansi {
             Self {
@@ -82,7 +79,6 @@ impl EventProcessorWithHumanOutput {
                 red: Style::new().red(),
                 green: Style::new().green(),
                 cyan: Style::new().cyan(),
-                call_id_to_tool_call,
                 show_agent_reasoning: !config.hide_agent_reasoning,
                 answer_started: false,
                 reasoning_started: false,
@@ -99,7 +95,6 @@ impl EventProcessorWithHumanOutput {
                 red: Style::new(),
                 green: Style::new(),
                 cyan: Style::new(),
-                call_id_to_tool_call,
                 show_agent_reasoning: !config.hide_agent_reasoning,
                 answer_started: false,
                 reasoning_started: false,
@@ -114,14 +109,6 @@ struct ExecCommandBegin {
     start_time: Instant,
 }
 
-/// Metadata captured when an `McpToolCallBegin` event is received.
-struct McpToolCallBegin {
-    /// Formatted invocation string, e.g. `server.tool({"city":"sf"})`.
-    invocation: String,
-    /// Timestamp when the call started so we can compute duration later.
-    start_time: Instant,
-}
-
 struct PatchApplyBegin {
     start_time: Instant,
     auto_approved: bool,
@@ -291,63 +278,33 @@ impl EventProcessor for EventProcessorWithHumanOutput {
                 println!("{}", truncated_output.style(self.dimmed));
             }
             EventMsg::McpToolCallBegin(McpToolCallBeginEvent {
-                call_id,
-                server,
-                tool,
-                arguments,
+                call_id: _,
+                invocation,
             }) => {
-                // Build fully-qualified tool name: server.tool
-                let fq_tool_name = format!("{server}.{tool}");
-
-                // Format arguments as compact JSON so they fit on one line.
-                let args_str = arguments
-                    .as_ref()
-                    .map(|v: &serde_json::Value| {
-                        serde_json::to_string(v).unwrap_or_else(|_| v.to_string())
-                    })
-                    .unwrap_or_default();
-
-                let invocation = if args_str.is_empty() {
-                    format!("{fq_tool_name}()")
-                } else {
-                    format!("{fq_tool_name}({args_str})")
-                };
-
-                self.call_id_to_tool_call.insert(
-                    call_id.clone(),
-                    McpToolCallBegin {
-                        invocation: invocation.clone(),
-                        start_time: Instant::now(),
-                    },
-                );
-
                 ts_println!(
                     self,
                     "{} {}",
                     "tool".style(self.magenta),
-                    invocation.style(self.bold),
+                    format_mcp_invocation(&invocation).style(self.bold),
                 );
             }
             EventMsg::McpToolCallEnd(tool_call_end_event) => {
                 let is_success = tool_call_end_event.is_success();
-                let McpToolCallEndEvent { call_id, result } = tool_call_end_event;
-                // Retrieve start time and invocation for duration calculation and labeling.
-                let info = self.call_id_to_tool_call.remove(&call_id);
-
-                let (duration, invocation) = if let Some(McpToolCallBegin {
+                let McpToolCallEndEvent {
+                    call_id: _,
+                    result,
                     invocation,
-                    start_time,
-                    ..
-                }) = info
-                {
-                    (format!(" in {}", format_elapsed(start_time)), invocation)
-                } else {
-                    (String::new(), format!("tool('{call_id}')"))
-                };
+                    duration,
+                } = tool_call_end_event;
+
+                let duration = format!(" in {}", format_duration(duration));
 
                 let status_str = if is_success { "success" } else { "failed" };
                 let title_style = if is_success { self.green } else { self.red };
-                let title = format!("{invocation} {status_str}{duration}:");
+                let title = format!(
+                    "{} {status_str}{duration}:",
+                    format_mcp_invocation(&invocation)
+                );
 
                 ts_println!(self, "{}", title.style(title_style));
 
@@ -513,6 +470,11 @@ impl EventProcessor for EventProcessorWithHumanOutput {
                 ts_println!(self, "model: {}", model);
                 println!();
             }
+            EventMsg::PlanUpdate(plan_update_event) => {
+                let UpdatePlanArgs { explanation, plan } = plan_update_event;
+                ts_println!(self, "explanation: {explanation:?}");
+                ts_println!(self, "plan: {plan:?}");
+            }
             EventMsg::GetHistoryEntryResponse(_) => {
                 // Currently ignored in exec output.
             }
@@ -538,3 +500,21 @@ fn format_file_change(change: &FileChange) -> &'static str {
         } => "M",
     }
 }
+
+fn format_mcp_invocation(invocation: &McpInvocation) -> String {
+    // Build fully-qualified tool name: server.tool
+    let fq_tool_name = format!("{}.{}", invocation.server, invocation.tool);
+
+    // Format arguments as compact JSON so they fit on one line.
+    let args_str = invocation
+        .arguments
+        .as_ref()
+        .map(|v: &serde_json::Value| serde_json::to_string(v).unwrap_or_else(|_| v.to_string()))
+        .unwrap_or_default();
+
+    if args_str.is_empty() {
+        format!("{fq_tool_name}()")
+    } else {
+        format!("{fq_tool_name}({args_str})")
+    }
+}

codex-rs/exec/src/lib.rs

@@ -92,6 +92,20 @@ pub async fn run_main(cli: Cli, codex_linux_sandbox_exe: Option<PathBuf>) -> any
         ),
     };
 
+    // TODO(mbolin): Take a more thoughtful approach to logging.
+    let default_level = "error";
+    let _ = tracing_subscriber::fmt()
+        // Fallback to the `default_level` log filter if the environment
+        // variable is not set _or_ contains an invalid value
+        .with_env_filter(
+            EnvFilter::try_from_default_env()
+                .or_else(|_| EnvFilter::try_new(default_level))
+                .unwrap_or_else(|_| EnvFilter::new(default_level)),
+        )
+        .with_ansi(stderr_with_ansi)
+        .with_writer(std::io::stderr)
+        .try_init();
+
     let sandbox_mode = if full_auto {
         Some(SandboxMode::WorkspaceWrite)
     } else if dangerously_bypass_approvals_and_sandbox {
@@ -112,6 +126,7 @@ pub async fn run_main(cli: Cli, codex_linux_sandbox_exe: Option<PathBuf>) -> any
         model_provider: None,
         codex_linux_sandbox_exe,
         base_instructions: None,
+        include_plan_tool: None,
     };
     // Parse `-c` overrides.
     let cli_kv_overrides = match config_overrides.parse_overrides() {
@@ -142,20 +157,6 @@ pub async fn run_main(cli: Cli, codex_linux_sandbox_exe: Option<PathBuf>) -> any
         std::process::exit(1);
     }
 
-    // TODO(mbolin): Take a more thoughtful approach to logging.
-    let default_level = "error";
-    let _ = tracing_subscriber::fmt()
-        // Fallback to the `default_level` log filter if the environment
-        // variable is not set _or_ contains an invalid value
-        .with_env_filter(
-            EnvFilter::try_from_default_env()
-                .or_else(|_| EnvFilter::try_new(default_level))
-                .unwrap_or_else(|_| EnvFilter::new(default_level)),
-        )
-        .with_ansi(stderr_with_ansi)
-        .with_writer(std::io::stderr)
-        .try_init();
-
     let CodexConversation {
         codex: codex_wrapper,
         session_configured,

codex-rs/exec/tests/apply_patch.rs

@@ -1,5 +1,6 @@
 use anyhow::Context;
 use assert_cmd::prelude::*;
+use codex_core::CODEX_APPLY_PATCH_ARG1;
 use std::fs;
 use std::process::Command;
 use tempfile::tempdir;
@@ -16,7 +17,7 @@ fn test_standalone_exec_cli_can_use_apply_patch() -> anyhow::Result<()> {
 
     Command::cargo_bin("codex-exec")
         .context("should find binary for codex-exec")?
-        .arg("--codex-run-as-apply-patch")
+        .arg(CODEX_APPLY_PATCH_ARG1)
         .arg(
             r#"*** Begin Patch
 *** Update File: source.txt

codex-rs/file-search/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
+edition = "2024"
 name = "codex-file-search"
 version = { workspace = true }
-edition = "2024"
 
 [[bin]]
 name = "codex-file-search"

codex-rs/linux-sandbox/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
+edition = "2024"
 name = "codex-linux-sandbox"
 version = { workspace = true }
-edition = "2024"
 
 [[bin]]
 name = "codex-linux-sandbox"
@@ -19,8 +19,8 @@ anyhow = "1"
 clap = { version = "4", features = ["derive"] }
 codex-common = { path = "../common", features = ["cli"] }
 codex-core = { path = "../core" }
-libc = "0.2.172"
 landlock = "0.4.1"
+libc = "0.2.172"
 seccompiler = "0.5.0"
 
 [target.'cfg(target_os = "linux")'.dev-dependencies]

codex-rs/login/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
+edition = "2024"
 name = "codex-login"
 version = { workspace = true }
-edition = "2024"
 
 [lints]
 workspace = true
@@ -18,3 +18,6 @@ tokio = { version = "1", features = [
     "rt-multi-thread",
     "signal",
 ] }
+
+[dev-dependencies]
+tempfile = "3"

codex-rs/login/src/lib.rs

@@ -1,19 +1,187 @@
 use chrono::DateTime;
+
 use chrono::Utc;
 use serde::Deserialize;
 use serde::Serialize;
+use std::env;
 use std::fs::OpenOptions;
 use std::io::Read;
 use std::io::Write;
 #[cfg(unix)]
 use std::os::unix::fs::OpenOptionsExt;
 use std::path::Path;
+use std::path::PathBuf;
 use std::process::Stdio;
+use std::sync::Arc;
+use std::sync::Mutex;
+use std::time::Duration;
 use tokio::process::Command;
 
 const SOURCE_FOR_PYTHON_SERVER: &str = include_str!("./login_with_chatgpt.py");
 
 const CLIENT_ID: &str = "app_EMoamEEZ73f0CkXaXp7hrann";
+pub const OPENAI_API_KEY_ENV_VAR: &str = "OPENAI_API_KEY";
+
+#[derive(Clone, Debug, PartialEq)]
+pub enum AuthMode {
+    ApiKey,
+    ChatGPT,
+}
+
+#[derive(Debug, Clone)]
+pub struct CodexAuth {
+    pub api_key: Option<String>,
+    pub mode: AuthMode,
+    auth_dot_json: Arc<Mutex<Option<AuthDotJson>>>,
+    auth_file: PathBuf,
+}
+
+impl PartialEq for CodexAuth {
+    fn eq(&self, other: &Self) -> bool {
+        self.mode == other.mode
+    }
+}
+
+impl CodexAuth {
+    pub fn new(
+        api_key: Option<String>,
+        mode: AuthMode,
+        auth_file: PathBuf,
+        auth_dot_json: Option<AuthDotJson>,
+    ) -> Self {
+        let auth_dot_json = Arc::new(Mutex::new(auth_dot_json));
+        Self {
+            api_key,
+            mode,
+            auth_file,
+            auth_dot_json,
+        }
+    }
+
+    pub fn from_api_key(api_key: String) -> Self {
+        Self {
+            api_key: Some(api_key),
+            mode: AuthMode::ApiKey,
+            auth_file: PathBuf::new(),
+            auth_dot_json: Arc::new(Mutex::new(None)),
+        }
+    }
+
+    pub async fn get_token_data(&self) -> Result<TokenData, std::io::Error> {
+        #[expect(clippy::unwrap_used)]
+        let auth_dot_json = self.auth_dot_json.lock().unwrap().clone();
+        match auth_dot_json {
+            Some(AuthDotJson {
+                tokens: Some(mut tokens),
+                last_refresh: Some(last_refresh),
+                ..
+            }) => {
+                if last_refresh < Utc::now() - chrono::Duration::days(28) {
+                    let refresh_response = tokio::time::timeout(
+                        Duration::from_secs(60),
+                        try_refresh_token(tokens.refresh_token.clone()),
+                    )
+                    .await
+                    .map_err(|_| {
+                        std::io::Error::other("timed out while refreshing OpenAI API key")
+                    })?
+                    .map_err(std::io::Error::other)?;
+
+                    let updated_auth_dot_json = update_tokens(
+                        &self.auth_file,
+                        refresh_response.id_token,
+                        refresh_response.access_token,
+                        refresh_response.refresh_token,
+                    )
+                    .await?;
+
+                    tokens = updated_auth_dot_json
+                        .tokens
+                        .clone()
+                        .ok_or(std::io::Error::other(
+                            "Token data is not available after refresh.",
+                        ))?;
+
+                    #[expect(clippy::unwrap_used)]
+                    let mut auth_lock = self.auth_dot_json.lock().unwrap();
+                    *auth_lock = Some(updated_auth_dot_json);
+                }
+
+                Ok(tokens)
+            }
+            _ => Err(std::io::Error::other("Token data is not available.")),
+        }
+    }
+
+    pub async fn get_token(&self) -> Result<String, std::io::Error> {
+        match self.mode {
+            AuthMode::ApiKey => Ok(self.api_key.clone().unwrap_or_default()),
+            AuthMode::ChatGPT => {
+                let id_token = self.get_token_data().await?.access_token;
+
+                Ok(id_token)
+            }
+        }
+    }
+
+    pub async fn get_account_id(&self) -> Option<String> {
+        match self.mode {
+            AuthMode::ApiKey => None,
+            AuthMode::ChatGPT => {
+                let token_data = self.get_token_data().await.ok()?;
+
+                token_data.account_id.clone()
+            }
+        }
+    }
+}
+
+// Loads the available auth information from the auth.json or OPENAI_API_KEY environment variable.
+pub fn load_auth(codex_home: &Path, include_env_var: bool) -> std::io::Result<Option<CodexAuth>> {
+    let auth_file = get_auth_file(codex_home);
+
+    let auth_dot_json = try_read_auth_json(&auth_file).ok();
+
+    let auth_json_api_key = auth_dot_json
+        .as_ref()
+        .and_then(|a| a.openai_api_key.clone())
+        .filter(|s| !s.is_empty());
+
+    let openai_api_key = if include_env_var {
+        env::var(OPENAI_API_KEY_ENV_VAR)
+            .ok()
+            .filter(|s| !s.is_empty())
+            .or(auth_json_api_key)
+    } else {
+        auth_json_api_key
+    };
+
+    let has_tokens = auth_dot_json
+        .as_ref()
+        .and_then(|a| a.tokens.as_ref())
+        .is_some();
+
+    if openai_api_key.is_none() && !has_tokens {
+        return Ok(None);
+    }
+
+    let mode = if openai_api_key.is_some() {
+        AuthMode::ApiKey
+    } else {
+        AuthMode::ChatGPT
+    };
+
+    Ok(Some(CodexAuth {
+        api_key: openai_api_key,
+        mode,
+        auth_file,
+        auth_dot_json: Arc::new(Mutex::new(auth_dot_json)),
+    }))
+}
+
+fn get_auth_file(codex_home: &Path) -> PathBuf {
+    codex_home.join("auth.json")
+}
 
 /// Run `python3 -c {{SOURCE_FOR_PYTHON_SERVER}}` with the CODEX_HOME
 /// environment variable set to the provided `codex_home` path. If the
@@ -24,14 +192,12 @@ const CLIENT_ID: &str = "app_EMoamEEZ73f0CkXaXp7hrann";
 /// If `capture_output` is true, the subprocess's output will be captured and
 /// recorded in memory. Otherwise, the subprocess's output will be sent to the
 /// current process's stdout/stderr.
-pub async fn login_with_chatgpt(
-    codex_home: &Path,
-    capture_output: bool,
-) -> std::io::Result<String> {
+pub async fn login_with_chatgpt(codex_home: &Path, capture_output: bool) -> std::io::Result<()> {
     let child = Command::new("python3")
         .arg("-c")
         .arg(SOURCE_FOR_PYTHON_SERVER)
         .env("CODEX_HOME", codex_home)
+        .env("CODEX_CLIENT_ID", CLIENT_ID)
         .stdin(Stdio::null())
         .stdout(if capture_output {
             Stdio::piped()
@@ -47,7 +213,7 @@ pub async fn login_with_chatgpt(
 
     let output = child.wait_with_output().await?;
     if output.status.success() {
-        try_read_openai_api_key(codex_home).await
+        Ok(())
     } else {
         let stderr = String::from_utf8_lossy(&output.stderr);
         Err(std::io::Error::other(format!(
@@ -56,61 +222,66 @@ pub async fn login_with_chatgpt(
     }
 }
 
-/// Attempt to read the `OPENAI_API_KEY` from the `auth.json` file in the given
-/// `CODEX_HOME` directory, refreshing it, if necessary.
-pub async fn try_read_openai_api_key(codex_home: &Path) -> std::io::Result<String> {
-    let auth_dot_json = try_read_auth_json(codex_home).await?;
-    Ok(auth_dot_json.openai_api_key)
+pub fn login_with_api_key(codex_home: &Path, api_key: &str) -> std::io::Result<()> {
+    let auth_dot_json = AuthDotJson {
+        openai_api_key: Some(api_key.to_string()),
+        tokens: None,
+        last_refresh: None,
+    };
+    write_auth_json(&get_auth_file(codex_home), &auth_dot_json)
 }
 
 /// Attempt to read and refresh the `auth.json` file in the given `CODEX_HOME` directory.
 /// Returns the full AuthDotJson structure after refreshing if necessary.
-pub async fn try_read_auth_json(codex_home: &Path) -> std::io::Result<AuthDotJson> {
-    let auth_path = codex_home.join("auth.json");
-    let mut file = std::fs::File::open(&auth_path)?;
+pub fn try_read_auth_json(auth_file: &Path) -> std::io::Result<AuthDotJson> {
+    let mut file = std::fs::File::open(auth_file)?;
     let mut contents = String::new();
     file.read_to_string(&mut contents)?;
     let auth_dot_json: AuthDotJson = serde_json::from_str(&contents)?;
 
-    if is_expired(&auth_dot_json) {
-        let refresh_response = try_refresh_token(&auth_dot_json).await?;
-        let mut auth_dot_json = auth_dot_json;
-        auth_dot_json.tokens.id_token = refresh_response.id_token;
-        if let Some(refresh_token) = refresh_response.refresh_token {
-            auth_dot_json.tokens.refresh_token = refresh_token;
-        }
-        auth_dot_json.last_refresh = Utc::now();
+    Ok(auth_dot_json)
+}
 
-        let mut options = OpenOptions::new();
-        options.truncate(true).write(true).create(true);
-        #[cfg(unix)]
-        {
-            options.mode(0o600);
-        }
-
-        let json_data = serde_json::to_string(&auth_dot_json)?;
-        {
-            let mut file = options.open(&auth_path)?;
-            file.write_all(json_data.as_bytes())?;
-            file.flush()?;
-        }
-
-        Ok(auth_dot_json)
-    } else {
-        Ok(auth_dot_json)
+fn write_auth_json(auth_file: &Path, auth_dot_json: &AuthDotJson) -> std::io::Result<()> {
+    let json_data = serde_json::to_string_pretty(auth_dot_json)?;
+    let mut options = OpenOptions::new();
+    options.truncate(true).write(true).create(true);
+    #[cfg(unix)]
+    {
+        options.mode(0o600);
     }
+    let mut file = options.open(auth_file)?;
+    file.write_all(json_data.as_bytes())?;
+    file.flush()?;
+    Ok(())
 }
 
-fn is_expired(auth_dot_json: &AuthDotJson) -> bool {
-    let last_refresh = auth_dot_json.last_refresh;
-    last_refresh < Utc::now() - chrono::Duration::days(28)
+async fn update_tokens(
+    auth_file: &Path,
+    id_token: String,
+    access_token: Option<String>,
+    refresh_token: Option<String>,
+) -> std::io::Result<AuthDotJson> {
+    let mut auth_dot_json = try_read_auth_json(auth_file)?;
+
+    let tokens = auth_dot_json.tokens.get_or_insert_with(TokenData::default);
+    tokens.id_token = id_token.to_string();
+    if let Some(access_token) = access_token {
+        tokens.access_token = access_token.to_string();
+    }
+    if let Some(refresh_token) = refresh_token {
+        tokens.refresh_token = refresh_token.to_string();
+    }
+    auth_dot_json.last_refresh = Some(Utc::now());
+    write_auth_json(auth_file, &auth_dot_json)?;
+    Ok(auth_dot_json)
 }
 
-async fn try_refresh_token(auth_dot_json: &AuthDotJson) -> std::io::Result<RefreshResponse> {
+async fn try_refresh_token(refresh_token: String) -> std::io::Result<RefreshResponse> {
     let refresh_request = RefreshRequest {
         client_id: CLIENT_ID,
         grant_type: "refresh_token",
-        refresh_token: auth_dot_json.tokens.refresh_token.clone(),
+        refresh_token,
         scope: "openid profile email",
     };
 
@@ -145,24 +316,27 @@ struct RefreshRequest {
     scope: &'static str,
 }
 
-#[derive(Deserialize)]
+#[derive(Deserialize, Clone)]
 struct RefreshResponse {
     id_token: String,
+    access_token: Option<String>,
     refresh_token: Option<String>,
 }
 
 /// Expected structure for $CODEX_HOME/auth.json.
-#[derive(Deserialize, Serialize)]
+#[derive(Deserialize, Serialize, Clone, Debug, PartialEq)]
 pub struct AuthDotJson {
     #[serde(rename = "OPENAI_API_KEY")]
-    pub openai_api_key: String,
+    pub openai_api_key: Option<String>,
 
-    pub tokens: TokenData,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub tokens: Option<TokenData>,
 
-    pub last_refresh: DateTime<Utc>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub last_refresh: Option<DateTime<Utc>>,
 }
 
-#[derive(Deserialize, Serialize, Clone)]
+#[derive(Deserialize, Serialize, Clone, Debug, PartialEq, Default)]
 pub struct TokenData {
     /// This is a JWT.
     pub id_token: String,
@@ -172,5 +346,97 @@ pub struct TokenData {
 
     pub refresh_token: String,
 
-    pub account_id: String,
+    pub account_id: Option<String>,
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use tempfile::tempdir;
+
+    #[test]
+    #[expect(clippy::unwrap_used)]
+    fn writes_api_key_and_loads_auth() {
+        let dir = tempdir().unwrap();
+        login_with_api_key(dir.path(), "sk-test-key").unwrap();
+        let auth = load_auth(dir.path(), false).unwrap().unwrap();
+        assert_eq!(auth.mode, AuthMode::ApiKey);
+        assert_eq!(auth.api_key.as_deref(), Some("sk-test-key"));
+    }
+
+    #[test]
+    #[expect(clippy::unwrap_used)]
+    fn loads_from_env_var_if_env_var_exists() {
+        let dir = tempdir().unwrap();
+
+        let env_var = std::env::var(OPENAI_API_KEY_ENV_VAR);
+
+        if let Ok(env_var) = env_var {
+            let auth = load_auth(dir.path(), true).unwrap().unwrap();
+            assert_eq!(auth.mode, AuthMode::ApiKey);
+            assert_eq!(auth.api_key, Some(env_var));
+        }
+    }
+
+    #[tokio::test]
+    #[expect(clippy::unwrap_used)]
+    async fn loads_token_data_from_auth_json() {
+        let dir = tempdir().unwrap();
+        let auth_file = dir.path().join("auth.json");
+        std::fs::write(
+            auth_file,
+            format!(
+                r#"
+        {{
+            "OPENAI_API_KEY": null,
+            "tokens": {{
+                "id_token": "test-id-token",
+                "access_token": "test-access-token",
+                "refresh_token": "test-refresh-token"
+            }},
+            "last_refresh": "{}"
+        }}
+        "#,
+                Utc::now().to_rfc3339()
+            ),
+        )
+        .unwrap();
+
+        let auth = load_auth(dir.path(), false).unwrap().unwrap();
+        assert_eq!(auth.mode, AuthMode::ChatGPT);
+        assert_eq!(auth.api_key, None);
+        assert_eq!(
+            auth.get_token_data().await.unwrap(),
+            TokenData {
+                id_token: "test-id-token".to_string(),
+                access_token: "test-access-token".to_string(),
+                refresh_token: "test-refresh-token".to_string(),
+                account_id: None,
+            }
+        );
+    }
+
+    #[tokio::test]
+    #[expect(clippy::unwrap_used)]
+    async fn loads_api_key_from_auth_json() {
+        let dir = tempdir().unwrap();
+        let auth_file = dir.path().join("auth.json");
+        std::fs::write(
+            auth_file,
+            r#"
+        {
+            "OPENAI_API_KEY": "sk-test-key",
+            "tokens": null,
+            "last_refresh": null
+        }
+        "#,
+        )
+        .unwrap();
+
+        let auth = load_auth(dir.path(), false).unwrap().unwrap();
+        assert_eq!(auth.mode, AuthMode::ApiKey);
+        assert_eq!(auth.api_key, Some("sk-test-key".to_string()));
+
+        assert!(auth.get_token_data().await.is_err());
+    }
 }

codex-rs/login/src/login_with_chatgpt.py

@@ -41,7 +41,6 @@ from typing import Any, Dict  # for type hints
 REQUIRED_PORT = 1455
 URL_BASE = f"http://localhost:{REQUIRED_PORT}"
 DEFAULT_ISSUER = "https://auth.openai.com"
-DEFAULT_CLIENT_ID = "app_EMoamEEZ73f0CkXaXp7hrann"
 
 EXIT_CODE_WHEN_ADDRESS_ALREADY_IN_USE = 13
 
@@ -58,7 +57,7 @@ class TokenData:
 class AuthBundle:
     """Aggregates authentication data produced after successful OAuth flow."""
 
