feat: stream agent message deltas

- Expose mcp_protocol from mcp-server for reuse in tests and callers.
- In MessageProcessor, detect structured ToolCallRequestParams in
tools/call and forward to a new handler.
- Add handle_new_tool_calls scaffold (returns error for now).
- Test helper: add send_send_user_message_tool_call to McpProcess to
send ConversationSendMessage requests;

This is the second PR in a stack.
Stack:
Final: #1686
Intermediate: #1751
First: #1750

.github/codex/labels/codex-rust-review.md

@@ -0,0 +1,23 @@
+Review this PR and respond with a very concise final message, formatted in Markdown.
+
+There should be a summary of the changes (1-2 sentences) and a few bullet points if necessary.
+
+Then provide the **review** (1-2 sentences plus bullet points, friendly tone).
+
+Things to look out for when doing the review:
+
+- **Make sure the pull request body explains the motivation behind the change.** If the author has failed to do this, call it out, and if you think you can deduce the motivation behind the change, propose copy.
+- Ideally, the PR body also contains a small summary of the change. For small changes, the PR title may be sufficient.
+- Each PR should ideally do one conceptual thing. For example, if a PR does a refactoring as well as introducing a new feature, push back and suggest the refactoring be done in a separate PR. This makes things easier for the reviewer, as refactoring changes can often be far-reaching, yet quick to review.
+- If the nature of the change seems to have a visual component (which is often the case for changes to `codex-rs/tui`), recommend including a screenshot or video to demonstrate the change, if appropriate.
+- Rust files should generally be organized such that the public parts of the API appear near the top of the file and helper functions go below. This is analagous to the "inverted pyramid" structure that is favored in journalism.
+- Encourage the use of small enums or the newtype pattern in Rust if it helps readability without adding significant cognitive load or lines of code.
+- Be wary of large files and offer suggestions for how to break things into more reasonably-sized files.
+- When modifying a `Cargo.toml` file, make sure that dependency lists stay alphabetically sorted. Also consider whether a new dependency is added to the appropriate place (e.g., `[dependencies]` versus `[dev-dependencies]`)
+- If you see opportunities for the changes in a diff to use more idiomatic Rust, please make specific recommendations. For example, favor the use of expressions over `return`.
+- When introducing new code, be on the lookout for code that duplicates existing code. When found, propose a way to refactor the existing code such that it should be reused.
+- Each create in the Cargo workspace in `codex-rs` has a specific purpose: make a note if you believe new code is not introduced in the correct crate.
+- When possible, try to keep the `core` crate as small as possible. Non-core but shared logic is often a good candidate for `codex-rs/common`.
+- References to existing GitHub issues and PRs are encouraged, where appropriate, though you likely do not have network access, so may not be able to help here.
+
+{CODEX_ACTION_GITHUB_EVENT_PATH} contains the JSON that triggered this GitHub workflow. It contains the `base` and `head` refs that define this PR. Both refs are available locally.

.github/workflows/codex.yml

@@ -20,7 +20,7 @@ jobs:
       (github.event_name == 'issues' && (
         (github.event.action == 'labeled' && (github.event.label.name == 'codex-attempt' || github.event.label.name == 'codex-triage'))
       )) ||
-      (github.event_name == 'pull_request' && github.event.action == 'labeled' && github.event.label.name == 'codex-review')
+      (github.event_name == 'pull_request' && github.event.action == 'labeled' && (github.event.label.name == 'codex-review' || github.event.label.name == 'codex-rust-review'))
     runs-on: ubuntu-latest
     permissions:
       contents: write # can push or create branches

.vscode/extensions.json

@@ -0,0 +1,5 @@
+{
+    "recommendations": [
+        "tamasfe.even-better-toml",
+    ]
+}

.vscode/settings.json

@@ -6,5 +6,11 @@
     "[rust]": {
         "editor.defaultFormatter": "rust-lang.rust-analyzer",
         "editor.formatOnSave": true,
-    }
+    },
+    "[toml]": {
+        "editor.defaultFormatter": "tamasfe.even-better-toml",
+        "editor.formatOnSave": true,
+    },
+    "evenBetterToml.formatter.reorderArrays": true,
+    "evenBetterToml.formatter.reorderKeys": true,
 }

NOTICE

@@ -1,2 +1,6 @@
 OpenAI Codex
 Copyright 2025 OpenAI
+
+This project includes code derived from [Ratatui](https://github.com/ratatui/ratatui), licensed under the MIT license.
+Copyright (c) 2016-2022 Florian Dehau
+Copyright (c) 2023-2025 The Ratatui Developers

codex-rs/Cargo.lock

@@ -793,6 +793,7 @@ dependencies = [
  "reqwest",
  "serde",
  "serde_json",
+ "tempfile",
  "tokio",
 ]
 
@@ -2642,6 +2643,7 @@ version = "0.0.0"
 dependencies = [
  "anyhow",
  "assert_cmd",
+ "codex-core",
  "codex-mcp-server",
  "mcp-types",
  "pretty_assertions",
@@ -2649,6 +2651,7 @@ dependencies = [
  "shlex",
  "tempfile",
  "tokio",
+ "uuid",
  "wiremock",
 ]
 

codex-rs/Cargo.toml

@@ -1,5 +1,4 @@
 [workspace]
-resolver = "2"
 members = [
     "ansi-escape",
     "apply-patch",
@@ -17,6 +16,7 @@ members = [
     "mcp-types",
     "tui",
 ]
+resolver = "2"
 
 [workspace.package]
 version = "0.0.0"
@@ -45,4 +45,3 @@ codegen-units = 1
 [patch.crates-io]
 # ratatui = { path = "../../ratatui" }
 ratatui = { git = "https://github.com/nornagon/ratatui", branch = "nornagon-v0.29.0-patch" }
-

codex-rs/ansi-escape/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
+edition = "2024"
 name = "codex-ansi-escape"
 version = { workspace = true }
-edition = "2024"
 
 [lib]
 name = "codex_ansi_escape"
@@ -10,7 +10,7 @@ path = "src/lib.rs"
 [dependencies]
 ansi-to-tui = "7.0.0"
 ratatui = { version = "0.29.0", features = [
-    "unstable-widget-ref",
     "unstable-rendered-line-info",
+    "unstable-widget-ref",
 ] }
 tracing = { version = "0.1.41", features = ["log"] }

codex-rs/apply-patch/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
+edition = "2024"
 name = "codex-apply-patch"
 version = { workspace = true }
-edition = "2024"
 
 [lib]
 name = "codex_apply_patch"

codex-rs/apply-patch/src/lib.rs

@@ -58,16 +58,24 @@ impl PartialEq for IoError {
 
 #[derive(Debug, PartialEq)]
 pub enum MaybeApplyPatch {
-    Body(Vec<Hunk>),
+    Body(ApplyPatchArgs),
     ShellParseError(ExtractHeredocError),
     PatchParseError(ParseError),
     NotApplyPatch,
 }
 
+/// Both the raw PATCH argument to `apply_patch` as well as the PATCH argument
+/// parsed into hunks.
+#[derive(Debug, PartialEq)]
+pub struct ApplyPatchArgs {
+    pub patch: String,
+    pub hunks: Vec<Hunk>,
+}
+
 pub fn maybe_parse_apply_patch(argv: &[String]) -> MaybeApplyPatch {
     match argv {
         [cmd, body] if cmd == "apply_patch" => match parse_patch(body) {
-            Ok(hunks) => MaybeApplyPatch::Body(hunks),
+            Ok(source) => MaybeApplyPatch::Body(source),
             Err(e) => MaybeApplyPatch::PatchParseError(e),
         },
         [bash, flag, script]
@@ -77,7 +85,7 @@ pub fn maybe_parse_apply_patch(argv: &[String]) -> MaybeApplyPatch {
         {
             match extract_heredoc_body_from_apply_patch_command(script) {
                 Ok(body) => match parse_patch(&body) {
-                    Ok(hunks) => MaybeApplyPatch::Body(hunks),
+                    Ok(source) => MaybeApplyPatch::Body(source),
                     Err(e) => MaybeApplyPatch::PatchParseError(e),
                 },
                 Err(e) => MaybeApplyPatch::ShellParseError(e),
@@ -116,11 +124,19 @@ pub enum MaybeApplyPatchVerified {
     NotApplyPatch,
 }
 
-#[derive(Debug, PartialEq)]
 /// ApplyPatchAction is the result of parsing an `apply_patch` command. By
 /// construction, all paths should be absolute paths.
+#[derive(Debug, PartialEq)]
 pub struct ApplyPatchAction {
     changes: HashMap<PathBuf, ApplyPatchFileChange>,
+
+    /// The raw patch argument that can be used with `apply_patch` as an exec
+    /// call. i.e., if the original arg was parsed in "lenient" mode with a
+    /// heredoc, this should be the value without the heredoc wrapper.
+    pub patch: String,
+
+    /// The working directory that was used to resolve relative paths in the patch.
+    pub cwd: PathBuf,
 }
 
 impl ApplyPatchAction {
@@ -140,8 +156,28 @@ impl ApplyPatchAction {
             panic!("path must be absolute");
         }
 
+        #[allow(clippy::expect_used)]
+        let filename = path
+            .file_name()
+            .expect("path should not be empty")
+            .to_string_lossy();
+        let patch = format!(
+            r#"*** Begin Patch
+*** Update File: {filename}
+@@
++ {content}
+*** End Patch"#,
+        );
         let changes = HashMap::from([(path.to_path_buf(), ApplyPatchFileChange::Add { content })]);
-        Self { changes }
+        #[allow(clippy::expect_used)]
+        Self {
+            changes,
+            cwd: path
+                .parent()
+                .expect("path should have parent")
+                .to_path_buf(),
+            patch,
+        }
     }
 }
 
@@ -149,7 +185,7 @@ impl ApplyPatchAction {
 /// patch.
 pub fn maybe_parse_apply_patch_verified(argv: &[String], cwd: &Path) -> MaybeApplyPatchVerified {
     match maybe_parse_apply_patch(argv) {
-        MaybeApplyPatch::Body(hunks) => {
+        MaybeApplyPatch::Body(ApplyPatchArgs { patch, hunks }) => {
             let mut changes = HashMap::new();
             for hunk in hunks {
                 let path = hunk.resolve_path(cwd);
@@ -183,7 +219,11 @@ pub fn maybe_parse_apply_patch_verified(argv: &[String], cwd: &Path) -> MaybeApp
                     }
                 }
             }
-            MaybeApplyPatchVerified::Body(ApplyPatchAction { changes })
+            MaybeApplyPatchVerified::Body(ApplyPatchAction {
+                changes,
+                patch,
+                cwd: cwd.to_path_buf(),
+            })
         }
         MaybeApplyPatch::ShellParseError(e) => MaybeApplyPatchVerified::ShellParseError(e),
         MaybeApplyPatch::PatchParseError(e) => MaybeApplyPatchVerified::CorrectnessError(e.into()),
@@ -264,7 +304,7 @@ pub fn apply_patch(
     stderr: &mut impl std::io::Write,
 ) -> Result<(), ApplyPatchError> {
     let hunks = match parse_patch(patch) {
-        Ok(hunks) => hunks,
+        Ok(source) => source.hunks,
         Err(e) => {
             match &e {
                 InvalidPatchError(message) => {
@@ -652,7 +692,7 @@ mod tests {
         ]);
 
         match maybe_parse_apply_patch(&args) {
-            MaybeApplyPatch::Body(hunks) => {
+            MaybeApplyPatch::Body(ApplyPatchArgs { hunks, patch: _ }) => {
                 assert_eq!(
                     hunks,
                     vec![Hunk::AddFile {
@@ -679,7 +719,7 @@ PATCH"#,
         ]);
 
         match maybe_parse_apply_patch(&args) {
-            MaybeApplyPatch::Body(hunks) => {
+            MaybeApplyPatch::Body(ApplyPatchArgs { hunks, patch: _ }) => {
                 assert_eq!(
                     hunks,
                     vec![Hunk::AddFile {
@@ -954,7 +994,7 @@ PATCH"#,
         ));
         let patch = parse_patch(&patch).unwrap();
 
-        let update_file_chunks = match patch.as_slice() {
+        let update_file_chunks = match patch.hunks.as_slice() {
             [Hunk::UpdateFile { chunks, .. }] => chunks,
             _ => panic!("Expected a single UpdateFile hunk"),
         };
@@ -992,7 +1032,7 @@ PATCH"#,
         ));
 
         let patch = parse_patch(&patch).unwrap();
-        let chunks = match patch.as_slice() {
+        let chunks = match patch.hunks.as_slice() {
             [Hunk::UpdateFile { chunks, .. }] => chunks,
             _ => panic!("Expected a single UpdateFile hunk"),
         };
@@ -1029,7 +1069,7 @@ PATCH"#,
         ));
 
         let patch = parse_patch(&patch).unwrap();
-        let chunks = match patch.as_slice() {
+        let chunks = match patch.hunks.as_slice() {
             [Hunk::UpdateFile { chunks, .. }] => chunks,
             _ => panic!("Expected a single UpdateFile hunk"),
         };
@@ -1064,7 +1104,7 @@ PATCH"#,
         ));
 
         let patch = parse_patch(&patch).unwrap();
-        let chunks = match patch.as_slice() {
+        let chunks = match patch.hunks.as_slice() {
             [Hunk::UpdateFile { chunks, .. }] => chunks,
             _ => panic!("Expected a single UpdateFile hunk"),
         };
@@ -1110,7 +1150,7 @@ PATCH"#,
 
         // Extract chunks then build the unified diff.
         let parsed = parse_patch(&patch).unwrap();
-        let chunks = match parsed.as_slice() {
+        let chunks = match parsed.hunks.as_slice() {
             [Hunk::UpdateFile { chunks, .. }] => chunks,
             _ => panic!("Expected a single UpdateFile hunk"),
         };
@@ -1193,6 +1233,8 @@ g
                         new_content: "updated session directory content\n".to_string(),
                     },
                 )]),
+                patch: argv[1].clone(),
+                cwd: session_dir.path().to_path_buf(),
             })
         );
     }

codex-rs/apply-patch/src/parser.rs

@@ -22,6 +22,7 @@
 //!
 //! The parser below is a little more lenient than the explicit spec and allows for
 //! leading/trailing whitespace around patch markers.
+use crate::ApplyPatchArgs;
 use std::path::Path;
 use std::path::PathBuf;
 
@@ -102,7 +103,7 @@ pub struct UpdateFileChunk {
     pub is_end_of_file: bool,
 }
 
-pub fn parse_patch(patch: &str) -> Result<Vec<Hunk>, ParseError> {
+pub fn parse_patch(patch: &str) -> Result<ApplyPatchArgs, ParseError> {
     let mode = if PARSE_IN_STRICT_MODE {
         ParseMode::Strict
     } else {
@@ -150,7 +151,7 @@ enum ParseMode {
     Lenient,
 }
 
-fn parse_patch_text(patch: &str, mode: ParseMode) -> Result<Vec<Hunk>, ParseError> {
+fn parse_patch_text(patch: &str, mode: ParseMode) -> Result<ApplyPatchArgs, ParseError> {
     let lines: Vec<&str> = patch.trim().lines().collect();
     let lines: &[&str] = match check_patch_boundaries_strict(&lines) {
         Ok(()) => &lines,
@@ -173,7 +174,8 @@ fn parse_patch_text(patch: &str, mode: ParseMode) -> Result<Vec<Hunk>, ParseErro
         line_number += hunk_lines;
         remaining_lines = &remaining_lines[hunk_lines..]
     }
-    Ok(hunks)
+    let patch = lines.join("\n");
+    Ok(ApplyPatchArgs { hunks, patch })
 }
 
 /// Checks the start and end lines of the patch text for `apply_patch`,
@@ -425,6 +427,7 @@ fn parse_update_file_chunk(
 }
 
 #[test]
+#[allow(clippy::unwrap_used)]
 fn test_parse_patch() {
     assert_eq!(
         parse_patch_text("bad", ParseMode::Strict),
@@ -455,8 +458,10 @@ fn test_parse_patch() {
             "*** Begin Patch\n\
              *** End Patch",
             ParseMode::Strict
-        ),
-        Ok(Vec::new())
+        )
+        .unwrap()
+        .hunks,
+        Vec::new()
     );
     assert_eq!(
         parse_patch_text(
@@ -472,8 +477,10 @@ fn test_parse_patch() {
              +    return 123\n\
              *** End Patch",
             ParseMode::Strict
-        ),
-        Ok(vec![
+        )
+        .unwrap()
+        .hunks,
+        vec![
             AddFile {
                 path: PathBuf::from("path/add.py"),
                 contents: "abc\ndef\n".to_string()
@@ -491,7 +498,7 @@ fn test_parse_patch() {
                     is_end_of_file: false
                 }]
             }
-        ])
+        ]
     );
     // Update hunk followed by another hunk (Add File).
     assert_eq!(
@@ -504,8 +511,10 @@ fn test_parse_patch() {
              +content\n\
              *** End Patch",
             ParseMode::Strict
-        ),
-        Ok(vec![
+        )
+        .unwrap()
+        .hunks,
+        vec![
             UpdateFile {
                 path: PathBuf::from("file.py"),
                 move_path: None,
@@ -520,7 +529,7 @@ fn test_parse_patch() {
                 path: PathBuf::from("other.py"),
                 contents: "content\n".to_string()
             }
-        ])
+        ]
     );
 
     // Update hunk without an explicit @@ header for the first chunk should parse.
@@ -533,8 +542,10 @@ fn test_parse_patch() {
 +bar
 *** End Patch"#,
             ParseMode::Strict
-        ),
-        Ok(vec![UpdateFile {
+        )
+        .unwrap()
+        .hunks,
+        vec![UpdateFile {
             path: PathBuf::from("file2.py"),
             move_path: None,
             chunks: vec![UpdateFileChunk {
@@ -543,7 +554,7 @@ fn test_parse_patch() {
                 new_lines: vec!["import foo".to_string(), "bar".to_string()],
                 is_end_of_file: false,
             }],
-        }])
+        }]
     );
 }
 
@@ -574,7 +585,10 @@ fn test_parse_patch_lenient() {
     );
     assert_eq!(
         parse_patch_text(&patch_text_in_heredoc, ParseMode::Lenient),
-        Ok(expected_patch.clone())
+        Ok(ApplyPatchArgs {
+            hunks: expected_patch.clone(),
+            patch: patch_text.to_string()
+        })
     );
 
     let patch_text_in_single_quoted_heredoc = format!("<<'EOF'\n{patch_text}\nEOF\n");
@@ -584,7 +598,10 @@ fn test_parse_patch_lenient() {
     );
     assert_eq!(
         parse_patch_text(&patch_text_in_single_quoted_heredoc, ParseMode::Lenient),
-        Ok(expected_patch.clone())
+        Ok(ApplyPatchArgs {
+            hunks: expected_patch.clone(),
+            patch: patch_text.to_string()
+        })
     );
 
     let patch_text_in_double_quoted_heredoc = format!("<<\"EOF\"\n{patch_text}\nEOF\n");
@@ -594,7 +611,10 @@ fn test_parse_patch_lenient() {
     );
     assert_eq!(
         parse_patch_text(&patch_text_in_double_quoted_heredoc, ParseMode::Lenient),
-        Ok(expected_patch.clone())
+        Ok(ApplyPatchArgs {
+            hunks: expected_patch.clone(),
+            patch: patch_text.to_string()
+        })
     );
 
     let patch_text_in_mismatched_quotes_heredoc = format!("<<\"EOF'\n{patch_text}\nEOF\n");

codex-rs/arg0/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
+edition = "2024"
 name = "codex-arg0"
 version = { workspace = true }
-edition = "2024"
 
 [lib]
 name = "codex_arg0"

codex-rs/arg0/src/lib.rs

@@ -2,6 +2,8 @@ use std::future::Future;
 use std::path::Path;
 use std::path::PathBuf;
 
+use codex_core::CODEX_APPLY_PATCH_ARG1;
+
 /// While we want to deploy the Codex CLI as a single executable for simplicity,
 /// we also want to expose some of its functionality as distinct CLIs, so we use
 /// the "arg0 trick" to determine which CLI to dispatch. This effectively allows
@@ -43,7 +45,7 @@ where
     }
 
     let argv1 = args.next().unwrap_or_default();
-    if argv1 == "--codex-run-as-apply-patch" {
+    if argv1 == CODEX_APPLY_PATCH_ARG1 {
         let patch_arg = args.next().and_then(|s| s.to_str().map(|s| s.to_owned()));
         let exit_code = match patch_arg {
             Some(patch_arg) => {
@@ -55,7 +57,7 @@ where
                 }
             }
             None => {
-                eprintln!("Error: --codex-run-as-apply-patch requires a UTF-8 PATCH argument.");
+                eprintln!("Error: {CODEX_APPLY_PATCH_ARG1} requires a UTF-8 PATCH argument.");
                 1
             }
         };

codex-rs/chatgpt/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
+edition = "2024"
 name = "codex-chatgpt"
 version = { workspace = true }
-edition = "2024"
 
 [lints]
 workspace = true
@@ -9,12 +9,12 @@ workspace = true
 [dependencies]
 anyhow = "1"
 clap = { version = "4", features = ["derive"] }
-serde = { version = "1", features = ["derive"] }
-serde_json = "1"
 codex-common = { path = "../common", features = ["cli"] }
 codex-core = { path = "../core" }
 codex-login = { path = "../login" }
 reqwest = { version = "0.12", features = ["json", "stream"] }
+serde = { version = "1", features = ["derive"] }
+serde_json = "1"
 tokio = { version = "1", features = ["full"] }
 
 [dev-dependencies]

codex-rs/chatgpt/src/chatgpt_token.rs

@@ -18,7 +18,7 @@ pub fn set_chatgpt_token_data(value: TokenData) {
 
 /// Initialize the ChatGPT token from auth.json file
 pub async fn init_chatgpt_token_from_auth(codex_home: &Path) -> std::io::Result<()> {
-    let auth = codex_login::load_auth(codex_home)?;
+    let auth = codex_login::load_auth(codex_home, true)?;
     if let Some(auth) = auth {
         let token_data = auth.get_token_data().await?;
         set_chatgpt_token_data(token_data);

codex-rs/chatgpt/tests/apply_command_e2e.rs

@@ -10,8 +10,13 @@ use tokio::process::Command;
 async fn create_temp_git_repo() -> anyhow::Result<TempDir> {
     let temp_dir = TempDir::new()?;
     let repo_path = temp_dir.path();
+    let envs = vec![
+        ("GIT_CONFIG_GLOBAL", "/dev/null"),
+        ("GIT_CONFIG_NOSYSTEM", "1"),
+    ];
 
     let output = Command::new("git")
+        .envs(envs.clone())
         .args(["init"])
         .current_dir(repo_path)
         .output()
@@ -25,12 +30,14 @@ async fn create_temp_git_repo() -> anyhow::Result<TempDir> {
     }
 
     Command::new("git")
+        .envs(envs.clone())
         .args(["config", "user.email", "test@example.com"])
         .current_dir(repo_path)
         .output()
         .await?;
 
     Command::new("git")
+        .envs(envs.clone())
         .args(["config", "user.name", "Test User"])
         .current_dir(repo_path)
         .output()
@@ -39,12 +46,14 @@ async fn create_temp_git_repo() -> anyhow::Result<TempDir> {
     std::fs::write(repo_path.join("README.md"), "# Test Repo\n")?;
 
     Command::new("git")
+        .envs(envs.clone())
         .args(["add", "README.md"])
         .current_dir(repo_path)
         .output()
         .await?;
 
     let output = Command::new("git")
+        .envs(envs.clone())
         .args(["commit", "-m", "Initial commit"])
         .current_dir(repo_path)
         .output()

codex-rs/cli/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
+edition = "2024"
 name = "codex-cli"
 version = { workspace = true }
-edition = "2024"
 
 [[bin]]
 name = "codex"
@@ -20,8 +20,8 @@ clap = { version = "4", features = ["derive"] }
 clap_complete = "4"
 codex-arg0 = { path = "../arg0" }
 codex-chatgpt = { path = "../chatgpt" }
-codex-core = { path = "../core" }
 codex-common = { path = "../common", features = ["cli"] }
+codex-core = { path = "../core" }
 codex-exec = { path = "../exec" }
 codex-login = { path = "../login" }
 codex-mcp-server = { path = "../mcp-server" }

codex-rs/cli/src/debug_sandbox.rs

@@ -4,10 +4,10 @@ use codex_common::CliConfigOverrides;
 use codex_core::config::Config;
 use codex_core::config::ConfigOverrides;
 use codex_core::config_types::SandboxMode;
-use codex_core::exec::StdioPolicy;
 use codex_core::exec::spawn_command_under_linux_sandbox;
-use codex_core::exec::spawn_command_under_seatbelt;
 use codex_core::exec_env::create_env;
+use codex_core::seatbelt::spawn_command_under_seatbelt;
+use codex_core::spawn::StdioPolicy;
 
 use crate::LandlockCommand;
 use crate::SeatbeltCommand;

codex-rs/cli/src/login.rs

@@ -1,8 +1,12 @@
+use std::env;
+
 use codex_common::CliConfigOverrides;
 use codex_core::config::Config;
 use codex_core::config::ConfigOverrides;
 use codex_login::AuthMode;
+use codex_login::OPENAI_API_KEY_ENV_VAR;
 use codex_login::load_auth;
+use codex_login::login_with_api_key;
 use codex_login::login_with_chatgpt;
 
 pub async fn run_login_with_chatgpt(cli_config_overrides: CliConfigOverrides) -> ! {
@@ -21,14 +25,40 @@ pub async fn run_login_with_chatgpt(cli_config_overrides: CliConfigOverrides) ->
     }
 }
 