-    api_key: str
+    api_key: str | None
     token_data: TokenData
     last_refresh: str
 
@@ -78,12 +77,18 @@ def main() -> None:
         eprint("ERROR: CODEX_HOME environment variable is not set")
         sys.exit(1)
 
+    client_id = os.getenv("CODEX_CLIENT_ID")
+    if not client_id:
+        eprint("ERROR: CODEX_CLIENT_ID environment variable is not set")
+        sys.exit(1)
+
     # Spawn server.
     try:
         httpd = _ApiKeyHTTPServer(
             ("127.0.0.1", REQUIRED_PORT),
             _ApiKeyHTTPHandler,
             codex_home=codex_home,
+            client_id=client_id,
             verbose=args.verbose,
         )
     except OSError as e:
@@ -157,7 +162,7 @@ class _ApiKeyHTTPHandler(http.server.BaseHTTPRequestHandler):
                 return
 
             try:
-                auth_bundle, success_url = self._exchange_code_for_api_key(code)
+                auth_bundle, success_url = self._exchange_code(code)
             except Exception as exc:  # noqa: BLE001 – propagate to client
                 self.send_error(500, f"Token exchange failed: {exc}")
                 return
@@ -211,68 +216,22 @@ class _ApiKeyHTTPHandler(http.server.BaseHTTPRequestHandler):
         if getattr(self.server, "verbose", False):  # type: ignore[attr-defined]
             super().log_message(fmt, *args)
 
-    def _exchange_code_for_api_key(self, code: str) -> tuple[AuthBundle, str]:
-        """Perform token + token-exchange to obtain an OpenAI API key.
+    def _obtain_api_key(
+        self,
+        token_claims: Dict[str, Any],
+        access_claims: Dict[str, Any],
+        token_data: TokenData,
+    ) -> tuple[str | None, str | None]:
+        """Obtain an API key from the auth service.
 
-        Returns (AuthBundle, success_url).
+        Returns (api_key, success_url) if successful, None otherwise.
         """
 
-        token_endpoint = f"{self.server.issuer}/oauth/token"
-
-        # 1. Authorization-code -> (id_token, access_token, refresh_token)
-        data = urllib.parse.urlencode(
-            {
-                "grant_type": "authorization_code",
-                "code": code,
-                "redirect_uri": self.server.redirect_uri,
-                "client_id": self.server.client_id,
-                "code_verifier": self.server.pkce.code_verifier,
-            }
-        ).encode()
-
-        token_data: TokenData
-
-        with urllib.request.urlopen(
-            urllib.request.Request(
-                token_endpoint,
-                data=data,
-                method="POST",
-                headers={"Content-Type": "application/x-www-form-urlencoded"},
-            )
-        ) as resp:
-            payload = json.loads(resp.read().decode())
-            
-            # Extract chatgpt_account_id from id_token
-            id_token_parts = payload["id_token"].split(".")
-            if len(id_token_parts) != 3:
-                raise ValueError("Invalid ID token")
-            id_token_claims = _decode_jwt_segment(id_token_parts[1])
-            auth_claims = id_token_claims.get("https://api.openai.com/auth", {})
-            chatgpt_account_id = auth_claims.get("chatgpt_account_id", "")
-            
-            token_data = TokenData(
-                id_token=payload["id_token"],
-                access_token=payload["access_token"],
-                refresh_token=payload["refresh_token"],
-                account_id=chatgpt_account_id,
-            )
-
-        access_token_parts = token_data.access_token.split(".")
-        if len(access_token_parts) != 3:
-            raise ValueError("Invalid access token")
-
-        access_token_claims = _decode_jwt_segment(access_token_parts[1])
-
-        token_claims = id_token_claims.get("https://api.openai.com/auth", {})
-        access_claims = access_token_claims.get("https://api.openai.com/auth", {})
-
         org_id = token_claims.get("organization_id")
-        if not org_id:
-            raise ValueError("Missing organization in id_token claims")
-
         project_id = token_claims.get("project_id")
-        if not project_id:
-            raise ValueError("Missing project in id_token claims")
+
+        if not org_id or not project_id:
+            return (None, None)
 
         random_id = secrets.token_hex(6)
 
@@ -292,7 +251,7 @@ class _ApiKeyHTTPHandler(http.server.BaseHTTPRequestHandler):
         exchanged_access_token: str
         with urllib.request.urlopen(
             urllib.request.Request(
-                token_endpoint,
+                self.server.token_endpoint,
                 data=exchange_data,
                 method="POST",
                 headers={"Content-Type": "application/x-www-form-urlencoded"},
@@ -340,6 +299,65 @@ class _ApiKeyHTTPHandler(http.server.BaseHTTPRequestHandler):
         except Exception as exc:  # pragma: no cover – best-effort only
             eprint(f"Unable to redeem ChatGPT subscriber API credits: {exc}")
 
+        return (exchanged_access_token, success_url)
+
+    def _exchange_code(self, code: str) -> tuple[AuthBundle, str]:
+        """Perform token + token-exchange to obtain an OpenAI API key.
+
+        Returns (AuthBundle, success_url).
+        """
+
+        # 1. Authorization-code -> (id_token, access_token, refresh_token)
+        data = urllib.parse.urlencode(
+            {
+                "grant_type": "authorization_code",
+                "code": code,
+                "redirect_uri": self.server.redirect_uri,
+                "client_id": self.server.client_id,
+                "code_verifier": self.server.pkce.code_verifier,
+            }
+        ).encode()
+
+        token_data: TokenData
+
+        with urllib.request.urlopen(
+            urllib.request.Request(
+                self.server.token_endpoint,
+                data=data,
+                method="POST",
+                headers={"Content-Type": "application/x-www-form-urlencoded"},
+            )
+        ) as resp:
+            payload = json.loads(resp.read().decode())
+
+            # Extract chatgpt_account_id from id_token
+            id_token_parts = payload["id_token"].split(".")
+            if len(id_token_parts) != 3:
+                raise ValueError("Invalid ID token")
+            id_token_claims = _decode_jwt_segment(id_token_parts[1])
+            auth_claims = id_token_claims.get("https://api.openai.com/auth", {})
+            chatgpt_account_id = auth_claims.get("chatgpt_account_id", "")
+
+            token_data = TokenData(
+                id_token=payload["id_token"],
+                access_token=payload["access_token"],
+                refresh_token=payload["refresh_token"],
+                account_id=chatgpt_account_id,
+            )
+
+        access_token_parts = token_data.access_token.split(".")
+        if len(access_token_parts) != 3:
+            raise ValueError("Invalid access token")
+
+        access_token_claims = _decode_jwt_segment(access_token_parts[1])
+
+        token_claims = id_token_claims.get("https://api.openai.com/auth", {})
+        access_claims = access_token_claims.get("https://api.openai.com/auth", {})
+
+        exchanged_access_token, success_url = self._obtain_api_key(
+            token_claims, access_claims, token_data
+        )
+
         # Persist refresh_token/id_token for future use (redeem credits etc.)
         last_refresh_str = (
             datetime.datetime.now(datetime.timezone.utc)
@@ -353,7 +371,7 @@ class _ApiKeyHTTPHandler(http.server.BaseHTTPRequestHandler):
             last_refresh=last_refresh_str,
         )
 
-        return (auth_bundle, success_url)
+        return (auth_bundle, success_url or f"{URL_BASE}/success")
 
     def request_shutdown(self) -> None:
         # shutdown() must be invoked from another thread to avoid
@@ -413,6 +431,7 @@ class _ApiKeyHTTPServer(http.server.HTTPServer):
         request_handler_class: type[http.server.BaseHTTPRequestHandler],
         *,
         codex_home: str,
+        client_id: str,
         verbose: bool = False,
     ) -> None:
         super().__init__(server_address, request_handler_class, bind_and_activate=True)
@@ -422,7 +441,8 @@ class _ApiKeyHTTPServer(http.server.HTTPServer):
         self.verbose: bool = verbose
 
         self.issuer: str = DEFAULT_ISSUER
-        self.client_id: str = DEFAULT_CLIENT_ID
+        self.token_endpoint: str = f"{self.issuer}/oauth/token"
+        self.client_id: str = client_id
         port = server_address[1]
         self.redirect_uri: str = f"http://localhost:{port}/auth/callback"
         self.pkce: PkceCodes = _generate_pkce()
@@ -581,8 +601,8 @@ def maybe_redeem_credits(
         granted = redeem_data.get("granted_chatgpt_subscriber_api_credits", 0)
         if granted and granted > 0:
             eprint(
-                f"""Thanks for being a ChatGPT {'Plus' if plan_type=='plus' else 'Pro'} subscriber!
-If you haven't already redeemed, you should receive {'$5' if plan_type=='plus' else '$50'} in API credits.
+                f"""Thanks for being a ChatGPT {"Plus" if plan_type == "plus" else "Pro"} subscriber!
+If you haven't already redeemed, you should receive {"$5" if plan_type == "plus" else "$50"} in API credits.
 
 Credits: https://platform.openai.com/settings/organization/billing/credit-grants
 More info: https://help.openai.com/en/articles/11381614""",

codex-rs/mcp-server/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
+edition = "2024"
 name = "codex-mcp-server"
 version = { workspace = true }
-edition = "2024"
 
 [[bin]]
 name = "codex-mcp-server"
@@ -23,9 +23,7 @@ schemars = "0.8.22"
 serde = { version = "1", features = ["derive"] }
 serde_json = "1"
 shlex = "1.3.0"
-toml = "0.9"
-tracing = { version = "0.1.41", features = ["log"] }
-tracing-subscriber = { version = "0.3", features = ["fmt", "env-filter"] }
+strum_macros = "0.27.2"
 tokio = { version = "1", features = [
     "io-std",
     "macros",
@@ -33,6 +31,9 @@ tokio = { version = "1", features = [
     "rt-multi-thread",
     "signal",
 ] }
+toml = "0.9"
+tracing = { version = "0.1.41", features = ["log"] }
+tracing-subscriber = { version = "0.3", features = ["env-filter", "fmt"] }
 uuid = { version = "1", features = ["serde", "v4"] }
 
 [dev-dependencies]

codex-rs/mcp-server/src/codex_tool_config.rs

@@ -50,6 +50,10 @@ pub struct CodexToolCallParam {
     /// The set of instructions to use instead of the default ones.
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub base_instructions: Option<String>,
+
+    /// Whether to include the plan tool in the conversation.
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub include_plan_tool: Option<bool>,
 }
 
 /// Custom enum mirroring [`AskForApproval`], but has an extra dependency on
@@ -140,9 +144,10 @@ impl CodexToolCallParam {
             sandbox,
             config: cli_overrides,
             base_instructions,
+            include_plan_tool,
         } = self;
 
-        // Build the `ConfigOverrides` recognised by codex-core.
+        // Build the `ConfigOverrides` recognized by codex-core.
         let overrides = codex_core::config::ConfigOverrides {
             model,
             config_profile: profile,
@@ -152,6 +157,7 @@ impl CodexToolCallParam {
             model_provider: None,
             codex_linux_sandbox_exe,
             base_instructions,
+            include_plan_tool,
         };
 
         let cli_overrides = cli_overrides
@@ -262,6 +268,10 @@ mod tests {
                 "description": "Working directory for the session. If relative, it is resolved against the server process's current working directory.",
                 "type": "string"
               },
+              "include-plan-tool": {
+                "description": "Whether to include the plan tool in the conversation.",
+                "type": "boolean"
+              },
               "model": {
                 "description": "Optional override for the model name (e.g. \"o3\", \"o4-mini\").",
                 "type": "string"

codex-rs/mcp-server/src/codex_tool_runner.rs

@@ -263,6 +263,7 @@ async fn run_codex_tool_session_inner(
                     | EventMsg::PatchApplyBegin(_)
                     | EventMsg::PatchApplyEnd(_)
                     | EventMsg::GetHistoryEntryResponse(_)
+                    | EventMsg::PlanUpdate(_)
                     | EventMsg::ShutdownComplete => {
                         // For now, we do not do anything extra for these
                         // events. Note that

codex-rs/mcp-server/src/lib.rs

@@ -19,9 +19,11 @@ mod codex_tool_config;
 mod codex_tool_runner;
 mod exec_approval;
 mod json_to_toml;
-mod message_processor;
+pub mod mcp_protocol;
+pub(crate) mod message_processor;
 mod outgoing_message;
 mod patch_approval;
+pub(crate) mod tool_handlers;
 
 use crate::message_processor::MessageProcessor;
 use crate::outgoing_message::OutgoingMessage;

codex-rs/mcp-server/src/message_processor.rs

@@ -1,4 +1,5 @@
 use std::collections::HashMap;
+use std::collections::HashSet;
 use std::path::PathBuf;
 use std::sync::Arc;
 
@@ -6,11 +7,16 @@ use crate::codex_tool_config::CodexToolCallParam;
 use crate::codex_tool_config::CodexToolCallReplyParam;
 use crate::codex_tool_config::create_tool_for_codex_tool_call_param;
 use crate::codex_tool_config::create_tool_for_codex_tool_call_reply_param;
+use crate::mcp_protocol::ToolCallRequestParams;
+use crate::mcp_protocol::ToolCallResponse;
+use crate::mcp_protocol::ToolCallResponseResult;
 use crate::outgoing_message::OutgoingMessageSender;
+use crate::tool_handlers::send_message::handle_send_message;
 
 use codex_core::Codex;
 use codex_core::config::Config as CodexConfig;
 use codex_core::protocol::Submission;
+use mcp_types::CallToolRequest;
 use mcp_types::CallToolRequestParams;
 use mcp_types::CallToolResult;
 use mcp_types::ClientRequest;
@@ -37,6 +43,7 @@ pub(crate) struct MessageProcessor {
     codex_linux_sandbox_exe: Option<PathBuf>,
     session_map: Arc<Mutex<HashMap<Uuid, Arc<Codex>>>>,
     running_requests_id_to_codex_uuid: Arc<Mutex<HashMap<RequestId, Uuid>>>,
+    running_session_ids: Arc<Mutex<HashSet<Uuid>>>,
 }
 
 impl MessageProcessor {
@@ -52,9 +59,18 @@ impl MessageProcessor {
             codex_linux_sandbox_exe,
             session_map: Arc::new(Mutex::new(HashMap::new())),
             running_requests_id_to_codex_uuid: Arc::new(Mutex::new(HashMap::new())),
+            running_session_ids: Arc::new(Mutex::new(HashSet::new())),
         }
     }
 
+    pub(crate) fn session_map(&self) -> Arc<Mutex<HashMap<Uuid, Arc<Codex>>>> {
+        self.session_map.clone()
+    }
+
+    pub(crate) fn running_session_ids(&self) -> Arc<Mutex<HashSet<Uuid>>> {
+        self.running_session_ids.clone()
+    }
+
     pub(crate) async fn process_request(&mut self, request: JSONRPCRequest) {
         // Hold on to the ID so we can respond.
         let request_id = request.id.clone();
@@ -300,6 +316,14 @@ impl MessageProcessor {
         params: <mcp_types::CallToolRequest as mcp_types::ModelContextProtocolRequest>::Params,
     ) {
         tracing::info!("tools/call -> params: {:?}", params);
+        // Serialize params into JSON and try to parse as new type
+        if let Ok(new_params) =
+            serde_json::to_value(&params).and_then(serde_json::from_value::<ToolCallRequestParams>)
+        {
+            // New tool call matched → forward
+            self.handle_new_tool_calls(id, new_params).await;
+            return;
+        }
         let CallToolRequestParams { name, arguments } = params;
 
         match name.as_str() {
@@ -323,6 +347,26 @@ impl MessageProcessor {
             }
         }
     }
+    async fn handle_new_tool_calls(&self, request_id: RequestId, params: ToolCallRequestParams) {
+        match params {
+            ToolCallRequestParams::ConversationSendMessage(args) => {
+                handle_send_message(self, request_id, args).await;
+            }
+            _ => {
+                let result = CallToolResult {
+                    content: vec![ContentBlock::TextContent(TextContent {
+                        r#type: "text".to_string(),
+                        text: "Unknown tool".to_string(),
+                        annotations: None,
+                    })],
+                    is_error: Some(true),
+                    structured_content: None,
+                };
+                self.send_response::<CallToolRequest>(request_id, result)
+                    .await;
+            }
+        }
+    }
 
     async fn handle_tool_call_codex(&self, id: RequestId, arguments: Option<serde_json::Value>) {
         let (initial_prompt, config): (String, CodexConfig) = match arguments {
@@ -631,4 +675,20 @@ impl MessageProcessor {
     ) {
         tracing::info!("notifications/message -> params: {:?}", params);
     }
+
+    pub(crate) async fn send_response_with_optional_error(
+        &self,
+        id: RequestId,
+        message: Option<ToolCallResponseResult>,
+        error: Option<bool>,
+    ) {
+        let response = ToolCallResponse {
+            request_id: id.clone(),
+            is_error: error,
+            result: message,
+        };
+        let result: CallToolResult = response.into();
+        self.send_response::<mcp_types::CallToolRequest>(id.clone(), result)
+            .await;
+    }
 }

codex-rs/mcp-server/src/tool_handlers/mod.rs

@@ -0,0 +1 @@
+pub(crate) mod send_message;

codex-rs/mcp-server/src/tool_handlers/send_message.rs

@@ -0,0 +1,124 @@
+use std::collections::HashMap;
+use std::sync::Arc;
+
+use codex_core::Codex;
+use codex_core::protocol::Op;
+use codex_core::protocol::Submission;
+use mcp_types::RequestId;
+use tokio::sync::Mutex;
+use uuid::Uuid;
+
+use crate::mcp_protocol::ConversationSendMessageArgs;
+use crate::mcp_protocol::ConversationSendMessageResult;
+use crate::mcp_protocol::ToolCallResponseResult;
+use crate::message_processor::MessageProcessor;
+
+pub(crate) async fn handle_send_message(
+    message_processor: &MessageProcessor,
+    id: RequestId,
+    arguments: ConversationSendMessageArgs,
+) {
+    let ConversationSendMessageArgs {
+        conversation_id,
+        content: items,
+        parent_message_id: _,
+        conversation_overrides: _,
+    } = arguments;
+
+    if items.is_empty() {
+        message_processor
+            .send_response_with_optional_error(
+                id,
+                Some(ToolCallResponseResult::ConversationSendMessage(
+                    ConversationSendMessageResult::Error {
+                        message: "No content items provided".to_string(),
+                    },
+                )),
+                Some(true),
+            )
+            .await;
+        return;
+    }
+
+    let session_id = conversation_id.0;
+    let Some(codex) = get_session(session_id, message_processor.session_map()).await else {
+        message_processor
+            .send_response_with_optional_error(
+                id,
+                Some(ToolCallResponseResult::ConversationSendMessage(
+                    ConversationSendMessageResult::Error {
+                        message: "Session does not exist".to_string(),
+                    },
+                )),
+                Some(true),
+            )
+            .await;
+        return;
+    };
+
+    let running = {
+        let running_sessions = message_processor.running_session_ids();
+        let mut running_sessions = running_sessions.lock().await;
+        !running_sessions.insert(session_id)
+    };
+
+    if running {
+        message_processor
+            .send_response_with_optional_error(
+                id,
+                Some(ToolCallResponseResult::ConversationSendMessage(
+                    ConversationSendMessageResult::Error {
+                        message: "Session is already running".to_string(),
+                    },
+                )),
+                Some(true),
+            )
+            .await;
+        return;
+    }
+
+    let request_id_string = match &id {
+        RequestId::String(s) => s.clone(),
+        RequestId::Integer(i) => i.to_string(),
+    };
+
+    let submit_res = codex
+        .submit_with_id(Submission {
+            id: request_id_string,
+            op: Op::UserInput { items },
+        })
+        .await;
+
+    if let Err(e) = submit_res {
+        message_processor
+            .send_response_with_optional_error(
+                id,
+                Some(ToolCallResponseResult::ConversationSendMessage(
+                    ConversationSendMessageResult::Error {
+                        message: format!("Failed to submit user input: {e}"),
+                    },
+                )),
+                Some(true),
+            )
+            .await;
+        return;
+    }
+
+    message_processor
+        .send_response_with_optional_error(
+            id,
+            Some(ToolCallResponseResult::ConversationSendMessage(
+                ConversationSendMessageResult::Ok,
+            )),
+            Some(false),
+        )
+        .await;
+}
+
+pub(crate) async fn get_session(
+    session_id: Uuid,
+    session_map: Arc<Mutex<HashMap<Uuid, Arc<Codex>>>>,
+) -> Option<Arc<Codex>> {
+    let guard = session_map.lock().await;
+    guard.get(&session_id).cloned()
+}

codex-rs/mcp-server/tests/codex_tool.rs

@@ -3,9 +3,9 @@ use std::env;
 use std::path::Path;
 use std::path::PathBuf;
 
-use codex_core::exec::CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR;
 use codex_core::protocol::FileChange;
 use codex_core::protocol::ReviewDecision;
+use codex_core::spawn::CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR;
 use codex_mcp_server::CodexToolCallParam;
 use codex_mcp_server::ExecApprovalElicitRequestParams;
 use codex_mcp_server::ExecApprovalResponse;

codex-rs/mcp-server/tests/common/Cargo.toml

@@ -10,6 +10,7 @@ path = "lib.rs"
 anyhow = "1"
 assert_cmd = "2"
 codex-mcp-server = { path = "../.." }
+codex-core = { path = "../../../core" }
 mcp-types = { path = "../../../mcp-types" }
 pretty_assertions = "1.4.1"
 serde_json = "1"
@@ -22,3 +23,4 @@ tokio = { version = "1", features = [
     "rt-multi-thread",
 ] }
 wiremock = "0.6"
+uuid = { version = "1", features = ["serde", "v4"] }

codex-rs/mcp-server/tests/common/mcp_process.rs

@@ -11,8 +11,13 @@ use tokio::process::ChildStdout;
 
 use anyhow::Context;
 use assert_cmd::prelude::*;
+use codex_core::protocol::InputItem;
 use codex_mcp_server::CodexToolCallParam;
 use codex_mcp_server::CodexToolCallReplyParam;
+use codex_mcp_server::mcp_protocol::ConversationId;
+use codex_mcp_server::mcp_protocol::ConversationSendMessageArgs;
+use codex_mcp_server::mcp_protocol::ToolCallRequestParams;
+
 use mcp_types::CallToolRequestParams;
 use mcp_types::ClientCapabilities;
 use mcp_types::Implementation;
@@ -29,6 +34,7 @@ use pretty_assertions::assert_eq;
 use serde_json::json;
 use std::process::Command as StdCommand;
 use tokio::process::Command;
+use uuid::Uuid;
 
 pub struct McpProcess {
     next_request_id: AtomicI64,
@@ -174,6 +180,26 @@ impl McpProcess {
         .await
     }
 
+    pub async fn send_user_message_tool_call(
+        &mut self,
+        message: &str,
+        session_id: &str,
+    ) -> anyhow::Result<i64> {
+        let params = ToolCallRequestParams::ConversationSendMessage(ConversationSendMessageArgs {
+            conversation_id: ConversationId(Uuid::parse_str(session_id)?),
+            content: vec![InputItem::Text {
+                text: message.to_string(),
+            }],
+            parent_message_id: None,
+            conversation_overrides: None,
+        });
+        self.send_request(
+            mcp_types::CallToolRequest::METHOD,
+            Some(serde_json::to_value(params)?),
+        )
+        .await
+    }
+
     async fn send_request(
         &mut self,
         method: &str,

codex-rs/mcp-server/tests/interrupt.rs

@@ -3,7 +3,7 @@
 
 use std::path::Path;
 