+pub async fn run_login_with_api_key(
+    cli_config_overrides: CliConfigOverrides,
+    api_key: String,
+) -> ! {
+    let config = load_config_or_exit(cli_config_overrides);
+
+    match login_with_api_key(&config.codex_home, &api_key) {
+        Ok(_) => {
+            eprintln!("Successfully logged in");
+            std::process::exit(0);
+        }
+        Err(e) => {
+            eprintln!("Error logging in: {e}");
+            std::process::exit(1);
+        }
+    }
+}
+
 pub async fn run_login_status(cli_config_overrides: CliConfigOverrides) -> ! {
     let config = load_config_or_exit(cli_config_overrides);
 
-    match load_auth(&config.codex_home) {
+    match load_auth(&config.codex_home, true) {
         Ok(Some(auth)) => match auth.mode {
             AuthMode::ApiKey => {
                 if let Some(api_key) = auth.api_key.as_deref() {
                     eprintln!("Logged in using an API key - {}", safe_format_key(api_key));
+
+                    if let Ok(env_api_key) = env::var(OPENAI_API_KEY_ENV_VAR) {
+                        if env_api_key == api_key {
+                            eprintln!(
+                                "   API loaded from OPENAI_API_KEY environment variable or .env file"
+                            );
+                        }
+                    }
                 } else {
                     eprintln!("Logged in using an API key");
                 }

codex-rs/cli/src/main.rs

@@ -8,6 +8,7 @@ use codex_chatgpt::apply_command::run_apply_command;
 use codex_cli::LandlockCommand;
 use codex_cli::SeatbeltCommand;
 use codex_cli::login::run_login_status;
+use codex_cli::login::run_login_with_api_key;
 use codex_cli::login::run_login_with_chatgpt;
 use codex_cli::proto;
 use codex_common::CliConfigOverrides;
@@ -92,6 +93,9 @@ struct LoginCommand {
     #[clap(skip)]
     config_overrides: CliConfigOverrides,
 
+    #[arg(long = "api-key", value_name = "API_KEY")]
+    api_key: Option<String>,
+
     #[command(subcommand)]
     action: Option<LoginSubcommand>,
 }
@@ -133,7 +137,11 @@ async fn cli_main(codex_linux_sandbox_exe: Option<PathBuf>) -> anyhow::Result<()
                     run_login_status(login_cli.config_overrides).await;
                 }
                 None => {
-                    run_login_with_chatgpt(login_cli.config_overrides).await;
+                    if let Some(api_key) = login_cli.api_key {
+                        run_login_with_api_key(login_cli.config_overrides, api_key).await;
+                    } else {
+                        run_login_with_chatgpt(login_cli.config_overrides).await;
+                    }
                 }
             }
         }

codex-rs/cli/src/proto.rs

@@ -36,7 +36,7 @@ pub async fn run_main(opts: ProtoCli) -> anyhow::Result<()> {
         .map_err(anyhow::Error::msg)?;
 
     let config = Config::load_with_cli_overrides(overrides_vec, ConfigOverrides::default())?;
-    let auth = load_auth(&config.codex_home)?;
+    let auth = load_auth(&config.codex_home, true)?;
     let ctrl_c = notify_on_sigint();
     let CodexSpawnOk { codex, .. } = Codex::spawn(config, auth, ctrl_c.clone()).await?;
     let codex = Arc::new(codex);

codex-rs/common/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
+edition = "2024"
 name = "codex-common"
 version = { workspace = true }
-edition = "2024"
 
 [lints]
 workspace = true
@@ -9,11 +9,11 @@ workspace = true
 [dependencies]
 clap = { version = "4", features = ["derive", "wrap_help"], optional = true }
 codex-core = { path = "../core" }
-toml = { version = "0.9", optional = true }
 serde = { version = "1", optional = true }
+toml = { version = "0.9", optional = true }
 
 [features]
 # Separate feature so that `clap` is not a mandatory dependency.
-cli = ["clap", "toml", "serde"]
+cli = ["clap", "serde", "toml"]
 elapsed = []
 sandbox_summary = []

codex-rs/core/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
+edition = "2024"
 name = "codex-core"
 version = { workspace = true }
-edition = "2024"
 
 [lib]
 name = "codex_core"
@@ -15,10 +15,10 @@ anyhow = "1"
 async-channel = "2.3.1"
 base64 = "0.22"
 bytes = "1.10.1"
-codex-apply-patch = { path = "../apply-patch" }
-codex-mcp-client = { path = "../mcp-client" }
 chrono = { version = "0.4", features = ["serde"] }
+codex-apply-patch = { path = "../apply-patch" }
 codex-login = { path = "../login" }
+codex-mcp-client = { path = "../mcp-client" }
 dirs = "6"
 env-flags = "0.1.1"
 eventsource-stream = "0.2.3"
@@ -49,8 +49,8 @@ tracing = { version = "0.1.41", features = ["log"] }
 tree-sitter = "0.25.8"
 tree-sitter-bash = "0.25.0"
 uuid = { version = "1", features = ["serde", "v4"] }
-wildmatch = "2.4.0"
 whoami = "1.6.0"
+wildmatch = "2.4.0"
 
 
 [target.'cfg(target_os = "linux")'.dependencies]

codex-rs/core/prompt.md

@@ -96,3 +96,12 @@ You can invoke apply_patch like:
 ```
 shell {"command":["apply_patch","*** Begin Patch\n*** Add File: hello.txt\n+Hello, world!\n*** End Patch\n"]}
 ```
+
+Plan updates
+
+A tool named `update_plan` is available. Use it to keep an up‑to‑date, step‑by‑step plan for the task so you can follow your progress. When making your plans, keep in mind that you are a deployed coding agent - `update_plan` calls should not involve doing anything that you aren't capable of doing. For example, `update_plan` calls should NEVER contain tasks to merge your own pull requests. Only stop to ask the user if you genuinely need their feedback on a change.
+
+- At the start of the task, call `update_plan` with an initial plan: a short list of 1‑sentence steps with a `status` for each step (`pending`, `in_progress`, or `completed`). There should always be exactly one `in_progress` step until everything is done.
+- Whenever you finish a step, call `update_plan` again, marking the finished step as `completed` and the next step as `in_progress`.
+- If your plan needs to change, call `update_plan` with the revised steps and include an `explanation` describing the change.
+- When all steps are complete, make a final `update_plan` call with all steps marked `completed`.

codex-rs/core/src/apply_patch.rs

@@ -1,277 +1,107 @@
 use crate::codex::Session;
 use crate::models::FunctionCallOutputPayload;
 use crate::models::ResponseInputItem;
-use crate::protocol::Event;
-use crate::protocol::EventMsg;
 use crate::protocol::FileChange;
-use crate::protocol::PatchApplyBeginEvent;
-use crate::protocol::PatchApplyEndEvent;
 use crate::protocol::ReviewDecision;
 use crate::safety::SafetyCheck;
 use crate::safety::assess_patch_safety;
-use anyhow::Context;
-use codex_apply_patch::AffectedPaths;
 use codex_apply_patch::ApplyPatchAction;
 use codex_apply_patch::ApplyPatchFileChange;
-use codex_apply_patch::print_summary;
 use std::collections::HashMap;
 use std::path::Path;
 use std::path::PathBuf;
 
+pub const CODEX_APPLY_PATCH_ARG1: &str = "--codex-run-as-apply-patch";
+
+pub(crate) enum InternalApplyPatchInvocation {
+    /// The `apply_patch` call was handled programmatically, without any sort
+    /// of sandbox, because the user explicitly approved it. This is the
+    /// result to use with the `shell` function call that contained `apply_patch`.
+    Output(ResponseInputItem),
+
+    /// The `apply_patch` call was approved, either automatically because it
+    /// appears that it should be allowed based on the user's sandbox policy
+    /// *or* because the user explicitly approved it. In either case, we use
+    /// exec with [`CODEX_APPLY_PATCH_ARG1`] to realize the `apply_patch` call,
+    /// but [`ApplyPatchExec::auto_approved`] is used to determine the sandbox
+    /// used with the `exec()`.
+    DelegateToExec(ApplyPatchExec),
+}
+
+pub(crate) struct ApplyPatchExec {
+    pub(crate) action: ApplyPatchAction,
+    pub(crate) user_explicitly_approved_this_action: bool,
+}
+
+impl From<ResponseInputItem> for InternalApplyPatchInvocation {
+    fn from(item: ResponseInputItem) -> Self {
+        InternalApplyPatchInvocation::Output(item)
+    }
+}
+
 pub(crate) async fn apply_patch(
     sess: &Session,
-    sub_id: String,
-    call_id: String,
+    sub_id: &str,
+    call_id: &str,
     action: ApplyPatchAction,
-) -> ResponseInputItem {
+) -> InternalApplyPatchInvocation {
     let writable_roots_snapshot = {
         #[allow(clippy::unwrap_used)]
         let guard = sess.writable_roots.lock().unwrap();
         guard.clone()
     };
 
-    let auto_approved = match assess_patch_safety(
+    match assess_patch_safety(
         &action,
         sess.approval_policy,
         &writable_roots_snapshot,
         &sess.cwd,
     ) {
-        SafetyCheck::AutoApprove { .. } => true,
+        SafetyCheck::AutoApprove { .. } => {
+            InternalApplyPatchInvocation::DelegateToExec(ApplyPatchExec {
+                action,
+                user_explicitly_approved_this_action: false,
+            })
+        }
         SafetyCheck::AskUser => {
             // Compute a readable summary of path changes to include in the
             // approval request so the user can make an informed decision.
+            //
+            // Note that it might be worth expanding this approval request to
+            // give the user the option to expand the set of writable roots so
+            // that similar patches can be auto-approved in the future during
+            // this session.
             let rx_approve = sess
-                .request_patch_approval(sub_id.clone(), call_id.clone(), &action, None, None)
+                .request_patch_approval(sub_id.to_owned(), call_id.to_owned(), &action, None, None)
                 .await;
             match rx_approve.await.unwrap_or_default() {
-                ReviewDecision::Approved | ReviewDecision::ApprovedForSession => false,
+                ReviewDecision::Approved | ReviewDecision::ApprovedForSession => {
+                    InternalApplyPatchInvocation::DelegateToExec(ApplyPatchExec {
+                        action,
+                        user_explicitly_approved_this_action: true,
+                    })
+                }
                 ReviewDecision::Denied | ReviewDecision::Abort => {
-                    return ResponseInputItem::FunctionCallOutput {
-                        call_id,
+                    ResponseInputItem::FunctionCallOutput {
+                        call_id: call_id.to_owned(),
                         output: FunctionCallOutputPayload {
                             content: "patch rejected by user".to_string(),
                             success: Some(false),
                         },
-                    };
+                    }
+                    .into()
                 }
             }
         }
-        SafetyCheck::Reject { reason } => {
-            return ResponseInputItem::FunctionCallOutput {
-                call_id,
-                output: FunctionCallOutputPayload {
-                    content: format!("patch rejected: {reason}"),
-                    success: Some(false),
-                },
-            };
-        }
-    };
-
-    // Verify write permissions before touching the filesystem.
-    let writable_snapshot = {
-        #[allow(clippy::unwrap_used)]
-        sess.writable_roots.lock().unwrap().clone()
-    };
-
-    if let Some(offending) = first_offending_path(&action, &writable_snapshot, &sess.cwd) {
-        let root = offending.parent().unwrap_or(&offending).to_path_buf();
-
-        let reason = Some(format!(
-            "grant write access to {} for this session",
-            root.display()
-        ));
-
-        let rx = sess
-            .request_patch_approval(
-                sub_id.clone(),
-                call_id.clone(),
-                &action,
-                reason.clone(),
-                Some(root.clone()),
-            )
-            .await;
-
-        if !matches!(
-            rx.await.unwrap_or_default(),
-            ReviewDecision::Approved | ReviewDecision::ApprovedForSession
-        ) {
-            return ResponseInputItem::FunctionCallOutput {
-                call_id,
-                output: FunctionCallOutputPayload {
-                    content: "patch rejected by user".to_string(),
-                    success: Some(false),
-                },
-            };
-        }
-
-        // user approved, extend writable roots for this session
-        #[allow(clippy::unwrap_used)]
-        sess.writable_roots.lock().unwrap().push(root);
-    }
-
-    let _ = sess
-        .tx_event
-        .send(Event {
-            id: sub_id.clone(),
-            msg: EventMsg::PatchApplyBegin(PatchApplyBeginEvent {
-                call_id: call_id.clone(),
-                auto_approved,
-                changes: convert_apply_patch_to_protocol(&action),
-            }),
-        })
-        .await;
-
-    let mut stdout = Vec::new();
-    let mut stderr = Vec::new();
-    // Enforce writable roots. If a write is blocked, collect offending root
-    // and prompt the user to extend permissions.
-    let mut result = apply_changes_from_apply_patch_and_report(&action, &mut stdout, &mut stderr);
-
-    if let Err(err) = &result {
-        if err.kind() == std::io::ErrorKind::PermissionDenied {
-            // Determine first offending path.
-            let offending_opt = action
-                .changes()
-                .iter()
-                .flat_map(|(path, change)| match change {
-                    ApplyPatchFileChange::Add { .. } => vec![path.as_ref()],
-                    ApplyPatchFileChange::Delete => vec![path.as_ref()],
-                    ApplyPatchFileChange::Update {
-                        move_path: Some(move_path),
-                        ..
-                    } => {
-                        vec![path.as_ref(), move_path.as_ref()]
-                    }
-                    ApplyPatchFileChange::Update {
-                        move_path: None, ..
-                    } => vec![path.as_ref()],
-                })
-                .find_map(|path: &Path| {
-                    // ApplyPatchAction promises to guarantee absolute paths.
-                    if !path.is_absolute() {
-                        panic!("apply_patch invariant failed: path is not absolute: {path:?}");
-                    }
-
-                    let writable = {
-                        #[allow(clippy::unwrap_used)]
-                        let roots = sess.writable_roots.lock().unwrap();
-                        roots.iter().any(|root| path.starts_with(root))
-                    };
-                    if writable {
-                        None
-                    } else {
-                        Some(path.to_path_buf())
-                    }
-                });
-
-            if let Some(offending) = offending_opt {
-                let root = offending.parent().unwrap_or(&offending).to_path_buf();
-
-                let reason = Some(format!(
-                    "grant write access to {} for this session",
-                    root.display()
-                ));
-                let rx = sess
-                    .request_patch_approval(
-                        sub_id.clone(),
-                        call_id.clone(),
-                        &action,
-                        reason.clone(),
-                        Some(root.clone()),
-                    )
-                    .await;
-                if matches!(
-                    rx.await.unwrap_or_default(),
-                    ReviewDecision::Approved | ReviewDecision::ApprovedForSession
-                ) {
-                    // Extend writable roots.
-                    #[allow(clippy::unwrap_used)]
-                    sess.writable_roots.lock().unwrap().push(root);
-                    stdout.clear();
-                    stderr.clear();
-                    result = apply_changes_from_apply_patch_and_report(
-                        &action,
-                        &mut stdout,
-                        &mut stderr,
-                    );
-                }
-            }
-        }
-    }
-
-    // Emit PatchApplyEnd event.
-    let success_flag = result.is_ok();
-    let _ = sess
-        .tx_event
-        .send(Event {
-            id: sub_id.clone(),
-            msg: EventMsg::PatchApplyEnd(PatchApplyEndEvent {
-                call_id: call_id.clone(),
-                stdout: String::from_utf8_lossy(&stdout).to_string(),
-                stderr: String::from_utf8_lossy(&stderr).to_string(),
-                success: success_flag,
-            }),
-        })
-        .await;
-
-    match result {
-        Ok(_) => ResponseInputItem::FunctionCallOutput {
-            call_id,
+        SafetyCheck::Reject { reason } => ResponseInputItem::FunctionCallOutput {
+            call_id: call_id.to_owned(),
             output: FunctionCallOutputPayload {
-                content: String::from_utf8_lossy(&stdout).to_string(),
-                success: None,
-            },
-        },
-        Err(e) => ResponseInputItem::FunctionCallOutput {
-            call_id,
-            output: FunctionCallOutputPayload {
-                content: format!("error: {e:#}, stderr: {}", String::from_utf8_lossy(&stderr)),
+                content: format!("patch rejected: {reason}"),
                 success: Some(false),
             },
-        },
-    }
-}
-
-/// Return the first path in `hunks` that is NOT under any of the
-/// `writable_roots` (after normalising). If all paths are acceptable,
-/// returns None.
-fn first_offending_path(
-    action: &ApplyPatchAction,
-    writable_roots: &[PathBuf],
-    cwd: &Path,
-) -> Option<PathBuf> {
-    let changes = action.changes();
-    for (path, change) in changes {
-        let candidate = match change {
-            ApplyPatchFileChange::Add { .. } => path,
-            ApplyPatchFileChange::Delete => path,
-            ApplyPatchFileChange::Update { move_path, .. } => move_path.as_ref().unwrap_or(path),
-        };
-
-        let abs = if candidate.is_absolute() {
-            candidate.clone()
-        } else {
-            cwd.join(candidate)
-        };
-
-        let mut allowed = false;
-        for root in writable_roots {
-            let root_abs = if root.is_absolute() {
-                root.clone()
-            } else {
-                cwd.join(root)
-            };
-            if abs.starts_with(&root_abs) {
-                allowed = true;
-                break;
-            }
-        }
-
-        if !allowed {
-            return Some(candidate.clone());
         }
+        .into(),
     }
-    None
 }
 
 pub(crate) fn convert_apply_patch_to_protocol(
@@ -299,85 +129,6 @@ pub(crate) fn convert_apply_patch_to_protocol(
     result
 }
 
-fn apply_changes_from_apply_patch_and_report(
-    action: &ApplyPatchAction,
-    stdout: &mut impl std::io::Write,
-    stderr: &mut impl std::io::Write,
-) -> std::io::Result<()> {
-    match apply_changes_from_apply_patch(action) {
-        Ok(affected_paths) => {
-            print_summary(&affected_paths, stdout)?;
-        }
-        Err(err) => {
-            writeln!(stderr, "{err:?}")?;
-        }
-    }
-
-    Ok(())
-}
-
-fn apply_changes_from_apply_patch(action: &ApplyPatchAction) -> anyhow::Result<AffectedPaths> {
-    let mut added: Vec<PathBuf> = Vec::new();
-    let mut modified: Vec<PathBuf> = Vec::new();
-    let mut deleted: Vec<PathBuf> = Vec::new();
-
-    let changes = action.changes();
-    for (path, change) in changes {
-        match change {
-            ApplyPatchFileChange::Add { content } => {
-                if let Some(parent) = path.parent() {
-                    if !parent.as_os_str().is_empty() {
-                        std::fs::create_dir_all(parent).with_context(|| {
-                            format!("Failed to create parent directories for {}", path.display())
-                        })?;
-                    }
-                }
-                std::fs::write(path, content)
-                    .with_context(|| format!("Failed to write file {}", path.display()))?;
-                added.push(path.clone());
-            }
-            ApplyPatchFileChange::Delete => {
-                std::fs::remove_file(path)
-                    .with_context(|| format!("Failed to delete file {}", path.display()))?;
-                deleted.push(path.clone());
-            }
-            ApplyPatchFileChange::Update {
-                unified_diff: _unified_diff,
-                move_path,
-                new_content,
-            } => {
-                if let Some(move_path) = move_path {
-                    if let Some(parent) = move_path.parent() {
-                        if !parent.as_os_str().is_empty() {
-                            std::fs::create_dir_all(parent).with_context(|| {
-                                format!(
-                                    "Failed to create parent directories for {}",
-                                    move_path.display()
-                                )
-                            })?;
-                        }
-                    }
-
-                    std::fs::rename(path, move_path)
-                        .with_context(|| format!("Failed to rename file {}", path.display()))?;
-                    std::fs::write(move_path, new_content)?;
-                    modified.push(move_path.clone());
-                    deleted.push(path.clone());
-                } else {
-                    std::fs::write(path, new_content)?;
-                    modified.push(path.clone());
-                }
-            }
-        }
-    }
-
-    Ok(AffectedPaths {
-        added,
-        modified,
-        deleted,
-    })
-}
-
 pub(crate) fn get_writable_roots(cwd: &Path) -> Vec<PathBuf> {
     let mut writable_roots = Vec::new();
     if cfg!(target_os = "macos") {

codex-rs/core/src/client.rs

@@ -192,7 +192,7 @@ impl ModelClient {
         loop {
             attempt += 1;
 
-            let req_builder = self
+            let mut req_builder = self
                 .client
                 .post(format!("{base_url}/responses"))
                 .header("OpenAI-Beta", "responses=experimental")
@@ -201,6 +201,12 @@ impl ModelClient {
                 .header(reqwest::header::ACCEPT, "text/event-stream")
                 .json(&payload);
 
+            if auth.mode == AuthMode::ChatGPT {
+                if let Some(account_id) = auth.get_account_id().await {
+                    req_builder = req_builder.header("chatgpt-account-id", account_id);
+                }
+            }
+
             let req_builder = self.provider.apply_http_headers(req_builder);
 
             let res = req_builder.send().await;

codex-rs/core/src/codex.rs

@@ -30,6 +30,9 @@ use tracing::trace;
 use tracing::warn;
 use uuid::Uuid;
 
+use crate::apply_patch::ApplyPatchExec;
+use crate::apply_patch::CODEX_APPLY_PATCH_ARG1;
+use crate::apply_patch::InternalApplyPatchInvocation;
 use crate::apply_patch::convert_apply_patch_to_protocol;
 use crate::apply_patch::get_writable_roots;
 use crate::apply_patch::{self};
@@ -71,8 +74,11 @@ use crate::protocol::EventMsg;
 use crate::protocol::ExecApprovalRequestEvent;
 use crate::protocol::ExecCommandBeginEvent;
 use crate::protocol::ExecCommandEndEvent;
+use crate::protocol::FileChange;
 use crate::protocol::InputItem;
 use crate::protocol::Op;
+use crate::protocol::PatchApplyBeginEvent;
+use crate::protocol::PatchApplyEndEvent;
 use crate::protocol::ReviewDecision;
 use crate::protocol::SandboxPolicy;
 use crate::protocol::SessionConfiguredEvent;
@@ -81,6 +87,7 @@ use crate::protocol::TaskCompleteEvent;
 use crate::rollout::RolloutRecorder;
 use crate::safety::SafetyCheck;
 use crate::safety::assess_command_safety;
+use crate::safety::assess_safety_for_untrusted_command;
 use crate::shell;
 use crate::user_notification::UserNotification;
 use crate::util::backoff;
@@ -354,14 +361,32 @@ impl Session {
         }
     }
 
-    async fn notify_exec_command_begin(&self, sub_id: &str, call_id: &str, params: &ExecParams) {
+    async fn notify_exec_command_begin(&self, exec_command_context: ExecCommandContext) {
+        let ExecCommandContext {
+            sub_id,
+            call_id,
+            command_for_display,
+            cwd,
+            apply_patch,
+        } = exec_command_context;
+        let msg = match apply_patch {
+            Some(ApplyPatchCommandContext {
+                user_explicitly_approved_this_action,
+                changes,
+            }) => EventMsg::PatchApplyBegin(PatchApplyBeginEvent {
+                call_id,
+                auto_approved: !user_explicitly_approved_this_action,
+                changes,
+            }),
+            None => EventMsg::ExecCommandBegin(ExecCommandBeginEvent {
+                call_id,
+                command: command_for_display.clone(),
+                cwd,
+            }),
+        };
         let event = Event {
             id: sub_id.to_string(),
-            msg: EventMsg::ExecCommandBegin(ExecCommandBeginEvent {
-                call_id: call_id.to_string(),
-                command: params.command.clone(),
-                cwd: params.cwd.clone(),
-            }),
+            msg,
         };
         let _ = self.tx_event.send(event).await;
     }
@@ -373,18 +398,33 @@ impl Session {
         stdout: &str,
         stderr: &str,
         exit_code: i32,
+        is_apply_patch: bool,
     ) {
+        // Because stdout and stderr could each be up to 100 KiB, we send
+        // truncated versions.
         const MAX_STREAM_OUTPUT: usize = 5 * 1024; // 5KiB
+        let stdout = stdout.chars().take(MAX_STREAM_OUTPUT).collect();
+        let stderr = stderr.chars().take(MAX_STREAM_OUTPUT).collect();
+
+        let msg = if is_apply_patch {
+            EventMsg::PatchApplyEnd(PatchApplyEndEvent {
+                call_id: call_id.to_string(),
+                stdout,
+                stderr,
+                success: exit_code == 0,
+            })
+        } else {
+            EventMsg::ExecCommandEnd(ExecCommandEndEvent {
+                call_id: call_id.to_string(),
+                stdout,
+                stderr,
+                exit_code,
+            })
+        };
+
         let event = Event {
             id: sub_id.to_string(),
-            // Because stdout and stderr could each be up to 100 KiB, we send
-            // truncated versions.
-            msg: EventMsg::ExecCommandEnd(ExecCommandEndEvent {
-                call_id: call_id.to_string(),
-                stdout: stdout.chars().take(MAX_STREAM_OUTPUT).collect(),
-                stderr: stderr.chars().take(MAX_STREAM_OUTPUT).collect(),
-                exit_code,
-            }),
+            msg,
         };
         let _ = self.tx_event.send(event).await;
     }
@@ -492,6 +532,21 @@ impl State {
     }
 }
 
+#[derive(Clone, Debug)]
+pub(crate) struct ExecCommandContext {
+    pub(crate) sub_id: String,
+    pub(crate) call_id: String,
+    pub(crate) command_for_display: Vec<String>,
+    pub(crate) cwd: PathBuf,
+    pub(crate) apply_patch: Option<ApplyPatchCommandContext>,
+}
+
+#[derive(Clone, Debug)]
+pub(crate) struct ApplyPatchCommandContext {
+    pub(crate) user_explicitly_approved_this_action: bool,
+    pub(crate) changes: HashMap<PathBuf, FileChange>,
+}
+
 /// A series of Turns in response to user input.
 pub(crate) struct AgentTask {
     sess: Arc<Session>,
@@ -1420,9 +1475,14 @@ async fn handle_container_exec_with_params(
     call_id: String,
 ) -> ResponseInputItem {
     // check if this was a patch, and apply it if so
-    match maybe_parse_apply_patch_verified(&params.command, &params.cwd) {
+    let apply_patch_exec = match maybe_parse_apply_patch_verified(&params.command, &params.cwd) {
         MaybeApplyPatchVerified::Body(changes) => {
-            return apply_patch::apply_patch(sess, sub_id, call_id, changes).await;
+            match apply_patch::apply_patch(sess, &sub_id, &call_id, changes).await {
+                InternalApplyPatchInvocation::Output(item) => return item,
+                InternalApplyPatchInvocation::DelegateToExec(apply_patch_exec) => {
+                    Some(apply_patch_exec)
+                }
+            }
         }
         MaybeApplyPatchVerified::CorrectnessError(parse_error) => {
             // It looks like an invocation of `apply_patch`, but we
@@ -1438,20 +1498,67 @@ async fn handle_container_exec_with_params(
         }
         MaybeApplyPatchVerified::ShellParseError(error) => {
             trace!("Failed to parse shell command, {error:?}");
+            None
         }
-        MaybeApplyPatchVerified::NotApplyPatch => (),
-    }
-
-    // safety checks
-    let safety = {
-        let state = sess.state.lock().unwrap();
-        assess_command_safety(
-            &params.command,
-            sess.approval_policy,
-            &sess.sandbox_policy,
-            &state.approved_commands,
-        )
+        MaybeApplyPatchVerified::NotApplyPatch => None,
     };
+
+    let (params, safety, command_for_display) = match &apply_patch_exec {
+        Some(ApplyPatchExec {
+            action: ApplyPatchAction { patch, cwd, .. },
+            user_explicitly_approved_this_action,
+        }) => {
+            let path_to_codex = std::env::current_exe()
+                .ok()
+                .map(|p| p.to_string_lossy().to_string());
+            let Some(path_to_codex) = path_to_codex else {
+                return ResponseInputItem::FunctionCallOutput {
+                    call_id,
+                    output: FunctionCallOutputPayload {
+                        content: "failed to determine path to codex executable".to_string(),
+                        success: None,
+                    },
+                };
+            };
+
+            let params = ExecParams {
+                command: vec![
+                    path_to_codex,
+                    CODEX_APPLY_PATCH_ARG1.to_string(),
+                    patch.clone(),
+                ],
+                cwd: cwd.clone(),
+                timeout_ms: params.timeout_ms,
+                env: HashMap::new(),
+            };
+            let safety = if *user_explicitly_approved_this_action {
+                SafetyCheck::AutoApprove {
+                    sandbox_type: SandboxType::None,
+                }
+            } else {
+                assess_safety_for_untrusted_command(sess.approval_policy, &sess.sandbox_policy)
+            };
+            (
+                params,
+                safety,
+                vec!["apply_patch".to_string(), patch.clone()],
+            )
+        }
+        None => {
+            let safety = {
+                let state = sess.state.lock().unwrap();
+                assess_command_safety(
+                    &params.command,
+                    sess.approval_policy,
+                    &sess.sandbox_policy,
+                    &state.approved_commands,
+                )
+            };
+            let command_for_display = params.command.clone();
+            (params, safety, command_for_display)
+        }
+    };
+
     let sandbox_type = match safety {
         SafetyCheck::AutoApprove { sandbox_type } => sandbox_type,
         SafetyCheck::AskUser => {
@@ -1496,7 +1603,22 @@ async fn handle_container_exec_with_params(
         }
     };
 
-    sess.notify_exec_command_begin(&sub_id, &call_id, &params)
+    let exec_command_context = ExecCommandContext {
+        sub_id: sub_id.clone(),
+        call_id: call_id.clone(),
+        command_for_display: command_for_display.clone(),
+        cwd: params.cwd.clone(),
+        apply_patch: apply_patch_exec.map(
+            |ApplyPatchExec {
+                 action,
+                 user_explicitly_approved_this_action,
+             }| ApplyPatchCommandContext {
+                user_explicitly_approved_this_action,
+                changes: convert_apply_patch_to_protocol(&action),
+            },
+        ),
+    };
+    sess.notify_exec_command_begin(exec_command_context.clone())
         .await;
 
     let params = maybe_run_with_user_profile(params, sess);
@@ -1518,8 +1640,15 @@ async fn handle_container_exec_with_params(
                 duration,
             } = output;
 
-            sess.notify_exec_command_end(&sub_id, &call_id, &stdout, &stderr, exit_code)
-                .await;
+            sess.notify_exec_command_end(
+                &sub_id,
+                &call_id,
+                &stdout,
+                &stderr,
+                exit_code,
+                exec_command_context.apply_patch.is_some(),
+            )
+            .await;
 
             let is_success = exit_code == 0;
             let content = format_exec_output(
@@ -1537,7 +1666,7 @@ async fn handle_container_exec_with_params(
             }
         }
         Err(CodexErr::Sandbox(error)) => {
-            handle_sandbox_error(error, sandbox_type, params, sess, sub_id, call_id).await
+            handle_sandbox_error(params, exec_command_context, error, sandbox_type, sess).await
         }
         Err(e) => {
             // Handle non-sandbox errors
@@ -1553,13 +1682,17 @@ async fn handle_container_exec_with_params(
 }
 
 async fn handle_sandbox_error(
+    params: ExecParams,
+    exec_command_context: ExecCommandContext,
     error: SandboxErr,
     sandbox_type: SandboxType,
-    params: ExecParams,
     sess: &Session,
-    sub_id: String,
-    call_id: String,
 ) -> ResponseInputItem {
+    let call_id = exec_command_context.call_id.clone();
+    let sub_id = exec_command_context.sub_id.clone();
+    let cwd = exec_command_context.cwd.clone();
+    let is_apply_patch = exec_command_context.apply_patch.is_some();
+
     // Early out if the user never wants to be asked for approval; just return to the model immediately
     if sess.approval_policy == AskForApproval::Never {
         return ResponseInputItem::FunctionCallOutput {
@@ -1589,7 +1722,7 @@ async fn handle_sandbox_error(
             sub_id.clone(),
             call_id.clone(),
             params.command.clone(),
-            params.cwd.clone(),
+            cwd.clone(),
             Some("command failed; retry without sandbox?".to_string()),
         )
         .await;
@@ -1605,8 +1738,7 @@ async fn handle_sandbox_error(
             sess.notify_background_event(&sub_id, "retrying command without sandbox")
                 .await;
 
-            sess.notify_exec_command_begin(&sub_id, &call_id, &params)
-                .await;
+            sess.notify_exec_command_begin(exec_command_context).await;
 
             // This is an escalated retry; the policy will not be
             // examined and the sandbox has been set to `None`.
@@ -1628,8 +1760,15 @@ async fn handle_sandbox_error(
                         duration,
                     } = retry_output;
 
-                    sess.notify_exec_command_end(&sub_id, &call_id, &stdout, &stderr, exit_code)
-                        .await;
+                    sess.notify_exec_command_end(
+                        &sub_id,
+                        &call_id,
+                        &stdout,
+                        &stderr,
+                        exit_code,
+                        is_apply_patch,
+                    )
+                    .await;
 
                     let is_success = exit_code == 0;
                     let content = format_exec_output(

codex-rs/core/src/codex_wrapper.rs

@@ -26,7 +26,7 @@ pub struct CodexConversation {
 /// that callers can surface the information to the UI.
 pub async fn init_codex(config: Config) -> anyhow::Result<CodexConversation> {
     let ctrl_c = notify_on_sigint();
-    let auth = load_auth(&config.codex_home)?;
+    let auth = load_auth(&config.codex_home, true)?;
     let CodexSpawnOk {
         codex,
         init_id,

codex-rs/core/src/exec.rs

@@ -6,7 +6,6 @@ use std::io;
 use std::path::Path;
 use std::path::PathBuf;
 use std::process::ExitStatus;
-use std::process::Stdio;
 use std::sync::Arc;
 use std::time::Duration;
 use std::time::Instant;
@@ -15,14 +14,15 @@ use tokio::io::AsyncRead;
 use tokio::io::AsyncReadExt;
 use tokio::io::BufReader;
 use tokio::process::Child;
-use tokio::process::Command;
 use tokio::sync::Notify;
-use tracing::trace;
 
 use crate::error::CodexErr;
 use crate::error::Result;
 use crate::error::SandboxErr;
 use crate::protocol::SandboxPolicy;
+use crate::seatbelt::spawn_command_under_seatbelt;
+use crate::spawn::StdioPolicy;
+use crate::spawn::spawn_child_async;
 
 // Maximum we send for each stream, which is either:
 // - 10KiB OR
@@ -37,24 +37,6 @@ const DEFAULT_TIMEOUT_MS: u64 = 10_000;
 const SIGKILL_CODE: i32 = 9;
 const TIMEOUT_CODE: i32 = 64;
 
-const MACOS_SEATBELT_BASE_POLICY: &str = include_str!("seatbelt_base_policy.sbpl");
-
-/// When working with `sandbox-exec`, only consider `sandbox-exec` in `/usr/bin`
-/// to defend against an attacker trying to inject a malicious version on the
-/// PATH. If /usr/bin/sandbox-exec has been tampered with, then the attacker
-/// already has root access.
-const MACOS_PATH_TO_SEATBELT_EXECUTABLE: &str = "/usr/bin/sandbox-exec";
-
-/// Experimental environment variable that will be set to some non-empty value
-/// if both of the following are true:
-///
-/// 1. The process was spawned by Codex as part of a shell tool call.
-/// 2. SandboxPolicy.has_full_network_access() was false for the tool call.
-///
-/// We may try to have just one environment variable for all sandboxing
-/// attributes, so this may change in the future.
-pub const CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR: &str = "CODEX_SANDBOX_NETWORK_DISABLED";
-
 #[derive(Debug, Clone)]
 pub struct ExecParams {
     pub command: Vec<String>,
@@ -168,27 +150,6 @@ pub async fn process_exec_tool_call(
     }
 }
 
-pub async fn spawn_command_under_seatbelt(
-    command: Vec<String>,
-    sandbox_policy: &SandboxPolicy,
-    cwd: PathBuf,
-    stdio_policy: StdioPolicy,
-    env: HashMap<String, String>,
-) -> std::io::Result<Child> {
-    let args = create_seatbelt_command_args(command, sandbox_policy, &cwd);
-    let arg0 = None;
-    spawn_child_async(
-        PathBuf::from(MACOS_PATH_TO_SEATBELT_EXECUTABLE),
-        args,
-        arg0,
-        cwd,
-        sandbox_policy,
-        stdio_policy,
-        env,
-    )
-    .await
-}
-
 /// Spawn a shell tool command under the Linux Landlock+seccomp sandbox helper
 /// (codex-linux-sandbox).
 ///
@@ -248,65 +209,6 @@ fn create_linux_sandbox_command_args(
     linux_cmd
 }
 
-fn create_seatbelt_command_args(
-    command: Vec<String>,
-    sandbox_policy: &SandboxPolicy,
-    cwd: &Path,
-) -> Vec<String> {
-    let (file_write_policy, extra_cli_args) = {
-        if sandbox_policy.has_full_disk_write_access() {
-            // Allegedly, this is more permissive than `(allow file-write*)`.
-            (
-                r#"(allow file-write* (regex #"^/"))"#.to_string(),
-                Vec::<String>::new(),
-            )
-        } else {
-            let writable_roots = sandbox_policy.get_writable_roots_with_cwd(cwd);
-            let (writable_folder_policies, cli_args): (Vec<String>, Vec<String>) = writable_roots
-                .iter()
-                .enumerate()
-                .map(|(index, root)| {
-                    let param_name = format!("WRITABLE_ROOT_{index}");
-                    let policy: String = format!("(subpath (param \"{param_name}\"))");
-                    let cli_arg = format!("-D{param_name}={}", root.to_string_lossy());
-                    (policy, cli_arg)
-                })
-                .unzip();
-            if writable_folder_policies.is_empty() {
-                ("".to_string(), Vec::<String>::new())
-            } else {
-                let file_write_policy = format!(
-                    "(allow file-write*\n{}\n)",
-                    writable_folder_policies.join(" ")
-                );
-                (file_write_policy, cli_args)
-            }
-        }
-    };
-
-    let file_read_policy = if sandbox_policy.has_full_disk_read_access() {
-        "; allow read-only file operations\n(allow file-read*)"
-    } else {
-        ""
-    };
-
-    // TODO(mbolin): apply_patch calls must also honor the SandboxPolicy.
-    let network_policy = if sandbox_policy.has_full_network_access() {
-        "(allow network-outbound)\n(allow network-inbound)\n(allow system-socket)"
-    } else {
-        ""
-    };
-
-    let full_policy = format!(
-        "{MACOS_SEATBELT_BASE_POLICY}\n{file_read_policy}\n{file_write_policy}\n{network_policy}"
-    );
-    let mut seatbelt_args: Vec<String> = vec!["-p".to_string(), full_policy];
-    seatbelt_args.extend(extra_cli_args);
-    seatbelt_args.push("--".to_string());
-    seatbelt_args.extend(command);
-    seatbelt_args
-}
-
 #[derive(Debug)]
 pub struct RawExecToolCallOutput {
     pub exit_status: ExitStatus,
@@ -352,90 +254,6 @@ async fn exec(
     consume_truncated_output(child, ctrl_c, timeout_ms).await
 }
 
-#[derive(Debug, Clone, Copy)]
-pub enum StdioPolicy {
-    RedirectForShellTool,
-    Inherit,
-}
-
-/// Spawns the appropriate child process for the ExecParams and SandboxPolicy,
-/// ensuring the args and environment variables used to create the `Command`
-/// (and `Child`) honor the configuration.
-///
-/// For now, we take `SandboxPolicy` as a parameter to spawn_child() because
-/// we need to determine whether to set the
-/// `CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR` environment variable.
-async fn spawn_child_async(
-    program: PathBuf,
-    args: Vec<String>,
-    #[cfg_attr(not(unix), allow(unused_variables))] arg0: Option<&str>,
-    cwd: PathBuf,
-    sandbox_policy: &SandboxPolicy,
-    stdio_policy: StdioPolicy,
-    env: HashMap<String, String>,
-) -> std::io::Result<Child> {
-    trace!(
-        "spawn_child_async: {program:?} {args:?} {arg0:?} {cwd:?} {sandbox_policy:?} {stdio_policy:?} {env:?}"
-    );
-
-    let mut cmd = Command::new(&program);
-    #[cfg(unix)]
-    cmd.arg0(arg0.map_or_else(|| program.to_string_lossy().to_string(), String::from));
-    cmd.args(args);
-    cmd.current_dir(cwd);
-    cmd.env_clear();
-    cmd.envs(env);
-
-    if !sandbox_policy.has_full_network_access() {
-        cmd.env(CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR, "1");
-    }
-
-    // If this Codex process dies (including being killed via SIGKILL), we want
-    // any child processes that were spawned as part of a `"shell"` tool call
-    // to also be terminated.
-
-    // This relies on prctl(2), so it only works on Linux.
-    #[cfg(target_os = "linux")]
-    unsafe {
-        cmd.pre_exec(|| {
-            // This prctl call effectively requests, "deliver SIGTERM when my
-            // current parent dies."
-            if libc::prctl(libc::PR_SET_PDEATHSIG, libc::SIGTERM) == -1 {
-                return Err(io::Error::last_os_error());
-            }
-
-            // Though if there was a race condition and this pre_exec() block is
-            // run _after_ the parent (i.e., the Codex process) has already
-            // exited, then the parent is the _init_ process (which will never
-            // die), so we should just terminate the child process now.
-            if libc::getppid() == 1 {
-                libc::raise(libc::SIGTERM);
-            }
-            Ok(())
-        });
-    }
-
-    match stdio_policy {
-        StdioPolicy::RedirectForShellTool => {
-            // Do not create a file descriptor for stdin because otherwise some
-            // commands may hang forever waiting for input. For example, ripgrep has
-            // a heuristic where it may try to read from stdin as explained here:
-            // https://github.com/BurntSushi/ripgrep/blob/e2362d4d5185d02fa857bf381e7bd52e66fafc73/crates/core/flags/hiargs.rs#L1101-L1103
-            cmd.stdin(Stdio::null());
-
-            cmd.stdout(Stdio::piped()).stderr(Stdio::piped());
-        }
-        StdioPolicy::Inherit => {
-            // Inherit stdin, stdout, and stderr from the parent process.
-            cmd.stdin(Stdio::inherit())
-                .stdout(Stdio::inherit())
-                .stderr(Stdio::inherit());
-        }
-    }
-
-    cmd.kill_on_drop(true).spawn()
-}
-
 /// Consumes the output of a child process, truncating it so it is suitable for
 /// use as the output of a `shell` tool call. Also enforces specified timeout.
 pub(crate) async fn consume_truncated_output(

codex-rs/core/src/git_info.rs

@@ -111,9 +111,14 @@ mod tests {
     // Helper function to create a test git repository
     async fn create_test_git_repo(temp_dir: &TempDir) -> PathBuf {
         let repo_path = temp_dir.path().to_path_buf();
+        let envs = vec![
+            ("GIT_CONFIG_GLOBAL", "/dev/null"),
+            ("GIT_CONFIG_NOSYSTEM", "1"),
+        ];
 
         // Initialize git repo
         Command::new("git")
+            .envs(envs.clone())
             .args(["init"])
             .current_dir(&repo_path)
             .output()
@@ -122,6 +127,7 @@ mod tests {
 
         // Configure git user (required for commits)
         Command::new("git")
+            .envs(envs.clone())
             .args(["config", "user.name", "Test User"])
             .current_dir(&repo_path)
             .output()
@@ -129,6 +135,7 @@ mod tests {
             .expect("Failed to set git user name");
 
         Command::new("git")
+            .envs(envs.clone())
             .args(["config", "user.email", "test@example.com"])
             .current_dir(&repo_path)
             .output()
@@ -140,6 +147,7 @@ mod tests {
         fs::write(&test_file, "test content").expect("Failed to write test file");
 
         Command::new("git")
+            .envs(envs.clone())
             .args(["add", "."])
             .current_dir(&repo_path)
             .output()
@@ -147,6 +155,7 @@ mod tests {
             .expect("Failed to add files");
 
         Command::new("git")
+            .envs(envs.clone())
             .args(["commit", "-m", "Initial commit"])
             .current_dir(&repo_path)
             .output()

codex-rs/core/src/lib.rs

@@ -39,8 +39,11 @@ mod project_doc;
 pub mod protocol;
 mod rollout;
 mod safety;
+pub mod seatbelt;
 pub mod shell;
+pub mod spawn;
 mod user_notification;
 pub mod util;
 
+pub use apply_patch::CODEX_APPLY_PATCH_ARG1;
 pub use client_common::model_supports_reasoning_summaries;

codex-rs/core/src/safety.rs

@@ -41,11 +41,13 @@ pub fn assess_patch_safety(
         }
     }
 
-    if is_write_patch_constrained_to_writable_paths(action, writable_roots, cwd) {
-        SafetyCheck::AutoApprove {
-            sandbox_type: SandboxType::None,
-        }
-    } else if policy == AskForApproval::OnFailure {
+    // Even though the patch *appears* to be constrained to writable paths, it
+    // is possible that paths in the patch are hard links to files outside the
+    // writable roots, so we should still run `apply_patch` in a sandbox in that
+    // case.
+    if is_write_patch_constrained_to_writable_paths(action, writable_roots, cwd)
+        || policy == AskForApproval::OnFailure
+    {
         // Only auto‑approve when we can actually enforce a sandbox. Otherwise
         // fall back to asking the user because the patch may touch arbitrary
         // paths outside the project.
@@ -75,9 +77,6 @@ pub fn assess_command_safety(
     sandbox_policy: &SandboxPolicy,
     approved: &HashSet<Vec<String>>,
 ) -> SafetyCheck {
-    use AskForApproval::*;
-    use SandboxPolicy::*;
-
     // A command is "trusted" because either:
     // - it belongs to a set of commands we consider "safe" by default, or
     // - the user has explicitly approved the command for this session
@@ -97,6 +96,16 @@ pub fn assess_command_safety(
         };
     }
 
+    assess_safety_for_untrusted_command(approval_policy, sandbox_policy)
+}
+
+pub(crate) fn assess_safety_for_untrusted_command(
+    approval_policy: AskForApproval,
+    sandbox_policy: &SandboxPolicy,
+) -> SafetyCheck {
+    use AskForApproval::*;
+    use SandboxPolicy::*;
+
     match (approval_policy, sandbox_policy) {
         (UnlessTrusted, _) => {
             // Even though the user may have opted into DangerFullAccess,

codex-rs/core/src/seatbelt.rs

@@ -0,0 +1,96 @@
+use std::collections::HashMap;
+use std::path::Path;
+use std::path::PathBuf;
+use tokio::process::Child;
+
+use crate::protocol::SandboxPolicy;
+use crate::spawn::StdioPolicy;
+use crate::spawn::spawn_child_async;
+
+const MACOS_SEATBELT_BASE_POLICY: &str = include_str!("seatbelt_base_policy.sbpl");
+
+/// When working with `sandbox-exec`, only consider `sandbox-exec` in `/usr/bin`
+/// to defend against an attacker trying to inject a malicious version on the
+/// PATH. If /usr/bin/sandbox-exec has been tampered with, then the attacker
+/// already has root access.
+const MACOS_PATH_TO_SEATBELT_EXECUTABLE: &str = "/usr/bin/sandbox-exec";
+
+pub async fn spawn_command_under_seatbelt(
+    command: Vec<String>,
+    sandbox_policy: &SandboxPolicy,
+    cwd: PathBuf,
+    stdio_policy: StdioPolicy,
+    env: HashMap<String, String>,
+) -> std::io::Result<Child> {
+    let args = create_seatbelt_command_args(command, sandbox_policy, &cwd);
+    let arg0 = None;
+    spawn_child_async(
+        PathBuf::from(MACOS_PATH_TO_SEATBELT_EXECUTABLE),
+        args,
+        arg0,
+        cwd,
+        sandbox_policy,
+        stdio_policy,
+        env,
+    )
+    .await
+}
+
+fn create_seatbelt_command_args(
+    command: Vec<String>,
+    sandbox_policy: &SandboxPolicy,
+    cwd: &Path,
+) -> Vec<String> {
+    let (file_write_policy, extra_cli_args) = {
+        if sandbox_policy.has_full_disk_write_access() {
+            // Allegedly, this is more permissive than `(allow file-write*)`.
+            (
+                r#"(allow file-write* (regex #"^/"))"#.to_string(),
+                Vec::<String>::new(),
+            )
+        } else {
+            let writable_roots = sandbox_policy.get_writable_roots_with_cwd(cwd);
+            let (writable_folder_policies, cli_args): (Vec<String>, Vec<String>) = writable_roots
+                .iter()
+                .enumerate()
+                .map(|(index, root)| {
+                    let param_name = format!("WRITABLE_ROOT_{index}");
+                    let policy: String = format!("(subpath (param \"{param_name}\"))");
+                    let cli_arg = format!("-D{param_name}={}", root.to_string_lossy());
+                    (policy, cli_arg)
+                })
+                .unzip();
+            if writable_folder_policies.is_empty() {
+                ("".to_string(), Vec::<String>::new())
+            } else {
+                let file_write_policy = format!(
+                    "(allow file-write*\n{}\n)",
+                    writable_folder_policies.join(" ")
+                );
+                (file_write_policy, cli_args)
+            }
+        }
+    };
+
+    let file_read_policy = if sandbox_policy.has_full_disk_read_access() {
+        "; allow read-only file operations\n(allow file-read*)"
+    } else {
+        ""
+    };
+
+    // TODO(mbolin): apply_patch calls must also honor the SandboxPolicy.
+    let network_policy = if sandbox_policy.has_full_network_access() {
+        "(allow network-outbound)\n(allow network-inbound)\n(allow system-socket)"
+    } else {
+        ""
+    };
+
+    let full_policy = format!(
+        "{MACOS_SEATBELT_BASE_POLICY}\n{file_read_policy}\n{file_write_policy}\n{network_policy}"
+    );
+    let mut seatbelt_args: Vec<String> = vec!["-p".to_string(), full_policy];
+    seatbelt_args.extend(extra_cli_args);
+    seatbelt_args.push("--".to_string());
+    seatbelt_args.extend(command);
+    seatbelt_args
+}

codex-rs/core/src/spawn.rs

@@ -0,0 +1,102 @@
+use std::collections::HashMap;
+use std::path::PathBuf;
+use std::process::Stdio;
+use tokio::process::Child;
+use tokio::process::Command;
+use tracing::trace;
+
+use crate::protocol::SandboxPolicy;
+
+/// Experimental environment variable that will be set to some non-empty value
+/// if both of the following are true:
+///
+/// 1. The process was spawned by Codex as part of a shell tool call.
+/// 2. SandboxPolicy.has_full_network_access() was false for the tool call.
+///
+/// We may try to have just one environment variable for all sandboxing
+/// attributes, so this may change in the future.
+pub const CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR: &str = "CODEX_SANDBOX_NETWORK_DISABLED";
+
+#[derive(Debug, Clone, Copy)]
+pub enum StdioPolicy {
+    RedirectForShellTool,
+    Inherit,
+}
+
+/// Spawns the appropriate child process for the ExecParams and SandboxPolicy,
+/// ensuring the args and environment variables used to create the `Command`
+/// (and `Child`) honor the configuration.
+///
+/// For now, we take `SandboxPolicy` as a parameter to spawn_child() because
+/// we need to determine whether to set the
+/// `CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR` environment variable.
+pub(crate) async fn spawn_child_async(
+    program: PathBuf,
+    args: Vec<String>,
+    #[cfg_attr(not(unix), allow(unused_variables))] arg0: Option<&str>,
+    cwd: PathBuf,
+    sandbox_policy: &SandboxPolicy,
+    stdio_policy: StdioPolicy,
+    env: HashMap<String, String>,
+) -> std::io::Result<Child> {
+    trace!(
+        "spawn_child_async: {program:?} {args:?} {arg0:?} {cwd:?} {sandbox_policy:?} {stdio_policy:?} {env:?}"
+    );
+
+    let mut cmd = Command::new(&program);
+    #[cfg(unix)]
+    cmd.arg0(arg0.map_or_else(|| program.to_string_lossy().to_string(), String::from));
+    cmd.args(args);
+    cmd.current_dir(cwd);
+    cmd.env_clear();
+    cmd.envs(env);
+
+    if !sandbox_policy.has_full_network_access() {
+        cmd.env(CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR, "1");
+    }
+
+    // If this Codex process dies (including being killed via SIGKILL), we want
+    // any child processes that were spawned as part of a `"shell"` tool call
+    // to also be terminated.
+
+    // This relies on prctl(2), so it only works on Linux.
+    #[cfg(target_os = "linux")]
+    unsafe {
+        cmd.pre_exec(|| {
+            // This prctl call effectively requests, "deliver SIGTERM when my
+            // current parent dies."
+            if libc::prctl(libc::PR_SET_PDEATHSIG, libc::SIGTERM) == -1 {
+                return Err(std::io::Error::last_os_error());
+            }
+
+            // Though if there was a race condition and this pre_exec() block is
+            // run _after_ the parent (i.e., the Codex process) has already
+            // exited, then the parent is the _init_ process (which will never
+            // die), so we should just terminate the child process now.
+            if libc::getppid() == 1 {
+                libc::raise(libc::SIGTERM);
+            }
+            Ok(())
+        });
+    }
+
+    match stdio_policy {
+        StdioPolicy::RedirectForShellTool => {
+            // Do not create a file descriptor for stdin because otherwise some
+            // commands may hang forever waiting for input. For example, ripgrep has
+            // a heuristic where it may try to read from stdin as explained here:
+            // https://github.com/BurntSushi/ripgrep/blob/e2362d4d5185d02fa857bf381e7bd52e66fafc73/crates/core/flags/hiargs.rs#L1101-L1103
+            cmd.stdin(Stdio::null());
+
+            cmd.stdout(Stdio::piped()).stderr(Stdio::piped());
+        }
+        StdioPolicy::Inherit => {
+            // Inherit stdin, stdout, and stderr from the parent process.
+            cmd.stdin(Stdio::inherit())
+                .stdout(Stdio::inherit())
+                .stderr(Stdio::inherit());
+        }
+    }
+
+    cmd.kill_on_drop(true).spawn()
+}

codex-rs/core/tests/cli_stream.rs

@@ -1,7 +1,7 @@
 #![expect(clippy::unwrap_used)]
 
 use assert_cmd::Command as AssertCommand;
-use codex_core::exec::CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR;
+use codex_core::spawn::CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR;
 use std::time::Duration;
 use std::time::Instant;
 use tempfile::TempDir;
@@ -460,9 +460,14 @@ async fn integration_git_info_unit_test() {
     // 1. Create temp directory for git repo
     let temp_dir = TempDir::new().unwrap();
     let git_repo = temp_dir.path().to_path_buf();
+    let envs = vec![
+        ("GIT_CONFIG_GLOBAL", "/dev/null"),
+        ("GIT_CONFIG_NOSYSTEM", "1"),
+    ];
 