-use codex_core::exec::CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR;
+use codex_core::spawn::CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR;
 use codex_mcp_server::CodexToolCallParam;
 use mcp_types::JSONRPCResponse;
 use mcp_types::RequestId;
@@ -81,6 +81,7 @@ async fn shell_command_interruption() -> anyhow::Result<()> {
             sandbox: None,
             config: None,
             base_instructions: None,
+            include_plan_tool: None,
         })
         .await?;
 

codex-rs/mcp-server/tests/send_message.rs

@@ -0,0 +1,163 @@
+#![allow(clippy::expect_used)]
+
+use std::path::Path;
+use std::thread::sleep;
+use std::time::Duration;
+
+use codex_mcp_server::CodexToolCallParam;
+use mcp_test_support::McpProcess;
+use mcp_test_support::create_final_assistant_message_sse_response;
+use mcp_test_support::create_mock_chat_completions_server;
+use mcp_types::JSONRPC_VERSION;
+use mcp_types::JSONRPCResponse;
+use mcp_types::RequestId;
+use pretty_assertions::assert_eq;
+use serde_json::json;
+use tempfile::TempDir;
+use tokio::time::timeout;
+
+const DEFAULT_READ_TIMEOUT: std::time::Duration = std::time::Duration::from_secs(10);
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_send_message_success() {
+    // Spin up a mock completions server that immediately ends the Codex turn.
+    // Two Codex turns hit the mock model (session start + send-user-message). Provide two SSE responses.
+    let responses = vec![
+        create_final_assistant_message_sse_response("Done").expect("build mock assistant message"),
+        create_final_assistant_message_sse_response("Done").expect("build mock assistant message"),
+    ];
+    let server = create_mock_chat_completions_server(responses).await;
+
+    // Create a temporary Codex home with config pointing at the mock server.
+    let codex_home = TempDir::new().expect("create temp dir");
+    create_config_toml(codex_home.path(), &server.uri()).expect("write config.toml");
+
+    // Start MCP server process and initialize.
+    let mut mcp_process = McpProcess::new(codex_home.path())
+        .await
+        .expect("spawn mcp process");
+    timeout(DEFAULT_READ_TIMEOUT, mcp_process.initialize())
+        .await
+        .expect("init timed out")
+        .expect("init failed");
+
+    // Kick off a Codex session so we have a valid session_id.
+    let codex_request_id = mcp_process
+        .send_codex_tool_call(CodexToolCallParam {
+            prompt: "Start a session".to_string(),
+            ..Default::default()
+        })
+        .await
+        .expect("send codex tool call");
+
+    // Wait for the session_configured event to get the session_id.
+    let session_id = mcp_process
+        .read_stream_until_configured_response_message()
+        .await
+        .expect("read session_configured");
+
+    // The original codex call will finish quickly given our mock; consume its response.
+    timeout(
+        DEFAULT_READ_TIMEOUT,
+        mcp_process.read_stream_until_response_message(RequestId::Integer(codex_request_id)),
+    )
+    .await
+    .expect("codex response timeout")
+    .expect("codex response error");
+
+    // Now exercise the send-user-message tool.
+    let send_msg_request_id = mcp_process
+        .send_user_message_tool_call("Hello again", &session_id)
+        .await
+        .expect("send send-message tool call");
+
+    let response: JSONRPCResponse = timeout(
+        DEFAULT_READ_TIMEOUT,
+        mcp_process.read_stream_until_response_message(RequestId::Integer(send_msg_request_id)),
+    )
+    .await
+    .expect("send-user-message response timeout")
+    .expect("send-user-message response error");
+
+    assert_eq!(
+        JSONRPCResponse {
+            jsonrpc: JSONRPC_VERSION.into(),
+            id: RequestId::Integer(send_msg_request_id),
+            result: json!({
+                "content": [
+                    {
+                        "text": "{\"status\":\"ok\"}",
+                        "type": "text",
+                    }
+                ],
+                "isError": false,
+                "structuredContent": {
+                    "status": "ok"
+                }
+            }),
+        },
+        response
+    );
+    // wait for the server to hear the user message
+    sleep(Duration::from_secs(1));
+
+    // Ensure the server and tempdir live until end of test
+    drop(server);
+}
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn test_send_message_session_not_found() {
+    // Start MCP without creating a Codex session
+    let codex_home = TempDir::new().expect("tempdir");
+    let mut mcp = McpProcess::new(codex_home.path()).await.expect("spawn");
+    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize())
+        .await
+        .expect("timeout")
+        .expect("init");
+
+    let unknown = uuid::Uuid::new_v4().to_string();
+    let req_id = mcp
+        .send_user_message_tool_call("ping", &unknown)
+        .await
+        .expect("send tool");
+
+    let resp: JSONRPCResponse = timeout(
+        DEFAULT_READ_TIMEOUT,
+        mcp.read_stream_until_response_message(RequestId::Integer(req_id)),
+    )
+    .await
+    .expect("timeout")
+    .expect("resp");
+
+    let result = resp.result.clone();
+    let content = result["content"][0]["text"].as_str().unwrap_or("");
+    assert!(content.contains("Session does not exist"));
+    assert_eq!(result["isError"], json!(true));
+}
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+fn create_config_toml(codex_home: &Path, server_uri: &str) -> std::io::Result<()> {
+    let config_toml = codex_home.join("config.toml");
+    std::fs::write(
+        config_toml,
+        format!(
+            r#"
+model = "mock-model"
+approval_policy = "never"
+sandbox_mode = "danger-full-access"
+
+model_provider = "mock_provider"
+
+[model_providers.mock_provider]
+name = "Mock provider for test"
+base_url = "{server_uri}/v1"
+wire_api = "chat"
+request_max_retries = 0
+stream_max_retries = 0
+"#
+        ),
+    )
+}

codex-rs/mcp-types/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
+edition = "2024"
 name = "mcp-types"
 version = { workspace = true }
-edition = "2024"
 
 [lints]
 workspace = true

codex-rs/tui/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
+edition = "2024"
 name = "codex-tui"
 version = { workspace = true }
-edition = "2024"
 
 [[bin]]
 name = "codex-tui"
@@ -20,12 +20,12 @@ base64 = "0.22.1"
 clap = { version = "4", features = ["derive"] }
 codex-ansi-escape = { path = "../ansi-escape" }
 codex-arg0 = { path = "../arg0" }
-codex-core = { path = "../core" }
 codex-common = { path = "../common", features = [
     "cli",
     "elapsed",
     "sandbox_summary",
 ] }
+codex-core = { path = "../core" }
 codex-file-search = { path = "../file-search" }
 codex-login = { path = "../login" }
 color-eyre = "0.6.3"
@@ -62,6 +62,8 @@ unicode-segmentation = "1.12.0"
 unicode-width = "0.1"
 uuid = "1"
 
+
+
 [dev-dependencies]
 insta = "1.43.1"
 pretty_assertions = "1"

codex-rs/tui/src/app.rs

@@ -5,17 +5,21 @@ use crate::file_search::FileSearchManager;
 use crate::get_git_diff::get_git_diff;
 use crate::git_warning_screen::GitWarningOutcome;
 use crate::git_warning_screen::GitWarningScreen;
-use crate::login_screen::LoginScreen;
-use crate::scroll_event_helper::ScrollEventHelper;
 use crate::slash_command::SlashCommand;
 use crate::tui;
 use codex_core::config::Config;
 use codex_core::protocol::Event;
+use codex_core::protocol::EventMsg;
+use codex_core::protocol::Op;
 use color_eyre::eyre::Result;
+use crossterm::SynchronizedUpdate;
 use crossterm::event::KeyCode;
 use crossterm::event::KeyEvent;
-use crossterm::event::MouseEvent;
-use crossterm::event::MouseEventKind;
+use crossterm::event::KeyEventKind;
+use crossterm::terminal::supports_keyboard_enhancement;
+use ratatui::layout::Offset;
+use ratatui::prelude::Backend;
+use ratatui::text::Line;
 use std::path::PathBuf;
 use std::sync::Arc;
 use std::sync::atomic::AtomicBool;
@@ -37,8 +41,6 @@ enum AppState<'a> {
         /// `AppState`.
         widget: Box<ChatWidget<'a>>,
     },
-    /// The login screen for the OpenAI provider.
-    Login { screen: LoginScreen },
     /// The start-up warning that recommends running codex inside a Git repo.
     GitWarning { screen: GitWarningScreen },
 }
@@ -56,9 +58,13 @@ pub(crate) struct App<'a> {
     /// True when a redraw has been scheduled but not yet executed.
     pending_redraw: Arc<AtomicBool>,
 
+    pending_history_lines: Vec<Line<'static>>,
+
     /// Stored parameters needed to instantiate the ChatWidget later, e.g.,
     /// after dismissing the Git-repo warning.
     chat_args: Option<ChatWidgetArgs>,
+
+    enhanced_keys_supported: bool,
 }
 
 /// Aggregate parameters needed to create a `ChatWidget`, as creation may be
@@ -68,20 +74,21 @@ struct ChatWidgetArgs {
     config: Config,
     initial_prompt: Option<String>,
     initial_images: Vec<PathBuf>,
+    enhanced_keys_supported: bool,
 }
 
 impl App<'_> {
     pub(crate) fn new(
         config: Config,
         initial_prompt: Option<String>,
-        show_login_screen: bool,
         show_git_warning: bool,
         initial_images: Vec<std::path::PathBuf>,
     ) -> Self {
         let (app_event_tx, app_event_rx) = channel();
         let app_event_tx = AppEventSender::new(app_event_tx);
         let pending_redraw = Arc::new(AtomicBool::new(false));
-        let scroll_event_helper = ScrollEventHelper::new(app_event_tx.clone());
+
+        let enhanced_keys_supported = supports_keyboard_enhancement().unwrap_or(false);
 
         // Spawn a dedicated thread for reading the crossterm event loop and
         // re-publishing the events as AppEvents, as appropriate.
@@ -104,18 +111,6 @@ impl App<'_> {
                                 crossterm::event::Event::Resize(_, _) => {
                                     app_event_tx.send(AppEvent::RequestRedraw);
                                 }
-                                crossterm::event::Event::Mouse(MouseEvent {
-                                    kind: MouseEventKind::ScrollUp,
-                                    ..
-                                }) => {
-                                    scroll_event_helper.scroll_up();
-                                }
-                                crossterm::event::Event::Mouse(MouseEvent {
-                                    kind: MouseEventKind::ScrollDown,
-                                    ..
-                                }) => {
-                                    scroll_event_helper.scroll_down();
-                                }
                                 crossterm::event::Event::Paste(pasted) => {
                                     // Many terminals convert newlines to \r when
                                     // pasting, e.g. [iTerm2][]. But [tui-textarea
@@ -138,18 +133,7 @@ impl App<'_> {
             });
         }
 
-        let (app_state, chat_args) = if show_login_screen {
-            (
-                AppState::Login {
-                    screen: LoginScreen::new(app_event_tx.clone(), config.codex_home.clone()),
-                },
-                Some(ChatWidgetArgs {
-                    config: config.clone(),
-                    initial_prompt,
-                    initial_images,
-                }),
-            )
-        } else if show_git_warning {
+        let (app_state, chat_args) = if show_git_warning {
             (
                 AppState::GitWarning {
                     screen: GitWarningScreen::new(),
@@ -158,6 +142,7 @@ impl App<'_> {
                     config: config.clone(),
                     initial_prompt,
                     initial_images,
+                    enhanced_keys_supported,
                 }),
             )
         } else {
@@ -166,6 +151,7 @@ impl App<'_> {
                 app_event_tx.clone(),
                 initial_prompt,
                 initial_images,
+                enhanced_keys_supported,
             );
             (
                 AppState::Chat {
@@ -178,12 +164,14 @@ impl App<'_> {
         let file_search = FileSearchManager::new(config.cwd.clone(), app_event_tx.clone());
         Self {
             app_event_tx,
+            pending_history_lines: Vec::new(),
             app_event_rx,
             app_state,
             config,
             file_search,
             pending_redraw,
             chat_args,
+            enhanced_keys_supported,
         }
     }
 
@@ -223,27 +211,28 @@ impl App<'_> {
         while let Ok(event) = self.app_event_rx.recv() {
             match event {
                 AppEvent::InsertHistory(lines) => {
-                    crate::insert_history::insert_history_lines(terminal, lines);
+                    self.pending_history_lines.extend(lines);
                     self.app_event_tx.send(AppEvent::RequestRedraw);
                 }
                 AppEvent::RequestRedraw => {
                     self.schedule_redraw();
                 }
                 AppEvent::Redraw => {
-                    self.draw_next_frame(terminal)?;
+                    std::io::stdout().sync_update(|_| self.draw_next_frame(terminal))??;
                 }
                 AppEvent::KeyEvent(key_event) => {
                     match key_event {
                         KeyEvent {
                             code: KeyCode::Char('c'),
                             modifiers: crossterm::event::KeyModifiers::CONTROL,
+                            kind: KeyEventKind::Press,
                             ..
                         } => {
                             match &mut self.app_state {
                                 AppState::Chat { widget } => {
                                     widget.on_ctrl_c();
                                 }
-                                AppState::Login { .. } | AppState::GitWarning { .. } => {
+                                AppState::GitWarning { .. } => {
                                     // No-op.
                                 }
                             }
@@ -251,6 +240,7 @@ impl App<'_> {
                         KeyEvent {
                             code: KeyCode::Char('d'),
                             modifiers: crossterm::event::KeyModifiers::CONTROL,
+                            kind: KeyEventKind::Press,
                             ..
                         } => {
                             match &mut self.app_state {
@@ -264,19 +254,22 @@ impl App<'_> {
                                         self.dispatch_key_event(key_event);
                                     }
                                 }
-                                AppState::Login { .. } | AppState::GitWarning { .. } => {
+                                AppState::GitWarning { .. } => {
                                     self.app_event_tx.send(AppEvent::ExitRequest);
                                 }
                             }
                         }
-                        _ => {
+                        KeyEvent {
+                            kind: KeyEventKind::Press | KeyEventKind::Repeat,
+                            ..
+                        } => {
                             self.dispatch_key_event(key_event);
                         }
+                        _ => {
+                            // Ignore Release key events for now.
+                        }
                     };
                 }
-                AppEvent::Scroll(scroll_delta) => {
-                    self.dispatch_scroll_event(scroll_delta);
-                }
                 AppEvent::Paste(text) => {
                     self.dispatch_paste_event(text);
                 }
@@ -288,11 +281,11 @@ impl App<'_> {
                 }
                 AppEvent::CodexOp(op) => match &mut self.app_state {
                     AppState::Chat { widget } => widget.submit_op(op),
-                    AppState::Login { .. } | AppState::GitWarning { .. } => {}
+                    AppState::GitWarning { .. } => {}
                 },
                 AppEvent::LatestLog(line) => match &mut self.app_state {
                     AppState::Chat { widget } => widget.update_latest_log(line),
-                    AppState::Login { .. } | AppState::GitWarning { .. } => {}
+                    AppState::GitWarning { .. } => {}
                 },
                 AppEvent::DispatchCommand(command) => match command {
                     SlashCommand::New => {
@@ -301,10 +294,17 @@ impl App<'_> {
                             self.app_event_tx.clone(),
                             None,
                             Vec::new(),
+                            self.enhanced_keys_supported,
                         ));
                         self.app_state = AppState::Chat { widget: new_widget };
                         self.app_event_tx.send(AppEvent::RequestRedraw);
                     }
+                    SlashCommand::Compact => {
+                        if let AppState::Chat { widget } = &mut self.app_state {
+                            widget.clear_token_usage();
+                            self.app_event_tx.send(AppEvent::CodexOp(Op::Compact));
+                        }
+                    }
                     SlashCommand::Quit => {
                         break;
                     }
@@ -329,6 +329,45 @@ impl App<'_> {
                             widget.add_diff_output(text);
                         }
                     }
+                    #[cfg(debug_assertions)]
+                    SlashCommand::TestApproval => {
+                        use std::collections::HashMap;
+
+                        use codex_core::protocol::ApplyPatchApprovalRequestEvent;
+                        use codex_core::protocol::FileChange;
+
+                        self.app_event_tx.send(AppEvent::CodexEvent(Event {
+                            id: "1".to_string(),
+                            // msg: EventMsg::ExecApprovalRequest(ExecApprovalRequestEvent {
+                            //     call_id: "1".to_string(),
+                            //     command: vec!["git".into(), "apply".into()],
+                            //     cwd: self.config.cwd.clone(),
+                            //     reason: Some("test".to_string()),
+                            // }),
+                            msg: EventMsg::ApplyPatchApprovalRequest(
+                                ApplyPatchApprovalRequestEvent {
+                                    call_id: "1".to_string(),
+                                    changes: HashMap::from([
+                                        (
+                                            PathBuf::from("/tmp/test.txt"),
+                                            FileChange::Add {
+                                                content: "test".to_string(),
+                                            },
+                                        ),
+                                        (
+                                            PathBuf::from("/tmp/test2.txt"),
+                                            FileChange::Update {
+                                                unified_diff: "+test\n-test2".to_string(),
+                                                move_path: None,
+                                            },
+                                        ),
+                                    ]),
+                                    reason: None,
+                                    grant_root: Some(PathBuf::from("/tmp")),
+                                },
+                            ),
+                        }));
+                    }
                 },
                 AppEvent::StartFileSearch(query) => {
                     self.file_search.on_user_query(query);
@@ -348,22 +387,61 @@ impl App<'_> {
     pub(crate) fn token_usage(&self) -> codex_core::protocol::TokenUsage {
         match &self.app_state {
             AppState::Chat { widget } => widget.token_usage().clone(),
-            AppState::Login { .. } | AppState::GitWarning { .. } => {
-                codex_core::protocol::TokenUsage::default()
-            }
+            AppState::GitWarning { .. } => codex_core::protocol::TokenUsage::default(),
         }
     }
 
     fn draw_next_frame(&mut self, terminal: &mut tui::Tui) -> Result<()> {
-        // TODO: add a throttle to avoid redrawing too often
+        let screen_size = terminal.size()?;
+        let last_known_screen_size = terminal.last_known_screen_size;
+        if screen_size != last_known_screen_size {
+            let cursor_pos = terminal.get_cursor_position()?;
+            let last_known_cursor_pos = terminal.last_known_cursor_pos;
+            if cursor_pos.y != last_known_cursor_pos.y {
+                // The terminal was resized. The only point of reference we have for where our viewport
+                // was moved is the cursor position.
+                // NB this assumes that the cursor was not wrapped as part of the resize.
+                let cursor_delta = cursor_pos.y as i32 - last_known_cursor_pos.y as i32;
 
+                let new_viewport_area = terminal.viewport_area.offset(Offset {
+                    x: 0,
+                    y: cursor_delta,
+                });
+                terminal.set_viewport_area(new_viewport_area);
+                terminal.clear()?;
+            }
+        }
+
+        let size = terminal.size()?;
+        let desired_height = match &self.app_state {
+            AppState::Chat { widget } => widget.desired_height(size.width),
+            AppState::GitWarning { .. } => 10,
+        };
+
+        let mut area = terminal.viewport_area;
+        area.height = desired_height.min(size.height);
+        area.width = size.width;
+        if area.bottom() > size.height {
+            terminal
+                .backend_mut()
+                .scroll_region_up(0..area.top(), area.bottom() - size.height)?;
+            area.y = size.height - area.height;
+        }
+        if area != terminal.viewport_area {
+            terminal.clear()?;
+            terminal.set_viewport_area(area);
+        }
+        if !self.pending_history_lines.is_empty() {
+            crate::insert_history::insert_history_lines(
+                terminal,
+                self.pending_history_lines.clone(),
+            );
+            self.pending_history_lines.clear();
+        }
         match &mut self.app_state {
             AppState::Chat { widget } => {
                 terminal.draw(|frame| frame.render_widget_ref(&**widget, frame.area()))?;
             }
-            AppState::Login { screen } => {
-                terminal.draw(|frame| frame.render_widget_ref(&*screen, frame.area()))?;
-            }
             AppState::GitWarning { screen } => {
                 terminal.draw(|frame| frame.render_widget_ref(&*screen, frame.area()))?;
             }
@@ -378,7 +456,6 @@ impl App<'_> {
             AppState::Chat { widget } => {
                 widget.handle_key_event(key_event);
             }
-            AppState::Login { screen } => screen.handle_key_event(key_event),
             AppState::GitWarning { screen } => match screen.handle_key_event(key_event) {
                 GitWarningOutcome::Continue => {
                     // User accepted – switch to chat view.
@@ -392,6 +469,7 @@ impl App<'_> {
                         self.app_event_tx.clone(),
                         args.initial_prompt,
                         args.initial_images,
+                        args.enhanced_keys_supported,
                     ));
                     self.app_state = AppState::Chat { widget };
                     self.app_event_tx.send(AppEvent::RequestRedraw);
@@ -409,21 +487,14 @@ impl App<'_> {
     fn dispatch_paste_event(&mut self, pasted: String) {
         match &mut self.app_state {
             AppState::Chat { widget } => widget.handle_paste(pasted),
-            AppState::Login { .. } | AppState::GitWarning { .. } => {}
-        }
-    }
-
-    fn dispatch_scroll_event(&mut self, scroll_delta: i32) {
-        match &mut self.app_state {
-            AppState::Chat { widget } => widget.handle_scroll_delta(scroll_delta),
-            AppState::Login { .. } | AppState::GitWarning { .. } => {}
+            AppState::GitWarning { .. } => {}
         }
     }
 
     fn dispatch_codex_event(&mut self, event: Event) {
         match &mut self.app_state {
             AppState::Chat { widget } => widget.handle_codex_event(event),
-            AppState::Login { .. } | AppState::GitWarning { .. } => {}
+            AppState::GitWarning { .. } => {}
         }
     }
 }

codex-rs/tui/src/app_event.rs

@@ -20,10 +20,6 @@ pub(crate) enum AppEvent {
     /// Text pasted from the terminal clipboard.
     Paste(String),
 
-    /// Scroll event with a value representing the "scroll delta" as the net
-    /// scroll up/down events within a short time window.
-    Scroll(i32),
-
     /// Request to exit the application gracefully.
     ExitRequest,
 

codex-rs/tui/src/bottom_pane/approval_modal_view.rs

@@ -57,6 +57,10 @@ impl<'a> BottomPaneView<'a> for ApprovalModalView<'a> {
         self.current.is_complete() && self.queue.is_empty()
     }
 
+    fn desired_height(&self, width: u16) -> u16 {
+        self.current.desired_height(width)
+    }
+
     fn render(&self, area: Rect, buf: &mut Buffer) {
         (&self.current).render_ref(area, buf);
     }
@@ -95,6 +99,7 @@ mod tests {
         let mut pane = BottomPane::new(super::super::BottomPaneParams {
             app_event_tx: AppEventSender::new(tx_raw2),
             has_input_focus: true,
+            enhanced_keys_supported: false,
         });
         assert_eq!(CancellationEvent::Handled, view.on_ctrl_c(&mut pane));
         assert!(view.queue.is_empty());

codex-rs/tui/src/bottom_pane/bottom_pane_view.rs

@@ -28,6 +28,9 @@ pub(crate) trait BottomPaneView<'a> {
         CancellationEvent::Ignored
     }
 
+    /// Return the desired height of the view.
+    fn desired_height(&self, width: u16) -> u16;
+
     /// Render the view: this will be displayed in place of the composer.
     fn render(&self, area: Rect, buf: &mut Buffer);
 

codex-rs/tui/src/bottom_pane/chat_composer.rs

@@ -1,11 +1,13 @@
 use codex_core::protocol::TokenUsage;
 use crossterm::event::KeyEvent;
 use ratatui::buffer::Buffer;
-use ratatui::layout::Alignment;
 use ratatui::layout::Rect;
+use ratatui::style::Color;
 use ratatui::style::Style;
+use ratatui::style::Styled;
 use ratatui::style::Stylize;
 use ratatui::text::Line;
+use ratatui::text::Span;
 use ratatui::widgets::BorderType;
 use ratatui::widgets::Borders;
 use ratatui::widgets::Widget;
@@ -22,7 +24,7 @@ use crate::app_event::AppEvent;
 use crate::app_event_sender::AppEventSender;
 use codex_file_search::FileMatch;
 
-const BASE_PLACEHOLDER_TEXT: &str = "send a message";
+const BASE_PLACEHOLDER_TEXT: &str = "...";
 /// If the pasted content exceeds this number of characters, replace it with a
 /// placeholder in the UI.
 const LARGE_PASTE_CHAR_THRESHOLD: usize = 1000;
@@ -39,7 +41,9 @@ pub(crate) struct ChatComposer<'a> {
     app_event_tx: AppEventSender,
     history: ChatComposerHistory,
     ctrl_c_quit_hint: bool,
+    use_shift_enter_hint: bool,
     dismissed_file_popup_token: Option<String>,
+    dismissed_slash_token: Option<String>,
     current_file_query: Option<String>,
     pending_pastes: Vec<(String, String)>,
 }
@@ -52,18 +56,115 @@ enum ActivePopup {
 }
 
 impl ChatComposer<'_> {
-    pub fn new(has_input_focus: bool, app_event_tx: AppEventSender) -> Self {
+    #[inline]
+    fn first_line(&self) -> &str {
+        self.textarea
+            .lines()
+            .first()
+            .map(|s| s.as_str())
+            .unwrap_or("")
+    }
+
+    #[inline]
+    fn slash_token_from_first_line(first_line: &str) -> Option<&str> {
+        if !first_line.starts_with('/') {
+            return None;
+        }
+        let stripped = first_line.strip_prefix('/').unwrap_or("");
+        let token = stripped.trim_start();
+        Some(token.split_whitespace().next().unwrap_or(""))
+    }
+
+    #[inline]
+    fn emit_unrecognized_slash_command(&mut self, cmd_token: &str) {
+        let attempted = if cmd_token.is_empty() {
+            "/".to_string()
+        } else {
+            format!("/{cmd_token}")
+        };
+        let msg = format!("{attempted} not a recognized command");
+        self.app_event_tx
+            .send(AppEvent::InsertHistory(vec![Line::from(msg)]));
+        self.dismissed_slash_token = Some(cmd_token.to_string());
+        self.active_popup = ActivePopup::None;
+    }
+
+    #[inline]
+    fn sync_popups(&mut self) {
+        self.sync_command_popup();
+        if matches!(self.active_popup, ActivePopup::Command(_)) {
+            self.dismissed_file_popup_token = None;
+        } else {
+            self.sync_file_search_popup();
+        }
+    }
+
+    #[inline]
+    fn compute_textarea_and_popup_rect(&self, area: Rect, desired_popup: u16) -> (Rect, Rect) {
+        let text_lines = self.textarea.lines().len().max(1) as u16;
+        let popup_height = desired_popup.min(area.height.saturating_sub(text_lines));
+        let textarea_rect = Rect {
+            x: area.x,
+            y: area.y,
+            width: area.width,
+            height: area.height.saturating_sub(popup_height),
+        };
+        let popup_rect = Rect {
+            x: area.x,
+            y: area.y + textarea_rect.height,
+            width: area.width,
+            height: popup_height,
+        };
+        (textarea_rect, popup_rect)
+    }
+
+    /// Convert a cursor column (in chars) to a byte offset within `line`.
+    #[inline]
+    fn cursor_byte_offset_for_col(line: &str, col_chars: usize) -> usize {
+        line.chars().take(col_chars).map(|c| c.len_utf8()).sum()
+    }
+
+    /// Determine token boundaries around a cursor position expressed as a byte offset.
+    /// A token is delimited by any Unicode whitespace on either side.
+    #[inline]
+    fn token_bounds(line: &str, cursor_byte_offset: usize) -> Option<(usize, usize)> {
+        let (before_cursor, after_cursor) = line.split_at(cursor_byte_offset.min(line.len()));
+
+        let start_idx = before_cursor
+            .char_indices()
+            .rfind(|(_, c)| c.is_whitespace())
+            .map(|(idx, c)| idx + c.len_utf8())
+            .unwrap_or(0);
+
+        let end_rel_idx = after_cursor
+            .char_indices()
+            .find(|(_, c)| c.is_whitespace())
+            .map(|(idx, _)| idx)
+            .unwrap_or(after_cursor.len());
+        let end_idx = cursor_byte_offset + end_rel_idx;
+
+        (start_idx < end_idx).then_some((start_idx, end_idx))
+    }
+    pub fn new(
+        has_input_focus: bool,
+        app_event_tx: AppEventSender,
+        enhanced_keys_supported: bool,
+    ) -> Self {
         let mut textarea = TextArea::default();
         textarea.set_placeholder_text(BASE_PLACEHOLDER_TEXT);
         textarea.set_cursor_line_style(ratatui::style::Style::default());
 