     // 2. Initialize a git repository with some content
     let init_output = std::process::Command::new("git")
+        .envs(envs.clone())
         .args(["init"])
         .current_dir(&git_repo)
         .output()
@@ -471,12 +476,14 @@ async fn integration_git_info_unit_test() {
 
     // Configure git user (required for commits)
     std::process::Command::new("git")
+        .envs(envs.clone())
         .args(["config", "user.name", "Integration Test"])
         .current_dir(&git_repo)
         .output()
         .unwrap();
 
     std::process::Command::new("git")
+        .envs(envs.clone())
         .args(["config", "user.email", "test@example.com"])
         .current_dir(&git_repo)
         .output()
@@ -487,12 +494,14 @@ async fn integration_git_info_unit_test() {
     std::fs::write(&test_file, "integration test content").unwrap();
 
     std::process::Command::new("git")
+        .envs(envs.clone())
         .args(["add", "."])
         .current_dir(&git_repo)
         .output()
         .unwrap();
 
     let commit_output = std::process::Command::new("git")
+        .envs(envs.clone())
         .args(["commit", "-m", "Integration test commit"])
         .current_dir(&git_repo)
         .output()
@@ -501,6 +510,7 @@ async fn integration_git_info_unit_test() {
 
     // Create a branch to test branch detection
     std::process::Command::new("git")
+        .envs(envs.clone())
         .args(["checkout", "-b", "integration-test-branch"])
         .current_dir(&git_repo)
         .output()
@@ -508,6 +518,7 @@ async fn integration_git_info_unit_test() {
 
     // Add a remote to test repository URL detection
     std::process::Command::new("git")
+        .envs(envs.clone())
         .args([
             "remote",
             "add",

codex-rs/core/tests/client.rs

@@ -5,11 +5,11 @@ use codex_core::Codex;
 use codex_core::CodexSpawnOk;
 use codex_core::ModelProviderInfo;
 use codex_core::built_in_model_providers;
-use codex_core::exec::CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR;
 use codex_core::protocol::EventMsg;
 use codex_core::protocol::InputItem;
 use codex_core::protocol::Op;
 use codex_core::protocol::SessionConfiguredEvent;
+use codex_core::spawn::CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR;
 use codex_login::AuthDotJson;
 use codex_login::AuthMode;
 use codex_login::CodexAuth;
@@ -237,6 +237,7 @@ async fn chatgpt_auth_sends_correct_request() {
     let request_session_id = request.headers.get("session_id").unwrap();
     let request_originator = request.headers.get("originator").unwrap();
     let request_authorization = request.headers.get("authorization").unwrap();
+    let request_chatgpt_account_id = request.headers.get("chatgpt-account-id").unwrap();
     let request_body = request.body_json::<serde_json::Value>().unwrap();
 
     assert!(current_session_id.is_some());
@@ -249,6 +250,7 @@ async fn chatgpt_auth_sends_correct_request() {
         request_authorization.to_str().unwrap(),
         "Bearer Access Token"
     );
+    assert_eq!(request_chatgpt_account_id.to_str().unwrap(), "account_id");
     assert!(!request_body["store"].as_bool().unwrap());
     assert!(request_body["stream"].as_bool().unwrap());
     assert_eq!(
@@ -327,14 +329,14 @@ fn auth_from_token(id_token: String) -> CodexAuth {
         AuthMode::ChatGPT,
         PathBuf::new(),
         Some(AuthDotJson {
-            tokens: TokenData {
+            openai_api_key: None,
+            tokens: Some(TokenData {
                 id_token,
                 access_token: "Access Token".to_string(),
                 refresh_token: "test".to_string(),
-                account_id: None,
-            },
-            last_refresh: Utc::now(),
-            openai_api_key: None,
+                account_id: Some("account_id".to_string()),
+            }),
+            last_refresh: Some(Utc::now()),
         }),
     )
 }

codex-rs/core/tests/stream_no_completed.rs

@@ -6,10 +6,10 @@ use std::time::Duration;
 use codex_core::Codex;
 use codex_core::CodexSpawnOk;
 use codex_core::ModelProviderInfo;
-use codex_core::exec::CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR;
 use codex_core::protocol::EventMsg;
 use codex_core::protocol::InputItem;
 use codex_core::protocol::Op;
+use codex_core::spawn::CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR;
 use codex_login::CodexAuth;
 use core_test_support::load_default_config_for_test;
 use core_test_support::load_sse_fixture;

codex-rs/exec/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
+edition = "2024"
 name = "codex-exec"
 version = { workspace = true }
-edition = "2024"
 
 [[bin]]
 name = "codex-exec"
@@ -19,12 +19,12 @@ anyhow = "1"
 chrono = "0.4.40"
 clap = { version = "4", features = ["derive"] }
 codex-arg0 = { path = "../arg0" }
-codex-core = { path = "../core" }
 codex-common = { path = "../common", features = [
     "cli",
     "elapsed",
     "sandbox_summary",
 ] }
+codex-core = { path = "../core" }
 owo-colors = "4.2.0"
 serde_json = "1"
 shlex = "1.3.0"

codex-rs/exec/tests/apply_patch.rs

@@ -1,5 +1,6 @@
 use anyhow::Context;
 use assert_cmd::prelude::*;
+use codex_core::CODEX_APPLY_PATCH_ARG1;
 use std::fs;
 use std::process::Command;
 use tempfile::tempdir;
@@ -16,7 +17,7 @@ fn test_standalone_exec_cli_can_use_apply_patch() -> anyhow::Result<()> {
 
     Command::cargo_bin("codex-exec")
         .context("should find binary for codex-exec")?
-        .arg("--codex-run-as-apply-patch")
+        .arg(CODEX_APPLY_PATCH_ARG1)
         .arg(
             r#"*** Begin Patch
 *** Update File: source.txt

codex-rs/file-search/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
+edition = "2024"
 name = "codex-file-search"
 version = { workspace = true }
-edition = "2024"
 
 [[bin]]
 name = "codex-file-search"

codex-rs/linux-sandbox/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
+edition = "2024"
 name = "codex-linux-sandbox"
 version = { workspace = true }
-edition = "2024"
 
 [[bin]]
 name = "codex-linux-sandbox"
@@ -19,8 +19,8 @@ anyhow = "1"
 clap = { version = "4", features = ["derive"] }
 codex-common = { path = "../common", features = ["cli"] }
 codex-core = { path = "../core" }
-libc = "0.2.172"
 landlock = "0.4.1"
+libc = "0.2.172"
 seccompiler = "0.5.0"
 
 [target.'cfg(target_os = "linux")'.dev-dependencies]

codex-rs/login/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
+edition = "2024"
 name = "codex-login"
 version = { workspace = true }
-edition = "2024"
 
 [lints]
 workspace = true
@@ -18,3 +18,6 @@ tokio = { version = "1", features = [
     "rt-multi-thread",
     "signal",
 ] }
+
+[dev-dependencies]
+tempfile = "3"

codex-rs/login/src/lib.rs

@@ -20,7 +20,7 @@ use tokio::process::Command;
 const SOURCE_FOR_PYTHON_SERVER: &str = include_str!("./login_with_chatgpt.py");
 
 const CLIENT_ID: &str = "app_EMoamEEZ73f0CkXaXp7hrann";
-const OPENAI_API_KEY_ENV_VAR: &str = "OPENAI_API_KEY";
+pub const OPENAI_API_KEY_ENV_VAR: &str = "OPENAI_API_KEY";
 
 #[derive(Clone, Debug, PartialEq)]
 pub enum AuthMode {
@@ -70,13 +70,16 @@ impl CodexAuth {
     pub async fn get_token_data(&self) -> Result<TokenData, std::io::Error> {
         #[expect(clippy::unwrap_used)]
         let auth_dot_json = self.auth_dot_json.lock().unwrap().clone();
-
         match auth_dot_json {
-            Some(auth_dot_json) => {
-                if auth_dot_json.last_refresh < Utc::now() - chrono::Duration::days(28) {
+            Some(AuthDotJson {
+                tokens: Some(mut tokens),
+                last_refresh: Some(last_refresh),
+                ..
+            }) => {
+                if last_refresh < Utc::now() - chrono::Duration::days(28) {
                     let refresh_response = tokio::time::timeout(
                         Duration::from_secs(60),
-                        try_refresh_token(auth_dot_json.tokens.refresh_token.clone()),
+                        try_refresh_token(tokens.refresh_token.clone()),
                     )
                     .await
                     .map_err(|_| {
@@ -92,13 +95,21 @@ impl CodexAuth {
                     )
                     .await?;
 
+                    tokens = updated_auth_dot_json
+                        .tokens
+                        .clone()
+                        .ok_or(std::io::Error::other(
+                            "Token data is not available after refresh.",
+                        ))?;
+
                     #[expect(clippy::unwrap_used)]
-                    let mut auth_dot_json = self.auth_dot_json.lock().unwrap();
-                    *auth_dot_json = Some(updated_auth_dot_json);
+                    let mut auth_lock = self.auth_dot_json.lock().unwrap();
+                    *auth_lock = Some(updated_auth_dot_json);
                 }
-                Ok(auth_dot_json.tokens.clone())
+
+                Ok(tokens)
             }
-            None => Err(std::io::Error::other("Token data is not available.")),
+            _ => Err(std::io::Error::other("Token data is not available.")),
         }
     }
 
@@ -112,11 +123,22 @@ impl CodexAuth {
             }
         }
     }
+
+    pub async fn get_account_id(&self) -> Option<String> {
+        match self.mode {
+            AuthMode::ApiKey => None,
+            AuthMode::ChatGPT => {
+                let token_data = self.get_token_data().await.ok()?;
+
+                token_data.account_id.clone()
+            }
+        }
+    }
 }
 
 // Loads the available auth information from the auth.json or OPENAI_API_KEY environment variable.
-pub fn load_auth(codex_home: &Path) -> std::io::Result<Option<CodexAuth>> {
-    let auth_file = codex_home.join("auth.json");
+pub fn load_auth(codex_home: &Path, include_env_var: bool) -> std::io::Result<Option<CodexAuth>> {
+    let auth_file = get_auth_file(codex_home);
 
     let auth_dot_json = try_read_auth_json(&auth_file).ok();
 
@@ -125,12 +147,21 @@ pub fn load_auth(codex_home: &Path) -> std::io::Result<Option<CodexAuth>> {
         .and_then(|a| a.openai_api_key.clone())
         .filter(|s| !s.is_empty());
 
-    let openai_api_key = env::var(OPENAI_API_KEY_ENV_VAR)
-        .ok()
-        .filter(|s| !s.is_empty())
-        .or(auth_json_api_key);
+    let openai_api_key = if include_env_var {
+        env::var(OPENAI_API_KEY_ENV_VAR)
+            .ok()
+            .filter(|s| !s.is_empty())
+            .or(auth_json_api_key)
+    } else {
+        auth_json_api_key
+    };
 
-    if openai_api_key.is_none() && auth_dot_json.is_none() {
+    let has_tokens = auth_dot_json
+        .as_ref()
+        .and_then(|a| a.tokens.as_ref())
+        .is_some();
+
+    if openai_api_key.is_none() && !has_tokens {
         return Ok(None);
     }
 
@@ -148,6 +179,10 @@ pub fn load_auth(codex_home: &Path) -> std::io::Result<Option<CodexAuth>> {
     }))
 }
 
+fn get_auth_file(codex_home: &Path) -> PathBuf {
+    codex_home.join("auth.json")
+}
+
 /// Run `python3 -c {{SOURCE_FOR_PYTHON_SERVER}}` with the CODEX_HOME
 /// environment variable set to the provided `codex_home` path. If the
 /// subprocess exits 0, read the OPENAI_API_KEY property out of
@@ -187,6 +222,15 @@ pub async fn login_with_chatgpt(codex_home: &Path, capture_output: bool) -> std:
     }
 }
 
+pub fn login_with_api_key(codex_home: &Path, api_key: &str) -> std::io::Result<()> {
+    let auth_dot_json = AuthDotJson {
+        openai_api_key: Some(api_key.to_string()),
+        tokens: None,
+        last_refresh: None,
+    };
+    write_auth_json(&get_auth_file(codex_home), &auth_dot_json)
+}
+
 /// Attempt to read and refresh the `auth.json` file in the given `CODEX_HOME` directory.
 /// Returns the full AuthDotJson structure after refreshing if necessary.
 pub fn try_read_auth_json(auth_file: &Path) -> std::io::Result<AuthDotJson> {
@@ -198,35 +242,38 @@ pub fn try_read_auth_json(auth_file: &Path) -> std::io::Result<AuthDotJson> {
     Ok(auth_dot_json)
 }
 
-async fn update_tokens(
-    auth_file: &Path,
-    id_token: String,
-    access_token: Option<String>,
-    refresh_token: Option<String>,
-) -> std::io::Result<AuthDotJson> {
+fn write_auth_json(auth_file: &Path, auth_dot_json: &AuthDotJson) -> std::io::Result<()> {
+    let json_data = serde_json::to_string_pretty(auth_dot_json)?;
     let mut options = OpenOptions::new();
     options.truncate(true).write(true).create(true);
     #[cfg(unix)]
     {
         options.mode(0o600);
     }
+    let mut file = options.open(auth_file)?;
+    file.write_all(json_data.as_bytes())?;
+    file.flush()?;
+    Ok(())
+}
+
+async fn update_tokens(
+    auth_file: &Path,
+    id_token: String,
+    access_token: Option<String>,
+    refresh_token: Option<String>,
+) -> std::io::Result<AuthDotJson> {
     let mut auth_dot_json = try_read_auth_json(auth_file)?;
 
-    auth_dot_json.tokens.id_token = id_token.to_string();
+    let tokens = auth_dot_json.tokens.get_or_insert_with(TokenData::default);
+    tokens.id_token = id_token.to_string();
     if let Some(access_token) = access_token {
-        auth_dot_json.tokens.access_token = access_token.to_string();
+        tokens.access_token = access_token.to_string();
     }
     if let Some(refresh_token) = refresh_token {
-        auth_dot_json.tokens.refresh_token = refresh_token.to_string();
-    }
-    auth_dot_json.last_refresh = Utc::now();
-
-    let json_data = serde_json::to_string_pretty(&auth_dot_json)?;
-    {
-        let mut file = options.open(auth_file)?;
-        file.write_all(json_data.as_bytes())?;
-        file.flush()?;
+        tokens.refresh_token = refresh_token.to_string();
     }
+    auth_dot_json.last_refresh = Some(Utc::now());
+    write_auth_json(auth_file, &auth_dot_json)?;
     Ok(auth_dot_json)
 }
 
@@ -282,12 +329,14 @@ pub struct AuthDotJson {
     #[serde(rename = "OPENAI_API_KEY")]
     pub openai_api_key: Option<String>,
 
-    pub tokens: TokenData,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub tokens: Option<TokenData>,
 
-    pub last_refresh: DateTime<Utc>,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub last_refresh: Option<DateTime<Utc>>,
 }
 
-#[derive(Deserialize, Serialize, Clone, Debug, PartialEq)]
+#[derive(Deserialize, Serialize, Clone, Debug, PartialEq, Default)]
 pub struct TokenData {
     /// This is a JWT.
     pub id_token: String,
@@ -299,3 +348,95 @@ pub struct TokenData {
 
     pub account_id: Option<String>,
 }
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use tempfile::tempdir;
+
+    #[test]
+    #[expect(clippy::unwrap_used)]
+    fn writes_api_key_and_loads_auth() {
+        let dir = tempdir().unwrap();
+        login_with_api_key(dir.path(), "sk-test-key").unwrap();
+        let auth = load_auth(dir.path(), false).unwrap().unwrap();
+        assert_eq!(auth.mode, AuthMode::ApiKey);
+        assert_eq!(auth.api_key.as_deref(), Some("sk-test-key"));
+    }
+
+    #[test]
+    #[expect(clippy::unwrap_used)]
+    fn loads_from_env_var_if_env_var_exists() {
+        let dir = tempdir().unwrap();
+
+        let env_var = std::env::var(OPENAI_API_KEY_ENV_VAR);
+
+        if let Ok(env_var) = env_var {
+            let auth = load_auth(dir.path(), true).unwrap().unwrap();
+            assert_eq!(auth.mode, AuthMode::ApiKey);
+            assert_eq!(auth.api_key, Some(env_var));
+        }
+    }
+
+    #[tokio::test]
+    #[expect(clippy::unwrap_used)]
+    async fn loads_token_data_from_auth_json() {
+        let dir = tempdir().unwrap();
+        let auth_file = dir.path().join("auth.json");
+        std::fs::write(
+            auth_file,
+            format!(
+                r#"
+        {{
+            "OPENAI_API_KEY": null,
+            "tokens": {{
+                "id_token": "test-id-token",
+                "access_token": "test-access-token",
+                "refresh_token": "test-refresh-token"
+            }},
+            "last_refresh": "{}"
+        }}
+        "#,
+                Utc::now().to_rfc3339()
+            ),
+        )
+        .unwrap();
+
+        let auth = load_auth(dir.path(), false).unwrap().unwrap();
+        assert_eq!(auth.mode, AuthMode::ChatGPT);
+        assert_eq!(auth.api_key, None);
+        assert_eq!(
+            auth.get_token_data().await.unwrap(),
+            TokenData {
+                id_token: "test-id-token".to_string(),
+                access_token: "test-access-token".to_string(),
+                refresh_token: "test-refresh-token".to_string(),
+                account_id: None,
+            }
+        );
+    }
+
+    #[tokio::test]
+    #[expect(clippy::unwrap_used)]
+    async fn loads_api_key_from_auth_json() {
+        let dir = tempdir().unwrap();
+        let auth_file = dir.path().join("auth.json");
+        std::fs::write(
+            auth_file,
+            r#"
+        {
+            "OPENAI_API_KEY": "sk-test-key",
+            "tokens": null,
+            "last_refresh": null
+        }
+        "#,
+        )
+        .unwrap();
+
+        let auth = load_auth(dir.path(), false).unwrap().unwrap();
+        assert_eq!(auth.mode, AuthMode::ApiKey);
+        assert_eq!(auth.api_key, Some("sk-test-key".to_string()));
+
+        assert!(auth.get_token_data().await.is_err());
+    }
+}

codex-rs/mcp-server/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
+edition = "2024"
 name = "codex-mcp-server"
 version = { workspace = true }
-edition = "2024"
 
 [[bin]]
 name = "codex-mcp-server"
@@ -23,9 +23,7 @@ schemars = "0.8.22"
 serde = { version = "1", features = ["derive"] }
 serde_json = "1"
 shlex = "1.3.0"
-toml = "0.9"
-tracing = { version = "0.1.41", features = ["log"] }
-tracing-subscriber = { version = "0.3", features = ["fmt", "env-filter"] }
+strum_macros = "0.27.2"
 tokio = { version = "1", features = [
     "io-std",
     "macros",
@@ -33,8 +31,10 @@ tokio = { version = "1", features = [
     "rt-multi-thread",
     "signal",
 ] }
+toml = "0.9"
+tracing = { version = "0.1.41", features = ["log"] }
+tracing-subscriber = { version = "0.3", features = ["env-filter", "fmt"] }
 uuid = { version = "1", features = ["serde", "v4"] }
-strum_macros = "0.27.2"
 
 [dev-dependencies]
 assert_cmd = "2"

codex-rs/mcp-server/src/lib.rs

@@ -19,7 +19,7 @@ mod codex_tool_config;
 mod codex_tool_runner;
 mod exec_approval;
 mod json_to_toml;
-mod mcp_protocol;
+pub mod mcp_protocol;
 mod message_processor;
 mod outgoing_message;
 mod patch_approval;

codex-rs/mcp-server/src/mcp_protocol.rs

@@ -7,7 +7,10 @@ use serde::Serialize;
 use strum_macros::Display;
 use uuid::Uuid;
 
+use mcp_types::CallToolResult;
+use mcp_types::ContentBlock;
 use mcp_types::RequestId;
+use mcp_types::TextContent;
 
 #[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize)]
 #[serde(transparent)]
@@ -118,10 +121,47 @@ pub struct ToolCallResponse {
     pub request_id: RequestId,
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub is_error: Option<bool>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
+    #[serde(default, skip_serializing_if = "Option::is_none", flatten)]
     pub result: Option<ToolCallResponseResult>,
 }
 
+impl From<ToolCallResponse> for CallToolResult {
+    fn from(val: ToolCallResponse) -> Self {
+        let ToolCallResponse {
+            request_id: _request_id,
+            is_error,
+            result,
+        } = val;
+        let (content, structured_content, is_error_out) = match result {
+            Some(res) => match serde_json::to_value(&res) {
+                Ok(v) => {
+                    let content = vec![ContentBlock::TextContent(TextContent {
+                        r#type: "text".to_string(),
+                        text: v.to_string(),
+                        annotations: None,
+                    })];
+                    (content, Some(v), is_error)
+                }
+                Err(e) => {
+                    let content = vec![ContentBlock::TextContent(TextContent {
+                        r#type: "text".to_string(),
+                        text: format!("Failed to serialize tool result: {e}"),
+                        annotations: None,
+                    })];
+                    (content, None, Some(true))
+                }
+            },
+            None => (vec![], None, is_error),
+        };
+
+        CallToolResult {
+            content,
+            is_error: is_error_out,
+            structured_content,
+        }
+    }
+}
+
 #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
 #[serde(untagged)]
 pub enum ToolCallResponseResult {
@@ -141,8 +181,10 @@ pub struct ConversationCreateResult {
 pub struct ConversationStreamResult {}
 
 #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
-pub struct ConversationSendMessageResult {
-    pub success: bool,
+#[serde(tag = "status", rename_all = "camelCase")]
+pub enum ConversationSendMessageResult {
+    Ok,
+    Error { message: String },
 }
 
 #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
@@ -455,10 +497,13 @@ mod tests {
                 },
             )),
         };
-        let observed = to_val(&env);
+        let req_id = env.request_id.clone();
+        let observed = to_val(&CallToolResult::from(env));
         let expected = json!({
-            "requestId": 1,
-            "result": {
+            "content": [
+                { "type": "text", "text": "{\"conversation_id\":\"d0f6ecbe-84a2-41c1-b23d-b20473b25eab\",\"model\":\"o3\"}" }
+            ],
+            "structuredContent": {
                 "conversation_id": "d0f6ecbe-84a2-41c1-b23d-b20473b25eab",
                 "model": "o3"
             }
@@ -467,6 +512,7 @@ mod tests {
             observed, expected,
             "response (ConversationCreate) must match"
         );
+        assert_eq!(req_id, RequestId::Integer(1));
     }
 
     #[test]
@@ -478,15 +524,17 @@ mod tests {
                 ConversationStreamResult {},
             )),
         };
-        let observed = to_val(&env);
+        let req_id = env.request_id.clone();
+        let observed = to_val(&CallToolResult::from(env));
         let expected = json!({
-            "requestId": 2,
-            "result": {}
+            "content": [ { "type": "text", "text": "{}" } ],
+            "structuredContent": {}
         });
         assert_eq!(
             observed, expected,
             "response (ConversationStream) must have empty object result"
         );
+        assert_eq!(req_id, RequestId::Integer(2));
     }
 
     #[test]
@@ -495,18 +543,20 @@ mod tests {
             request_id: RequestId::Integer(3),
             is_error: None,
             result: Some(ToolCallResponseResult::ConversationSendMessage(
-                ConversationSendMessageResult { success: true },
+                ConversationSendMessageResult::Ok,
             )),
         };
-        let observed = to_val(&env);
+        let req_id = env.request_id.clone();
+        let observed = to_val(&CallToolResult::from(env));
         let expected = json!({
-            "requestId": 3,
-            "result": { "success": true }
+            "content": [ { "type": "text", "text": "{\"status\":\"ok\"}" } ],
+            "structuredContent": { "status": "ok" }
         });
         assert_eq!(
             observed, expected,
             "response (ConversationSendMessageAccepted) must match"
         );
+        assert_eq!(req_id, RequestId::Integer(3));
     }
 
     #[test]
@@ -526,10 +576,13 @@ mod tests {
                 },
             )),
         };
-        let observed = to_val(&env);
+        let req_id = env.request_id.clone();
+        let observed = to_val(&CallToolResult::from(env));
         let expected = json!({
-            "requestId": 4,
-            "result": {
+            "content": [
+                { "type": "text", "text": "{\"conversations\":[{\"conversation_id\":\"67e55044-10b1-426f-9247-bb680e5fe0c8\",\"title\":\"Refactor config loader\"}],\"next_cursor\":\"next123\"}" }
+            ],
+            "structuredContent": {
                 "conversations": [
                     {
                         "conversation_id": "67e55044-10b1-426f-9247-bb680e5fe0c8",
@@ -543,6 +596,7 @@ mod tests {
             observed, expected,
             "response (ConversationsList with cursor) must match"
         );
+        assert_eq!(req_id, RequestId::Integer(4));
     }
 
     #[test]
@@ -552,15 +606,17 @@ mod tests {
             is_error: Some(true),
             result: None,
         };
-        let observed = to_val(&env);
+        let req_id = env.request_id.clone();
+        let observed = to_val(&CallToolResult::from(env));
         let expected = json!({
-            "requestId": 4,
+            "content": [],
             "isError": true
         });
         assert_eq!(
             observed, expected,
             "error response must omit `result` and include `isError`"
         );
+        assert_eq!(req_id, RequestId::Integer(4));
     }
 
     // ----- Notifications -----

codex-rs/mcp-server/src/message_processor.rs

@@ -6,6 +6,7 @@ use crate::codex_tool_config::CodexToolCallParam;
 use crate::codex_tool_config::CodexToolCallReplyParam;
 use crate::codex_tool_config::create_tool_for_codex_tool_call_param;
 use crate::codex_tool_config::create_tool_for_codex_tool_call_reply_param;
+use crate::mcp_protocol::ToolCallRequestParams;
 use crate::outgoing_message::OutgoingMessageSender;
 
 use codex_core::Codex;
@@ -300,6 +301,14 @@ impl MessageProcessor {
         params: <mcp_types::CallToolRequest as mcp_types::ModelContextProtocolRequest>::Params,
     ) {
         tracing::info!("tools/call -> params: {:?}", params);
+        // Serialize params into JSON and try to parse as new type
+        if let Ok(new_params) =
+            serde_json::to_value(&params).and_then(serde_json::from_value::<ToolCallRequestParams>)
+        {
+            // New tool call matched → forward
+            self.handle_new_tool_calls(id, new_params).await;
+            return;
+        }
         let CallToolRequestParams { name, arguments } = params;
 
         match name.as_str() {
@@ -323,6 +332,20 @@ impl MessageProcessor {
             }
         }
     }
+    async fn handle_new_tool_calls(&self, request_id: RequestId, _params: ToolCallRequestParams) {
+        // TODO: implement the new tool calls
+        let result = CallToolResult {
+            content: vec![ContentBlock::TextContent(TextContent {
+                r#type: "text".to_string(),
+                text: "Unknown tool".to_string(),
+                annotations: None,
+            })],
+            is_error: Some(true),
+            structured_content: None,
+        };
+        self.send_response::<mcp_types::CallToolRequest>(request_id, result)
+            .await;
+    }
 
     async fn handle_tool_call_codex(&self, id: RequestId, arguments: Option<serde_json::Value>) {
         let (initial_prompt, config): (String, CodexConfig) = match arguments {

codex-rs/mcp-server/tests/codex_tool.rs

@@ -3,9 +3,9 @@ use std::env;
 use std::path::Path;
 use std::path::PathBuf;
 
-use codex_core::exec::CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR;
 use codex_core::protocol::FileChange;
 use codex_core::protocol::ReviewDecision;
+use codex_core::spawn::CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR;
 use codex_mcp_server::CodexToolCallParam;
 use codex_mcp_server::ExecApprovalElicitRequestParams;
 use codex_mcp_server::ExecApprovalResponse;

codex-rs/mcp-server/tests/common/Cargo.toml

@@ -10,6 +10,7 @@ path = "lib.rs"
 anyhow = "1"
 assert_cmd = "2"
 codex-mcp-server = { path = "../.." }
+codex-core = { path = "../../../core" }
 mcp-types = { path = "../../../mcp-types" }
 pretty_assertions = "1.4.1"
 serde_json = "1"
@@ -22,3 +23,4 @@ tokio = { version = "1", features = [
     "rt-multi-thread",
 ] }
 wiremock = "0.6"
+uuid = { version = "1", features = ["serde", "v4"] }

codex-rs/mcp-server/tests/common/mcp_process.rs

@@ -11,8 +11,13 @@ use tokio::process::ChildStdout;
 
 use anyhow::Context;
 use assert_cmd::prelude::*;
+use codex_core::protocol::InputItem;
 use codex_mcp_server::CodexToolCallParam;
 use codex_mcp_server::CodexToolCallReplyParam;
+use codex_mcp_server::mcp_protocol::ConversationId;
+use codex_mcp_server::mcp_protocol::ConversationSendMessageArgs;
+use codex_mcp_server::mcp_protocol::ToolCallRequestParams;
+
 use mcp_types::CallToolRequestParams;
 use mcp_types::ClientCapabilities;
 use mcp_types::Implementation;
@@ -29,6 +34,7 @@ use pretty_assertions::assert_eq;
 use serde_json::json;
 use std::process::Command as StdCommand;
 use tokio::process::Command;
+use uuid::Uuid;
 
 pub struct McpProcess {
     next_request_id: AtomicI64,
@@ -174,6 +180,26 @@ impl McpProcess {
         .await
     }
 
+    pub async fn send_user_message_tool_call(
+        &mut self,
+        message: &str,
+        session_id: &str,
+    ) -> anyhow::Result<i64> {
+        let params = ToolCallRequestParams::ConversationSendMessage(ConversationSendMessageArgs {
+            conversation_id: ConversationId(Uuid::parse_str(session_id)?),
+            content: vec![InputItem::Text {
+                text: message.to_string(),
+            }],
+            parent_message_id: None,
+            conversation_overrides: None,
+        });
+        self.send_request(
+            mcp_types::CallToolRequest::METHOD,
+            Some(serde_json::to_value(params)?),
+        )
+        .await
+    }
+
     async fn send_request(
         &mut self,
         method: &str,

codex-rs/mcp-server/tests/interrupt.rs

@@ -3,7 +3,7 @@
 
 use std::path::Path;
 
-use codex_core::exec::CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR;
+use codex_core::spawn::CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR;
 use codex_mcp_server::CodexToolCallParam;
 use mcp_types::JSONRPCResponse;
 use mcp_types::RequestId;

codex-rs/mcp-types/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
+edition = "2024"
 name = "mcp-types"
 version = { workspace = true }
-edition = "2024"
 
 [lints]
 workspace = true

codex-rs/tui/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
+edition = "2024"
 name = "codex-tui"
 version = { workspace = true }
-edition = "2024"
 
 [[bin]]
 name = "codex-tui"
@@ -20,12 +20,12 @@ base64 = "0.22.1"
 clap = { version = "4", features = ["derive"] }
 codex-ansi-escape = { path = "../ansi-escape" }
 codex-arg0 = { path = "../arg0" }
-codex-core = { path = "../core" }
 codex-common = { path = "../common", features = [
     "cli",
     "elapsed",
     "sandbox_summary",
 ] }
+codex-core = { path = "../core" }
 codex-file-search = { path = "../file-search" }
 codex-login = { path = "../login" }
 color-eyre = "0.6.3"
@@ -62,6 +62,8 @@ unicode-segmentation = "1.12.0"
 unicode-width = "0.1"
 uuid = "1"
 
+
+
 [dev-dependencies]
 insta = "1.43.1"
 pretty_assertions = "1"

codex-rs/tui/src/app.rs

@@ -9,9 +9,16 @@ use crate::slash_command::SlashCommand;
 use crate::tui;
 use codex_core::config::Config;
 use codex_core::protocol::Event;
+use codex_core::protocol::EventMsg;
 use color_eyre::eyre::Result;
+use crossterm::SynchronizedUpdate;
 use crossterm::event::KeyCode;
 use crossterm::event::KeyEvent;
+use crossterm::event::KeyEventKind;
+use crossterm::terminal::supports_keyboard_enhancement;
+use ratatui::layout::Offset;
+use ratatui::prelude::Backend;
+use ratatui::text::Line;
 use std::path::PathBuf;
 use std::sync::Arc;
 use std::sync::atomic::AtomicBool;
@@ -21,6 +28,11 @@ use std::sync::mpsc::channel;
 use std::thread;
 use std::time::Duration;
 
+enum PendingHistoryOp {
+    Insert(Vec<Line<'static>>),
+    Overwrite(Line<'static>),
+}
+
 /// Time window for debouncing redraw requests.
 const REDRAW_DEBOUNCE: Duration = Duration::from_millis(10);
 
@@ -50,9 +62,13 @@ pub(crate) struct App<'a> {
     /// True when a redraw has been scheduled but not yet executed.
     pending_redraw: Arc<AtomicBool>,
 
+    pending_history_ops: Vec<PendingHistoryOp>,
+
     /// Stored parameters needed to instantiate the ChatWidget later, e.g.,
     /// after dismissing the Git-repo warning.
     chat_args: Option<ChatWidgetArgs>,
+
+    enhanced_keys_supported: bool,
 }
 
 /// Aggregate parameters needed to create a `ChatWidget`, as creation may be
@@ -62,6 +78,7 @@ struct ChatWidgetArgs {
     config: Config,
     initial_prompt: Option<String>,
     initial_images: Vec<PathBuf>,
+    enhanced_keys_supported: bool,
 }
 
 impl App<'_> {
@@ -75,6 +92,8 @@ impl App<'_> {
         let app_event_tx = AppEventSender::new(app_event_tx);
         let pending_redraw = Arc::new(AtomicBool::new(false));
 
+        let enhanced_keys_supported = supports_keyboard_enhancement().unwrap_or(false);
+
         // Spawn a dedicated thread for reading the crossterm event loop and
         // re-publishing the events as AppEvents, as appropriate.
         {
@@ -127,6 +146,7 @@ impl App<'_> {
                     config: config.clone(),
                     initial_prompt,
                     initial_images,
+                    enhanced_keys_supported,
                 }),
             )
         } else {
@@ -135,6 +155,7 @@ impl App<'_> {
                 app_event_tx.clone(),
                 initial_prompt,
                 initial_images,
+                enhanced_keys_supported,
             );
             (
                 AppState::Chat {
@@ -147,12 +168,14 @@ impl App<'_> {
         let file_search = FileSearchManager::new(config.cwd.clone(), app_event_tx.clone());
         Self {
             app_event_tx,
+            pending_history_ops: Vec::new(),
             app_event_rx,
             app_state,
             config,
             file_search,
             pending_redraw,
             chat_args,
+            enhanced_keys_supported,
         }
     }
 
@@ -192,20 +215,27 @@ impl App<'_> {
         while let Ok(event) = self.app_event_rx.recv() {
             match event {
                 AppEvent::InsertHistory(lines) => {
-                    crate::insert_history::insert_history_lines(terminal, lines);
+                    self.pending_history_ops
+                        .push(PendingHistoryOp::Insert(lines));
+                    self.app_event_tx.send(AppEvent::RequestRedraw);
+                }
+                AppEvent::OverwriteHistoryLine(line) => {
+                    self.pending_history_ops
+                        .push(PendingHistoryOp::Overwrite(line));
                     self.app_event_tx.send(AppEvent::RequestRedraw);
                 }
                 AppEvent::RequestRedraw => {
                     self.schedule_redraw();
                 }
                 AppEvent::Redraw => {
-                    self.draw_next_frame(terminal)?;
+                    std::io::stdout().sync_update(|_| self.draw_next_frame(terminal))??;
                 }
                 AppEvent::KeyEvent(key_event) => {
                     match key_event {
                         KeyEvent {
                             code: KeyCode::Char('c'),
                             modifiers: crossterm::event::KeyModifiers::CONTROL,
+                            kind: KeyEventKind::Press,
                             ..
                         } => {
                             match &mut self.app_state {
@@ -220,6 +250,7 @@ impl App<'_> {
                         KeyEvent {
                             code: KeyCode::Char('d'),
                             modifiers: crossterm::event::KeyModifiers::CONTROL,
+                            kind: KeyEventKind::Press,
                             ..
                         } => {
                             match &mut self.app_state {
@@ -238,9 +269,15 @@ impl App<'_> {
                                 }
                             }
                         }
-                        _ => {
+                        KeyEvent {
+                            kind: KeyEventKind::Press | KeyEventKind::Repeat,
+                            ..
+                        } => {
                             self.dispatch_key_event(key_event);
                         }
+                        _ => {
+                            // Ignore Release key events for now.
+                        }
                     };
                 }
                 AppEvent::Paste(text) => {
@@ -267,6 +304,7 @@ impl App<'_> {
                             self.app_event_tx.clone(),
                             None,
                             Vec::new(),
+                            self.enhanced_keys_supported,
                         ));
                         self.app_state = AppState::Chat { widget: new_widget };
                         self.app_event_tx.send(AppEvent::RequestRedraw);
@@ -295,6 +333,45 @@ impl App<'_> {
                             widget.add_diff_output(text);
                         }
                     }
+                    #[cfg(debug_assertions)]
+                    SlashCommand::TestApproval => {
+                        use std::collections::HashMap;
+
+                        use codex_core::protocol::ApplyPatchApprovalRequestEvent;
+                        use codex_core::protocol::FileChange;
+
+                        self.app_event_tx.send(AppEvent::CodexEvent(Event {
+                            id: "1".to_string(),
+                            // msg: EventMsg::ExecApprovalRequest(ExecApprovalRequestEvent {
+                            //     call_id: "1".to_string(),
+                            //     command: vec!["git".into(), "apply".into()],
+                            //     cwd: self.config.cwd.clone(),
+                            //     reason: Some("test".to_string()),
+                            // }),
+                            msg: EventMsg::ApplyPatchApprovalRequest(
+                                ApplyPatchApprovalRequestEvent {
+                                    call_id: "1".to_string(),
+                                    changes: HashMap::from([
+                                        (
+                                            PathBuf::from("/tmp/test.txt"),
+                                            FileChange::Add {
+                                                content: "test".to_string(),
+                                            },
+                                        ),
+                                        (
+                                            PathBuf::from("/tmp/test2.txt"),
+                                            FileChange::Update {
+                                                unified_diff: "+test\n-test2".to_string(),
+                                                move_path: None,
+                                            },
+                                        ),
+                                    ]),
+                                    reason: None,
+                                    grant_root: Some(PathBuf::from("/tmp")),
+                                },
+                            ),
+                        }));
+                    }
                 },
                 AppEvent::StartFileSearch(query) => {
                     self.file_search.on_user_query(query);
@@ -319,8 +396,57 @@ impl App<'_> {
     }
 
     fn draw_next_frame(&mut self, terminal: &mut tui::Tui) -> Result<()> {
-        // TODO: add a throttle to avoid redrawing too often
+        let screen_size = terminal.size()?;
+        let last_known_screen_size = terminal.last_known_screen_size;
+        if screen_size != last_known_screen_size {
+            let cursor_pos = terminal.get_cursor_position()?;
+            let last_known_cursor_pos = terminal.last_known_cursor_pos;
+            if cursor_pos.y != last_known_cursor_pos.y {
+                // The terminal was resized. The only point of reference we have for where our viewport
+                // was moved is the cursor position.
+                // NB this assumes that the cursor was not wrapped as part of the resize.
+                let cursor_delta = cursor_pos.y as i32 - last_known_cursor_pos.y as i32;
 
+                let new_viewport_area = terminal.viewport_area.offset(Offset {
+                    x: 0,
+                    y: cursor_delta,
+                });
+                terminal.set_viewport_area(new_viewport_area);
+                terminal.clear()?;
+            }
+        }
+
+        let size = terminal.size()?;
+        let desired_height = match &self.app_state {
+            AppState::Chat { widget } => widget.desired_height(size.width),
+            AppState::GitWarning { .. } => 10,
+        };
+
+        let mut area = terminal.viewport_area;
+        area.height = desired_height.min(size.height);
+        area.width = size.width;
+        if area.bottom() > size.height {
+            terminal
+                .backend_mut()
+                .scroll_region_up(0..area.top(), area.bottom() - size.height)?;
+            area.y = size.height - area.height;
+        }
+        if area != terminal.viewport_area {
+            terminal.clear()?;
+            terminal.set_viewport_area(area);
+        }
+        if !self.pending_history_ops.is_empty() {
+            for op in self.pending_history_ops.drain(..) {
+                match op {
+                    PendingHistoryOp::Insert(lines) => {
+                        crate::insert_history::insert_history_lines(terminal, lines);
+                    }
+                    PendingHistoryOp::Overwrite(line) => {
+                        crate::insert_history::overwrite_last_history_line(line);
+                    }
+                }
+            }
+        }
         match &mut self.app_state {
             AppState::Chat { widget } => {
                 terminal.draw(|frame| frame.render_widget_ref(&**widget, frame.area()))?;
@@ -352,6 +478,7 @@ impl App<'_> {
                         self.app_event_tx.clone(),
                         args.initial_prompt,
                         args.initial_images,
+                        args.enhanced_keys_supported,
                     ));
                     self.app_state = AppState::Chat { widget };
                     self.app_event_tx.send(AppEvent::RequestRedraw);

codex-rs/tui/src/app_event.rs

@@ -48,4 +48,6 @@ pub(crate) enum AppEvent {
     },
 
     InsertHistory(Vec<Line<'static>>),
+    /// Overwrite the last line in the scrollback with the provided content.
+    OverwriteHistoryLine(Line<'static>),
 }

codex-rs/tui/src/bottom_pane/approval_modal_view.rs

@@ -57,6 +57,10 @@ impl<'a> BottomPaneView<'a> for ApprovalModalView<'a> {
         self.current.is_complete() && self.queue.is_empty()
     }
 
+    fn desired_height(&self, width: u16) -> u16 {
+        self.current.desired_height(width)
+    }
+
     fn render(&self, area: Rect, buf: &mut Buffer) {
         (&self.current).render_ref(area, buf);
     }
@@ -95,6 +99,7 @@ mod tests {
         let mut pane = BottomPane::new(super::super::BottomPaneParams {
             app_event_tx: AppEventSender::new(tx_raw2),
             has_input_focus: true,
+            enhanced_keys_supported: false,
         });
         assert_eq!(CancellationEvent::Handled, view.on_ctrl_c(&mut pane));
         assert!(view.queue.is_empty());

codex-rs/tui/src/bottom_pane/bottom_pane_view.rs

@@ -28,6 +28,9 @@ pub(crate) trait BottomPaneView<'a> {
         CancellationEvent::Ignored
     }
 
+    /// Return the desired height of the view.
+    fn desired_height(&self, width: u16) -> u16;
+
     /// Render the view: this will be displayed in place of the composer.
     fn render(&self, area: Rect, buf: &mut Buffer);
 

codex-rs/tui/src/bottom_pane/chat_composer.rs

@@ -1,11 +1,13 @@
 use codex_core::protocol::TokenUsage;
 use crossterm::event::KeyEvent;
 use ratatui::buffer::Buffer;
-use ratatui::layout::Alignment;
 use ratatui::layout::Rect;
+use ratatui::style::Color;
 use ratatui::style::Style;
+use ratatui::style::Styled;
 use ratatui::style::Stylize;
 use ratatui::text::Line;
+use ratatui::text::Span;
 use ratatui::widgets::BorderType;
 use ratatui::widgets::Borders;
 use ratatui::widgets::Widget;
@@ -22,7 +24,7 @@ use crate::app_event::AppEvent;
 use crate::app_event_sender::AppEventSender;
 use codex_file_search::FileMatch;
 
-const BASE_PLACEHOLDER_TEXT: &str = "send a message";
+const BASE_PLACEHOLDER_TEXT: &str = "...";
 /// If the pasted content exceeds this number of characters, replace it with a
 /// placeholder in the UI.
 const LARGE_PASTE_CHAR_THRESHOLD: usize = 1000;
@@ -39,6 +41,7 @@ pub(crate) struct ChatComposer<'a> {
     app_event_tx: AppEventSender,
     history: ChatComposerHistory,
     ctrl_c_quit_hint: bool,
+    use_shift_enter_hint: bool,
     dismissed_file_popup_token: Option<String>,
     current_file_query: Option<String>,
     pending_pastes: Vec<(String, String)>,
@@ -52,17 +55,24 @@ enum ActivePopup {
 }
 
 impl ChatComposer<'_> {
-    pub fn new(has_input_focus: bool, app_event_tx: AppEventSender) -> Self {
+    pub fn new(
+        has_input_focus: bool,
+        app_event_tx: AppEventSender,
+        enhanced_keys_supported: bool,
+    ) -> Self {
         let mut textarea = TextArea::default();
         textarea.set_placeholder_text(BASE_PLACEHOLDER_TEXT);
         textarea.set_cursor_line_style(ratatui::style::Style::default());
 
+        let use_shift_enter_hint = enhanced_keys_supported;
+
         let mut this = Self {
             textarea,
             active_popup: ActivePopup::None,
             app_event_tx,
             history: ChatComposerHistory::new(),
             ctrl_c_quit_hint: false,
+            use_shift_enter_hint,
             dismissed_file_popup_token: None,
             current_file_query: None,
             pending_pastes: Vec::new(),
@@ -71,6 +81,15 @@ impl ChatComposer<'_> {
         this
     }
 
+    pub fn desired_height(&self) -> u16 {
+        self.textarea.lines().len().max(1) as u16
+            + match &self.active_popup {
+                ActivePopup::None => 1u16,
+                ActivePopup::Command(c) => c.calculate_required_height(),
+                ActivePopup::File(c) => c.calculate_required_height(),
+            }
+    }
+
     /// Returns true if the composer currently contains no user input.
     pub(crate) fn is_empty(&self) -> bool {
         self.textarea.is_empty()
@@ -460,6 +479,20 @@ impl ChatComposer<'_> {
                 self.textarea.insert_newline();
                 (InputResult::None, true)
             }
+            Input {
+                key: Key::Char('d'),
+                ctrl: true,
+                alt: false,
+                shift: false,
+            } => {
+                self.textarea.input(Input {
+                    key: Key::Delete,
+                    ctrl: false,
+                    alt: false,
+                    shift: false,
+                });
+                (InputResult::None, true)
+            }
             input => self.handle_input_basic(input),
         }
     }
@@ -612,37 +645,17 @@ impl ChatComposer<'_> {
     }
 
     fn update_border(&mut self, has_focus: bool) {
-        struct BlockState {
-            right_title: Line<'static>,
-            border_style: Style,
-        }
-
-        let bs = if has_focus {
-            if self.ctrl_c_quit_hint {
-                BlockState {
-                    right_title: Line::from("Ctrl+C to quit").alignment(Alignment::Right),
-                    border_style: Style::default(),
-                }
-            } else {
-                BlockState {
-                    right_title: Line::from("Enter to send | Ctrl+D to quit | Ctrl+J for newline")
-                        .alignment(Alignment::Right),
-                    border_style: Style::default(),
-                }
-            }
+        let border_style = if has_focus {
+            Style::default().fg(Color::Cyan)
         } else {
-            BlockState {
-                right_title: Line::from(""),
-                border_style: Style::default().dim(),
-            }
+            Style::default().dim()
         };
 
         self.textarea.set_block(
             ratatui::widgets::Block::default()
-                .title_bottom(bs.right_title)
-                .borders(Borders::ALL)
-                .border_type(BorderType::Rounded)
-                .border_style(bs.border_style),
+                .borders(Borders::LEFT)
+                .border_type(BorderType::QuadrantOutside)
+                .border_style(border_style),
         );
     }
 }
@@ -651,49 +664,80 @@ impl WidgetRef for &ChatComposer<'_> {
     fn render_ref(&self, area: Rect, buf: &mut Buffer) {
         match &self.active_popup {
             ActivePopup::Command(popup) => {
-                let popup_height = popup.calculate_required_height(&area);
+                let popup_height = popup.calculate_required_height();
 
                 // Split the provided rect so that the popup is rendered at the
-                // *top* and the textarea occupies the remaining space below.
-                let popup_rect = Rect {
+                // **bottom** and the textarea occupies the remaining space above.
+                let popup_height = popup_height.min(area.height);
+                let textarea_rect = Rect {
                     x: area.x,
                     y: area.y,
                     width: area.width,
-                    height: popup_height.min(area.height),
+                    height: area.height.saturating_sub(popup_height),
                 };
-
-                let textarea_rect = Rect {
+                let popup_rect = Rect {
                     x: area.x,
-                    y: area.y + popup_rect.height,
+                    y: area.y + textarea_rect.height,
                     width: area.width,
-                    height: area.height.saturating_sub(popup_rect.height),
+                    height: popup_height,
                 };
 
                 popup.render(popup_rect, buf);
                 self.textarea.render(textarea_rect, buf);
             }
             ActivePopup::File(popup) => {
-                let popup_height = popup.calculate_required_height(&area);
+                let popup_height = popup.calculate_required_height();
 