+        let use_shift_enter_hint = enhanced_keys_supported;
+
         let mut this = Self {
             textarea,
             active_popup: ActivePopup::None,
             app_event_tx,
             history: ChatComposerHistory::new(),
             ctrl_c_quit_hint: false,
+            use_shift_enter_hint,
             dismissed_file_popup_token: None,
+            dismissed_slash_token: None,
             current_file_query: None,
             pending_pastes: Vec::new(),
         };
@@ -71,6 +172,15 @@ impl ChatComposer<'_> {
         this
     }
 
+    pub fn desired_height(&self) -> u16 {
+        self.textarea.lines().len().max(1) as u16
+            + match &self.active_popup {
+                ActivePopup::None => 1u16,
+                ActivePopup::Command(c) => c.calculate_required_height(),
+                ActivePopup::File(c) => c.calculate_required_height(),
+            }
+    }
+
     /// Returns true if the composer currently contains no user input.
     pub(crate) fn is_empty(&self) -> bool {
         self.textarea.is_empty()
@@ -136,8 +246,7 @@ impl ChatComposer<'_> {
         } else {
             self.textarea.insert_str(&pasted);
         }
-        self.sync_command_popup();
-        self.sync_file_search_popup();
+        self.sync_popups();
         true
     }
 
@@ -171,19 +280,14 @@ impl ChatComposer<'_> {
             ActivePopup::None => self.handle_key_event_without_popup(key_event),
         };
 
-        // Update (or hide/show) popup after processing the key.
-        self.sync_command_popup();
-        if matches!(self.active_popup, ActivePopup::Command(_)) {
-            self.dismissed_file_popup_token = None;
-        } else {
-            self.sync_file_search_popup();
-        }
+        self.sync_popups();
 
         result
     }
 
     /// Handle key event when the slash-command popup is visible.
     fn handle_key_event_with_slash_popup(&mut self, key_event: KeyEvent) -> (InputResult, bool) {
+        let first_line_owned = self.first_line().to_string();
         let ActivePopup::Command(popup) = &mut self.active_popup else {
             unreachable!();
         };
@@ -197,16 +301,16 @@ impl ChatComposer<'_> {
                 popup.move_down();
                 (InputResult::None, true)
             }
+            Input { key: Key::Esc, .. } => {
+                if let Some(cmd_token) = Self::slash_token_from_first_line(&first_line_owned) {
+                    self.dismissed_slash_token = Some(cmd_token.to_string());
+                }
+                self.active_popup = ActivePopup::None;
+                (InputResult::None, true)
+            }
             Input { key: Key::Tab, .. } => {
                 if let Some(cmd) = popup.selected_command() {
-                    let first_line = self
-                        .textarea
-                        .lines()
-                        .first()
-                        .map(|s| s.as_str())
-                        .unwrap_or("");
-
-                    let starts_with_cmd = first_line
+                    let starts_with_cmd = first_line_owned
                         .trim_start()
                         .starts_with(&format!("/{}", cmd.command()));
 
@@ -225,19 +329,17 @@ impl ChatComposer<'_> {
                 ctrl: false,
             } => {
                 if let Some(cmd) = popup.selected_command() {
-                    // Send command to the app layer.
                     self.app_event_tx.send(AppEvent::DispatchCommand(*cmd));
-
-                    // Clear textarea so no residual text remains.
                     self.textarea.select_all();
                     self.textarea.cut();
-
-                    // Hide popup since the command has been dispatched.
                     self.active_popup = ActivePopup::None;
                     return (InputResult::None, true);
                 }
-                // Fallback to default newline handling if no command selected.
-                self.handle_key_event_without_popup(key_event)
+                if let Some(cmd_token) = Self::slash_token_from_first_line(&first_line_owned) {
+                    self.emit_unrecognized_slash_command(cmd_token);
+                    return (InputResult::None, true);
+                }
+                (InputResult::None, false)
             }
             input => self.handle_input_basic(input),
         }
@@ -298,37 +400,9 @@ impl ChatComposer<'_> {
     ///   one additional character, that token (without `@`) is returned.
     fn current_at_token(textarea: &tui_textarea::TextArea) -> Option<String> {
         let (row, col) = textarea.cursor();
-
-        // Guard against out-of-bounds rows.
         let line = textarea.lines().get(row)?.as_str();
-
-        // Calculate byte offset for cursor position
-        let cursor_byte_offset = line.chars().take(col).map(|c| c.len_utf8()).sum::<usize>();
-
-        // Split the line at the cursor position so we can search for word
-        // boundaries on both sides.
-        let before_cursor = &line[..cursor_byte_offset];
-        let after_cursor = &line[cursor_byte_offset..];
-
-        // Find start index (first character **after** the previous multi-byte whitespace).
-        let start_idx = before_cursor
-            .char_indices()
-            .rfind(|(_, c)| c.is_whitespace())
-            .map(|(idx, c)| idx + c.len_utf8())
-            .unwrap_or(0);
-
-        // Find end index (first multi-byte whitespace **after** the cursor position).
-        let end_rel_idx = after_cursor
-            .char_indices()
-            .find(|(_, c)| c.is_whitespace())
-            .map(|(idx, _)| idx)
-            .unwrap_or(after_cursor.len());
-        let end_idx = cursor_byte_offset + end_rel_idx;
-
-        if start_idx >= end_idx {
-            return None;
-        }
-
+        let cursor_byte_offset = Self::cursor_byte_offset_for_col(line, col);
+        let (start_idx, end_idx) = Self::token_bounds(line, cursor_byte_offset)?;
         let token = &line[start_idx..end_idx];
 
         if token.starts_with('@') && token.len() > 1 {
@@ -345,50 +419,24 @@ impl ChatComposer<'_> {
     /// `@tokens` exist in the line.
     fn insert_selected_path(&mut self, path: &str) {
         let (row, col) = self.textarea.cursor();
-
-        // Materialize the textarea lines so we can mutate them easily.
         let mut lines: Vec<String> = self.textarea.lines().to_vec();
 
         if let Some(line) = lines.get_mut(row) {
-            // Calculate byte offset for cursor position
-            let cursor_byte_offset = line.chars().take(col).map(|c| c.len_utf8()).sum::<usize>();
+            let cursor_byte_offset = Self::cursor_byte_offset_for_col(line, col);
+            if let Some((start_idx, end_idx)) = Self::token_bounds(line, cursor_byte_offset) {
+                let mut new_line =
+                    String::with_capacity(line.len() - (end_idx - start_idx) + path.len() + 1);
+                new_line.push_str(&line[..start_idx]);
+                new_line.push_str(path);
+                new_line.push(' ');
+                new_line.push_str(&line[end_idx..]);
+                *line = new_line;
 
-            let before_cursor = &line[..cursor_byte_offset];
-            let after_cursor = &line[cursor_byte_offset..];
-
-            // Determine token boundaries.
-            let start_idx = before_cursor
-                .char_indices()
-                .rfind(|(_, c)| c.is_whitespace())
-                .map(|(idx, c)| idx + c.len_utf8())
-                .unwrap_or(0);
-
-            let end_rel_idx = after_cursor
-                .char_indices()
-                .find(|(_, c)| c.is_whitespace())
-                .map(|(idx, _)| idx)
-                .unwrap_or(after_cursor.len());
-            let end_idx = cursor_byte_offset + end_rel_idx;
-
-            // Replace the slice `[start_idx, end_idx)` with the chosen path and a trailing space.
-            let mut new_line =
-                String::with_capacity(line.len() - (end_idx - start_idx) + path.len() + 1);
-            new_line.push_str(&line[..start_idx]);
-            new_line.push_str(path);
-            new_line.push(' ');
-            new_line.push_str(&line[end_idx..]);
-
-            *line = new_line;
-
-            // Re-populate the textarea.
-            let new_text = lines.join("\n");
-            self.textarea.select_all();
-            self.textarea.cut();
-            let _ = self.textarea.insert_str(new_text);
-
-            // Note: tui-textarea currently exposes only relative cursor
-            // movements. Leaving the cursor position unchanged is acceptable
-            // as subsequent typing will move the cursor naturally.
+                let new_text = lines.join("\n");
+                self.textarea.select_all();
+                self.textarea.cut();
+                let _ = self.textarea.insert_str(new_text);
+            }
         }
     }
 
@@ -460,6 +508,20 @@ impl ChatComposer<'_> {
                 self.textarea.insert_newline();
                 (InputResult::None, true)
             }
+            Input {
+                key: Key::Char('d'),
+                ctrl: true,
+                alt: false,
+                shift: false,
+            } => {
+                self.textarea.input(Input {
+                    key: Key::Delete,
+                    ctrl: false,
+                    alt: false,
+                    shift: false,
+                });
+                (InputResult::None, true)
+            }
             input => self.handle_input_basic(input),
         }
     }
@@ -477,6 +539,17 @@ impl ChatComposer<'_> {
             }
         }
 
+        if let Input {
+            key: Key::Char('u'),
+            ctrl: true,
+            alt: false,
+            ..
+        } = input
+        {
+            self.textarea.delete_line_by_head();
+            return (InputResult::None, true);
+        }
+
         // Normal input handling
         self.textarea.input(input);
         let text_after = self.textarea.lines().join("\n");
@@ -535,29 +608,28 @@ impl ChatComposer<'_> {
     /// textarea. This must be called after every modification that can change
     /// the text so the popup is shown/updated/hidden as appropriate.
     fn sync_command_popup(&mut self) {
-        // Inspect only the first line to decide whether to show the popup. In
-        // the common case (no leading slash) we avoid copying the entire
-        // textarea contents.
-        let first_line = self
-            .textarea
-            .lines()
-            .first()
-            .map(|s| s.as_str())
-            .unwrap_or("");
-
+        let first_line = self.first_line().to_string();
         let input_starts_with_slash = first_line.starts_with('/');
+        if !input_starts_with_slash {
+            self.dismissed_slash_token = None;
+        }
+        let current_cmd_token: Option<&str> = Self::slash_token_from_first_line(&first_line);
         match &mut self.active_popup {
             ActivePopup::Command(popup) => {
                 if input_starts_with_slash {
-                    popup.on_composer_text_change(first_line.to_string());
+                    popup.on_composer_text_change(first_line.clone());
                 } else {
                     self.active_popup = ActivePopup::None;
+                    self.dismissed_slash_token = None;
                 }
             }
             _ => {
                 if input_starts_with_slash {
+                    if self.dismissed_slash_token.as_deref() == current_cmd_token {
+                        return;
+                    }
                     let mut command_popup = CommandPopup::new();
-                    command_popup.on_composer_text_change(first_line.to_string());
+                    command_popup.on_composer_text_change(first_line);
                     self.active_popup = ActivePopup::Command(command_popup);
                 }
             }
@@ -601,37 +673,17 @@ impl ChatComposer<'_> {
     }
 
     fn update_border(&mut self, has_focus: bool) {
-        struct BlockState {
-            right_title: Line<'static>,
-            border_style: Style,
-        }
-
-        let bs = if has_focus {
-            if self.ctrl_c_quit_hint {
-                BlockState {
-                    right_title: Line::from("Ctrl+C to quit").alignment(Alignment::Right),
-                    border_style: Style::default(),
-                }
-            } else {
-                BlockState {
-                    right_title: Line::from("Enter to send | Ctrl+D to quit | Ctrl+J for newline")
-                        .alignment(Alignment::Right),
-                    border_style: Style::default(),
-                }
-            }
+        let border_style = if has_focus {
+            Style::default().fg(Color::Cyan)
         } else {
-            BlockState {
-                right_title: Line::from(""),
-                border_style: Style::default().dim(),
-            }
+            Style::default().dim()
         };
 
         self.textarea.set_block(
             ratatui::widgets::Block::default()
-                .title_bottom(bs.right_title)
-                .borders(Borders::ALL)
-                .border_type(BorderType::Rounded)
-                .border_style(bs.border_style),
+                .borders(Borders::LEFT)
+                .border_type(BorderType::QuadrantOutside)
+                .border_style(border_style),
         );
     }
 }
@@ -640,49 +692,52 @@ impl WidgetRef for &ChatComposer<'_> {
     fn render_ref(&self, area: Rect, buf: &mut Buffer) {
         match &self.active_popup {
             ActivePopup::Command(popup) => {
-                let popup_height = popup.calculate_required_height(&area);
-
-                // Split the provided rect so that the popup is rendered at the
-                // *top* and the textarea occupies the remaining space below.
-                let popup_rect = Rect {
-                    x: area.x,
-                    y: area.y,
-                    width: area.width,
-                    height: popup_height.min(area.height),
-                };
-
-                let textarea_rect = Rect {
-                    x: area.x,
-                    y: area.y + popup_rect.height,
-                    width: area.width,
-                    height: area.height.saturating_sub(popup_rect.height),
-                };
-
+                let desired_popup = popup.calculate_required_height();
+                let (textarea_rect, popup_rect) =
+                    self.compute_textarea_and_popup_rect(area, desired_popup);
                 popup.render(popup_rect, buf);
                 self.textarea.render(textarea_rect, buf);
             }
             ActivePopup::File(popup) => {
-                let popup_height = popup.calculate_required_height(&area);
-
-                let popup_rect = Rect {
-                    x: area.x,
-                    y: area.y,
-                    width: area.width,
-                    height: popup_height.min(area.height),
-                };
-
-                let textarea_rect = Rect {
-                    x: area.x,
-                    y: area.y + popup_rect.height,
-                    width: area.width,
-                    height: area.height.saturating_sub(popup_height),
-                };
-
+                let desired_popup = popup.calculate_required_height();
+                let (textarea_rect, popup_rect) =
+                    self.compute_textarea_and_popup_rect(area, desired_popup);
                 popup.render(popup_rect, buf);
                 self.textarea.render(textarea_rect, buf);
             }
             ActivePopup::None => {
-                self.textarea.render(area, buf);
+                let mut textarea_rect = area;
+                textarea_rect.height = textarea_rect.height.saturating_sub(1);
+                self.textarea.render(textarea_rect, buf);
+                let mut bottom_line_rect = area;
+                bottom_line_rect.y += textarea_rect.height;
+                bottom_line_rect.height = 1;
+                let key_hint_style = Style::default().fg(Color::Cyan);
+                let hint = if self.ctrl_c_quit_hint {
+                    vec![
+                        Span::from(" "),
+                        "Ctrl+C again".set_style(key_hint_style),
+                        Span::from(" to quit"),
+                    ]
+                } else {
+                    let newline_hint_key = if self.use_shift_enter_hint {
+                        "Shift+⏎"
+                    } else {
+                        "Ctrl+J"
+                    };
+                    vec![
+                        Span::from(" "),
+                        "⏎".set_style(key_hint_style),
+                        Span::from(" send   "),
+                        newline_hint_key.set_style(key_hint_style),
+                        Span::from(" newline   "),
+                        "Ctrl+C".set_style(key_hint_style),
+                        Span::from(" quit"),
+                    ]
+                };
+                Line::from(hint)
+                    .style(Style::default().dim())
+                    .render_ref(bottom_line_rect, buf);
             }
         }
     }
@@ -690,6 +745,7 @@ impl WidgetRef for &ChatComposer<'_> {
 
 #[cfg(test)]
 mod tests {
+
     use crate::bottom_pane::AppEventSender;
     use crate::bottom_pane::ChatComposer;
     use crate::bottom_pane::InputResult;
@@ -848,7 +904,7 @@ mod tests {
 
         let (tx, _rx) = std::sync::mpsc::channel();
         let sender = AppEventSender::new(tx);
-        let mut composer = ChatComposer::new(true, sender);
+        let mut composer = ChatComposer::new(true, sender, false);
 
         let needs_redraw = composer.handle_paste("hello".to_string());
         assert!(needs_redraw);
@@ -871,7 +927,7 @@ mod tests {
 
         let (tx, _rx) = std::sync::mpsc::channel();
         let sender = AppEventSender::new(tx);
-        let mut composer = ChatComposer::new(true, sender);
+        let mut composer = ChatComposer::new(true, sender, false);
 
         let large = "x".repeat(LARGE_PASTE_CHAR_THRESHOLD + 10);
         let needs_redraw = composer.handle_paste(large.clone());
@@ -900,7 +956,7 @@ mod tests {
         let large = "y".repeat(LARGE_PASTE_CHAR_THRESHOLD + 1);
         let (tx, _rx) = std::sync::mpsc::channel();
         let sender = AppEventSender::new(tx);
-        let mut composer = ChatComposer::new(true, sender);
+        let mut composer = ChatComposer::new(true, sender, false);
 
         composer.handle_paste(large);
         assert_eq!(composer.pending_pastes.len(), 1);
@@ -936,7 +992,7 @@ mod tests {
 
         for (name, input) in test_cases {
             // Create a fresh composer for each test case
-            let mut composer = ChatComposer::new(true, sender.clone());
+            let mut composer = ChatComposer::new(true, sender.clone(), false);
 
             if let Some(text) = input {
                 composer.handle_paste(text);
@@ -965,6 +1021,97 @@ mod tests {
         }
     }
 
+    #[test]
+    fn esc_dismiss_slash_popup_reopen_on_token_change() {
+        use crate::bottom_pane::chat_composer::ActivePopup;
+        use crossterm::event::KeyCode;
+        use crossterm::event::KeyEvent;
+        use crossterm::event::KeyModifiers;
+
+        let (tx, _rx) = std::sync::mpsc::channel();
+        let sender = AppEventSender::new(tx);
+        let mut composer = ChatComposer::new(true, sender, false);
+
+        composer.handle_paste("/".to_string());
+        assert!(matches!(composer.active_popup, ActivePopup::Command(_)));
+
+        let _ = composer.handle_key_event(KeyEvent::new(KeyCode::Esc, KeyModifiers::NONE));
+        assert!(matches!(composer.active_popup, ActivePopup::None));
+
+        composer.handle_paste("c".to_string());
+        assert!(matches!(composer.active_popup, ActivePopup::Command(_)));
+    }
+
+    #[test]
+    fn enter_with_unrecognized_slash_command_closes_popup_and_emits_error() {
+        use crate::app_event::AppEvent;
+        use crate::bottom_pane::chat_composer::ActivePopup;
+        use crossterm::event::KeyCode;
+        use crossterm::event::KeyEvent;
+        use crossterm::event::KeyModifiers;
+        use std::sync::mpsc::TryRecvError;
+
+        let (tx, rx) = std::sync::mpsc::channel();
+        let sender = AppEventSender::new(tx);
+        let mut composer = ChatComposer::new(true, sender, false);
+
+        composer.handle_paste("/ notacommand args".to_string());
+        assert!(matches!(composer.active_popup, ActivePopup::Command(_)));
+
+        let _ = composer.handle_key_event(KeyEvent::new(KeyCode::Enter, KeyModifiers::NONE));
+
+        assert!(matches!(composer.active_popup, ActivePopup::None));
+
+        let mut saw_error = false;
+        loop {
+            match rx.try_recv() {
+                Ok(AppEvent::InsertHistory(lines)) => {
+                    let text = lines
+                        .into_iter()
+                        .map(|l| l.to_string())
+                        .collect::<Vec<_>>()
+                        .join("\n");
+                    if text.contains("/notacommand not a recognized command") {
+                        saw_error = true;
+                        break;
+                    }
+                }
+                Ok(_) => continue,
+                Err(TryRecvError::Empty) => break,
+                Err(TryRecvError::Disconnected) => break,
+            }
+        }
+
+        assert!(
+            saw_error,
+            "expected InsertHistory error for unrecognized command"
+        );
+    }
+
+    #[test]
+    fn esc_dismiss_then_delete_and_retype_slash_reopens_popup() {
+        use crate::bottom_pane::chat_composer::ActivePopup;
+        use crossterm::event::KeyCode;
+        use crossterm::event::KeyEvent;
+        use crossterm::event::KeyModifiers;
+
+        let (tx, _rx) = std::sync::mpsc::channel();
+        let sender = AppEventSender::new(tx);
+        let mut composer = ChatComposer::new(true, sender, false);
+
+        composer.handle_paste("/".to_string());
+        assert!(matches!(composer.active_popup, ActivePopup::Command(_)));
+
+        let _ = composer.handle_key_event(KeyEvent::new(KeyCode::Esc, KeyModifiers::NONE));
+        assert!(matches!(composer.active_popup, ActivePopup::None));
+
+        let _ = composer.handle_key_event(KeyEvent::new(KeyCode::Backspace, KeyModifiers::NONE));
+        assert!(matches!(composer.active_popup, ActivePopup::None));
+
+        composer.handle_paste("/".to_string());
+        assert!(matches!(composer.active_popup, ActivePopup::Command(_)));
+    }
+
     #[test]
     fn test_multiple_pastes_submission() {
         use crossterm::event::KeyCode;
@@ -973,20 +1120,17 @@ mod tests {
 
         let (tx, _rx) = std::sync::mpsc::channel();
         let sender = AppEventSender::new(tx);
-        let mut composer = ChatComposer::new(true, sender);
+        let mut composer = ChatComposer::new(true, sender, false);
 
-        // Define test cases: (paste content, is_large)
         let test_cases = [
             ("x".repeat(LARGE_PASTE_CHAR_THRESHOLD + 3), true),
             (" and ".to_string(), false),
             ("y".repeat(LARGE_PASTE_CHAR_THRESHOLD + 7), true),
         ];
 
-        // Expected states after each paste
         let mut expected_text = String::new();
         let mut expected_pending_count = 0;
 
-        // Apply all pastes and build expected state
         let states: Vec<_> = test_cases
             .iter()
             .map(|(content, is_large)| {
@@ -1002,7 +1146,6 @@ mod tests {
             })
             .collect();
 
-        // Verify all intermediate states were correct
         assert_eq!(
             states,
             vec![
@@ -1028,7 +1171,6 @@ mod tests {
             ]
         );
 
-        // Submit and verify final expansion
         let (result, _) =
             composer.handle_key_event(KeyEvent::new(KeyCode::Enter, KeyModifiers::NONE));
         if let InputResult::Submitted(text) = result {
@@ -1046,16 +1188,14 @@ mod tests {
 
         let (tx, _rx) = std::sync::mpsc::channel();
         let sender = AppEventSender::new(tx);
-        let mut composer = ChatComposer::new(true, sender);
+        let mut composer = ChatComposer::new(true, sender, false);
 
-        // Define test cases: (content, is_large)
         let test_cases = [
             ("a".repeat(LARGE_PASTE_CHAR_THRESHOLD + 5), true),
             (" and ".to_string(), false),
             ("b".repeat(LARGE_PASTE_CHAR_THRESHOLD + 6), true),
         ];
 
-        // Apply all pastes
         let mut current_pos = 0;
         let states: Vec<_> = test_cases
             .iter()
@@ -1075,10 +1215,8 @@ mod tests {
             })
             .collect();
 
-        // Delete placeholders one by one and collect states
         let mut deletion_states = vec![];
 
-        // First deletion
         composer
             .textarea
             .move_cursor(tui_textarea::CursorMove::Jump(0, states[0].2 as u16));
@@ -1088,7 +1226,6 @@ mod tests {
             composer.pending_pastes.len(),
         ));
 
-        // Second deletion
         composer
             .textarea
             .move_cursor(tui_textarea::CursorMove::Jump(
@@ -1101,7 +1238,6 @@ mod tests {
             composer.pending_pastes.len(),
         ));
 