-                let popup_rect = Rect {
+                let popup_height = popup_height.min(area.height);
+                let textarea_rect = Rect {
                     x: area.x,
                     y: area.y,
                     width: area.width,
-                    height: popup_height.min(area.height),
-                };
-
-                let textarea_rect = Rect {
-                    x: area.x,
-                    y: area.y + popup_rect.height,
-                    width: area.width,
                     height: area.height.saturating_sub(popup_height),
                 };
+                let popup_rect = Rect {
+                    x: area.x,
+                    y: area.y + textarea_rect.height,
+                    width: area.width,
+                    height: popup_height,
+                };
 
                 popup.render(popup_rect, buf);
                 self.textarea.render(textarea_rect, buf);
             }
             ActivePopup::None => {
-                self.textarea.render(area, buf);
+                let mut textarea_rect = area;
+                textarea_rect.height = textarea_rect.height.saturating_sub(1);
+                self.textarea.render(textarea_rect, buf);
+                let mut bottom_line_rect = area;
+                bottom_line_rect.y += textarea_rect.height;
+                bottom_line_rect.height = 1;
+                let key_hint_style = Style::default().fg(Color::Cyan);
+                let hint = if self.ctrl_c_quit_hint {
+                    vec![
+                        Span::from(" "),
+                        "Ctrl+C again".set_style(key_hint_style),
+                        Span::from(" to quit"),
+                    ]
+                } else {
+                    let newline_hint_key = if self.use_shift_enter_hint {
+                        "Shift+⏎"
+                    } else {
+                        "Ctrl+J"
+                    };
+                    vec![
+                        Span::from(" "),
+                        "⏎".set_style(key_hint_style),
+                        Span::from(" send   "),
+                        newline_hint_key.set_style(key_hint_style),
+                        Span::from(" newline   "),
+                        "Ctrl+C".set_style(key_hint_style),
+                        Span::from(" quit"),
+                    ]
+                };
+                Line::from(hint)
+                    .style(Style::default().dim())
+                    .render_ref(bottom_line_rect, buf);
             }
         }
     }
@@ -859,7 +903,7 @@ mod tests {
 
         let (tx, _rx) = std::sync::mpsc::channel();
         let sender = AppEventSender::new(tx);
-        let mut composer = ChatComposer::new(true, sender);
+        let mut composer = ChatComposer::new(true, sender, false);
 
         let needs_redraw = composer.handle_paste("hello".to_string());
         assert!(needs_redraw);
@@ -882,7 +926,7 @@ mod tests {
 
         let (tx, _rx) = std::sync::mpsc::channel();
         let sender = AppEventSender::new(tx);
-        let mut composer = ChatComposer::new(true, sender);
+        let mut composer = ChatComposer::new(true, sender, false);
 
         let large = "x".repeat(LARGE_PASTE_CHAR_THRESHOLD + 10);
         let needs_redraw = composer.handle_paste(large.clone());
@@ -911,7 +955,7 @@ mod tests {
         let large = "y".repeat(LARGE_PASTE_CHAR_THRESHOLD + 1);
         let (tx, _rx) = std::sync::mpsc::channel();
         let sender = AppEventSender::new(tx);
-        let mut composer = ChatComposer::new(true, sender);
+        let mut composer = ChatComposer::new(true, sender, false);
 
         composer.handle_paste(large);
         assert_eq!(composer.pending_pastes.len(), 1);
@@ -947,7 +991,7 @@ mod tests {
 
         for (name, input) in test_cases {
             // Create a fresh composer for each test case
-            let mut composer = ChatComposer::new(true, sender.clone());
+            let mut composer = ChatComposer::new(true, sender.clone(), false);
 
             if let Some(text) = input {
                 composer.handle_paste(text);
@@ -984,7 +1028,7 @@ mod tests {
 
         let (tx, _rx) = std::sync::mpsc::channel();
         let sender = AppEventSender::new(tx);
-        let mut composer = ChatComposer::new(true, sender);
+        let mut composer = ChatComposer::new(true, sender, false);
 
         // Define test cases: (paste content, is_large)
         let test_cases = [
@@ -1057,7 +1101,7 @@ mod tests {
 
         let (tx, _rx) = std::sync::mpsc::channel();
         let sender = AppEventSender::new(tx);
-        let mut composer = ChatComposer::new(true, sender);
+        let mut composer = ChatComposer::new(true, sender, false);
 
         // Define test cases: (content, is_large)
         let test_cases = [
@@ -1130,7 +1174,7 @@ mod tests {
 
         let (tx, _rx) = std::sync::mpsc::channel();
         let sender = AppEventSender::new(tx);
-        let mut composer = ChatComposer::new(true, sender);
+        let mut composer = ChatComposer::new(true, sender, false);
 
         // Define test cases: (cursor_position_from_end, expected_pending_count)
         let test_cases = [

codex-rs/tui/src/bottom_pane/command_popup.rs

@@ -3,9 +3,9 @@ use ratatui::layout::Rect;
 use ratatui::style::Color;
 use ratatui::style::Style;
 use ratatui::style::Stylize;
-use ratatui::widgets::Block;
-use ratatui::widgets::BorderType;
-use ratatui::widgets::Borders;
+use ratatui::symbols::border::QUADRANT_LEFT_HALF;
+use ratatui::text::Line;
+use ratatui::text::Span;
 use ratatui::widgets::Cell;
 use ratatui::widgets::Row;
 use ratatui::widgets::Table;
@@ -71,12 +71,8 @@ impl CommandPopup {
     /// Determine the preferred height of the popup. This is the number of
     /// rows required to show **at most** `MAX_POPUP_ROWS` commands plus the
     /// table/border overhead (one line at the top and one at the bottom).
-    pub(crate) fn calculate_required_height(&self, _area: &Rect) -> u16 {
-        let matches = self.filtered_commands();
-        let row_count = matches.len().clamp(1, MAX_POPUP_ROWS) as u16;
-        // Account for the border added by the Block that wraps the table.
-        // 2 = one line at the top, one at the bottom.
-        row_count + 2
+    pub(crate) fn calculate_required_height(&self) -> u16 {
+        self.filtered_commands().len().clamp(1, MAX_POPUP_ROWS) as u16
     }
 
     /// Return the list of commands that match the current filter. Matching is
@@ -158,18 +154,19 @@ impl WidgetRef for CommandPopup {
             let default_style = Style::default();
             let command_style = Style::default().fg(Color::LightBlue);
             for (idx, cmd) in visible_matches.iter().enumerate() {
-                let (cmd_style, desc_style) = if Some(idx) == self.selected_idx {
-                    (
-                        command_style.bg(Color::DarkGray),
-                        default_style.bg(Color::DarkGray),
-                    )
-                } else {
-                    (command_style, default_style)
-                };
-
                 rows.push(Row::new(vec![
-                    Cell::from(format!("/{}", cmd.command())).style(cmd_style),
-                    Cell::from(cmd.description().to_string()).style(desc_style),
+                    Cell::from(Line::from(vec![
+                        if Some(idx) == self.selected_idx {
+                            Span::styled(
+                                "›",
+                                Style::default().bg(Color::DarkGray).fg(Color::LightCyan),
+                            )
+                        } else {
+                            Span::styled(QUADRANT_LEFT_HALF, Style::default().fg(Color::DarkGray))
+                        },
+                        Span::styled(format!("/{}", cmd.command()), command_style),
+                    ])),
+                    Cell::from(cmd.description().to_string()).style(default_style),
                 ]));
             }
         }
@@ -180,12 +177,13 @@ impl WidgetRef for CommandPopup {
             rows,
             [Constraint::Length(FIRST_COLUMN_WIDTH), Constraint::Min(10)],
         )
-        .column_spacing(0)
-        .block(
-            Block::default()
-                .borders(Borders::ALL)
-                .border_type(BorderType::Rounded),
-        );
+        .column_spacing(0);
+        // .block(
+        //     Block::default()
+        //         .borders(Borders::LEFT)
+        //         .border_type(BorderType::QuadrantOutside)
+        //         .border_style(Style::default().fg(Color::DarkGray)),
+        // );
 
         table.render(area, buf);
     }

codex-rs/tui/src/bottom_pane/file_search_popup.rs

@@ -109,18 +109,14 @@ impl FileSearchPopup {
     }
 
     /// Preferred height (rows) including border.
-    pub(crate) fn calculate_required_height(&self, _area: &Rect) -> u16 {
+    pub(crate) fn calculate_required_height(&self) -> u16 {
         // Row count depends on whether we already have matches. If no matches
         // yet (e.g. initial search or query with no results) reserve a single
         // row so the popup is still visible. When matches are present we show
         // up to MAX_RESULTS regardless of the waiting flag so the list
         // remains stable while a newer search is in-flight.
-        let rows = if self.matches.is_empty() {
-            1
-        } else {
-            self.matches.len().clamp(1, MAX_RESULTS)
-        } as u16;
-        rows + 2 // border
+
+        self.matches.len().clamp(1, MAX_RESULTS) as u16
     }
 }
 
@@ -128,7 +124,14 @@ impl WidgetRef for &FileSearchPopup {
     fn render_ref(&self, area: Rect, buf: &mut Buffer) {
         // Prepare rows.
         let rows: Vec<Row> = if self.matches.is_empty() {
-            vec![Row::new(vec![Cell::from(" no matches ")])]
+            vec![Row::new(vec![
+                Cell::from(if self.waiting {
+                    "(searching …)"
+                } else {
+                    "no matches"
+                })
+                .style(Style::new().add_modifier(Modifier::ITALIC | Modifier::DIM)),
+            ])]
         } else {
             self.matches
                 .iter()
@@ -169,17 +172,12 @@ impl WidgetRef for &FileSearchPopup {
                 .collect()
         };
 
-        let mut title = format!(" @{} ", self.pending_query);
-        if self.waiting {
-            title.push_str(" (searching …)");
-        }
-
         let table = Table::new(rows, vec![Constraint::Percentage(100)])
             .block(
                 Block::default()
-                    .borders(Borders::ALL)
-                    .border_type(BorderType::Rounded)
-                    .title(title),
+                    .borders(Borders::LEFT)
+                    .border_type(BorderType::QuadrantOutside)
+                    .border_style(Style::default().fg(Color::DarkGray)),
             )
             .widths([Constraint::Percentage(100)]);
 

codex-rs/tui/src/bottom_pane/mod.rs

@@ -50,12 +50,18 @@ pub(crate) struct BottomPane<'a> {
 pub(crate) struct BottomPaneParams {
     pub(crate) app_event_tx: AppEventSender,
     pub(crate) has_input_focus: bool,
+    pub(crate) enhanced_keys_supported: bool,
 }
 
 impl BottomPane<'_> {
     pub fn new(params: BottomPaneParams) -> Self {
+        let enhanced_keys_supported = params.enhanced_keys_supported;
         Self {
-            composer: ChatComposer::new(params.has_input_focus, params.app_event_tx.clone()),
+            composer: ChatComposer::new(
+                params.has_input_focus,
+                params.app_event_tx.clone(),
+                enhanced_keys_supported,
+            ),
             active_view: None,
             app_event_tx: params.app_event_tx,
             has_input_focus: params.has_input_focus,
@@ -64,6 +70,13 @@ impl BottomPane<'_> {
         }
     }
 
+    pub fn desired_height(&self, width: u16) -> u16 {
+        self.active_view
+            .as_ref()
+            .map(|v| v.desired_height(width))
+            .unwrap_or(self.composer.desired_height())
+    }
+
     /// Forward a key event to the active view or the composer.
     pub fn handle_key_event(&mut self, key_event: KeyEvent) -> InputResult {
         if let Some(mut view) = self.active_view.take() {
@@ -291,6 +304,7 @@ mod tests {
         let mut pane = BottomPane::new(BottomPaneParams {
             app_event_tx: tx,
             has_input_focus: true,
+            enhanced_keys_supported: false,
         });
         pane.push_approval_request(exec_request());
         assert_eq!(CancellationEvent::Handled, pane.on_ctrl_c());

codex-rs/tui/src/bottom_pane/snapshots/codex_tui__bottom_pane__chat_composer__tests__backspace_after_pastes.snap

@@ -2,13 +2,13 @@
 source: tui/src/bottom_pane/chat_composer.rs
 expression: terminal.backend()
 ---
-"╭──────────────────────────────────────────────────────────────────────────────────────────────────╮"
-"│[Pasted Content 1002 chars][Pasted Content 1004 chars]                                            │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"╰───────────────────────────────────────────────Enter to send | Ctrl+D to quit | Ctrl+J for newline╯"
+"▌[Pasted Content 1002 chars][Pasted Content 1004 chars]                                             "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+" ⏎ send   Ctrl+J newline   Ctrl+C quit                                                              "

codex-rs/tui/src/bottom_pane/snapshots/codex_tui__bottom_pane__chat_composer__tests__empty.snap

@@ -2,13 +2,13 @@
 source: tui/src/bottom_pane/chat_composer.rs
 expression: terminal.backend()
 ---
-"╭──────────────────────────────────────────────────────────────────────────────────────────────────╮"
-"│ send a message                                                                                   │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"╰───────────────────────────────────────────────Enter to send | Ctrl+D to quit | Ctrl+J for newline╯"
+"▌ ...                                                                                               "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+" ⏎ send   Ctrl+J newline   Ctrl+C quit                                                              "

codex-rs/tui/src/bottom_pane/snapshots/codex_tui__bottom_pane__chat_composer__tests__large.snap

@@ -2,13 +2,13 @@
 source: tui/src/bottom_pane/chat_composer.rs
 expression: terminal.backend()
 ---
-"╭──────────────────────────────────────────────────────────────────────────────────────────────────╮"
-"│[Pasted Content 1005 chars]                                                                       │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"╰───────────────────────────────────────────────Enter to send | Ctrl+D to quit | Ctrl+J for newline╯"
+"▌[Pasted Content 1005 chars]                                                                        "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+" ⏎ send   Ctrl+J newline   Ctrl+C quit                                                              "

codex-rs/tui/src/bottom_pane/snapshots/codex_tui__bottom_pane__chat_composer__tests__multiple_pastes.snap

@@ -2,13 +2,13 @@
 source: tui/src/bottom_pane/chat_composer.rs
 expression: terminal.backend()
 ---
-"╭──────────────────────────────────────────────────────────────────────────────────────────────────╮"
-"│[Pasted Content 1003 chars][Pasted Content 1007 chars] another short paste                        │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"╰───────────────────────────────────────────────Enter to send | Ctrl+D to quit | Ctrl+J for newline╯"
+"▌[Pasted Content 1003 chars][Pasted Content 1007 chars] another short paste                         "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+" ⏎ send   Ctrl+J newline   Ctrl+C quit                                                              "

codex-rs/tui/src/bottom_pane/snapshots/codex_tui__bottom_pane__chat_composer__tests__small.snap

@@ -2,13 +2,13 @@
 source: tui/src/bottom_pane/chat_composer.rs
 expression: terminal.backend()
 ---
-"╭──────────────────────────────────────────────────────────────────────────────────────────────────╮"
-"│short                                                                                             │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"│                                                                                                  │"
-"╰───────────────────────────────────────────────Enter to send | Ctrl+D to quit | Ctrl+J for newline╯"
+"▌short                                                                                              "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+"▌                                                                                                   "
+" ⏎ send   Ctrl+J newline   Ctrl+C quit                                                              "

codex-rs/tui/src/bottom_pane/status_indicator_view.rs

@@ -33,6 +33,10 @@ impl BottomPaneView<'_> for StatusIndicatorView {
         true
     }
 
+    fn desired_height(&self, width: u16) -> u16 {
+        self.view.desired_height(width)
+    }
+
     fn render(&self, area: ratatui::layout::Rect, buf: &mut Buffer) {
         self.view.render_ref(area, buf);
     }

codex-rs/tui/src/chatwidget.rs

@@ -1,3 +1,4 @@
+use std::collections::HashMap;
 use std::path::PathBuf;
 use std::sync::Arc;
 use std::time::Duration;
@@ -24,10 +25,13 @@ use codex_core::protocol::PatchApplyBeginEvent;
 use codex_core::protocol::TaskCompleteEvent;
 use codex_core::protocol::TokenUsage;
 use crossterm::event::KeyEvent;
+use crossterm::event::KeyEventKind;
 use ratatui::buffer::Buffer;
 use ratatui::layout::Rect;
+use ratatui::text::Line;
 use ratatui::widgets::Widget;
 use ratatui::widgets::WidgetRef;
+use ratatui::style::Stylize;
 use tokio::sync::mpsc::UnboundedSender;
 use tokio::sync::mpsc::unbounded_channel;
 
@@ -41,9 +45,16 @@ use crate::exec_command::strip_bash_lc_and_escape;
 use crate::history_cell::CommandOutput;
 use crate::history_cell::HistoryCell;
 use crate::history_cell::PatchEventType;
+use crate::markdown::append_markdown;
 use crate::user_approval_widget::ApprovalRequest;
 use codex_file_search::FileMatch;
 
+struct RunningCommand {
+    command: Vec<String>,
+    #[allow(dead_code)]
+    cwd: PathBuf,
+}
+
 pub(crate) struct ChatWidget<'a> {
     app_event_tx: AppEventSender,
     codex_op_tx: UnboundedSender<Op>,
@@ -52,10 +63,14 @@ pub(crate) struct ChatWidget<'a> {
     initial_user_message: Option<UserMessage>,
     token_usage: TokenUsage,
     reasoning_buffer: String,
-    // Buffer for streaming assistant answer text; we do not surface partial
-    // We wait for the final AgentMessage event and then emit the full text
-    // at once into scrollback so the history contains a single message.
+    // Buffer and tracking for streaming assistant reasoning text.
+    reasoning_inserted_lines: usize,
+    reasoning_header_inserted: bool,
+    // Buffer and tracking for streaming assistant answer text.
     answer_buffer: String,
+    answer_inserted_lines: usize,
+    answer_header_inserted: bool,
+    running_commands: HashMap<String, RunningCommand>,
 }
 
 struct UserMessage {
@@ -86,6 +101,7 @@ impl ChatWidget<'_> {
         app_event_tx: AppEventSender,
         initial_prompt: Option<String>,
         initial_images: Vec<PathBuf>,
+        enhanced_keys_supported: bool,
     ) -> Self {
         let (codex_op_tx, mut codex_op_rx) = unbounded_channel::<Op>();
 
@@ -131,6 +147,7 @@ impl ChatWidget<'_> {
             bottom_pane: BottomPane::new(BottomPaneParams {
                 app_event_tx,
                 has_input_focus: true,
+                enhanced_keys_supported,
             }),
             config,
             initial_user_message: create_initial_user_message(
@@ -139,12 +156,29 @@ impl ChatWidget<'_> {
             ),
             token_usage: TokenUsage::default(),
             reasoning_buffer: String::new(),
+            reasoning_inserted_lines: 0,
+            reasoning_header_inserted: false,
             answer_buffer: String::new(),
+            answer_inserted_lines: 0,
+            answer_header_inserted: false,
+            running_commands: HashMap::new(),
         }
     }
 
+    fn render_markdown_line(&self, text: &str) -> Line<'static> {
+        let mut lines = Vec::new();
+        append_markdown(text, &mut lines, &self.config);
+        lines.into_iter().next().unwrap_or_else(|| Line::from(""))
+    }
+
+    pub fn desired_height(&self, width: u16) -> u16 {
+        self.bottom_pane.desired_height(width)
+    }
+
     pub(crate) fn handle_key_event(&mut self, key_event: KeyEvent) {
-        self.bottom_pane.clear_ctrl_c_quit_hint();
+        if key_event.kind == KeyEventKind::Press {
+            self.bottom_pane.clear_ctrl_c_quit_hint();
+        }
 
         match self.bottom_pane.handle_key_event(key_event) {
             InputResult::Submitted(text) => {
@@ -158,6 +192,76 @@ impl ChatWidget<'_> {
         self.bottom_pane.handle_paste(text);
     }
 
+    fn handle_answer_delta(&mut self, delta: &str) {
+        self.answer_buffer.push_str(delta);
+        let lines: Vec<&str> = self.answer_buffer.split('\n').collect();
+        if !self.answer_header_inserted {
+            let first = *lines.first().unwrap_or(&"");
+            let mut initial = vec![Line::from("codex".magenta().bold())];
+            initial.push(self.render_markdown_line(first));
+            self.app_event_tx.send(AppEvent::InsertHistory(initial));
+            self.answer_header_inserted = true;
+            self.answer_inserted_lines = 1;
+        } else {
+            let current_count = lines.len();
+            if current_count > self.answer_inserted_lines {
+                if self.answer_inserted_lines > 0 {
+                    let idx = self.answer_inserted_lines - 1;
+                    let line = self.render_markdown_line(lines[idx]);
+                    self.app_event_tx
+                        .send(AppEvent::OverwriteHistoryLine(line));
+                }
+                for i in self.answer_inserted_lines..current_count {
+                    let line = self.render_markdown_line(lines[i]);
+                    self.app_event_tx
+                        .send(AppEvent::InsertHistory(vec![line]));
+                    self.answer_inserted_lines += 1;
+                }
+            } else if self.answer_inserted_lines > 0 {
+                let idx = self.answer_inserted_lines - 1;
+                let line = self.render_markdown_line(lines[idx]);
+                self.app_event_tx
+                    .send(AppEvent::OverwriteHistoryLine(line));
+            }
+        }
+        self.request_redraw();
+    }
+
+    fn handle_reasoning_delta(&mut self, delta: &str) {
+        self.reasoning_buffer.push_str(delta);
+        let lines: Vec<&str> = self.reasoning_buffer.split('\n').collect();
+        if !self.reasoning_header_inserted {
+            let first = *lines.first().unwrap_or(&"");
+            let mut initial = vec![Line::from("thinking".magenta().italic())];
+            initial.push(self.render_markdown_line(first));
+            self.app_event_tx.send(AppEvent::InsertHistory(initial));
+            self.reasoning_header_inserted = true;
+            self.reasoning_inserted_lines = 1;
+        } else {
+            let current_count = lines.len();
+            if current_count > self.reasoning_inserted_lines {
+                if self.reasoning_inserted_lines > 0 {
+                    let idx = self.reasoning_inserted_lines - 1;
+                    let line = self.render_markdown_line(lines[idx]);
+                    self.app_event_tx
+                        .send(AppEvent::OverwriteHistoryLine(line));
+                }
+                for i in self.reasoning_inserted_lines..current_count {
+                    let line = self.render_markdown_line(lines[i]);
+                    self.app_event_tx
+                        .send(AppEvent::InsertHistory(vec![line]));
+                    self.reasoning_inserted_lines += 1;
+                }
+            } else if self.reasoning_inserted_lines > 0 {
+                let idx = self.reasoning_inserted_lines - 1;
+                let line = self.render_markdown_line(lines[idx]);
+                self.app_event_tx
+                    .send(AppEvent::OverwriteHistoryLine(line));
+            }
+        }
+        self.request_redraw();
+    }
+
     fn add_to_history(&mut self, cell: HistoryCell) {
         self.app_event_tx
             .send(AppEvent::InsertHistory(cell.plain_lines()));
@@ -218,46 +322,67 @@ impl ChatWidget<'_> {
                 self.request_redraw();
             }
             EventMsg::AgentMessage(AgentMessageEvent { message }) => {
-                // Final assistant answer. Prefer the fully provided message
-                // from the event; if it is empty fall back to any accumulated
-                // delta buffer (some providers may only stream deltas and send
-                // an empty final message).
-                let full = if message.is_empty() {
-                    std::mem::take(&mut self.answer_buffer)
+                if self.answer_header_inserted {
+                    if !message.is_empty() && message != self.answer_buffer {
+                        let tail = message
+                            .strip_prefix(&self.answer_buffer)
+                            .unwrap_or(&message);
+                        if !tail.is_empty() {
+                            self.handle_answer_delta(tail);
+                        }
+                    }
+                    self.app_event_tx
+                        .send(AppEvent::InsertHistory(vec![Line::from("")]))
+                        ;
                 } else {
-                    self.answer_buffer.clear();
-                    message
-                };
-                if !full.is_empty() {
-                    self.add_to_history(HistoryCell::new_agent_message(&self.config, full));
+                    let full = if message.is_empty() {
+                        std::mem::take(&mut self.answer_buffer)
+                    } else {
+                        self.answer_buffer.clear();
+                        message
+                    };
+                    if !full.is_empty() {
+                        self.add_to_history(HistoryCell::new_agent_message(&self.config, full));
+                    }
                 }
+                self.answer_buffer.clear();
+                self.answer_inserted_lines = 0;
+                self.answer_header_inserted = false;
                 self.request_redraw();
             }
             EventMsg::AgentMessageDelta(AgentMessageDeltaEvent { delta }) => {
-                // Buffer only – do not emit partial lines. This avoids cases
-                // where long responses appear truncated if the terminal
-                // wrapped early. The full message is emitted on
-                // AgentMessage.
-                self.answer_buffer.push_str(&delta);
+                self.handle_answer_delta(&delta);
             }
             EventMsg::AgentReasoningDelta(AgentReasoningDeltaEvent { delta }) => {
-                // Buffer only – disable incremental reasoning streaming so we
-                // avoid truncated intermediate lines. Full text emitted on
-                // AgentReasoning.
-                self.reasoning_buffer.push_str(&delta);
+                self.handle_reasoning_delta(&delta);
             }
             EventMsg::AgentReasoning(AgentReasoningEvent { text }) => {
-                // Emit full reasoning text once. Some providers might send
-                // final event with empty text if only deltas were used.
-                let full = if text.is_empty() {
-                    std::mem::take(&mut self.reasoning_buffer)
+                if self.reasoning_header_inserted {
+                    if !text.is_empty() && text != self.reasoning_buffer {
+                        let tail = text
+                            .strip_prefix(&self.reasoning_buffer)
+                            .unwrap_or(&text);
+                        if !tail.is_empty() {
+                            self.handle_reasoning_delta(tail);
+                        }
+                    }
+                    self.app_event_tx
+                        .send(AppEvent::InsertHistory(vec![Line::from("")]))
+                        ;
                 } else {
-                    self.reasoning_buffer.clear();
-                    text
-                };
-                if !full.is_empty() {
-                    self.add_to_history(HistoryCell::new_agent_reasoning(&self.config, full));
+                    let full = if text.is_empty() {
+                        std::mem::take(&mut self.reasoning_buffer)
+                    } else {
+                        self.reasoning_buffer.clear();
+                        text
+                    };
+                    if !full.is_empty() {
+                        self.add_to_history(HistoryCell::new_agent_reasoning(&self.config, full));
+                    }
                 }
+                self.reasoning_buffer.clear();
+                self.reasoning_inserted_lines = 0;
+                self.reasoning_header_inserted = false;
                 self.request_redraw();
             }
             EventMsg::TaskStarted => {
@@ -280,6 +405,10 @@ impl ChatWidget<'_> {
                 self.add_to_history(HistoryCell::new_error_event(message.clone()));
                 self.bottom_pane.set_task_running(false);
             }
+            EventMsg::PlanUpdate(update) => {
+                self.add_to_history(HistoryCell::new_plan_update(update));
+                self.request_redraw();
+            }
             EventMsg::ExecApprovalRequest(ExecApprovalRequestEvent {
                 call_id: _,
                 command,
@@ -339,12 +468,18 @@ impl ChatWidget<'_> {
                 self.request_redraw();
             }
             EventMsg::ExecCommandBegin(ExecCommandBeginEvent {
-                call_id: _,
+                call_id,
                 command,
-                cwd: _,
+                cwd,
             }) => {
+                self.running_commands.insert(
+                    call_id,
+                    RunningCommand {
+                        command: command.clone(),
+                        cwd: cwd.clone(),
+                    },
+                );
                 self.add_to_history(HistoryCell::new_active_exec_command(command));
-                self.request_redraw();
             }
             EventMsg::PatchApplyBegin(PatchApplyBeginEvent {
                 call_id: _,
@@ -357,7 +492,6 @@ impl ChatWidget<'_> {
                     PatchEventType::ApplyBegin { auto_approved },
                     changes,
                 ));
-                self.request_redraw();
             }
             EventMsg::ExecCommandEnd(ExecCommandEndEvent {
                 call_id,
@@ -365,8 +499,9 @@ impl ChatWidget<'_> {
                 stdout,
                 stderr,
             }) => {
+                let cmd = self.running_commands.remove(&call_id);
                 self.add_to_history(HistoryCell::new_completed_exec_command(
-                    call_id,
+                    cmd.map(|cmd| cmd.command).unwrap_or_else(|| vec![call_id]),
                     CommandOutput {
                         exit_code,
                         stdout,
@@ -380,7 +515,6 @@ impl ChatWidget<'_> {
                 invocation,
             }) => {
                 self.add_to_history(HistoryCell::new_active_mcp_tool_call(invocation));
-                self.request_redraw();
             }
             EventMsg::McpToolCallEnd(McpToolCallEndEvent {
                 call_id: _,
@@ -415,7 +549,6 @@ impl ChatWidget<'_> {
             }
             event => {
                 self.add_to_history(HistoryCell::new_background_event(format!("{event:?}")));
-                self.request_redraw();
             }
         }
     }
@@ -432,7 +565,6 @@ impl ChatWidget<'_> {
 
     pub(crate) fn add_diff_output(&mut self, diff_output: String) {
         self.add_to_history(HistoryCell::new_diff_output(diff_output.clone()));
-        self.request_redraw();
     }
 
     /// Forward file-search results to the bottom pane.

codex-rs/tui/src/custom_terminal.rs

@@ -0,0 +1,588 @@
+// This is derived from `ratatui::Terminal`, which is licensed under the following terms:
+//
+// The MIT License (MIT)
+// Copyright (c) 2016-2022 Florian Dehau
+// Copyright (c) 2023-2025 The Ratatui Developers
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in all
+// copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+// SOFTWARE.
+use std::io;
+
+use ratatui::backend::Backend;
+use ratatui::backend::ClearType;
+use ratatui::buffer::Buffer;
+use ratatui::layout::Position;
+use ratatui::layout::Rect;
+use ratatui::layout::Size;
+use ratatui::widgets::StatefulWidget;
+use ratatui::widgets::StatefulWidgetRef;
+use ratatui::widgets::Widget;
+use ratatui::widgets::WidgetRef;
+
+#[derive(Debug, Hash)]
+pub struct Frame<'a> {
+    /// Where should the cursor be after drawing this frame?
+    ///
+    /// If `None`, the cursor is hidden and its position is controlled by the backend. If `Some((x,
+    /// y))`, the cursor is shown and placed at `(x, y)` after the call to `Terminal::draw()`.
+    pub(crate) cursor_position: Option<Position>,
+
+    /// The area of the viewport
+    pub(crate) viewport_area: Rect,
+
+    /// The buffer that is used to draw the current frame
+    pub(crate) buffer: &'a mut Buffer,
+
+    /// The frame count indicating the sequence number of this frame.
+    pub(crate) count: usize,
+}
+
+#[allow(dead_code)]
+impl Frame<'_> {
+    /// The area of the current frame
+    ///
+    /// This is guaranteed not to change during rendering, so may be called multiple times.
+    ///
+    /// If your app listens for a resize event from the backend, it should ignore the values from
+    /// the event for any calculations that are used to render the current frame and use this value
+    /// instead as this is the area of the buffer that is used to render the current frame.
+    pub const fn area(&self) -> Rect {
+        self.viewport_area
+    }
+
+    /// Render a [`Widget`] to the current buffer using [`Widget::render`].
+    ///
+    /// Usually the area argument is the size of the current frame or a sub-area of the current
+    /// frame (which can be obtained using [`Layout`] to split the total area).
+    ///
+    /// # Example
+    ///
+    /// ```rust
+    /// # use ratatui::{backend::TestBackend, Terminal};
+    /// # let backend = TestBackend::new(5, 5);
+    /// # let mut terminal = Terminal::new(backend).unwrap();
+    /// # let mut frame = terminal.get_frame();
+    /// use ratatui::{layout::Rect, widgets::Block};
+    ///
+    /// let block = Block::new();
+    /// let area = Rect::new(0, 0, 5, 5);
+    /// frame.render_widget(block, area);
+    /// ```
+    ///
+    /// [`Layout`]: crate::layout::Layout
+    pub fn render_widget<W: Widget>(&mut self, widget: W, area: Rect) {
+        widget.render(area, self.buffer);
+    }
+
+    /// Render a [`WidgetRef`] to the current buffer using [`WidgetRef::render_ref`].
+    ///
+    /// Usually the area argument is the size of the current frame or a sub-area of the current
+    /// frame (which can be obtained using [`Layout`] to split the total area).
+    ///
+    /// # Example
+    ///
+    /// ```rust
+    /// # #[cfg(feature = "unstable-widget-ref")] {
+    /// # use ratatui::{backend::TestBackend, Terminal};
+    /// # let backend = TestBackend::new(5, 5);
+    /// # let mut terminal = Terminal::new(backend).unwrap();
+    /// # let mut frame = terminal.get_frame();
+    /// use ratatui::{layout::Rect, widgets::Block};
+    ///
+    /// let block = Block::new();
+    /// let area = Rect::new(0, 0, 5, 5);
+    /// frame.render_widget_ref(block, area);
+    /// # }
+    /// ```
+    #[allow(clippy::needless_pass_by_value)]
+    pub fn render_widget_ref<W: WidgetRef>(&mut self, widget: W, area: Rect) {
+        widget.render_ref(area, self.buffer);
+    }
+
+    /// Render a [`StatefulWidget`] to the current buffer using [`StatefulWidget::render`].
+    ///
+    /// Usually the area argument is the size of the current frame or a sub-area of the current
+    /// frame (which can be obtained using [`Layout`] to split the total area).
+    ///
+    /// The last argument should be an instance of the [`StatefulWidget::State`] associated to the
+    /// given [`StatefulWidget`].
+    ///
+    /// # Example
+    ///
+    /// ```rust
+    /// # use ratatui::{backend::TestBackend, Terminal};
+    /// # let backend = TestBackend::new(5, 5);
+    /// # let mut terminal = Terminal::new(backend).unwrap();
+    /// # let mut frame = terminal.get_frame();
+    /// use ratatui::{
+    ///     layout::Rect,
+    ///     widgets::{List, ListItem, ListState},
+    /// };
+    ///
+    /// let mut state = ListState::default().with_selected(Some(1));
+    /// let list = List::new(vec![ListItem::new("Item 1"), ListItem::new("Item 2")]);
+    /// let area = Rect::new(0, 0, 5, 5);
+    /// frame.render_stateful_widget(list, area, &mut state);
+    /// ```
+    ///
+    /// [`Layout`]: crate::layout::Layout
+    pub fn render_stateful_widget<W>(&mut self, widget: W, area: Rect, state: &mut W::State)
+    where
+        W: StatefulWidget,
+    {
+        widget.render(area, self.buffer, state);
+    }
+
+    /// Render a [`StatefulWidgetRef`] to the current buffer using
+    /// [`StatefulWidgetRef::render_ref`].
+    ///
+    /// Usually the area argument is the size of the current frame or a sub-area of the current
+    /// frame (which can be obtained using [`Layout`] to split the total area).
+    ///
+    /// The last argument should be an instance of the [`StatefulWidgetRef::State`] associated to
+    /// the given [`StatefulWidgetRef`].
+    ///
+    /// # Example
+    ///
+    /// ```rust
+    /// # #[cfg(feature = "unstable-widget-ref")] {
+    /// # use ratatui::{backend::TestBackend, Terminal};
+    /// # let backend = TestBackend::new(5, 5);
+    /// # let mut terminal = Terminal::new(backend).unwrap();
+    /// # let mut frame = terminal.get_frame();
+    /// use ratatui::{
+    ///     layout::Rect,
+    ///     widgets::{List, ListItem, ListState},
+    /// };
+    ///
+    /// let mut state = ListState::default().with_selected(Some(1));
+    /// let list = List::new(vec![ListItem::new("Item 1"), ListItem::new("Item 2")]);
+    /// let area = Rect::new(0, 0, 5, 5);
+    /// frame.render_stateful_widget_ref(list, area, &mut state);
+    /// # }
+    /// ```
+    #[allow(clippy::needless_pass_by_value)]
+    pub fn render_stateful_widget_ref<W>(&mut self, widget: W, area: Rect, state: &mut W::State)
+    where
+        W: StatefulWidgetRef,
+    {
+        widget.render_ref(area, self.buffer, state);
+    }
+
+    /// After drawing this frame, make the cursor visible and put it at the specified (x, y)
+    /// coordinates. If this method is not called, the cursor will be hidden.
+    ///
+    /// Note that this will interfere with calls to [`Terminal::hide_cursor`],
+    /// [`Terminal::show_cursor`], and [`Terminal::set_cursor_position`]. Pick one of the APIs and
+    /// stick with it.
+    ///
+    /// [`Terminal::hide_cursor`]: crate::Terminal::hide_cursor
+    /// [`Terminal::show_cursor`]: crate::Terminal::show_cursor
+    /// [`Terminal::set_cursor_position`]: crate::Terminal::set_cursor_position
+    pub fn set_cursor_position<P: Into<Position>>(&mut self, position: P) {
+        self.cursor_position = Some(position.into());
+    }
+
+    /// Gets the buffer that this `Frame` draws into as a mutable reference.
+    pub fn buffer_mut(&mut self) -> &mut Buffer {
+        self.buffer
+    }
+
+    /// Returns the current frame count.
+    ///
+    /// This method provides access to the frame count, which is a sequence number indicating
+    /// how many frames have been rendered up to (but not including) this one. It can be used
+    /// for purposes such as animation, performance tracking, or debugging.
+    ///
+    /// Each time a frame has been rendered, this count is incremented,
+    /// providing a consistent way to reference the order and number of frames processed by the
+    /// terminal. When count reaches its maximum value (`usize::MAX`), it wraps around to zero.
+    ///
+    /// This count is particularly useful when dealing with dynamic content or animations where the
+    /// state of the display changes over time. By tracking the frame count, developers can
+    /// synchronize updates or changes to the content with the rendering process.
+    ///
+    /// # Examples
+    ///
+    /// ```rust
+    /// # use ratatui::{backend::TestBackend, Terminal};
+    /// # let backend = TestBackend::new(5, 5);
+    /// # let mut terminal = Terminal::new(backend).unwrap();
+    /// # let mut frame = terminal.get_frame();
+    /// let current_count = frame.count();
+    /// println!("Current frame count: {}", current_count);
+    /// ```
+    pub const fn count(&self) -> usize {
+        self.count
+    }
+}
+
+#[derive(Debug, Default, Clone, Eq, PartialEq, Hash)]
+pub struct Terminal<B>
+where
+    B: Backend,
+{
+    /// The backend used to interface with the terminal
+    backend: B,
+    /// Holds the results of the current and previous draw calls. The two are compared at the end
+    /// of each draw pass to output the necessary updates to the terminal
+    buffers: [Buffer; 2],
+    /// Index of the current buffer in the previous array
+    current: usize,
+    /// Whether the cursor is currently hidden
+    hidden_cursor: bool,
+    /// Area of the viewport
+    pub viewport_area: Rect,
+    /// Last known size of the terminal. Used to detect if the internal buffers have to be resized.
+    pub last_known_screen_size: Size,
+    /// Last known position of the cursor. Used to find the new area when the viewport is inlined
+    /// and the terminal resized.
+    pub last_known_cursor_pos: Position,
+    /// Number of frames rendered up until current time.
+    frame_count: usize,
+}
+
+impl<B> Drop for Terminal<B>
+where
+    B: Backend,
+{
+    #[allow(clippy::print_stderr)]
+    fn drop(&mut self) {
+        // Attempt to restore the cursor state
+        if self.hidden_cursor {
+            if let Err(err) = self.show_cursor() {
+                eprintln!("Failed to show the cursor: {err}");
+            }
+        }
+    }
+}
+
+impl<B> Terminal<B>
+where
+    B: Backend,
+{
+    /// Creates a new [`Terminal`] with the given [`Backend`] and [`TerminalOptions`].
+    ///
+    /// # Example
+    ///
+    /// ```rust
+    /// use std::io::stdout;
+    ///
+    /// use ratatui::{backend::CrosstermBackend, layout::Rect, Terminal, TerminalOptions, Viewport};
+    ///
+    /// let backend = CrosstermBackend::new(stdout());
+    /// let viewport = Viewport::Fixed(Rect::new(0, 0, 10, 10));
+    /// let terminal = Terminal::with_options(backend, TerminalOptions { viewport })?;
+    /// # std::io::Result::Ok(())
+    /// ```
+    pub fn with_options(mut backend: B) -> io::Result<Self> {
+        let screen_size = backend.size()?;
+        let cursor_pos = backend.get_cursor_position()?;
+        Ok(Self {
+            backend,
+            buffers: [
+                Buffer::empty(Rect::new(0, 0, 0, 0)),
+                Buffer::empty(Rect::new(0, 0, 0, 0)),
+            ],
+            current: 0,
+            hidden_cursor: false,
+            viewport_area: Rect::new(0, cursor_pos.y, 0, 0),
+            last_known_screen_size: screen_size,
+            last_known_cursor_pos: cursor_pos,
+            frame_count: 0,
+        })
+    }
+
+    /// Get a Frame object which provides a consistent view into the terminal state for rendering.
+    pub fn get_frame(&mut self) -> Frame {
+        let count = self.frame_count;
+        Frame {
+            cursor_position: None,
+            viewport_area: self.viewport_area,
+            buffer: self.current_buffer_mut(),
+            count,
+        }
+    }
+
+    /// Gets the current buffer as a mutable reference.
+    pub fn current_buffer_mut(&mut self) -> &mut Buffer {
+        &mut self.buffers[self.current]
+    }
+
+    /// Gets the backend
+    pub const fn backend(&self) -> &B {
+        &self.backend
+    }
+
+    /// Gets the backend as a mutable reference
+    pub fn backend_mut(&mut self) -> &mut B {
+        &mut self.backend
+    }
+
+    /// Obtains a difference between the previous and the current buffer and passes it to the
+    /// current backend for drawing.
+    pub fn flush(&mut self) -> io::Result<()> {
+        let previous_buffer = &self.buffers[1 - self.current];
+        let current_buffer = &self.buffers[self.current];
+        let updates = previous_buffer.diff(current_buffer);
+        if let Some((col, row, _)) = updates.last() {
+            self.last_known_cursor_pos = Position { x: *col, y: *row };
+        }
+        self.backend.draw(updates.into_iter())
+    }
+
+    /// Updates the Terminal so that internal buffers match the requested area.
+    ///
+    /// Requested area will be saved to remain consistent when rendering. This leads to a full clear
+    /// of the screen.
+    pub fn resize(&mut self, screen_size: Size) -> io::Result<()> {
+        self.last_known_screen_size = screen_size;
+        Ok(())
+    }
+
+    /// Sets the viewport area.
+    pub fn set_viewport_area(&mut self, area: Rect) {
+        self.buffers[self.current].resize(area);
+        self.buffers[1 - self.current].resize(area);
+        self.viewport_area = area;
+    }
+
+    /// Queries the backend for size and resizes if it doesn't match the previous size.
+    pub fn autoresize(&mut self) -> io::Result<()> {
+        let screen_size = self.size()?;
+        if screen_size != self.last_known_screen_size {
+            self.resize(screen_size)?;
+        }
+        Ok(())
+    }
+
+    /// Draws a single frame to the terminal.
+    ///
+    /// Returns a [`CompletedFrame`] if successful, otherwise a [`std::io::Error`].
+    ///
+    /// If the render callback passed to this method can fail, use [`try_draw`] instead.
+    ///
+    /// Applications should call `draw` or [`try_draw`] in a loop to continuously render the
+    /// terminal. These methods are the main entry points for drawing to the terminal.
+    ///
+    /// [`try_draw`]: Terminal::try_draw
+    ///
+    /// This method will:
+    ///
+    /// - autoresize the terminal if necessary
+    /// - call the render callback, passing it a [`Frame`] reference to render to
+    /// - flush the current internal state by copying the current buffer to the backend
+    /// - move the cursor to the last known position if it was set during the rendering closure
+    ///
+    /// The render callback should fully render the entire frame when called, including areas that
+    /// are unchanged from the previous frame. This is because each frame is compared to the
+    /// previous frame to determine what has changed, and only the changes are written to the
+    /// terminal. If the render callback does not fully render the frame, the terminal will not be
+    /// in a consistent state.
+    ///
+    /// # Examples
+    ///
+    /// ```
+    /// # let backend = ratatui::backend::TestBackend::new(10, 10);
+    /// # let mut terminal = ratatui::Terminal::new(backend)?;
+    /// use ratatui::{layout::Position, widgets::Paragraph};
+    ///
+    /// // with a closure
+    /// terminal.draw(|frame| {
+    ///     let area = frame.area();
+    ///     frame.render_widget(Paragraph::new("Hello World!"), area);
+    ///     frame.set_cursor_position(Position { x: 0, y: 0 });
+    /// })?;
+    ///
+    /// // or with a function
+    /// terminal.draw(render)?;
+    ///
+    /// fn render(frame: &mut ratatui::Frame) {
+    ///     frame.render_widget(Paragraph::new("Hello World!"), frame.area());
+    /// }
+    /// # std::io::Result::Ok(())
+    /// ```
+    pub fn draw<F>(&mut self, render_callback: F) -> io::Result<()>
+    where
+        F: FnOnce(&mut Frame),
+    {
+        self.try_draw(|frame| {
+            render_callback(frame);
+            io::Result::Ok(())
+        })
+    }
+
+    /// Tries to draw a single frame to the terminal.
+    ///
+    /// Returns [`Result::Ok`] containing a [`CompletedFrame`] if successful, otherwise
+    /// [`Result::Err`] containing the [`std::io::Error`] that caused the failure.
+    ///
+    /// This is the equivalent of [`Terminal::draw`] but the render callback is a function or
+    /// closure that returns a `Result` instead of nothing.
+    ///
+    /// Applications should call `try_draw` or [`draw`] in a loop to continuously render the
+    /// terminal. These methods are the main entry points for drawing to the terminal.
+    ///
+    /// [`draw`]: Terminal::draw
+    ///
+    /// This method will:
+    ///
+    /// - autoresize the terminal if necessary
+    /// - call the render callback, passing it a [`Frame`] reference to render to
+    /// - flush the current internal state by copying the current buffer to the backend
+    /// - move the cursor to the last known position if it was set during the rendering closure
+    /// - return a [`CompletedFrame`] with the current buffer and the area of the terminal
+    ///
+    /// The render callback passed to `try_draw` can return any [`Result`] with an error type that
+    /// can be converted into an [`std::io::Error`] using the [`Into`] trait. This makes it possible
+    /// to use the `?` operator to propagate errors that occur during rendering. If the render
+    /// callback returns an error, the error will be returned from `try_draw` as an
+    /// [`std::io::Error`] and the terminal will not be updated.
+    ///
+    /// The [`CompletedFrame`] returned by this method can be useful for debugging or testing
+    /// purposes, but it is often not used in regular applicationss.
+    ///
+    /// The render callback should fully render the entire frame when called, including areas that
+    /// are unchanged from the previous frame. This is because each frame is compared to the
+    /// previous frame to determine what has changed, and only the changes are written to the
+    /// terminal. If the render function does not fully render the frame, the terminal will not be
+    /// in a consistent state.
+    ///
+    /// # Examples
+    ///
+    /// ```should_panic
+    /// # use ratatui::layout::Position;;
+    /// # let backend = ratatui::backend::TestBackend::new(10, 10);
+    /// # let mut terminal = ratatui::Terminal::new(backend)?;
+    /// use std::io;
+    ///
+    /// use ratatui::widgets::Paragraph;
+    ///
+    /// // with a closure
+    /// terminal.try_draw(|frame| {
+    ///     let value: u8 = "not a number".parse().map_err(io::Error::other)?;
+    ///     let area = frame.area();
+    ///     frame.render_widget(Paragraph::new("Hello World!"), area);
+    ///     frame.set_cursor_position(Position { x: 0, y: 0 });
+    ///     io::Result::Ok(())
+    /// })?;
+    ///
+    /// // or with a function
+    /// terminal.try_draw(render)?;
+    ///
+    /// fn render(frame: &mut ratatui::Frame) -> io::Result<()> {
+    ///     let value: u8 = "not a number".parse().map_err(io::Error::other)?;
+    ///     frame.render_widget(Paragraph::new("Hello World!"), frame.area());
+    ///     Ok(())
+    /// }
+    /// # io::Result::Ok(())
+    /// ```
+    pub fn try_draw<F, E>(&mut self, render_callback: F) -> io::Result<()>
+    where
+        F: FnOnce(&mut Frame) -> Result<(), E>,
+        E: Into<io::Error>,
+    {
+        // Autoresize - otherwise we get glitches if shrinking or potential desync between widgets
+        // and the terminal (if growing), which may OOB.
+        self.autoresize()?;
+
+        let mut frame = self.get_frame();
+
+        render_callback(&mut frame).map_err(Into::into)?;
+
+        // We can't change the cursor position right away because we have to flush the frame to
+        // stdout first. But we also can't keep the frame around, since it holds a &mut to
+        // Buffer. Thus, we're taking the important data out of the Frame and dropping it.
+        let cursor_position = frame.cursor_position;
+
+        // Draw to stdout
+        self.flush()?;
+
+        match cursor_position {
+            None => self.hide_cursor()?,
+            Some(position) => {
+                self.show_cursor()?;
+                self.set_cursor_position(position)?;
+            }
+        }
+
+        self.swap_buffers();
+
+        // Flush
+        self.backend.flush()?;
+
+        // increment frame count before returning from draw
+        self.frame_count = self.frame_count.wrapping_add(1);
+
+        Ok(())
+    }
+
+    /// Hides the cursor.
+    pub fn hide_cursor(&mut self) -> io::Result<()> {
+        self.backend.hide_cursor()?;
+        self.hidden_cursor = true;
+        Ok(())
+    }
+
+    /// Shows the cursor.
+    pub fn show_cursor(&mut self) -> io::Result<()> {
+        self.backend.show_cursor()?;
+        self.hidden_cursor = false;
+        Ok(())
+    }
+
+    /// Gets the current cursor position.
+    ///
+    /// This is the position of the cursor after the last draw call.
+    #[allow(dead_code)]
+    pub fn get_cursor_position(&mut self) -> io::Result<Position> {
+        self.backend.get_cursor_position()
+    }
+
+    /// Sets the cursor position.
+    pub fn set_cursor_position<P: Into<Position>>(&mut self, position: P) -> io::Result<()> {
+        let position = position.into();
+        self.backend.set_cursor_position(position)?;
+        self.last_known_cursor_pos = position;
+        Ok(())
+    }
+
+    /// Clear the terminal and force a full redraw on the next draw call.
+    pub fn clear(&mut self) -> io::Result<()> {
+        if self.viewport_area.is_empty() {
+            return Ok(());
+        }
+        self.backend
+            .set_cursor_position(self.viewport_area.as_position())?;
+        self.backend.clear_region(ClearType::AfterCursor)?;
+        // Reset the back buffer to make sure the next update will redraw everything.
+        self.buffers[1 - self.current].reset();
+        Ok(())
+    }
+
+    /// Clears the inactive buffer and swaps it with the current buffer
+    pub fn swap_buffers(&mut self) {
+        self.buffers[1 - self.current].reset();
+        self.current = 1 - self.current;
+    }
+
+    /// Queries the real size of the backend.
+    pub fn size(&self) -> io::Result<Size> {
+        self.backend.size()
+    }
+}

codex-rs/tui/src/history_cell.rs

@@ -1,4 +1,4 @@
-use crate::exec_command::escape_command;
+use crate::exec_command::strip_bash_lc_and_escape;
 use crate::markdown::append_markdown;
 use crate::text_block::TextBlock;
 use crate::text_formatting::format_and_truncate_tool_result;
@@ -9,6 +9,9 @@ use codex_common::summarize_sandbox_policy;
 use codex_core::WireApi;
 use codex_core::config::Config;
 use codex_core::model_supports_reasoning_summaries;
+use codex_core::plan_tool::PlanItemArg;
+use codex_core::plan_tool::StepStatus;
+use codex_core::plan_tool::UpdatePlanArgs;
 use codex_core::protocol::FileChange;
 use codex_core::protocol::McpInvocation;
 use codex_core::protocol::SessionConfiguredEvent;
@@ -109,6 +112,10 @@ pub(crate) enum HistoryCell {
     /// behaviour of `ActiveExecCommand` so the user sees *what* patch the
     /// model wants to apply before being prompted to approve or deny it.
     PendingPatch { view: TextBlock },
+
+    /// A human‑friendly rendering of the model's current plan and step
+    /// statuses provided via the `update_plan` tool.
+    PlanUpdate { view: TextBlock },
 }
 
 const TOOL_CALL_MAX_LINES: usize = 5;
@@ -130,6 +137,7 @@ impl HistoryCell {
             | HistoryCell::CompletedExecCommand { view }
             | HistoryCell::CompletedMcpToolCall { view }
             | HistoryCell::PendingPatch { view }
+            | HistoryCell::PlanUpdate { view }
             | HistoryCell::ActiveExecCommand { view, .. }
             | HistoryCell::ActiveMcpToolCall { view, .. } => {
                 view.lines.iter().map(line_to_static).collect()
@@ -246,7 +254,7 @@ impl HistoryCell {
     }
 
     pub(crate) fn new_active_exec_command(command: Vec<String>) -> Self {
-        let command_escaped = escape_command(&command);
+        let command_escaped = strip_bash_lc_and_escape(&command);
 
         let lines: Vec<Line<'static>> = vec![
             Line::from(vec!["command".magenta(), " running...".dim()]),
@@ -259,7 +267,7 @@ impl HistoryCell {
         }
     }
 