-        // Verify all states
         assert_eq!(
             deletion_states,
             vec![
@@ -1119,9 +1255,8 @@ mod tests {
 
         let (tx, _rx) = std::sync::mpsc::channel();
         let sender = AppEventSender::new(tx);
-        let mut composer = ChatComposer::new(true, sender);
+        let mut composer = ChatComposer::new(true, sender, false);
 
-        // Define test cases: (cursor_position_from_end, expected_pending_count)
         let test_cases = [
             5, // Delete from middle - should clear tracking
             0, // Delete from end - should clear tracking

codex-rs/tui/src/bottom_pane/command_popup.rs

@@ -3,9 +3,9 @@ use ratatui::layout::Rect;
 use ratatui::style::Color;
 use ratatui::style::Style;
 use ratatui::style::Stylize;
-use ratatui::widgets::Block;
-use ratatui::widgets::BorderType;
-use ratatui::widgets::Borders;
+use ratatui::symbols::border::QUADRANT_LEFT_HALF;
+use ratatui::text::Line;
+use ratatui::text::Span;
 use ratatui::widgets::Cell;
 use ratatui::widgets::Row;
 use ratatui::widgets::Table;
@@ -25,6 +25,8 @@ pub(crate) struct CommandPopup {
     command_filter: String,
     all_commands: Vec<(&'static str, SlashCommand)>,
     selected_idx: Option<usize>,
+    // Index of the first visible row in the filtered list.
+    scroll_top: usize,
 }
 
 impl CommandPopup {
@@ -33,6 +35,7 @@ impl CommandPopup {
             command_filter: String::new(),
             all_commands: built_in_slash_commands(),
             selected_idx: None,
+            scroll_top: 0,
         }
     }
 
@@ -66,30 +69,28 @@ impl CommandPopup {
             0 => None,
             _ => Some(self.selected_idx.unwrap_or(0).min(matches_len - 1)),
         };
+
+        self.adjust_scroll(matches_len);
     }
 
     /// Determine the preferred height of the popup. This is the number of
-    /// rows required to show **at most** `MAX_POPUP_ROWS` commands plus the
-    /// table/border overhead (one line at the top and one at the bottom).
-    pub(crate) fn calculate_required_height(&self, _area: &Rect) -> u16 {
-        let matches = self.filtered_commands();
-        let row_count = matches.len().clamp(1, MAX_POPUP_ROWS) as u16;
-        // Account for the border added by the Block that wraps the table.
-        // 2 = one line at the top, one at the bottom.
-        row_count + 2
+    /// rows required to show at most MAX_POPUP_ROWS commands.
+    pub(crate) fn calculate_required_height(&self) -> u16 {
+        self.filtered_commands().len().clamp(1, MAX_POPUP_ROWS) as u16
     }
 
     /// Return the list of commands that match the current filter. Matching is
-    /// performed using a *prefix* comparison on the command name.
+    /// performed using a case-insensitive prefix comparison on the command name.
     fn filtered_commands(&self) -> Vec<&SlashCommand> {
+        let filter = self.command_filter.as_str();
         self.all_commands
             .iter()
             .filter_map(|(_name, cmd)| {
-                if self.command_filter.is_empty()
-                    || cmd
-                        .command()
-                        .starts_with(&self.command_filter.to_ascii_lowercase())
-                {
+                if filter.is_empty() {
+                    return Some(cmd);
+                }
+                let name = cmd.command();
+                if name.len() >= filter.len() && name[..filter.len()].eq_ignore_ascii_case(filter) {
                     Some(cmd)
                 } else {
                     None
@@ -100,26 +101,30 @@ impl CommandPopup {
 
     /// Move the selection cursor one step up.
     pub(crate) fn move_up(&mut self) {
-        if let Some(len) = self.filtered_commands().len().checked_sub(1) {
-            if len == usize::MAX {
-                return;
-            }
+        let matches = self.filtered_commands();
+        let len = matches.len();
+        if len == 0 {
+            self.selected_idx = None;
+            self.scroll_top = 0;
+            return;
         }
 
-        if let Some(idx) = self.selected_idx {
-            if idx > 0 {
-                self.selected_idx = Some(idx - 1);
-            }
-        } else if !self.filtered_commands().is_empty() {
-            self.selected_idx = Some(0);
+        match self.selected_idx {
+            Some(idx) if idx > 0 => self.selected_idx = Some(idx - 1),
+            Some(_) => self.selected_idx = Some(len - 1), // wrap to last
+            None => self.selected_idx = Some(0),
         }
+
+        self.adjust_scroll(len);
     }
 
     /// Move the selection cursor one step down.
     pub(crate) fn move_down(&mut self) {
-        let matches_len = self.filtered_commands().len();
+        let matches = self.filtered_commands();
+        let matches_len = matches.len();
         if matches_len == 0 {
             self.selected_idx = None;
+            self.scroll_top = 0;
             return;
         }
 
@@ -127,11 +132,15 @@ impl CommandPopup {
             Some(idx) if idx + 1 < matches_len => {
                 self.selected_idx = Some(idx + 1);
             }
+            Some(_idx_last) => {
+                self.selected_idx = Some(0);
+            }
             None => {
                 self.selected_idx = Some(0);
             }
-            _ => {}
         }
+
+        self.adjust_scroll(matches_len);
     }
 
     /// Return currently selected command, if any.
@@ -139,6 +148,26 @@ impl CommandPopup {
         let matches = self.filtered_commands();
         self.selected_idx.and_then(|idx| matches.get(idx).copied())
     }
+
+    fn adjust_scroll(&mut self, matches_len: usize) {
+        if matches_len == 0 {
+            self.scroll_top = 0;
+            return;
+        }
+        let visible_rows = MAX_POPUP_ROWS.min(matches_len);
+        if let Some(sel) = self.selected_idx {
+            if sel < self.scroll_top {
+                self.scroll_top = sel;
+            } else {
+                let bottom = self.scroll_top + visible_rows - 1;
+                if sel > bottom {
+                    self.scroll_top = sel + 1 - visible_rows;
+                }
+            }
+        } else {
+            self.scroll_top = 0;
+        }
+    }
 }
 
 impl WidgetRef for CommandPopup {
@@ -146,10 +175,8 @@ impl WidgetRef for CommandPopup {
         let matches = self.filtered_commands();
 
         let mut rows: Vec<Row> = Vec::new();
-        let visible_matches: Vec<&SlashCommand> =
-            matches.into_iter().take(MAX_POPUP_ROWS).collect();
 
-        if visible_matches.is_empty() {
+        if matches.is_empty() {
             rows.push(Row::new(vec![
                 Cell::from(""),
                 Cell::from("No matching commands").add_modifier(Modifier::ITALIC),
@@ -157,19 +184,42 @@ impl WidgetRef for CommandPopup {
         } else {
             let default_style = Style::default();
             let command_style = Style::default().fg(Color::LightBlue);
-            for (idx, cmd) in visible_matches.iter().enumerate() {
-                let (cmd_style, desc_style) = if Some(idx) == self.selected_idx {
-                    (
-                        command_style.bg(Color::DarkGray),
-                        default_style.bg(Color::DarkGray),
-                    )
-                } else {
-                    (command_style, default_style)
-                };
+            let max_rows_from_area = area.height as usize;
+            let visible_rows = MAX_POPUP_ROWS
+                .min(matches.len())
+                .min(max_rows_from_area.max(1));
 
+            let mut start_idx = self.scroll_top.min(matches.len().saturating_sub(1));
+            if let Some(sel) = self.selected_idx {
+                if sel < start_idx {
+                    start_idx = sel;
+                } else if visible_rows > 0 {
+                    let bottom = start_idx + visible_rows - 1;
+                    if sel > bottom {
+                        start_idx = sel + 1 - visible_rows;
+                    }
+                }
+            }
+
+            for (global_idx, cmd) in matches
+                .iter()
+                .enumerate()
+                .skip(start_idx)
+                .take(visible_rows)
+            {
                 rows.push(Row::new(vec![
-                    Cell::from(format!("/{}", cmd.command())).style(cmd_style),
-                    Cell::from(cmd.description().to_string()).style(desc_style),
+                    Cell::from(Line::from(vec![
+                        if Some(global_idx) == self.selected_idx {
+                            Span::styled(
+                                "›",
+                                Style::default().bg(Color::DarkGray).fg(Color::LightCyan),
+                            )
+                        } else {
+                            Span::styled(QUADRANT_LEFT_HALF, Style::default().fg(Color::DarkGray))
+                        },
+                        Span::styled(format!("/{}", cmd.command()), command_style),
+                    ])),
+                    Cell::from(cmd.description().to_string()).style(default_style),
                 ]));
             }
         }
@@ -180,13 +230,78 @@ impl WidgetRef for CommandPopup {
             rows,
             [Constraint::Length(FIRST_COLUMN_WIDTH), Constraint::Min(10)],
         )
-        .column_spacing(0)
-        .block(
-            Block::default()
-                .borders(Borders::ALL)
-                .border_type(BorderType::Rounded),
-        );
+        .column_spacing(0);
+        // .block(
+        //     Block::default()
+        //         .borders(Borders::LEFT)
+        //         .border_type(BorderType::QuadrantOutside)
+        //         .border_style(Style::default().fg(Color::DarkGray)),
+        // );
 
         table.render(area, buf);
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use ratatui::buffer::Buffer;
+    use ratatui::layout::Rect;
+
+    #[test]
+    fn move_down_wraps_to_top() {
+        let mut popup = CommandPopup::new();
+        // Show all commands by simulating composer input starting with '/'.
+        popup.on_composer_text_change("/".to_string());
+        let len = popup.filtered_commands().len();
+        assert!(len > 0);
+
+        // Move to last item.
+        for _ in 0..len.saturating_sub(1) {
+            popup.move_down();
+        }
+        // Next move_down should wrap to index 0.
+        popup.move_down();
+        assert_eq!(popup.selected_idx, Some(0));
+    }
+
+    #[test]
+    fn move_up_wraps_to_bottom() {
+        let mut popup = CommandPopup::new();
+        popup.on_composer_text_change("/".to_string());
+        let len = popup.filtered_commands().len();
+        assert!(len > 0);
+
+        // Initial selection is 0; moving up should wrap to last.
+        popup.move_up();
+        assert_eq!(popup.selected_idx, Some(len - 1));
+    }
+
+    #[test]
+    fn respects_tiny_terminal_height_when_rendering() {
+        let mut popup = CommandPopup::new();
+        popup.on_composer_text_change("/".to_string());
+        assert!(popup.filtered_commands().len() >= 3);
+
+        let area = Rect::new(0, 0, 50, 2);
+        let mut buf = Buffer::empty(area);
+        popup.render(area, &mut buf);
+
+        let mut non_empty_rows = 0u16;
+        for y in 0..area.height {
+            let mut row_has_content = false;
+            for x in 0..area.width {
+                let c = buf[(x, y)].symbol();
+                if !c.trim().is_empty() {
+                    row_has_content = true;
+                    break;
+                }
+            }
+            if row_has_content {
+                non_empty_rows += 1;
+            }
+        }
+
+        assert_eq!(non_empty_rows, 2);
+    }
+}

codex-rs/tui/src/bottom_pane/file_search_popup.rs

@@ -108,19 +108,14 @@ impl FileSearchPopup {
             .map(|file_match| file_match.path.as_str())
     }
 
-    /// Preferred height (rows) including border.
-    pub(crate) fn calculate_required_height(&self, _area: &Rect) -> u16 {
+    pub(crate) fn calculate_required_height(&self) -> u16 {
         // Row count depends on whether we already have matches. If no matches
         // yet (e.g. initial search or query with no results) reserve a single
         // row so the popup is still visible. When matches are present we show
         // up to MAX_RESULTS regardless of the waiting flag so the list
         // remains stable while a newer search is in-flight.
-        let rows = if self.matches.is_empty() {
-            1
-        } else {
-            self.matches.len().clamp(1, MAX_RESULTS)
-        } as u16;
-        rows + 2 // border
+
+        self.matches.len().clamp(1, MAX_RESULTS) as u16
     }
 }
 
@@ -128,7 +123,14 @@ impl WidgetRef for &FileSearchPopup {
     fn render_ref(&self, area: Rect, buf: &mut Buffer) {
         // Prepare rows.
         let rows: Vec<Row> = if self.matches.is_empty() {
-            vec![Row::new(vec![Cell::from(" no matches ")])]
+            vec![Row::new(vec![
+                Cell::from(if self.waiting {
+                    "(searching …)"
+                } else {
+                    "no matches"
+                })
+                .style(Style::new().add_modifier(Modifier::ITALIC | Modifier::DIM)),
+            ])]
         } else {
             self.matches
                 .iter()
@@ -169,17 +171,12 @@ impl WidgetRef for &FileSearchPopup {
                 .collect()
         };
 
-        let mut title = format!(" @{} ", self.pending_query);
-        if self.waiting {
-            title.push_str(" (searching …)");
-        }
-
         let table = Table::new(rows, vec![Constraint::Percentage(100)])
             .block(
                 Block::default()
-                    .borders(Borders::ALL)
-                    .border_type(BorderType::Rounded)
-                    .title(title),
+                    .borders(Borders::LEFT)
+                    .border_type(BorderType::QuadrantOutside)
+                    .border_style(Style::default().fg(Color::DarkGray)),
             )
             .widths([Constraint::Percentage(100)]);
 

codex-rs/tui/src/bottom_pane/mod.rs

@@ -50,12 +50,18 @@ pub(crate) struct BottomPane<'a> {
 pub(crate) struct BottomPaneParams {
     pub(crate) app_event_tx: AppEventSender,
     pub(crate) has_input_focus: bool,
+    pub(crate) enhanced_keys_supported: bool,
 }
 
 impl BottomPane<'_> {
     pub fn new(params: BottomPaneParams) -> Self {
+        let enhanced_keys_supported = params.enhanced_keys_supported;
         Self {
-            composer: ChatComposer::new(params.has_input_focus, params.app_event_tx.clone()),
+            composer: ChatComposer::new(
+                params.has_input_focus,
+                params.app_event_tx.clone(),
+                enhanced_keys_supported,
+            ),
             active_view: None,
             app_event_tx: params.app_event_tx,
             has_input_focus: params.has_input_focus,
@@ -64,6 +70,13 @@ impl BottomPane<'_> {
         }
     }
 
+    pub fn desired_height(&self, width: u16) -> u16 {
+        self.active_view
+            .as_ref()
+            .map(|v| v.desired_height(width))
+            .unwrap_or(self.composer.desired_height())
+    }
+
     /// Forward a key event to the active view or the composer.
     pub fn handle_key_event(&mut self, key_event: KeyEvent) -> InputResult {
         if let Some(mut view) = self.active_view.take() {
@@ -291,6 +304,7 @@ mod tests {
         let mut pane = BottomPane::new(BottomPaneParams {
             app_event_tx: tx,
             has_input_focus: true,
+            enhanced_keys_supported: false,
         });
         pane.push_approval_request(exec_request());
         assert_eq!(CancellationEvent::Handled, pane.on_ctrl_c());

codex-rs/tui/src/bottom_pane/snapshots/codex_tui__bottom_pane__chat_composer__tests__backspace_after_pastes.snap

@@ -2,13 +2,13 @@
 source: tui/src/bottom_pane/chat_composer.rs
 expression: terminal.backend()
 ---
-"╭──────────────────────────────────────────────────────────────────────────────────────────────────╮"
-"│[Pasted Content 1002 chars][Pasted Content 1004 chars]                                            │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"╰───────────────────────────────────────────────Enter to send | Ctrl+D to quit | Ctrl+J for newline╯"
+"▌[Pasted Content 1002 chars][Pasted Content 1004 chars]                                             "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+" ⏎ send   Ctrl+J newline   Ctrl+C quit                                                              "

codex-rs/tui/src/bottom_pane/snapshots/codex_tui__bottom_pane__chat_composer__tests__empty.snap

@@ -2,13 +2,13 @@
 source: tui/src/bottom_pane/chat_composer.rs
 expression: terminal.backend()
 ---
-"╭──────────────────────────────────────────────────────────────────────────────────────────────────╮"
-"│ send a message                                                                                   │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"╰───────────────────────────────────────────────Enter to send | Ctrl+D to quit | Ctrl+J for newline╯"
+"▌ ...                                                                                               "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+" ⏎ send   Ctrl+J newline   Ctrl+C quit                                                              "

codex-rs/tui/src/bottom_pane/snapshots/codex_tui__bottom_pane__chat_composer__tests__large.snap

@@ -2,13 +2,13 @@
 source: tui/src/bottom_pane/chat_composer.rs
 expression: terminal.backend()
 ---
-"╭──────────────────────────────────────────────────────────────────────────────────────────────────╮"
-"│[Pasted Content 1005 chars]                                                                       │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"╰───────────────────────────────────────────────Enter to send | Ctrl+D to quit | Ctrl+J for newline╯"
+"▌[Pasted Content 1005 chars]                                                                        "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+" ⏎ send   Ctrl+J newline   Ctrl+C quit                                                              "

codex-rs/tui/src/bottom_pane/snapshots/codex_tui__bottom_pane__chat_composer__tests__multiple_pastes.snap

@@ -2,13 +2,13 @@
 source: tui/src/bottom_pane/chat_composer.rs
 expression: terminal.backend()
 ---
-"╭──────────────────────────────────────────────────────────────────────────────────────────────────╮"
-"│[Pasted Content 1003 chars][Pasted Content 1007 chars] another short paste                        │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"╰───────────────────────────────────────────────Enter to send | Ctrl+D to quit | Ctrl+J for newline╯"
+"▌[Pasted Content 1003 chars][Pasted Content 1007 chars] another short paste                         "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+" ⏎ send   Ctrl+J newline   Ctrl+C quit                                                              "

codex-rs/tui/src/bottom_pane/snapshots/codex_tui__bottom_pane__chat_composer__tests__small.snap

@@ -2,13 +2,13 @@
 source: tui/src/bottom_pane/chat_composer.rs
 expression: terminal.backend()
 ---
-"╭──────────────────────────────────────────────────────────────────────────────────────────────────╮"
-"│short                                                                                             │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"╰───────────────────────────────────────────────Enter to send | Ctrl+D to quit | Ctrl+J for newline╯"
+"▌short                                                                                              "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+" ⏎ send   Ctrl+J newline   Ctrl+C quit                                                              "

codex-rs/tui/src/bottom_pane/status_indicator_view.rs

@@ -33,6 +33,10 @@ impl BottomPaneView<'_> for StatusIndicatorView {
         true
     }
 
+    fn desired_height(&self, width: u16) -> u16 {
+        self.view.desired_height(width)
+    }
+
     fn render(&self, area: ratatui::layout::Rect, buf: &mut Buffer) {
         self.view.render_ref(area, buf);
     }

codex-rs/tui/src/cell_widget.rs

@@ -1,20 +0,0 @@
-use ratatui::prelude::*;
-
-/// Trait implemented by every type that can live inside the conversation
-/// history list.  It provides two primitives that the parent scroll-view
-/// needs: how *tall* the widget is at a given width and how to render an
-/// arbitrary contiguous *window* of that widget.
-///
-/// The `first_visible_line` argument to [`render_window`] allows partial
-/// rendering when the top of the widget is scrolled off-screen.  The caller
-/// guarantees that `first_visible_line + area.height as usize` never exceeds
-/// the total height previously returned by [`height`].
-pub(crate) trait CellWidget {
-    /// Total height measured in wrapped terminal lines when drawn with the
-    /// given *content* width (no scrollbar column included).
-    fn height(&self, width: u16) -> usize;
-
-    /// Render a *window* that starts `first_visible_line` lines below the top
-    /// of the widget. The window’s size is given by `area`.
-    fn render_window(&self, first_visible_line: usize, area: Rect, buf: &mut Buffer);
-}

codex-rs/tui/src/chatwidget.rs

@@ -1,5 +1,7 @@
+use std::collections::HashMap;
 use std::path::PathBuf;
 use std::sync::Arc;
+use std::time::Duration;
 
 use codex_core::codex_wrapper::CodexConversation;
 use codex_core::codex_wrapper::init_codex;
@@ -23,6 +25,7 @@ use codex_core::protocol::PatchApplyBeginEvent;
 use codex_core::protocol::TaskCompleteEvent;
 use codex_core::protocol::TokenUsage;
 use crossterm::event::KeyEvent;
+use crossterm::event::KeyEventKind;
 use ratatui::buffer::Buffer;
 use ratatui::layout::Rect;
 use ratatui::widgets::Widget;
@@ -36,16 +39,22 @@ use crate::bottom_pane::BottomPane;
 use crate::bottom_pane::BottomPaneParams;
 use crate::bottom_pane::CancellationEvent;
 use crate::bottom_pane::InputResult;
-use crate::conversation_history_widget::ConversationHistoryWidget;
 use crate::exec_command::strip_bash_lc_and_escape;
+use crate::history_cell::CommandOutput;
+use crate::history_cell::HistoryCell;
 use crate::history_cell::PatchEventType;
 use crate::user_approval_widget::ApprovalRequest;
 use codex_file_search::FileMatch;
 
+struct RunningCommand {
+    command: Vec<String>,
+    #[allow(dead_code)]
+    cwd: PathBuf,
+}
+
 pub(crate) struct ChatWidget<'a> {
     app_event_tx: AppEventSender,
     codex_op_tx: UnboundedSender<Op>,
-    conversation_history: ConversationHistoryWidget,
     bottom_pane: BottomPane<'a>,
     config: Config,
     initial_user_message: Option<UserMessage>,
@@ -55,6 +64,7 @@ pub(crate) struct ChatWidget<'a> {
     // We wait for the final AgentMessage event and then emit the full text
     // at once into scrollback so the history contains a single message.
     answer_buffer: String,
+    running_commands: HashMap<String, RunningCommand>,
 }
 
 struct UserMessage {
@@ -85,6 +95,7 @@ impl ChatWidget<'_> {
         app_event_tx: AppEventSender,
         initial_prompt: Option<String>,
         initial_images: Vec<PathBuf>,
+        enhanced_keys_supported: bool,
     ) -> Self {
         let (codex_op_tx, mut codex_op_rx) = unbounded_channel::<Op>();
 
@@ -127,10 +138,10 @@ impl ChatWidget<'_> {
         Self {
             app_event_tx: app_event_tx.clone(),
             codex_op_tx,
-            conversation_history: ConversationHistoryWidget::new(),
             bottom_pane: BottomPane::new(BottomPaneParams {
                 app_event_tx,
                 has_input_focus: true,
+                enhanced_keys_supported,
             }),
             config,
             initial_user_message: create_initial_user_message(
@@ -140,11 +151,18 @@ impl ChatWidget<'_> {
             token_usage: TokenUsage::default(),
             reasoning_buffer: String::new(),
             answer_buffer: String::new(),
+            running_commands: HashMap::new(),
         }
     }
 
+    pub fn desired_height(&self, width: u16) -> u16 {
+        self.bottom_pane.desired_height(width)
+    }
+
     pub(crate) fn handle_key_event(&mut self, key_event: KeyEvent) {
-        self.bottom_pane.clear_ctrl_c_quit_hint();
+        if key_event.kind == KeyEventKind::Press {
+            self.bottom_pane.clear_ctrl_c_quit_hint();
+        }
 
         match self.bottom_pane.handle_key_event(key_event) {
             InputResult::Submitted(text) => {
@@ -158,11 +176,9 @@ impl ChatWidget<'_> {
         self.bottom_pane.handle_paste(text);
     }
 
-    /// Emits the last entry's plain lines from conversation_history, if any.
-    fn emit_last_history_entry(&mut self) {
-        if let Some(lines) = self.conversation_history.last_entry_plain_lines() {
-            self.app_event_tx.send(AppEvent::InsertHistory(lines));
-        }
+    fn add_to_history(&mut self, cell: HistoryCell) {
+        self.app_event_tx
+            .send(AppEvent::InsertHistory(cell.plain_lines()));
     }
 
     fn submit_user_message(&mut self, user_message: UserMessage) {
@@ -198,28 +214,18 @@ impl ChatWidget<'_> {
 
         // Only show text portion in conversation history for now.
         if !text.is_empty() {
-            self.conversation_history.add_user_message(text.clone());
-            self.emit_last_history_entry();
+            self.add_to_history(HistoryCell::new_user_prompt(text.clone()));
         }
-        self.conversation_history.scroll_to_bottom();
     }
 
     pub(crate) fn handle_codex_event(&mut self, event: Event) {
         let Event { id, msg } = event;
         match msg {
             EventMsg::SessionConfigured(event) => {
-                // Record session information at the top of the conversation.
-                self.conversation_history
-                    .add_session_info(&self.config, event.clone());
-                // Immediately surface the session banner / settings summary in
-                // scrollback so the user can review configuration (model,
-                // sandbox, approvals, etc.) before interacting.
-                self.emit_last_history_entry();
-
-                // Forward history metadata to the bottom pane so the chat
-                // composer can navigate through past messages.
                 self.bottom_pane
                     .set_history_metadata(event.history_log_id, event.history_entry_count);
+                // Record session information at the top of the conversation.
+                self.add_to_history(HistoryCell::new_session_info(&self.config, event, true));
 
                 if let Some(user_message) = self.initial_user_message.take() {
                     // If the user provided an initial message, add it to the
@@ -241,9 +247,7 @@ impl ChatWidget<'_> {
                     message
                 };
                 if !full.is_empty() {
-                    self.conversation_history
-                        .add_agent_message(&self.config, full);
-                    self.emit_last_history_entry();
+                    self.add_to_history(HistoryCell::new_agent_message(&self.config, full));
                 }
                 self.request_redraw();
             }
@@ -270,9 +274,7 @@ impl ChatWidget<'_> {
                     text
                 };
                 if !full.is_empty() {
-                    self.conversation_history
-                        .add_agent_reasoning(&self.config, full);
-                    self.emit_last_history_entry();
+                    self.add_to_history(HistoryCell::new_agent_reasoning(&self.config, full));
                 }
                 self.request_redraw();
             }
@@ -293,10 +295,13 @@ impl ChatWidget<'_> {
                     .set_token_usage(self.token_usage.clone(), self.config.model_context_window);
             }
             EventMsg::Error(ErrorEvent { message }) => {
-                self.conversation_history.add_error(message.clone());
-                self.emit_last_history_entry();
+                self.add_to_history(HistoryCell::new_error_event(message.clone()));
                 self.bottom_pane.set_task_running(false);
             }
+            EventMsg::PlanUpdate(update) => {
+                self.add_to_history(HistoryCell::new_plan_update(update));
+                self.request_redraw();
+            }
             EventMsg::ExecApprovalRequest(ExecApprovalRequestEvent {
                 call_id: _,
                 command,
@@ -313,9 +318,7 @@ impl ChatWidget<'_> {
                         .map(|r| format!("\n{r}"))
                         .unwrap_or_default()
                 );
-                self.conversation_history.add_background_event(text);
-                self.emit_last_history_entry();
-                self.conversation_history.scroll_to_bottom();
+                self.add_to_history(HistoryCell::new_background_event(text));
 
                 let request = ApprovalRequest::Exec {
                     id,
@@ -343,11 +346,10 @@ impl ChatWidget<'_> {
                 // prompt before they have seen *what* is being requested.
                 // ------------------------------------------------------------------
 
-                self.conversation_history
-                    .add_patch_event(PatchEventType::ApprovalRequest, changes);
-                self.emit_last_history_entry();
-
-                self.conversation_history.scroll_to_bottom();
+                self.add_to_history(HistoryCell::new_patch_event(
+                    PatchEventType::ApprovalRequest,
+                    changes,
+                ));
 
                 // Now surface the approval request in the BottomPane as before.
                 let request = ApprovalRequest::ApplyPatch {
@@ -361,12 +363,16 @@ impl ChatWidget<'_> {
             EventMsg::ExecCommandBegin(ExecCommandBeginEvent {
                 call_id,
                 command,
-                cwd: _,
+                cwd,
             }) => {
-                self.conversation_history
-                    .add_active_exec_command(call_id, command);
-                self.emit_last_history_entry();
-                self.request_redraw();
+                self.running_commands.insert(
+                    call_id,
+                    RunningCommand {
+                        command: command.clone(),
+                        cwd: cwd.clone(),
+                    },
+                );
+                self.add_to_history(HistoryCell::new_active_exec_command(command));
             }
             EventMsg::PatchApplyBegin(PatchApplyBeginEvent {
                 call_id: _,
@@ -375,13 +381,10 @@ impl ChatWidget<'_> {
             }) => {
                 // Even when a patch is auto‑approved we still display the
                 // summary so the user can follow along.
-                self.conversation_history
-                    .add_patch_event(PatchEventType::ApplyBegin { auto_approved }, changes);
-                self.emit_last_history_entry();
-                if !auto_approved {
-                    self.conversation_history.scroll_to_bottom();
-                }
-                self.request_redraw();
+                self.add_to_history(HistoryCell::new_patch_event(
+                    PatchEventType::ApplyBegin { auto_approved },
+                    changes,
+                ));
             }
             EventMsg::ExecCommandEnd(ExecCommandEndEvent {
                 call_id,
@@ -389,27 +392,39 @@ impl ChatWidget<'_> {
                 stdout,
                 stderr,
             }) => {
-                self.conversation_history
-                    .record_completed_exec_command(call_id, stdout, stderr, exit_code);
-                self.request_redraw();
+                let cmd = self.running_commands.remove(&call_id);
+                self.add_to_history(HistoryCell::new_completed_exec_command(
+                    cmd.map(|cmd| cmd.command).unwrap_or_else(|| vec![call_id]),
+                    CommandOutput {
+                        exit_code,
+                        stdout,
+                        stderr,
+                        duration: Duration::from_secs(0),
+                    },
+                ));
             }
             EventMsg::McpToolCallBegin(McpToolCallBeginEvent {
-                call_id,
-                server,
-                tool,
-                arguments,
+                call_id: _,
+                invocation,
             }) => {
-                self.conversation_history
-                    .add_active_mcp_tool_call(call_id, server, tool, arguments);
-                self.emit_last_history_entry();
-                self.request_redraw();
+                self.add_to_history(HistoryCell::new_active_mcp_tool_call(invocation));
             }
-            EventMsg::McpToolCallEnd(mcp_tool_call_end_event) => {
-                let success = mcp_tool_call_end_event.is_success();
-                let McpToolCallEndEvent { call_id, result } = mcp_tool_call_end_event;
-                self.conversation_history
-                    .record_completed_mcp_tool_call(call_id, success, result);
-                self.request_redraw();
+            EventMsg::McpToolCallEnd(McpToolCallEndEvent {
+                call_id: _,
+                duration,
+                invocation,
+                result,
+            }) => {
+                self.add_to_history(HistoryCell::new_completed_mcp_tool_call(
+                    80,
+                    invocation,
+                    duration,
+                    result
+                        .as_ref()
+                        .map(|r| r.is_error.unwrap_or(false))
+                        .unwrap_or(false),
+                    result,
+                ));
             }
             EventMsg::GetHistoryEntryResponse(event) => {
                 let codex_core::protocol::GetHistoryEntryResponseEvent {
@@ -426,10 +441,7 @@ impl ChatWidget<'_> {
                 self.app_event_tx.send(AppEvent::ExitRequest);
             }
             event => {
-                self.conversation_history
-                    .add_background_event(format!("{event:?}"));
-                self.emit_last_history_entry();
-                self.request_redraw();
+                self.add_to_history(HistoryCell::new_background_event(format!("{event:?}")));
             }
         }
     }
@@ -445,23 +457,7 @@ impl ChatWidget<'_> {
     }
 
     pub(crate) fn add_diff_output(&mut self, diff_output: String) {
-        self.conversation_history
-            .add_diff_output(diff_output.clone());
-        self.emit_last_history_entry();
-        self.request_redraw();
-    }
-
-    pub(crate) fn handle_scroll_delta(&mut self, scroll_delta: i32) {
-        // If the user is trying to scroll exactly one line, we let them, but
-        // otherwise we assume they are trying to scroll in larger increments.
-        let magnified_scroll_delta = if scroll_delta == 1 {
-            1
-        } else {
-            // Play with this: perhaps it should be non-linear?
-            scroll_delta * 2
-        };
-        self.conversation_history.scroll(magnified_scroll_delta);
-        self.request_redraw();
+        self.add_to_history(HistoryCell::new_diff_output(diff_output.clone()));
     }
 
     /// Forward file-search results to the bottom pane.
@@ -506,6 +502,12 @@ impl ChatWidget<'_> {
     pub(crate) fn token_usage(&self) -> &TokenUsage {
         &self.token_usage
     }
+
+    pub(crate) fn clear_token_usage(&mut self) {
+        self.token_usage = TokenUsage::default();
+        self.bottom_pane
+            .set_token_usage(self.token_usage.clone(), self.config.model_context_window);
+    }
 }
 
 impl WidgetRef for &ChatWidget<'_> {

codex-rs/tui/src/conversation_history_widget.rs

@@ -1,429 +0,0 @@
-use crate::cell_widget::CellWidget;
-use crate::history_cell::CommandOutput;
-use crate::history_cell::HistoryCell;
-use crate::history_cell::PatchEventType;
-use codex_core::config::Config;
-use codex_core::protocol::FileChange;
-use codex_core::protocol::SessionConfiguredEvent;
-use ratatui::prelude::*;
-use ratatui::style::Style;
-use ratatui::widgets::*;
-use serde_json::Value as JsonValue;
-use std::cell::Cell as StdCell;
-use std::cell::Cell;
-use std::collections::HashMap;
-use std::path::PathBuf;
-
-/// A single history entry plus its cached wrapped-line count.
-struct Entry {
-    cell: HistoryCell,
-    line_count: Cell<usize>,
-}
-
-pub struct ConversationHistoryWidget {
-    entries: Vec<Entry>,
-    /// The width (in terminal cells/columns) that [`Entry::line_count`] was
-    /// computed for. When the available width changes we recompute counts.
-    cached_width: StdCell<u16>,
-    scroll_position: usize,
-    /// Number of lines the last time render_ref() was called
-    num_rendered_lines: StdCell<usize>,
-    /// The height of the viewport last time render_ref() was called
-    last_viewport_height: StdCell<usize>,
-    has_input_focus: bool,
-}
-
-impl ConversationHistoryWidget {
-    pub fn new() -> Self {
-        Self {
-            entries: Vec::new(),
-            cached_width: StdCell::new(0),
-            scroll_position: usize::MAX,
-            num_rendered_lines: StdCell::new(0),
-            last_viewport_height: StdCell::new(0),
-            has_input_focus: false,
-        }
-    }
-
-    /// Negative delta scrolls up; positive delta scrolls down.
-    pub(crate) fn scroll(&mut self, delta: i32) {
-        match delta.cmp(&0) {
-            std::cmp::Ordering::Less => self.scroll_up(-delta as u32),
-            std::cmp::Ordering::Greater => self.scroll_down(delta as u32),
-            std::cmp::Ordering::Equal => {}
-        }
-    }
-
-    fn scroll_up(&mut self, num_lines: u32) {
-        // If a user is scrolling up from the "stick to bottom" mode, we need to
-        // map this to a specific scroll position so we can calculate the delta.
-        // This requires us to care about how tall the screen is.
-        if self.scroll_position == usize::MAX {
-            self.scroll_position = self
-                .num_rendered_lines
-                .get()
-                .saturating_sub(self.last_viewport_height.get());
-        }
-
-        self.scroll_position = self.scroll_position.saturating_sub(num_lines as usize);
-    }
-
-    fn scroll_down(&mut self, num_lines: u32) {
-        // If we're already pinned to the bottom there's nothing to do.
-        if self.scroll_position == usize::MAX {
-            return;
-        }
-
-        let viewport_height = self.last_viewport_height.get().max(1);
-        let num_rendered_lines = self.num_rendered_lines.get();
-
-        // Compute the maximum explicit scroll offset that still shows a full
-        // viewport. This mirrors the calculation in `scroll_page_down()` and
-        // in the render path.
-        let max_scroll = num_rendered_lines.saturating_sub(viewport_height);
-
-        let new_pos = self.scroll_position.saturating_add(num_lines as usize);
-
-        if new_pos >= max_scroll {
-            // Reached (or passed) the bottom – switch to stick‑to‑bottom mode
-            // so that additional output keeps the view pinned automatically.
-            self.scroll_position = usize::MAX;
-        } else {
-            self.scroll_position = new_pos;
-        }
-    }
-
-    pub fn scroll_to_bottom(&mut self) {
-        self.scroll_position = usize::MAX;
-    }
-
-    /// Note `model` could differ from `config.model` if the agent decided to
-    /// use a different model than the one requested by the user.
-    pub fn add_session_info(&mut self, config: &Config, event: SessionConfiguredEvent) {
-        // In practice, SessionConfiguredEvent should always be the first entry
-        // in the history, but it is possible that an error could be sent
-        // before the session info.
-        let has_welcome_message = self
-            .entries
-            .iter()
-            .any(|entry| matches!(entry.cell, HistoryCell::WelcomeMessage { .. }));
-        self.add_to_history(HistoryCell::new_session_info(
-            config,
-            event,
-            !has_welcome_message,
-        ));
-    }
-
-    pub fn add_user_message(&mut self, message: String) {
-        self.add_to_history(HistoryCell::new_user_prompt(message));
-    }
-
-    pub fn add_agent_message(&mut self, config: &Config, message: String) {
-        self.add_to_history(HistoryCell::new_agent_message(config, message));
-    }
-
-    pub fn add_agent_reasoning(&mut self, config: &Config, text: String) {
-        self.add_to_history(HistoryCell::new_agent_reasoning(config, text));
-    }
-
-    pub fn add_background_event(&mut self, message: String) {
-        self.add_to_history(HistoryCell::new_background_event(message));
-    }
-
-    pub fn add_diff_output(&mut self, diff_output: String) {
-        self.add_to_history(HistoryCell::new_diff_output(diff_output));
-    }
-
-    pub fn add_error(&mut self, message: String) {
-        self.add_to_history(HistoryCell::new_error_event(message));
-    }
-
-    /// Add a pending patch entry (before user approval).
-    pub fn add_patch_event(
-        &mut self,
-        event_type: PatchEventType,
-        changes: HashMap<PathBuf, FileChange>,
-    ) {
-        self.add_to_history(HistoryCell::new_patch_event(event_type, changes));
-    }
-
-    pub fn add_active_exec_command(&mut self, call_id: String, command: Vec<String>) {
-        self.add_to_history(HistoryCell::new_active_exec_command(call_id, command));
-    }
-
-    pub fn add_active_mcp_tool_call(
-        &mut self,
-        call_id: String,
-        server: String,
-        tool: String,
-        arguments: Option<JsonValue>,
-    ) {
-        self.add_to_history(HistoryCell::new_active_mcp_tool_call(
-            call_id, server, tool, arguments,
-        ));
-    }
-
-    fn add_to_history(&mut self, cell: HistoryCell) {
-        let width = self.cached_width.get();
-        let count = if width > 0 { cell.height(width) } else { 0 };
-
-        self.entries.push(Entry {
-            cell,
-            line_count: Cell::new(count),
-        });
-    }
-
-    /// Return the lines for the most recently appended entry (if any) so the
-    /// parent widget can surface them via the new scrollback insertion path.
-    pub(crate) fn last_entry_plain_lines(&self) -> Option<Vec<Line<'static>>> {
-        self.entries.last().map(|e| e.cell.plain_lines())
-    }
-
-    pub fn record_completed_exec_command(
-        &mut self,
-        call_id: String,
-        stdout: String,
-        stderr: String,
-        exit_code: i32,
-    ) {
-        let width = self.cached_width.get();
-        for entry in self.entries.iter_mut() {
-            let cell = &mut entry.cell;
-            if let HistoryCell::ActiveExecCommand {
-                call_id: history_id,
-                command,
-                start,
-                ..
-            } = cell
-            {
-                if &call_id == history_id {
-                    *cell = HistoryCell::new_completed_exec_command(
-                        command.clone(),
-                        CommandOutput {
-                            exit_code,
-                            stdout,
-                            stderr,
-                            duration: start.elapsed(),
-                        },
-                    );
-
-                    // Update cached line count.
-                    if width > 0 {
-                        entry.line_count.set(cell.height(width));
-                    }
-                    break;
-                }
-            }
-        }
-    }
-
-    pub fn record_completed_mcp_tool_call(
-        &mut self,
-        call_id: String,
-        success: bool,
-        result: Result<mcp_types::CallToolResult, String>,
-    ) {
-        let width = self.cached_width.get();
-        for entry in self.entries.iter_mut() {
-            if let HistoryCell::ActiveMcpToolCall {
-                call_id: history_id,
-                invocation,
-                start,
-                ..
-            } = &entry.cell
-            {
-                if &call_id == history_id {
-                    let completed = HistoryCell::new_completed_mcp_tool_call(
-                        width,
-                        invocation.clone(),
-                        *start,
-                        success,
-                        result,
-                    );
-                    entry.cell = completed;
-
-                    if width > 0 {
-                        entry.line_count.set(entry.cell.height(width));
-                    }
-
-                    break;
-                }
-            }
-        }
-    }
-}
-
-impl WidgetRef for ConversationHistoryWidget {
-    fn render_ref(&self, area: Rect, buf: &mut Buffer) {
-        let (title, border_style) = if self.has_input_focus {
-            (
-                "Messages (↑/↓ or j/k = line,  b/space = page)",
-                Style::default().fg(Color::LightYellow),
-            )
-        } else {
-            ("Messages (tab to focus)", Style::default().dim())
-        };
-
-        let block = Block::default()
-            .title(title)
-            .borders(Borders::ALL)
-            .border_type(BorderType::Rounded)
-            .border_style(border_style);
-
-        // Compute the inner area that will be available for the list after
-        // the surrounding `Block` is drawn.
-        let inner = block.inner(area);
-        let viewport_height = inner.height as usize;
-
-        // Cache (and if necessary recalculate) the wrapped line counts for every
-        // [`HistoryCell`] so that our scrolling math accounts for text
-        // wrapping.  We always reserve one column on the right-hand side for the
-        // scrollbar so that the content never renders "under" the scrollbar.
-        let effective_width = inner.width.saturating_sub(1);
-
-        if effective_width == 0 {
-            return; // Nothing to draw – avoid division by zero.
-        }
-
-        // Recompute cache if the effective width changed.
-        let num_lines: usize = if self.cached_width.get() != effective_width {
-            self.cached_width.set(effective_width);
-
-            let mut num_lines: usize = 0;
-            for entry in &self.entries {
-                let count = entry.cell.height(effective_width);
-                num_lines += count;
-                entry.line_count.set(count);
-            }
-            num_lines
-        } else {
-            self.entries.iter().map(|e| e.line_count.get()).sum()
-        };
-
-        // Determine the scroll position. Note the existing value of
-        // `self.scroll_position` could exceed the maximum scroll offset if the
-        // user made the window wider since the last render.
-        let max_scroll = num_lines.saturating_sub(viewport_height);
-        let scroll_pos = if self.scroll_position == usize::MAX {
-            max_scroll
-        } else {
-            self.scroll_position.min(max_scroll)
-        };
-
-        // ------------------------------------------------------------------
-        // Render order:
-        //   1. Clear full widget area (avoid artifacts from prior frame).
-        //   2. Draw the surrounding Block (border and title).
-        //   3. Render *each* visible HistoryCell into its own sub-Rect while
-        //      respecting partial visibility at the top and bottom.
-        //   4. Draw the scrollbar track / thumb in the reserved column.
-        // ------------------------------------------------------------------
-
-        // Clear entire widget area first.
-        Clear.render(area, buf);
-
-        // Draw border + title.
-        block.render(area, buf);
-
-        // ------------------------------------------------------------------
-        // Calculate which cells are visible for the current scroll position
-        // and paint them one by one.
-        // ------------------------------------------------------------------
-
-        let mut y_cursor = inner.y; // first line inside viewport
-        let mut remaining_height = inner.height as usize;
-        let mut lines_to_skip = scroll_pos; // number of wrapped lines to skip (above viewport)
-
-        for entry in &self.entries {
-            let cell_height = entry.line_count.get();
-
-            // Completely above viewport? Skip whole cell.
-            if lines_to_skip >= cell_height {
-                lines_to_skip -= cell_height;
-                continue;
-            }
-
-            // Determine how much of this cell is visible.
-            let visible_height = (cell_height - lines_to_skip).min(remaining_height);
-
-            if visible_height == 0 {
-                break; // no space left
-            }
-
-            let cell_rect = Rect {
-                x: inner.x,
-                y: y_cursor,
-                width: effective_width,
-                height: visible_height as u16,
-            };
-
-            entry.cell.render_window(lines_to_skip, cell_rect, buf);
-
-            // Advance cursor inside viewport.
-            y_cursor += visible_height as u16;
-            remaining_height -= visible_height;
-
-            // After the first (possibly partially skipped) cell, we no longer
-            // need to skip lines at the top.
-            lines_to_skip = 0;
-
-            if remaining_height == 0 {
-                break; // viewport filled
-            }
-        }
-
-        // Always render a scrollbar *track* so the reserved column is filled.
-        let overflow = num_lines.saturating_sub(viewport_height);
-
-        let mut scroll_state = ScrollbarState::default()
-            // The Scrollbar widget expects the *content* height minus the
-            // viewport height.  When there is no overflow we still provide 0
-            // so that the widget renders only the track without a thumb.
-            .content_length(overflow)
-            .position(scroll_pos);
-
-        {
-            // Choose a thumb color that stands out only when this pane has focus so that the
-            // user's attention is naturally drawn to the active viewport. When unfocused we show
-            // a low-contrast thumb so the scrollbar fades into the background without becoming
-            // invisible.
-            let thumb_style = if self.has_input_focus {
-                Style::reset().fg(Color::LightYellow)
-            } else {
-                Style::reset().fg(Color::Gray)
-            };
-
-            // By default the Scrollbar widget inherits any style that was
-            // present in the underlying buffer cells. That means if a colored
-            // line happens to be underneath the scrollbar, the track (and
-            // potentially the thumb) adopt that color. Explicitly setting the
-            // track/thumb styles ensures we always draw the scrollbar with a
-            // consistent palette regardless of what content is behind it.
-            StatefulWidget::render(
-                Scrollbar::new(ScrollbarOrientation::VerticalRight)
-                    .begin_symbol(Some("↑"))
-                    .end_symbol(Some("↓"))
-                    .begin_style(Style::reset().fg(Color::DarkGray))
-                    .end_style(Style::reset().fg(Color::DarkGray))
-                    .thumb_symbol("█")
-                    .thumb_style(thumb_style)
-                    .track_symbol(Some("│"))
-                    .track_style(Style::reset().fg(Color::DarkGray)),
-                inner,
-                buf,
-                &mut scroll_state,
-            );
-        }
-
-        // Update auxiliary stats that the scroll handlers rely on.
-        self.num_rendered_lines.set(num_lines);
-        self.last_viewport_height.set(viewport_height);
-    }
-}
-
-/// Common [`Wrap`] configuration used for both measurement and rendering so
-/// they stay in sync.
-#[inline]
-pub(crate) const fn wrap_cfg() -> ratatui::widgets::Wrap {
-    ratatui::widgets::Wrap { trim: false }
-}

codex-rs/tui/src/custom_terminal.rs

@@ -0,0 +1,588 @@
+// This is derived from `ratatui::Terminal`, which is licensed under the following terms:
+//
+// The MIT License (MIT)
+// Copyright (c) 2016-2022 Florian Dehau
+// Copyright (c) 2023-2025 The Ratatui Developers
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in all
+// copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+// SOFTWARE.
+use std::io;
+
+use ratatui::backend::Backend;
+use ratatui::backend::ClearType;
+use ratatui::buffer::Buffer;
+use ratatui::layout::Position;
+use ratatui::layout::Rect;
+use ratatui::layout::Size;
+use ratatui::widgets::StatefulWidget;
+use ratatui::widgets::StatefulWidgetRef;
+use ratatui::widgets::Widget;
+use ratatui::widgets::WidgetRef;
+
+#[derive(Debug, Hash)]
+pub struct Frame<'a> {
+    /// Where should the cursor be after drawing this frame?
+    ///
+    /// If `None`, the cursor is hidden and its position is controlled by the backend. If `Some((x,
+    /// y))`, the cursor is shown and placed at `(x, y)` after the call to `Terminal::draw()`.
+    pub(crate) cursor_position: Option<Position>,
+
+    /// The area of the viewport
+    pub(crate) viewport_area: Rect,
+
+    /// The buffer that is used to draw the current frame
+    pub(crate) buffer: &'a mut Buffer,
+
+    /// The frame count indicating the sequence number of this frame.
+    pub(crate) count: usize,
+}
+
+#[allow(dead_code)]
+impl Frame<'_> {
+    /// The area of the current frame
+    ///
+    /// This is guaranteed not to change during rendering, so may be called multiple times.
+    ///
+    /// If your app listens for a resize event from the backend, it should ignore the values from
+    /// the event for any calculations that are used to render the current frame and use this value
+    /// instead as this is the area of the buffer that is used to render the current frame.
+    pub const fn area(&self) -> Rect {
+        self.viewport_area
+    }
+
+    /// Render a [`Widget`] to the current buffer using [`Widget::render`].
+    ///
+    /// Usually the area argument is the size of the current frame or a sub-area of the current
+    /// frame (which can be obtained using [`Layout`] to split the total area).
+    ///
+    /// # Example
+    ///
+    /// ```rust
+    /// # use ratatui::{backend::TestBackend, Terminal};
+    /// # let backend = TestBackend::new(5, 5);
+    /// # let mut terminal = Terminal::new(backend).unwrap();
+    /// # let mut frame = terminal.get_frame();
+    /// use ratatui::{layout::Rect, widgets::Block};
+    ///
+    /// let block = Block::new();
+    /// let area = Rect::new(0, 0, 5, 5);
+    /// frame.render_widget(block, area);
+    /// ```
+    ///
+    /// [`Layout`]: crate::layout::Layout
+    pub fn render_widget<W: Widget>(&mut self, widget: W, area: Rect) {
+        widget.render(area, self.buffer);
+    }
+
+    /// Render a [`WidgetRef`] to the current buffer using [`WidgetRef::render_ref`].
+    ///
+    /// Usually the area argument is the size of the current frame or a sub-area of the current
+    /// frame (which can be obtained using [`Layout`] to split the total area).
+    ///
+    /// # Example
+    ///
+    /// ```rust
+    /// # #[cfg(feature = "unstable-widget-ref")] {
+    /// # use ratatui::{backend::TestBackend, Terminal};
+    /// # let backend = TestBackend::new(5, 5);
+    /// # let mut terminal = Terminal::new(backend).unwrap();
+    /// # let mut frame = terminal.get_frame();
+    /// use ratatui::{layout::Rect, widgets::Block};
+    ///
+    /// let block = Block::new();
+    /// let area = Rect::new(0, 0, 5, 5);
+    /// frame.render_widget_ref(block, area);
+    /// # }
+    /// ```
+    #[allow(clippy::needless_pass_by_value)]
+    pub fn render_widget_ref<W: WidgetRef>(&mut self, widget: W, area: Rect) {
+        widget.render_ref(area, self.buffer);
+    }
+
+    /// Render a [`StatefulWidget`] to the current buffer using [`StatefulWidget::render`].
+    ///
+    /// Usually the area argument is the size of the current frame or a sub-area of the current
+    /// frame (which can be obtained using [`Layout`] to split the total area).
+    ///
+    /// The last argument should be an instance of the [`StatefulWidget::State`] associated to the
+    /// given [`StatefulWidget`].
+    ///
+    /// # Example
+    ///
+    /// ```rust
+    /// # use ratatui::{backend::TestBackend, Terminal};
+    /// # let backend = TestBackend::new(5, 5);
+    /// # let mut terminal = Terminal::new(backend).unwrap();
+    /// # let mut frame = terminal.get_frame();
+    /// use ratatui::{
+    ///     layout::Rect,
+    ///     widgets::{List, ListItem, ListState},
+    /// };
+    ///
+    /// let mut state = ListState::default().with_selected(Some(1));
+    /// let list = List::new(vec![ListItem::new("Item 1"), ListItem::new("Item 2")]);
+    /// let area = Rect::new(0, 0, 5, 5);
+    /// frame.render_stateful_widget(list, area, &mut state);
+    /// ```
+    ///
+    /// [`Layout`]: crate::layout::Layout
+    pub fn render_stateful_widget<W>(&mut self, widget: W, area: Rect, state: &mut W::State)
+    where
+        W: StatefulWidget,
+    {
+        widget.render(area, self.buffer, state);
+    }
+
+    /// Render a [`StatefulWidgetRef`] to the current buffer using
+    /// [`StatefulWidgetRef::render_ref`].
+    ///
+    /// Usually the area argument is the size of the current frame or a sub-area of the current
+    /// frame (which can be obtained using [`Layout`] to split the total area).
+    ///
+    /// The last argument should be an instance of the [`StatefulWidgetRef::State`] associated to
+    /// the given [`StatefulWidgetRef`].
+    ///
+    /// # Example
+    ///
+    /// ```rust
+    /// # #[cfg(feature = "unstable-widget-ref")] {
+    /// # use ratatui::{backend::TestBackend, Terminal};
+    /// # let backend = TestBackend::new(5, 5);
+    /// # let mut terminal = Terminal::new(backend).unwrap();
+    /// # let mut frame = terminal.get_frame();
+    /// use ratatui::{
+    ///     layout::Rect,
+    ///     widgets::{List, ListItem, ListState},
+    /// };
+    ///
+    /// let mut state = ListState::default().with_selected(Some(1));
+    /// let list = List::new(vec![ListItem::new("Item 1"), ListItem::new("Item 2")]);
+    /// let area = Rect::new(0, 0, 5, 5);
+    /// frame.render_stateful_widget_ref(list, area, &mut state);
+    /// # }
+    /// ```
+    #[allow(clippy::needless_pass_by_value)]
+    pub fn render_stateful_widget_ref<W>(&mut self, widget: W, area: Rect, state: &mut W::State)
+    where
+        W: StatefulWidgetRef,
+    {
+        widget.render_ref(area, self.buffer, state);
+    }
+
+    /// After drawing this frame, make the cursor visible and put it at the specified (x, y)
+    /// coordinates. If this method is not called, the cursor will be hidden.
+    ///
+    /// Note that this will interfere with calls to [`Terminal::hide_cursor`],
+    /// [`Terminal::show_cursor`], and [`Terminal::set_cursor_position`]. Pick one of the APIs and
+    /// stick with it.
+    ///
+    /// [`Terminal::hide_cursor`]: crate::Terminal::hide_cursor
+    /// [`Terminal::show_cursor`]: crate::Terminal::show_cursor
+    /// [`Terminal::set_cursor_position`]: crate::Terminal::set_cursor_position
+    pub fn set_cursor_position<P: Into<Position>>(&mut self, position: P) {
+        self.cursor_position = Some(position.into());
+    }
+
+    /// Gets the buffer that this `Frame` draws into as a mutable reference.
+    pub fn buffer_mut(&mut self) -> &mut Buffer {
+        self.buffer
+    }
+
+    /// Returns the current frame count.
+    ///
+    /// This method provides access to the frame count, which is a sequence number indicating
+    /// how many frames have been rendered up to (but not including) this one. It can be used
+    /// for purposes such as animation, performance tracking, or debugging.
+    ///
+    /// Each time a frame has been rendered, this count is incremented,
+    /// providing a consistent way to reference the order and number of frames processed by the
+    /// terminal. When count reaches its maximum value (`usize::MAX`), it wraps around to zero.
+    ///
+    /// This count is particularly useful when dealing with dynamic content or animations where the
+    /// state of the display changes over time. By tracking the frame count, developers can
+    /// synchronize updates or changes to the content with the rendering process.
+    ///
+    /// # Examples
+    ///
+    /// ```rust
+    /// # use ratatui::{backend::TestBackend, Terminal};
+    /// # let backend = TestBackend::new(5, 5);
+    /// # let mut terminal = Terminal::new(backend).unwrap();
+    /// # let mut frame = terminal.get_frame();
+    /// let current_count = frame.count();
+    /// println!("Current frame count: {}", current_count);
+    /// ```
+    pub const fn count(&self) -> usize {
+        self.count
+    }
+}
+
+#[derive(Debug, Default, Clone, Eq, PartialEq, Hash)]
+pub struct Terminal<B>
+where
+    B: Backend,
+{
+    /// The backend used to interface with the terminal
+    backend: B,
+    /// Holds the results of the current and previous draw calls. The two are compared at the end
+    /// of each draw pass to output the necessary updates to the terminal
+    buffers: [Buffer; 2],
+    /// Index of the current buffer in the previous array
+    current: usize,
+    /// Whether the cursor is currently hidden
+    hidden_cursor: bool,
+    /// Area of the viewport
+    pub viewport_area: Rect,
+    /// Last known size of the terminal. Used to detect if the internal buffers have to be resized.
+    pub last_known_screen_size: Size,
+    /// Last known position of the cursor. Used to find the new area when the viewport is inlined
+    /// and the terminal resized.
+    pub last_known_cursor_pos: Position,
+    /// Number of frames rendered up until current time.
+    frame_count: usize,
+}
+
+impl<B> Drop for Terminal<B>
+where
+    B: Backend,
+{
+    #[allow(clippy::print_stderr)]
+    fn drop(&mut self) {
+        // Attempt to restore the cursor state
+        if self.hidden_cursor {
+            if let Err(err) = self.show_cursor() {
+                eprintln!("Failed to show the cursor: {err}");
+            }
+        }
+    }
+}
+
+impl<B> Terminal<B>
+where
+    B: Backend,
+{
+    /// Creates a new [`Terminal`] with the given [`Backend`] and [`TerminalOptions`].
+    ///
+    /// # Example
+    ///
+    /// ```rust
+    /// use std::io::stdout;
+    ///
+    /// use ratatui::{backend::CrosstermBackend, layout::Rect, Terminal, TerminalOptions, Viewport};
+    ///
+    /// let backend = CrosstermBackend::new(stdout());
+    /// let viewport = Viewport::Fixed(Rect::new(0, 0, 10, 10));
+    /// let terminal = Terminal::with_options(backend, TerminalOptions { viewport })?;
+    /// # std::io::Result::Ok(())
+    /// ```
+    pub fn with_options(mut backend: B) -> io::Result<Self> {
+        let screen_size = backend.size()?;
+        let cursor_pos = backend.get_cursor_position()?;
+        Ok(Self {
+            backend,
+            buffers: [
+                Buffer::empty(Rect::new(0, 0, 0, 0)),
+                Buffer::empty(Rect::new(0, 0, 0, 0)),
+            ],
+            current: 0,
+            hidden_cursor: false,
+            viewport_area: Rect::new(0, cursor_pos.y, 0, 0),
+            last_known_screen_size: screen_size,
+            last_known_cursor_pos: cursor_pos,
+            frame_count: 0,
+        })
+    }
+
+    /// Get a Frame object which provides a consistent view into the terminal state for rendering.
+    pub fn get_frame(&mut self) -> Frame {
+        let count = self.frame_count;
+        Frame {
+            cursor_position: None,
+            viewport_area: self.viewport_area,
+            buffer: self.current_buffer_mut(),
+            count,
+        }
+    }
+
+    /// Gets the current buffer as a mutable reference.
+    pub fn current_buffer_mut(&mut self) -> &mut Buffer {
+        &mut self.buffers[self.current]
+    }
+
+    /// Gets the backend
+    pub const fn backend(&self) -> &B {
+        &self.backend
+    }
+
+    /// Gets the backend as a mutable reference
+    pub fn backend_mut(&mut self) -> &mut B {
+        &mut self.backend
+    }
+
+    /// Obtains a difference between the previous and the current buffer and passes it to the
+    /// current backend for drawing.
+    pub fn flush(&mut self) -> io::Result<()> {
+        let previous_buffer = &self.buffers[1 - self.current];
+        let current_buffer = &self.buffers[self.current];
+        let updates = previous_buffer.diff(current_buffer);
+        if let Some((col, row, _)) = updates.last() {
+            self.last_known_cursor_pos = Position { x: *col, y: *row };
+        }
+        self.backend.draw(updates.into_iter())
+    }
+
+    /// Updates the Terminal so that internal buffers match the requested area.
+    ///
+    /// Requested area will be saved to remain consistent when rendering. This leads to a full clear
+    /// of the screen.
+    pub fn resize(&mut self, screen_size: Size) -> io::Result<()> {
+        self.last_known_screen_size = screen_size;
+        Ok(())
+    }
+
+    /// Sets the viewport area.
+    pub fn set_viewport_area(&mut self, area: Rect) {
+        self.buffers[self.current].resize(area);
+        self.buffers[1 - self.current].resize(area);
+        self.viewport_area = area;
+    }
+
+    /// Queries the backend for size and resizes if it doesn't match the previous size.
+    pub fn autoresize(&mut self) -> io::Result<()> {
+        let screen_size = self.size()?;
+        if screen_size != self.last_known_screen_size {
+            self.resize(screen_size)?;
+        }
+        Ok(())
+    }
+
+    /// Draws a single frame to the terminal.
+    ///
+    /// Returns a [`CompletedFrame`] if successful, otherwise a [`std::io::Error`].
+    ///
+    /// If the render callback passed to this method can fail, use [`try_draw`] instead.
+    ///
+    /// Applications should call `draw` or [`try_draw`] in a loop to continuously render the
+    /// terminal. These methods are the main entry points for drawing to the terminal.
+    ///
+    /// [`try_draw`]: Terminal::try_draw
+    ///
+    /// This method will:
+    ///
+    /// - autoresize the terminal if necessary
+    /// - call the render callback, passing it a [`Frame`] reference to render to
+    /// - flush the current internal state by copying the current buffer to the backend
+    /// - move the cursor to the last known position if it was set during the rendering closure
+    ///
+    /// The render callback should fully render the entire frame when called, including areas that
+    /// are unchanged from the previous frame. This is because each frame is compared to the
+    /// previous frame to determine what has changed, and only the changes are written to the
+    /// terminal. If the render callback does not fully render the frame, the terminal will not be
+    /// in a consistent state.
+    ///
+    /// # Examples
+    ///
+    /// ```
+    /// # let backend = ratatui::backend::TestBackend::new(10, 10);
+    /// # let mut terminal = ratatui::Terminal::new(backend)?;
+    /// use ratatui::{layout::Position, widgets::Paragraph};
+    ///
+    /// // with a closure
+    /// terminal.draw(|frame| {
+    ///     let area = frame.area();
+    ///     frame.render_widget(Paragraph::new("Hello World!"), area);
+    ///     frame.set_cursor_position(Position { x: 0, y: 0 });
+    /// })?;
+    ///
+    /// // or with a function
+    /// terminal.draw(render)?;
+    ///
+    /// fn render(frame: &mut ratatui::Frame) {
+    ///     frame.render_widget(Paragraph::new("Hello World!"), frame.area());
+    /// }
+    /// # std::io::Result::Ok(())
+    /// ```
+    pub fn draw<F>(&mut self, render_callback: F) -> io::Result<()>
+    where
+        F: FnOnce(&mut Frame),
+    {
+        self.try_draw(|frame| {
+            render_callback(frame);
+            io::Result::Ok(())
+        })
+    }
+
+    /// Tries to draw a single frame to the terminal.
+    ///
+    /// Returns [`Result::Ok`] containing a [`CompletedFrame`] if successful, otherwise
+    /// [`Result::Err`] containing the [`std::io::Error`] that caused the failure.
+    ///
+    /// This is the equivalent of [`Terminal::draw`] but the render callback is a function or
+    /// closure that returns a `Result` instead of nothing.
+    ///
+    /// Applications should call `try_draw` or [`draw`] in a loop to continuously render the
+    /// terminal. These methods are the main entry points for drawing to the terminal.
+    ///
+    /// [`draw`]: Terminal::draw
+    ///
+    /// This method will:
+    ///
+    /// - autoresize the terminal if necessary
+    /// - call the render callback, passing it a [`Frame`] reference to render to
+    /// - flush the current internal state by copying the current buffer to the backend
+    /// - move the cursor to the last known position if it was set during the rendering closure
+    /// - return a [`CompletedFrame`] with the current buffer and the area of the terminal
+    ///
+    /// The render callback passed to `try_draw` can return any [`Result`] with an error type that
+    /// can be converted into an [`std::io::Error`] using the [`Into`] trait. This makes it possible
+    /// to use the `?` operator to propagate errors that occur during rendering. If the render
+    /// callback returns an error, the error will be returned from `try_draw` as an
+    /// [`std::io::Error`] and the terminal will not be updated.
+    ///
+    /// The [`CompletedFrame`] returned by this method can be useful for debugging or testing
+    /// purposes, but it is often not used in regular applicationss.
+    ///
+    /// The render callback should fully render the entire frame when called, including areas that
+    /// are unchanged from the previous frame. This is because each frame is compared to the
+    /// previous frame to determine what has changed, and only the changes are written to the
+    /// terminal. If the render function does not fully render the frame, the terminal will not be
+    /// in a consistent state.
+    ///
+    /// # Examples
+    ///
+    /// ```should_panic
+    /// # use ratatui::layout::Position;;
+    /// # let backend = ratatui::backend::TestBackend::new(10, 10);
+    /// # let mut terminal = ratatui::Terminal::new(backend)?;
+    /// use std::io;
+    ///
+    /// use ratatui::widgets::Paragraph;
+    ///
+    /// // with a closure
+    /// terminal.try_draw(|frame| {
+    ///     let value: u8 = "not a number".parse().map_err(io::Error::other)?;
+    ///     let area = frame.area();
+    ///     frame.render_widget(Paragraph::new("Hello World!"), area);
+    ///     frame.set_cursor_position(Position { x: 0, y: 0 });
+    ///     io::Result::Ok(())
+    /// })?;
+    ///
+    /// // or with a function
+    /// terminal.try_draw(render)?;
+    ///
+    /// fn render(frame: &mut ratatui::Frame) -> io::Result<()> {
+    ///     let value: u8 = "not a number".parse().map_err(io::Error::other)?;
+    ///     frame.render_widget(Paragraph::new("Hello World!"), frame.area());
+    ///     Ok(())
+    /// }
+    /// # io::Result::Ok(())
+    /// ```
+    pub fn try_draw<F, E>(&mut self, render_callback: F) -> io::Result<()>
+    where
+        F: FnOnce(&mut Frame) -> Result<(), E>,
+        E: Into<io::Error>,
+    {
+        // Autoresize - otherwise we get glitches if shrinking or potential desync between widgets
+        // and the terminal (if growing), which may OOB.
+        self.autoresize()?;
+
+        let mut frame = self.get_frame();
+
+        render_callback(&mut frame).map_err(Into::into)?;
+
+        // We can't change the cursor position right away because we have to flush the frame to
+        // stdout first. But we also can't keep the frame around, since it holds a &mut to
+        // Buffer. Thus, we're taking the important data out of the Frame and dropping it.
+        let cursor_position = frame.cursor_position;
+
+        // Draw to stdout
+        self.flush()?;
+
+        match cursor_position {
+            None => self.hide_cursor()?,
+            Some(position) => {
+                self.show_cursor()?;
+                self.set_cursor_position(position)?;
+            }
+        }
+
+        self.swap_buffers();
+
+        // Flush
+        self.backend.flush()?;
+
+        // increment frame count before returning from draw
+        self.frame_count = self.frame_count.wrapping_add(1);
+
+        Ok(())
+    }
+
+    /// Hides the cursor.
+    pub fn hide_cursor(&mut self) -> io::Result<()> {
+        self.backend.hide_cursor()?;
+        self.hidden_cursor = true;
+        Ok(())
+    }
+
+    /// Shows the cursor.
+    pub fn show_cursor(&mut self) -> io::Result<()> {
+        self.backend.show_cursor()?;
+        self.hidden_cursor = false;
+        Ok(())
+    }
+
+    /// Gets the current cursor position.
+    ///
+    /// This is the position of the cursor after the last draw call.
+    #[allow(dead_code)]
+    pub fn get_cursor_position(&mut self) -> io::Result<Position> {
+        self.backend.get_cursor_position()
+    }
+
+    /// Sets the cursor position.
+    pub fn set_cursor_position<P: Into<Position>>(&mut self, position: P) -> io::Result<()> {
+        let position = position.into();
+        self.backend.set_cursor_position(position)?;
+        self.last_known_cursor_pos = position;
+        Ok(())
+    }
+
+    /// Clear the terminal and force a full redraw on the next draw call.
+    pub fn clear(&mut self) -> io::Result<()> {
+        if self.viewport_area.is_empty() {
+            return Ok(());
+        }
+        self.backend
+            .set_cursor_position(self.viewport_area.as_position())?;
+        self.backend.clear_region(ClearType::AfterCursor)?;
+        // Reset the back buffer to make sure the next update will redraw everything.
+        self.buffers[1 - self.current].reset();
+        Ok(())
+    }
+
+    /// Clears the inactive buffer and swaps it with the current buffer
+    pub fn swap_buffers(&mut self) {
+        self.buffers[1 - self.current].reset();
+        self.current = 1 - self.current;
+    }
+
+    /// Queries the real size of the backend.
+    pub fn size(&self) -> io::Result<Size> {
+        self.backend.size()
+    }
+}

codex-rs/tui/src/history_cell.rs

@@ -1,5 +1,4 @@
-use crate::cell_widget::CellWidget;
-use crate::exec_command::escape_command;
+use crate::exec_command::strip_bash_lc_and_escape;
 use crate::markdown::append_markdown;
 use crate::text_block::TextBlock;
 use crate::text_formatting::format_and_truncate_tool_result;
@@ -10,12 +9,14 @@ use codex_common::summarize_sandbox_policy;
 use codex_core::WireApi;
 use codex_core::config::Config;
 use codex_core::model_supports_reasoning_summaries;
+use codex_core::plan_tool::PlanItemArg;
+use codex_core::plan_tool::StepStatus;
+use codex_core::plan_tool::UpdatePlanArgs;
 use codex_core::protocol::FileChange;
+use codex_core::protocol::McpInvocation;
 use codex_core::protocol::SessionConfiguredEvent;
 use image::DynamicImage;
-use image::GenericImageView;
 use image::ImageReader;
-use lazy_static::lazy_static;
 use mcp_types::EmbeddedResourceResource;
 use mcp_types::ResourceLink;
 use ratatui::prelude::*;
@@ -24,14 +25,10 @@ use ratatui::style::Modifier;
 use ratatui::style::Style;
 use ratatui::text::Line as RtLine;
 use ratatui::text::Span as RtSpan;
-use ratatui_image::Image as TuiImage;
-use ratatui_image::Resize as ImgResize;
-use ratatui_image::picker::ProtocolType;
 use std::collections::HashMap;
 use std::io::Cursor;
 use std::path::PathBuf;
 use std::time::Duration;
-use std::time::Instant;
 use tracing::error;
 
 pub(crate) struct CommandOutput {
@@ -46,6 +43,21 @@ pub(crate) enum PatchEventType {
     ApplyBegin { auto_approved: bool },
 }
 
+fn span_to_static(span: &Span) -> Span<'static> {
+    Span {
+        style: span.style,
+        content: std::borrow::Cow::Owned(span.content.clone().into_owned()),
+    }
+}
+
+fn line_to_static(line: &Line) -> Line<'static> {
+    Line {
+        style: line.style,
+        alignment: line.alignment,
+        spans: line.spans.iter().map(span_to_static).collect(),
+    }
+}
+
 /// Represents an event to display in the conversation history. Returns its
 /// `Vec<Line<'static>>` representation to make it easier to display in a
 /// scrollable list.
@@ -63,25 +75,13 @@ pub(crate) enum HistoryCell {
     AgentReasoning { view: TextBlock },
 
     /// An exec tool call that has not finished yet.
-    ActiveExecCommand {
-        call_id: String,
-        /// The shell command, escaped and formatted.
-        command: String,
-        start: Instant,
-        view: TextBlock,
-    },
+    ActiveExecCommand { view: TextBlock },
 
     /// Completed exec tool call.
     CompletedExecCommand { view: TextBlock },
 
     /// An MCP tool call that has not finished yet.
-    ActiveMcpToolCall {
-        call_id: String,
-        /// Formatted line that shows the command name and arguments
-        invocation: Line<'static>,
-        start: Instant,
-        view: TextBlock,
-    },
+    ActiveMcpToolCall { view: TextBlock },
 
     /// Completed MCP tool call where we show the result serialized as JSON.
     CompletedMcpToolCall { view: TextBlock },
@@ -94,13 +94,7 @@ pub(crate) enum HistoryCell {
     // resized version avoids doing the potentially expensive rescale twice
     // because the scroll-view first calls `height()` for layouting and then
     // `render_window()` for painting.
-    CompletedMcpToolCallWithImageOutput {
-        image: DynamicImage,
-        /// Cached data derived from the current terminal width.  The cache is
-        /// invalidated whenever the width changes (e.g. when the user
-        /// resizes the window).
-        render_cache: std::cell::RefCell<Option<ImageRenderCache>>,
-    },
+    CompletedMcpToolCallWithImageOutput { _image: DynamicImage },
 
     /// Background event.
     BackgroundEvent { view: TextBlock },
@@ -118,6 +112,10 @@ pub(crate) enum HistoryCell {
     /// behaviour of `ActiveExecCommand` so the user sees *what* patch the
     /// model wants to apply before being prompted to approve or deny it.
     PendingPatch { view: TextBlock },
+
+    /// A human‑friendly rendering of the model's current plan and step
+    /// statuses provided via the `update_plan` tool.
+    PlanUpdate { view: TextBlock },
 }
 
 const TOOL_CALL_MAX_LINES: usize = 5;
@@ -139,8 +137,11 @@ impl HistoryCell {
             | HistoryCell::CompletedExecCommand { view }
             | HistoryCell::CompletedMcpToolCall { view }
             | HistoryCell::PendingPatch { view }
+            | HistoryCell::PlanUpdate { view }
             | HistoryCell::ActiveExecCommand { view, .. }
-            | HistoryCell::ActiveMcpToolCall { view, .. } => view.lines.clone(),
+            | HistoryCell::ActiveMcpToolCall { view, .. } => {
+                view.lines.iter().map(line_to_static).collect()
+            }
             HistoryCell::CompletedMcpToolCallWithImageOutput { .. } => vec![
                 Line::from("tool result (image output omitted)"),
                 Line::from(""),
@@ -252,9 +253,8 @@ impl HistoryCell {
         }
     }
 
-    pub(crate) fn new_active_exec_command(call_id: String, command: Vec<String>) -> Self {
-        let command_escaped = escape_command(&command);
-        let start = Instant::now();
+    pub(crate) fn new_active_exec_command(command: Vec<String>) -> Self {
+        let command_escaped = strip_bash_lc_and_escape(&command);
 
         let lines: Vec<Line<'static>> = vec![
             Line::from(vec!["command".magenta(), " running...".dim()]),
@@ -263,14 +263,11 @@ impl HistoryCell {
         ];
 
         HistoryCell::ActiveExecCommand {
-            call_id,
-            command: command_escaped,
-            start,
             view: TextBlock::new(lines),
         }
     }
 
-    pub(crate) fn new_completed_exec_command(command: String, output: CommandOutput) -> Self {
+    pub(crate) fn new_completed_exec_command(command: Vec<String>, output: CommandOutput) -> Self {
         let CommandOutput {
             exit_code,
             stdout,
@@ -294,7 +291,8 @@ impl HistoryCell {
 
         let src = if exit_code == 0 { stdout } else { stderr };
 
-        lines.push(Line::from(format!("$ {command}")));
+        let cmdline = strip_bash_lc_and_escape(&command);
+        lines.push(Line::from(format!("$ {cmdline}")));
         let mut lines_iter = src.lines();
         for raw in lines_iter.by_ref().take(TOOL_CALL_MAX_LINES) {
             lines.push(ansi_escape_line(raw).dim());
@@ -310,41 +308,15 @@ impl HistoryCell {
         }
     }
 
-    pub(crate) fn new_active_mcp_tool_call(
-        call_id: String,
-        server: String,
-        tool: String,
-        arguments: Option<serde_json::Value>,
-    ) -> Self {
-        // Format the arguments as compact JSON so they roughly fit on one
-        // line. If there are no arguments we keep it empty so the invocation
-        // mirrors a function-style call.
-        let args_str = arguments
-            .as_ref()
-            .map(|v| {
-                // Use compact form to keep things short but readable.
-                serde_json::to_string(v).unwrap_or_else(|_| v.to_string())
-            })
-            .unwrap_or_default();
-
-        let invocation_spans = vec![
-            Span::styled(server, Style::default().fg(Color::Blue)),
-            Span::raw("."),
-            Span::styled(tool, Style::default().fg(Color::Blue)),
-            Span::raw("("),
-            Span::styled(args_str, Style::default().fg(Color::Gray)),
-            Span::raw(")"),
-        ];
-        let invocation = Line::from(invocation_spans);
-
-        let start = Instant::now();
+    pub(crate) fn new_active_mcp_tool_call(invocation: McpInvocation) -> Self {
         let title_line = Line::from(vec!["tool".magenta(), " running...".dim()]);
-        let lines: Vec<Line<'static>> = vec![title_line, invocation.clone(), Line::from("")];
+        let lines: Vec<Line> = vec![
+            title_line,
+            format_mcp_invocation(invocation.clone()),
+            Line::from(""),
+        ];
 
         HistoryCell::ActiveMcpToolCall {
-            call_id,
-            invocation,
-            start,
             view: TextBlock::new(lines),
         }
     }
@@ -382,10 +354,7 @@ impl HistoryCell {
                         }
                     };
 
-                    Some(HistoryCell::CompletedMcpToolCallWithImageOutput {
-                        image,
-                        render_cache: std::cell::RefCell::new(None),
-                    })
+                    Some(HistoryCell::CompletedMcpToolCallWithImageOutput { _image: image })
                 } else {
                     None
                 }
@@ -396,8 +365,8 @@ impl HistoryCell {
 
     pub(crate) fn new_completed_mcp_tool_call(
         num_cols: u16,
-        invocation: Line<'static>,
-        start: Instant,
+        invocation: McpInvocation,
+        duration: Duration,
         success: bool,
         result: Result<mcp_types::CallToolResult, String>,
     ) -> Self {
@@ -405,7 +374,7 @@ impl HistoryCell {
             return cell;
         }
 
-        let duration = format_duration(start.elapsed());
+        let duration = format_duration(duration);
         let status_str = if success { "success" } else { "failed" };
         let title_line = Line::from(vec![
             "tool".magenta(),
@@ -420,7 +389,7 @@ impl HistoryCell {
 
         let mut lines: Vec<Line<'static>> = Vec::new();
         lines.push(title_line);
-        lines.push(invocation);
+        lines.push(format_mcp_invocation(invocation));
 
         match result {
             Ok(mcp_types::CallToolResult { content, .. }) => {
@@ -516,6 +485,94 @@ impl HistoryCell {
         }
     }
 
+    /// Render a user‑friendly plan update with colourful status icons and a
+    /// simple progress indicator so users can follow along.
+    pub(crate) fn new_plan_update(update: UpdatePlanArgs) -> Self {
+        let UpdatePlanArgs { explanation, plan } = update;
+
+        let mut lines: Vec<Line<'static>> = Vec::new();
+
+        // Title
+        lines.push(Line::from("plan".magenta().bold()));
+
+        if !plan.is_empty() {
+            // Progress bar – show completed/total with a visual bar
+            let total = plan.len();
+            let completed = plan
+                .iter()
+                .filter(|p| matches!(p.status, StepStatus::Completed))
+                .count();
+            let width: usize = 20;
+            let filled = (completed * width + total / 2) / total;
+            let empty = width.saturating_sub(filled);
+            let mut bar_spans: Vec<Span> = Vec::new();
+            if filled > 0 {
+                bar_spans.push(Span::styled(
+                    "█".repeat(filled),
+                    Style::default().fg(Color::Green),
+                ));
+            }
+            if empty > 0 {
+                bar_spans.push(Span::styled(
+                    "░".repeat(empty),
+                    Style::default().fg(Color::Gray),
+                ));
+            }
+            let progress_prefix = Span::raw("progress [");
+            let progress_suffix = Span::raw("] ");
+            let fraction = Span::raw(format!("{completed}/{total}"));
+            let mut progress_line_spans = vec![progress_prefix];
+            progress_line_spans.extend(bar_spans);
+            progress_line_spans.push(progress_suffix);
+            progress_line_spans.push(fraction);
+            lines.push(Line::from(progress_line_spans));
+        }
+
+        // Optional explanation/note from the model
+        if let Some(expl) = explanation.and_then(|s| {
+            let t = s.trim().to_string();
+            if t.is_empty() { None } else { Some(t) }
+        }) {
+            lines.push(Line::from("note".gray().italic()));
+            for l in expl.lines() {
+                lines.push(Line::from(l.to_string()).gray());
+            }
+        }
+
+        // Steps (1‑based numbering) with fun, readable status icons
+        if plan.is_empty() {
+            lines.push(Line::from("(no steps provided)".gray().italic()));
+        } else {
+            for (idx, PlanItemArg { step, status }) in plan.into_iter().enumerate() {
+                let num = idx + 1;
+                let (icon, style): (&str, Style) = match status {
+                    StepStatus::Completed => ("✓", Style::default().fg(Color::Green)),
+                    StepStatus::InProgress => (
+                        "▶",
+                        Style::default()
+                            .fg(Color::Yellow)
+                            .add_modifier(Modifier::BOLD),
+                    ),
+                    StepStatus::Pending => ("○", Style::default().fg(Color::Gray)),
+                };
+                let prefix = vec![
+                    Span::raw(format!("{num:>2}. [")),
+                    Span::styled(icon.to_string(), style),
+                    Span::raw("] "),
+                ];
+                let mut spans = prefix;
+                spans.push(Span::raw(step));
+                lines.push(Line::from(spans));
+            }
+        }
+
+        lines.push(Line::from(""));
+
+        HistoryCell::PlanUpdate {
+            view: TextBlock::new(lines),
+        }
+    }
+
     /// Create a new `PendingPatch` cell that lists the file‑level summary of
     /// a proposed patch. The summary lines should already be formatted (e.g.
     /// "A path/to/file.rs").
@@ -581,85 +638,6 @@ impl HistoryCell {
     }
 }
 
-// ---------------------------------------------------------------------------
-// `CellWidget` implementation – most variants delegate to their internal
-// `TextBlock`.  Variants that need custom painting can add their own logic in
-// the match arms.
-// ---------------------------------------------------------------------------
-
-impl CellWidget for HistoryCell {
-    fn height(&self, width: u16) -> usize {
-        match self {
-            HistoryCell::WelcomeMessage { view }
-            | HistoryCell::UserPrompt { view }
-            | HistoryCell::AgentMessage { view }
-            | HistoryCell::AgentReasoning { view }
-            | HistoryCell::BackgroundEvent { view }
-            | HistoryCell::GitDiffOutput { view }
-            | HistoryCell::ErrorEvent { view }
-            | HistoryCell::SessionInfo { view }
-            | HistoryCell::CompletedExecCommand { view }
-            | HistoryCell::CompletedMcpToolCall { view }
-            | HistoryCell::PendingPatch { view }
-            | HistoryCell::ActiveExecCommand { view, .. }
-            | HistoryCell::ActiveMcpToolCall { view, .. } => view.height(width),
-            HistoryCell::CompletedMcpToolCallWithImageOutput {
-                image,
-                render_cache,
-            } => ensure_image_cache(image, width, render_cache),
-        }
-    }
-
-    fn render_window(&self, first_visible_line: usize, area: Rect, buf: &mut Buffer) {
-        match self {
-            HistoryCell::WelcomeMessage { view }
-            | HistoryCell::UserPrompt { view }
-            | HistoryCell::AgentMessage { view }
-            | HistoryCell::AgentReasoning { view }
-            | HistoryCell::BackgroundEvent { view }
-            | HistoryCell::GitDiffOutput { view }
-            | HistoryCell::ErrorEvent { view }
-            | HistoryCell::SessionInfo { view }
-            | HistoryCell::CompletedExecCommand { view }
-            | HistoryCell::CompletedMcpToolCall { view }
-            | HistoryCell::PendingPatch { view }
-            | HistoryCell::ActiveExecCommand { view, .. }
-            | HistoryCell::ActiveMcpToolCall { view, .. } => {
-                view.render_window(first_visible_line, area, buf)
-            }
-            HistoryCell::CompletedMcpToolCallWithImageOutput {
-                image,
-                render_cache,
-            } => {
-                // Ensure we have a cached, resized copy that matches the current width.
-                // `height()` should have prepared the cache, but if something invalidated it
-                // (e.g. the first `render_window()` call happens *before* `height()` after a
-                // resize) we rebuild it here.
-
-                let width_cells = area.width;
-
-                // Ensure the cache is up-to-date and extract the scaled image.
-                let _ = ensure_image_cache(image, width_cells, render_cache);
-
-                let Some(resized) = render_cache
-                    .borrow()
-                    .as_ref()
-                    .map(|c| c.scaled_image.clone())
-                else {
-                    return;
-                };
-
-                let picker = &*TERMINAL_PICKER;
-
-                if let Ok(protocol) = picker.new_protocol(resized, area, ImgResize::Fit(None)) {
-                    let img_widget = TuiImage::new(&protocol);
-                    img_widget.render(area, buf);
-                }
-            }
-        }
-    }
-}
-
 fn create_diff_summary(changes: HashMap<PathBuf, FileChange>) -> Vec<String> {
     // Build a concise, human‑readable summary list similar to the
     // `git status` short format so the user can reason about the
@@ -692,119 +670,23 @@ fn create_diff_summary(changes: HashMap<PathBuf, FileChange>) -> Vec<String> {
     summaries
 }
 
-// -------------------------------------
-// Helper types for image rendering
-// -------------------------------------
+fn format_mcp_invocation<'a>(invocation: McpInvocation) -> Line<'a> {
+    let args_str = invocation
+        .arguments
+        .as_ref()
+        .map(|v| {
+            // Use compact form to keep things short but readable.
+            serde_json::to_string(v).unwrap_or_else(|_| v.to_string())
+        })
+        .unwrap_or_default();
 
-/// Cached information for rendering an image inside a conversation cell.
-///
-/// The cache ties the resized image to a *specific* content width (in
-/// terminal cells).  Whenever the terminal is resized and the width changes
-/// we need to re-compute the scaled variant so that it still fits the
-/// available space.  Keeping the resized copy around saves a costly rescale
-/// between the back-to-back `height()` and `render_window()` calls that the
-/// scroll-view performs while laying out the UI.
-pub(crate) struct ImageRenderCache {
-    /// Width in *terminal cells* the cached image was generated for.
-    width_cells: u16,
-    /// Height in *terminal rows* that the conversation cell must occupy so
-    /// the whole image becomes visible.
-    height_rows: usize,
-    /// The resized image that fits the given width / height constraints.
-    scaled_image: DynamicImage,
-}
-
-lazy_static! {
-    static ref TERMINAL_PICKER: ratatui_image::picker::Picker = {
-        use ratatui_image::picker::Picker;
-        use ratatui_image::picker::cap_parser::QueryStdioOptions;
-
-        // Ask the terminal for capabilities and explicit font size.  Request the
-        // Kitty *text-sizing protocol* as a fallback mechanism for terminals
-        // (like iTerm2) that do not reply to the standard CSI 16/18 queries.
-        match Picker::from_query_stdio_with_options(QueryStdioOptions {
-            text_sizing_protocol: true,
-        }) {
-            Ok(picker) => picker,
-            Err(err) => {
-                // Fall back to the conservative default that assumes ~8×16 px cells.
-                // Still better than breaking the build in a headless test run.
-                tracing::warn!("terminal capability query failed: {err:?}; using default font size");
-                Picker::from_fontsize((8, 16))
-            }
-        }
-    };
-}
-
-/// Resize `image` to fit into `width_cells`×10-rows keeping the original aspect
-/// ratio. The function updates `render_cache` and returns the number of rows
-/// (<= 10) the picture will occupy.
-fn ensure_image_cache(
-    image: &DynamicImage,
-    width_cells: u16,
-    render_cache: &std::cell::RefCell<Option<ImageRenderCache>>,
-) -> usize {
-    if let Some(cache) = render_cache.borrow().as_ref() {
-        if cache.width_cells == width_cells {
-            return cache.height_rows;
-        }
-    }
-
-    let picker = &*TERMINAL_PICKER;
-    let (char_w_px, char_h_px) = picker.font_size();
-
-    // Heuristic to compensate for Hi-DPI terminals (iTerm2 on Retina Mac) that
-    // report logical pixels (≈ 8×16) while the iTerm2 graphics protocol
-    // expects *device* pixels.  Empirically the device-pixel-ratio is almost
-    // always 2 on macOS Retina panels.
-    let hidpi_scale = if picker.protocol_type() == ProtocolType::Iterm2 {
-        2.0f64
-    } else {
-        1.0
-    };
-
-    // The fallback Halfblocks protocol encodes two pixel rows per cell, so each
-    // terminal *row* represents only half the (possibly scaled) font height.
-    let effective_char_h_px: f64 = if picker.protocol_type() == ProtocolType::Halfblocks {
-        (char_h_px as f64) * hidpi_scale / 2.0
-    } else {
-        (char_h_px as f64) * hidpi_scale
-    };
-
-    let char_w_px_f64 = (char_w_px as f64) * hidpi_scale;
-
-    const MAX_ROWS: f64 = 10.0;
-    let max_height_px: f64 = effective_char_h_px * MAX_ROWS;
-
-    let (orig_w_px, orig_h_px) = {
-        let (w, h) = image.dimensions();
-        (w as f64, h as f64)
-    };
-
-    if orig_w_px == 0.0 || orig_h_px == 0.0 || width_cells == 0 {
-        *render_cache.borrow_mut() = None;
-        return 0;
-    }
-
-    let max_w_px = char_w_px_f64 * width_cells as f64;
-    let scale_w = max_w_px / orig_w_px;
-    let scale_h = max_height_px / orig_h_px;
-    let scale = scale_w.min(scale_h).min(1.0);
-
-    use image::imageops::FilterType;
-    let scaled_w_px = (orig_w_px * scale).round().max(1.0) as u32;
-    let scaled_h_px = (orig_h_px * scale).round().max(1.0) as u32;
-
-    let scaled_image = image.resize(scaled_w_px, scaled_h_px, FilterType::Lanczos3);
-
-    let height_rows = ((scaled_h_px as f64 / effective_char_h_px).ceil()) as usize;
-
-    let new_cache = ImageRenderCache {
-        width_cells,
-        height_rows,
-        scaled_image,
-    };
-    *render_cache.borrow_mut() = Some(new_cache);
-
-    height_rows
+    let invocation_spans = vec![
+        Span::styled(invocation.server.clone(), Style::default().fg(Color::Blue)),
+        Span::raw("."),
+        Span::styled(invocation.tool.clone(), Style::default().fg(Color::Blue)),
+        Span::raw("("),
+        Span::styled(args_str, Style::default().fg(Color::Gray)),
+        Span::raw(")"),
+    ];
+    Line::from(invocation_spans)
 }

codex-rs/tui/src/insert_history.rs

@@ -4,6 +4,7 @@ use std::io::Write;
 
 use crate::tui;
 use crossterm::Command;
+use crossterm::cursor::MoveTo;
 use crossterm::queue;
 use crossterm::style::Color as CColor;
 use crossterm::style::Colors;
@@ -12,7 +13,6 @@ use crossterm::style::SetAttribute;
 use crossterm::style::SetBackgroundColor;
 use crossterm::style::SetColors;
 use crossterm::style::SetForegroundColor;
-use ratatui::layout::Position;
 use ratatui::layout::Size;
 use ratatui::prelude::Backend;
 use ratatui::style::Color;
@@ -21,8 +21,9 @@ use ratatui::text::Line;
 use ratatui::text::Span;
 
 /// Insert `lines` above the viewport.
-pub(crate) fn insert_history_lines(terminal: &mut tui::Tui, lines: Vec<Line<'static>>) {
+pub(crate) fn insert_history_lines(terminal: &mut tui::Tui, lines: Vec<Line>) {
     let screen_size = terminal.backend().size().unwrap_or(Size::new(0, 0));
+    let cursor_pos = terminal.get_cursor_position().ok();
 
     let mut area = terminal.get_frame().area();
 
@@ -35,12 +36,12 @@ pub(crate) fn insert_history_lines(terminal: &mut tui::Tui, lines: Vec<Line<'sta
             .backend_mut()
             .scroll_region_down(area.top()..screen_size.height, scroll_amount)
             .ok();
-        let cursor_top = area.top() - 1;
+        let cursor_top = area.top().saturating_sub(1);
         area.y += scroll_amount;
         terminal.set_viewport_area(area);
         cursor_top
     } else {
-        area.top() - 1
+        area.top().saturating_sub(1)
     };
 
     // Limit the scroll region to the lines from the top of the screen to the
@@ -60,9 +61,10 @@ pub(crate) fn insert_history_lines(terminal: &mut tui::Tui, lines: Vec<Line<'sta
     // └──────────────────────────────┘
     queue!(std::io::stdout(), SetScrollRegion(1..area.top())).ok();
 
-    terminal
-        .set_cursor_position(Position::new(0, cursor_top))
-        .ok();
+    // NB: we are using MoveTo instead of set_cursor_position here to avoid messing with the
+    // terminal's last_known_cursor_position, which hopefully will still be accurate after we
+    // fetch/restore the cursor position. insert_history_lines should be cursor-position-neutral :)
+    queue!(std::io::stdout(), MoveTo(0, cursor_top)).ok();
 
     for line in lines {
         queue!(std::io::stdout(), Print("\r\n")).ok();
@@ -70,6 +72,11 @@ pub(crate) fn insert_history_lines(terminal: &mut tui::Tui, lines: Vec<Line<'sta
     }
 
     queue!(std::io::stdout(), ResetScrollRegion).ok();
+
+    // Restore the cursor position to where it was before we started.
+    if let Some(cursor_pos) = cursor_pos {
+        queue!(std::io::stdout(), MoveTo(cursor_pos.x, cursor_pos.y)).ok();
+    }
 }
 
 fn wrapped_line_count(lines: &[Line], width: u16) -> u16 {

codex-rs/tui/src/lib.rs

@@ -6,15 +6,14 @@ use app::App;
 use codex_core::config::Config;
 use codex_core::config::ConfigOverrides;
 use codex_core::config_types::SandboxMode;
-use codex_core::openai_api_key::OPENAI_API_KEY_ENV_VAR;
-use codex_core::openai_api_key::get_openai_api_key;
-use codex_core::openai_api_key::set_openai_api_key;
 use codex_core::protocol::AskForApproval;
 use codex_core::util::is_inside_git_repo;
-use codex_login::try_read_openai_api_key;
+use codex_login::load_auth;
 use log_layer::TuiLogLayer;
 use std::fs::OpenOptions;
+use std::io::Write;
 use std::path::PathBuf;
+use tracing::error;
 use tracing_appender::non_blocking;
 use tracing_subscriber::EnvFilter;
 use tracing_subscriber::prelude::*;
@@ -23,11 +22,10 @@ mod app;
 mod app_event;
 mod app_event_sender;
 mod bottom_pane;
-mod cell_widget;
 mod chatwidget;
 mod citation_regex;
 mod cli;
-mod conversation_history_widget;
+mod custom_terminal;
 mod exec_command;
 mod file_search;
 mod get_git_diff;
@@ -35,9 +33,7 @@ mod git_warning_screen;
 mod history_cell;
 mod insert_history;
 mod log_layer;
-mod login_screen;
 mod markdown;
-mod scroll_event_helper;
 mod slash_command;
 mod status_indicator_widget;
 mod text_block;
@@ -47,7 +43,7 @@ mod user_approval_widget;
 
 pub use cli::Cli;
 
-pub fn run_main(
+pub async fn run_main(
     cli: Cli,
     codex_linux_sandbox_exe: Option<PathBuf>,
 ) -> std::io::Result<codex_core::protocol::TokenUsage> {
@@ -79,6 +75,7 @@ pub fn run_main(
             config_profile: cli.config_profile.clone(),
             codex_linux_sandbox_exe,
             base_instructions: None,
+            include_plan_tool: Some(true),
         };
         // Parse `-c` overrides from the CLI.
         let cli_kv_overrides = match cli.config_overrides.parse_overrides() {
@@ -143,6 +140,22 @@ pub fn run_main(
         .try_init();
 
     let show_login_screen = should_show_login_screen(&config);
+    if show_login_screen {
+        std::io::stdout()
+            .write_all(b"No API key detected.\nLogin with your ChatGPT account? [Yn] ")?;
+        std::io::stdout().flush()?;
+        let mut input = String::new();
+        std::io::stdin().read_line(&mut input)?;
+        let trimmed = input.trim();
+        if !(trimmed.is_empty() || trimmed.eq_ignore_ascii_case("y")) {
+            std::process::exit(1);
+        }
+        // Spawn a task to run the login command.
+        // Block until the login command is finished.
+        codex_login::login_with_chatgpt(&config.codex_home, false).await?;
+
+        std::io::stdout().write_all(b"Login successful.\n")?;
+    }
 
     // Determine whether we need to display the "not a git repo" warning
     // modal. The flag is shown when the current working directory is *not*
@@ -150,35 +163,32 @@ pub fn run_main(
     // `--allow-no-git-exec` flag.
     let show_git_warning = !cli.skip_git_repo_check && !is_inside_git_repo(&config);
 
-    run_ratatui_app(cli, config, show_login_screen, show_git_warning, log_rx)
+    run_ratatui_app(cli, config, show_git_warning, log_rx)
         .map_err(|err| std::io::Error::other(err.to_string()))
 }
 
 fn run_ratatui_app(
     cli: Cli,
     config: Config,
-    show_login_screen: bool,
     show_git_warning: bool,
     mut log_rx: tokio::sync::mpsc::UnboundedReceiver<String>,
 ) -> color_eyre::Result<codex_core::protocol::TokenUsage> {
     color_eyre::install()?;
 
     // Forward panic reports through tracing so they appear in the UI status
-    // line instead of interleaving raw panic output with the interface.
-    std::panic::set_hook(Box::new(|info| {
+    // line, but do not swallow the default/color-eyre panic handler.
+    // Chain to the previous hook so users still get a rich panic report
+    // (including backtraces) after we restore the terminal.
+    let prev_hook = std::panic::take_hook();
+    std::panic::set_hook(Box::new(move |info| {
         tracing::error!("panic: {info}");
+        prev_hook(info);
     }));
     let mut terminal = tui::init(&config)?;
     terminal.clear()?;
 
     let Cli { prompt, images, .. } = cli;
-    let mut app = App::new(
-        config.clone(),
-        prompt,
-        show_login_screen,
-        show_git_warning,
-        images,
-    );
+    let mut app = App::new(config.clone(), prompt, show_git_warning, images);
 
     // Bridge log receiver into the AppEvent channel so latest log lines update the UI.
     {
@@ -212,35 +222,19 @@ fn restore() {
 
 #[allow(clippy::unwrap_used)]
 fn should_show_login_screen(config: &Config) -> bool {
-    if is_in_need_of_openai_api_key(config) {
+    if config.model_provider.requires_auth {
         // Reading the OpenAI API key is an async operation because it may need
         // to refresh the token. Block on it.
         let codex_home = config.codex_home.clone();
-        let (tx, rx) = tokio::sync::oneshot::channel();
-        tokio::spawn(async move {
-            match try_read_openai_api_key(&codex_home).await {
-                Ok(openai_api_key) => {
-                    set_openai_api_key(openai_api_key);
-                    tx.send(false).unwrap();
-                }
-                Err(_) => {
-                    tx.send(true).unwrap();
-                }
+        match load_auth(&codex_home, true) {
+            Ok(Some(_)) => false,
+            Ok(None) => true,
+            Err(err) => {
+                error!("Failed to read auth.json: {err}");
+                true
             }
-        });
-        // TODO(mbolin): Impose some sort of timeout.
-        tokio::task::block_in_place(|| rx.blocking_recv()).unwrap()
+        }
     } else {
         false
     }
 }
-
-fn is_in_need_of_openai_api_key(config: &Config) -> bool {
-    let is_using_openai_key = config
-        .model_provider
-        .env_key
-        .as_ref()
-        .map(|s| s == OPENAI_API_KEY_ENV_VAR)
-        .unwrap_or(false);
-    is_using_openai_key && get_openai_api_key().is_none()
-}