-    pub(crate) fn new_completed_exec_command(command: String, output: CommandOutput) -> Self {
+    pub(crate) fn new_completed_exec_command(command: Vec<String>, output: CommandOutput) -> Self {
         let CommandOutput {
             exit_code,
             stdout,
@@ -283,7 +291,8 @@ impl HistoryCell {
 
         let src = if exit_code == 0 { stdout } else { stderr };
 
-        lines.push(Line::from(format!("$ {command}")));
+        let cmdline = strip_bash_lc_and_escape(&command);
+        lines.push(Line::from(format!("$ {cmdline}")));
         let mut lines_iter = src.lines();
         for raw in lines_iter.by_ref().take(TOOL_CALL_MAX_LINES) {
             lines.push(ansi_escape_line(raw).dim());
@@ -476,6 +485,94 @@ impl HistoryCell {
         }
     }
 
+    /// Render a user‑friendly plan update with colourful status icons and a
+    /// simple progress indicator so users can follow along.
+    pub(crate) fn new_plan_update(update: UpdatePlanArgs) -> Self {
+        let UpdatePlanArgs { explanation, plan } = update;
+
+        let mut lines: Vec<Line<'static>> = Vec::new();
+
+        // Title
+        lines.push(Line::from("plan".magenta().bold()));
+
+        if !plan.is_empty() {
+            // Progress bar – show completed/total with a visual bar
+            let total = plan.len();
+            let completed = plan
+                .iter()
+                .filter(|p| matches!(p.status, StepStatus::Completed))
+                .count();
+            let width: usize = 20;
+            let filled = (completed * width + total / 2) / total;
+            let empty = width.saturating_sub(filled);
+            let mut bar_spans: Vec<Span> = Vec::new();
+            if filled > 0 {
+                bar_spans.push(Span::styled(
+                    "█".repeat(filled),
+                    Style::default().fg(Color::Green),
+                ));
+            }
+            if empty > 0 {
+                bar_spans.push(Span::styled(
+                    "░".repeat(empty),
+                    Style::default().fg(Color::Gray),
+                ));
+            }
+            let progress_prefix = Span::raw("progress [");
+            let progress_suffix = Span::raw("] ");
+            let fraction = Span::raw(format!("{completed}/{total}"));
+            let mut progress_line_spans = vec![progress_prefix];
+            progress_line_spans.extend(bar_spans);
+            progress_line_spans.push(progress_suffix);
+            progress_line_spans.push(fraction);
+            lines.push(Line::from(progress_line_spans));
+        }
+
+        // Optional explanation/note from the model
+        if let Some(expl) = explanation.and_then(|s| {
+            let t = s.trim().to_string();
+            if t.is_empty() { None } else { Some(t) }
+        }) {
+            lines.push(Line::from("note".gray().italic()));
+            for l in expl.lines() {
+                lines.push(Line::from(l.to_string()).gray());
+            }
+        }
+
+        // Steps (1‑based numbering) with fun, readable status icons
+        if plan.is_empty() {
+            lines.push(Line::from("(no steps provided)".gray().italic()));
+        } else {
+            for (idx, PlanItemArg { step, status }) in plan.into_iter().enumerate() {
+                let num = idx + 1;
+                let (icon, style): (&str, Style) = match status {
+                    StepStatus::Completed => ("✓", Style::default().fg(Color::Green)),
+                    StepStatus::InProgress => (
+                        "▶",
+                        Style::default()
+                            .fg(Color::Yellow)
+                            .add_modifier(Modifier::BOLD),
+                    ),
+                    StepStatus::Pending => ("○", Style::default().fg(Color::Gray)),
+                };
+                let prefix = vec![
+                    Span::raw(format!("{num:>2}. [")),
+                    Span::styled(icon.to_string(), style),
+                    Span::raw("] "),
+                ];
+                let mut spans = prefix;
+                spans.push(Span::raw(step));
+                lines.push(Line::from(spans));
+            }
+        }
+
+        lines.push(Line::from(""));
+
+        HistoryCell::PlanUpdate {
+            view: TextBlock::new(lines),
+        }
+    }
+
     /// Create a new `PendingPatch` cell that lists the file‑level summary of
     /// a proposed patch. The summary lines should already be formatted (e.g.
     /// "A path/to/file.rs").

codex-rs/tui/src/insert_history.rs

@@ -4,6 +4,8 @@ use std::io::Write;
 
 use crate::tui;
 use crossterm::Command;
+use crossterm::cursor::MoveTo;
+use crossterm::cursor::MoveToColumn;
 use crossterm::queue;
 use crossterm::style::Color as CColor;
 use crossterm::style::Colors;
@@ -12,7 +14,8 @@ use crossterm::style::SetAttribute;
 use crossterm::style::SetBackgroundColor;
 use crossterm::style::SetColors;
 use crossterm::style::SetForegroundColor;
-use ratatui::layout::Position;
+use crossterm::terminal::Clear;
+use crossterm::terminal::ClearType;
 use ratatui::layout::Size;
 use ratatui::prelude::Backend;
 use ratatui::style::Color;
@@ -23,6 +26,7 @@ use ratatui::text::Span;
 /// Insert `lines` above the viewport.
 pub(crate) fn insert_history_lines(terminal: &mut tui::Tui, lines: Vec<Line>) {
     let screen_size = terminal.backend().size().unwrap_or(Size::new(0, 0));
+    let cursor_pos = terminal.get_cursor_position().ok();
 
     let mut area = terminal.get_frame().area();
 
@@ -35,12 +39,12 @@ pub(crate) fn insert_history_lines(terminal: &mut tui::Tui, lines: Vec<Line>) {
             .backend_mut()
             .scroll_region_down(area.top()..screen_size.height, scroll_amount)
             .ok();
-        let cursor_top = area.top() - 1;
+        let cursor_top = area.top().saturating_sub(1);
         area.y += scroll_amount;
         terminal.set_viewport_area(area);
         cursor_top
     } else {
-        area.top() - 1
+        area.top().saturating_sub(1)
     };
 
     // Limit the scroll region to the lines from the top of the screen to the
@@ -60,9 +64,10 @@ pub(crate) fn insert_history_lines(terminal: &mut tui::Tui, lines: Vec<Line>) {
     // └──────────────────────────────┘
     queue!(std::io::stdout(), SetScrollRegion(1..area.top())).ok();
 
-    terminal
-        .set_cursor_position(Position::new(0, cursor_top))
-        .ok();
+    // NB: we are using MoveTo instead of set_cursor_position here to avoid messing with the
+    // terminal's last_known_cursor_position, which hopefully will still be accurate after we
+    // fetch/restore the cursor position. insert_history_lines should be cursor-position-neutral :)
+    queue!(std::io::stdout(), MoveTo(0, cursor_top)).ok();
 
     for line in lines {
         queue!(std::io::stdout(), Print("\r\n")).ok();
@@ -70,6 +75,22 @@ pub(crate) fn insert_history_lines(terminal: &mut tui::Tui, lines: Vec<Line>) {
     }
 
     queue!(std::io::stdout(), ResetScrollRegion).ok();
+
+    // Restore the cursor position to where it was before we started.
+    if let Some(cursor_pos) = cursor_pos {
+        queue!(std::io::stdout(), MoveTo(cursor_pos.x, cursor_pos.y)).ok();
+    }
+}
+
+/// Overwrite the current line in the history area with new content.
+pub(crate) fn overwrite_last_history_line(line: Line) {
+    queue!(
+        std::io::stdout(),
+        MoveToColumn(0),
+        Clear(ClearType::CurrentLine)
+    )
+    .ok();
+    write_spans(&mut std::io::stdout(), line.iter()).ok();
 }
 
 fn wrapped_line_count(lines: &[Line], width: u16) -> u16 {

codex-rs/tui/src/lib.rs

@@ -25,6 +25,7 @@ mod bottom_pane;
 mod chatwidget;
 mod citation_regex;
 mod cli;
+mod custom_terminal;
 mod exec_command;
 mod file_search;
 mod get_git_diff;
@@ -74,7 +75,7 @@ pub async fn run_main(
             config_profile: cli.config_profile.clone(),
             codex_linux_sandbox_exe,
             base_instructions: None,
-            include_plan_tool: None,
+            include_plan_tool: Some(true),
         };
         // Parse `-c` overrides from the CLI.
         let cli_kv_overrides = match cli.config_overrides.parse_overrides() {
@@ -175,9 +176,13 @@ fn run_ratatui_app(
     color_eyre::install()?;
 
     // Forward panic reports through tracing so they appear in the UI status
-    // line instead of interleaving raw panic output with the interface.
-    std::panic::set_hook(Box::new(|info| {
+    // line, but do not swallow the default/color-eyre panic handler.
+    // Chain to the previous hook so users still get a rich panic report
+    // (including backtraces) after we restore the terminal.
+    let prev_hook = std::panic::take_hook();
+    std::panic::set_hook(Box::new(move |info| {
         tracing::error!("panic: {info}");
+        prev_hook(info);
     }));
     let mut terminal = tui::init(&config)?;
     terminal.clear()?;
@@ -221,7 +226,7 @@ fn should_show_login_screen(config: &Config) -> bool {
         // Reading the OpenAI API key is an async operation because it may need
         // to refresh the token. Block on it.
         let codex_home = config.codex_home.clone();
-        match load_auth(&codex_home) {
+        match load_auth(&codex_home, true) {
             Ok(Some(_)) => false,
             Ok(None) => true,
             Err(err) => {

codex-rs/tui/src/slash_command.rs

@@ -15,6 +15,8 @@ pub enum SlashCommand {
     New,
     Diff,
     Quit,
+    #[cfg(debug_assertions)]
+    TestApproval,
 }
 
 impl SlashCommand {
@@ -26,6 +28,8 @@ impl SlashCommand {
             SlashCommand::Diff => {
                 "Show git diff of the working directory (including untracked files)"
             }
+            #[cfg(debug_assertions)]
+            SlashCommand::TestApproval => "Test approval request",
         }
     }
 

codex-rs/tui/src/status_indicator_widget.rs

@@ -73,6 +73,10 @@ impl StatusIndicatorWidget {
         }
     }
 
+    pub fn desired_height(&self, _width: u16) -> u16 {
+        1
+    }
+
     /// Update the line that is displayed in the widget.
     pub(crate) fn update_text(&mut self, text: String) {
         self.text = text.replace(['\n', '\r'], " ");
@@ -91,8 +95,8 @@ impl WidgetRef for StatusIndicatorWidget {
         let widget_style = Style::default();
         let block = Block::default()
             .padding(Padding::new(1, 0, 0, 0))
-            .borders(Borders::ALL)
-            .border_type(BorderType::Rounded)
+            .borders(Borders::LEFT)
+            .border_type(BorderType::QuadrantOutside)
             .border_style(widget_style.dim());
         // Animated 3‑dot pattern inside brackets. The *active* dot is bold
         // white, the others are dim.

codex-rs/tui/src/tui.rs

@@ -5,14 +5,16 @@ use std::io::stdout;
 use codex_core::config::Config;
 use crossterm::event::DisableBracketedPaste;
 use crossterm::event::EnableBracketedPaste;
-use ratatui::Terminal;
-use ratatui::TerminalOptions;
-use ratatui::Viewport;
+use crossterm::event::KeyboardEnhancementFlags;
+use crossterm::event::PopKeyboardEnhancementFlags;
+use crossterm::event::PushKeyboardEnhancementFlags;
 use ratatui::backend::CrosstermBackend;
 use ratatui::crossterm::execute;
 use ratatui::crossterm::terminal::disable_raw_mode;
 use ratatui::crossterm::terminal::enable_raw_mode;
 
+use crate::custom_terminal::Terminal;
+
 /// A type alias for the terminal type used in this application
 pub type Tui = Terminal<CrosstermBackend<Stdout>>;
 
@@ -21,21 +23,21 @@ pub fn init(_config: &Config) -> Result<Tui> {
     execute!(stdout(), EnableBracketedPaste)?;
 
     enable_raw_mode()?;
+    // Enable keyboard enhancement flags so modifiers for keys like Enter are disambiguated.
+    // chat_composer.rs is using a keyboard event listener to enter for any modified keys
+    // to create a new line that require this.
+    execute!(
+        stdout(),
+        PushKeyboardEnhancementFlags(
+            KeyboardEnhancementFlags::DISAMBIGUATE_ESCAPE_CODES
+                | KeyboardEnhancementFlags::REPORT_EVENT_TYPES
+                | KeyboardEnhancementFlags::REPORT_ALTERNATE_KEYS
+        )
+    )?;
     set_panic_hook();
 
-    // Reserve a fixed number of lines for the interactive viewport (composer,
-    // status, popups). History is injected above using `insert_before`. This
-    // is an initial step of the refactor – later the height can become
-    // dynamic. For now a conservative default keeps enough room for the
-    // multi‑line composer while not occupying the whole screen.
-    const BOTTOM_VIEWPORT_HEIGHT: u16 = 8;
     let backend = CrosstermBackend::new(stdout());
-    let tui = Terminal::with_options(
-        backend,
-        TerminalOptions {
-            viewport: Viewport::Inline(BOTTOM_VIEWPORT_HEIGHT),
-        },
-    )?;
+    let tui = Terminal::with_options(backend)?;
     Ok(tui)
 }
 
@@ -49,6 +51,7 @@ fn set_panic_hook() {
 
 /// Restore the terminal to its original state
 pub fn restore() -> Result<()> {
+    execute!(stdout(), PopKeyboardEnhancementFlags)?;
     execute!(stdout(), DisableBracketedPaste)?;
     disable_raw_mode()?;
     Ok(())

codex-rs/tui/src/user_approval_widget.rs

@@ -7,25 +7,24 @@
 //! driven workflow – a fully‑fledged visual match is not required.
 
 use std::path::PathBuf;
+use std::sync::LazyLock;
 
 use codex_core::protocol::Op;
 use codex_core::protocol::ReviewDecision;
 use crossterm::event::KeyCode;
 use crossterm::event::KeyEvent;
+use crossterm::event::KeyEventKind;
 use ratatui::buffer::Buffer;
 use ratatui::layout::Rect;
 use ratatui::prelude::*;
 use ratatui::text::Line;
-use ratatui::text::Span;
 use ratatui::widgets::Block;
 use ratatui::widgets::BorderType;
 use ratatui::widgets::Borders;
-use ratatui::widgets::List;
 use ratatui::widgets::Paragraph;
 use ratatui::widgets::Widget;
 use ratatui::widgets::WidgetRef;
-use tui_input::Input;
-use tui_input::backend::crossterm::EventHandler;
+use ratatui::widgets::Wrap;
 
 use crate::app_event::AppEvent;
 use crate::app_event_sender::AppEventSender;
@@ -49,68 +48,62 @@ pub(crate) enum ApprovalRequest {
 
 /// Options displayed in the *select* mode.
 struct SelectOption {
-    label: &'static str,
-    decision: Option<ReviewDecision>,
-    /// `true` when this option switches the widget to *input* mode.
-    enters_input_mode: bool,
+    label: Line<'static>,
+    description: &'static str,
+    key: KeyCode,
+    decision: ReviewDecision,
 }
 
-// keep in same order as in the TS implementation
-const SELECT_OPTIONS: &[SelectOption] = &[
-    SelectOption {
-        label: "Yes (y)",
-        decision: Some(ReviewDecision::Approved),
+static COMMAND_SELECT_OPTIONS: LazyLock<Vec<SelectOption>> = LazyLock::new(|| {
+    vec![
+        SelectOption {
+            label: Line::from(vec!["Y".underlined(), "es".into()]),
+            description: "Approve and run the command",
+            key: KeyCode::Char('y'),
+            decision: ReviewDecision::Approved,
+        },
+        SelectOption {
+            label: Line::from(vec!["A".underlined(), "lways".into()]),
+            description: "Approve the command for the remainder of this session",
+            key: KeyCode::Char('a'),
+            decision: ReviewDecision::ApprovedForSession,
+        },
+        SelectOption {
+            label: Line::from(vec!["N".underlined(), "o".into()]),
+            description: "Do not run the command",
+            key: KeyCode::Char('n'),
+            decision: ReviewDecision::Denied,
+        },
+    ]
+});
 
-        enters_input_mode: false,
-    },
-    SelectOption {
-        label: "Yes, always approve this exact command for this session (a)",
-        decision: Some(ReviewDecision::ApprovedForSession),
-
-        enters_input_mode: false,
-    },
-    SelectOption {
-        label: "Edit or give feedback (e)",
-        decision: None,
-
-        enters_input_mode: true,
-    },
-    SelectOption {
-        label: "No, and keep going (n)",
-        decision: Some(ReviewDecision::Denied),
-
-        enters_input_mode: false,
-    },
-    SelectOption {
-        label: "No, and stop for now (esc)",
-        decision: Some(ReviewDecision::Abort),
-
-        enters_input_mode: false,
-    },
-];
-
-/// Internal mode the widget is in – mirrors the TypeScript component.
-#[derive(Debug, Clone, Copy, PartialEq, Eq)]
-enum Mode {
-    Select,
-    Input,
-}
+static PATCH_SELECT_OPTIONS: LazyLock<Vec<SelectOption>> = LazyLock::new(|| {
+    vec![
+        SelectOption {
+            label: Line::from(vec!["Y".underlined(), "es".into()]),
+            description: "Approve and apply the changes",
+            key: KeyCode::Char('y'),
+            decision: ReviewDecision::Approved,
+        },
+        SelectOption {
+            label: Line::from(vec!["N".underlined(), "o".into()]),
+            description: "Do not apply the changes",
+            key: KeyCode::Char('n'),
+            decision: ReviewDecision::Denied,
+        },
+    ]
+});
 
 /// A modal prompting the user to approve or deny the pending request.
 pub(crate) struct UserApprovalWidget<'a> {
     approval_request: ApprovalRequest,
     app_event_tx: AppEventSender,
     confirmation_prompt: Paragraph<'a>,
+    select_options: &'a Vec<SelectOption>,
 
     /// Currently selected index in *select* mode.
     selected_option: usize,
 
-    /// State for the optional input widget.
-    input: Input,
-
-    /// Current mode.
-    mode: Mode,
-
     /// Set to `true` once a decision has been sent – the parent view can then
     /// remove this widget from its queue.
     done: bool,
@@ -118,7 +111,6 @@ pub(crate) struct UserApprovalWidget<'a> {
 
 impl UserApprovalWidget<'_> {
     pub(crate) fn new(approval_request: ApprovalRequest, app_event_tx: AppEventSender) -> Self {
-        let input = Input::default();
         let confirmation_prompt = match &approval_request {
             ApprovalRequest::Exec {
                 command,
@@ -134,26 +126,20 @@ impl UserApprovalWidget<'_> {
                     None => cwd.display().to_string(),
                 };
                 let mut contents: Vec<Line> = vec![
-                    Line::from("Shell Command".bold()),
-                    Line::from(""),
-                    Line::from(vec![
-                        format!("{cwd_str}$").dim(),
-                        Span::from(format!(" {cmd}")),
-                    ]),
+                    Line::from(vec!["codex".bold().magenta(), " wants to run:".into()]),
+                    Line::from(vec![cwd_str.dim(), "$".into(), format!(" {cmd}").into()]),
                     Line::from(""),
                 ];
                 if let Some(reason) = reason {
                     contents.push(Line::from(reason.clone().italic()));
                     contents.push(Line::from(""));
                 }
-                contents.extend(vec![Line::from("Allow command?"), Line::from("")]);
-                Paragraph::new(contents)
+                Paragraph::new(contents).wrap(Wrap { trim: false })
             }
             ApprovalRequest::ApplyPatch {
                 reason, grant_root, ..
             } => {
-                let mut contents: Vec<Line> =
-                    vec![Line::from("Apply patch".bold()), Line::from("")];
+                let mut contents: Vec<Line> = vec![];
 
                 if let Some(r) = reason {
                     contents.push(Line::from(r.clone().italic()));
@@ -168,20 +154,19 @@ impl UserApprovalWidget<'_> {
                     contents.push(Line::from(""));
                 }
 
-                contents.push(Line::from("Allow changes?"));
-                contents.push(Line::from(""));
-
-                Paragraph::new(contents)
+                Paragraph::new(contents).wrap(Wrap { trim: false })
             }
         };
 
         Self {
+            select_options: match &approval_request {
+                ApprovalRequest::Exec { .. } => &COMMAND_SELECT_OPTIONS,
+                ApprovalRequest::ApplyPatch { .. } => &PATCH_SELECT_OPTIONS,
+            },
             approval_request,
             app_event_tx,
             confirmation_prompt,
             selected_option: 0,
-            input,
-            mode: Mode::Select,
             done: false,
         }
     }
@@ -197,9 +182,8 @@ impl UserApprovalWidget<'_> {
     /// captures input while visible, we don’t need to report whether the event
     /// was consumed—callers can assume it always is.
     pub(crate) fn handle_key_event(&mut self, key: KeyEvent) {
-        match self.mode {
-            Mode::Select => self.handle_select_key(key),
-            Mode::Input => self.handle_input_key(key),
+        if key.kind == KeyEventKind::Press {
+            self.handle_select_key(key);
         }
     }
 
@@ -211,58 +195,24 @@ impl UserApprovalWidget<'_> {
 
     fn handle_select_key(&mut self, key_event: KeyEvent) {
         match key_event.code {
-            KeyCode::Up => {
-                if self.selected_option == 0 {
-                    self.selected_option = SELECT_OPTIONS.len() - 1;
-                } else {
-                    self.selected_option -= 1;
-                }
+            KeyCode::Left => {
+                self.selected_option = (self.selected_option + self.select_options.len() - 1)
+                    % self.select_options.len();
             }
-            KeyCode::Down => {
-                self.selected_option = (self.selected_option + 1) % SELECT_OPTIONS.len();
-            }
-            KeyCode::Char('y') => {
-                self.send_decision(ReviewDecision::Approved);
-            }
-            KeyCode::Char('a') => {
-                self.send_decision(ReviewDecision::ApprovedForSession);
-            }
-            KeyCode::Char('n') => {
-                self.send_decision(ReviewDecision::Denied);
-            }
-            KeyCode::Char('e') => {
-                self.mode = Mode::Input;
+            KeyCode::Right => {
+                self.selected_option = (self.selected_option + 1) % self.select_options.len();
             }
             KeyCode::Enter => {
-                let opt = &SELECT_OPTIONS[self.selected_option];
-                if opt.enters_input_mode {
-                    self.mode = Mode::Input;
-                } else if let Some(decision) = opt.decision {
-                    self.send_decision(decision);
-                }
+                let opt = &self.select_options[self.selected_option];
+                self.send_decision(opt.decision);
             }
             KeyCode::Esc => {
                 self.send_decision(ReviewDecision::Abort);
             }
-            _ => {}
-        }
-    }
-
-    fn handle_input_key(&mut self, key_event: KeyEvent) {
-        // Handle special keys first.
-        match key_event.code {
-            KeyCode::Enter => {
-                let feedback = self.input.value().to_string();
-                self.send_decision_with_feedback(ReviewDecision::Denied, feedback);
-            }
-            KeyCode::Esc => {
-                // Cancel input – treat as deny without feedback.
-                self.send_decision(ReviewDecision::Denied);
-            }
-            _ => {
-                // Feed into input widget for normal editing.
-                let ct_event = crossterm::event::Event::Key(key_event);
-                self.input.handle_event(&ct_event);
+            other => {
+                if let Some(opt) = self.select_options.iter().find(|opt| opt.key == other) {
+                    self.send_decision(opt.decision);
+                }
             }
         }
     }
@@ -313,79 +263,70 @@ impl UserApprovalWidget<'_> {
     pub(crate) fn is_complete(&self) -> bool {
         self.done
     }
-}
 
-const PLAIN: Style = Style::new();
-const BLUE_FG: Style = Style::new().fg(Color::Blue);
+    pub(crate) fn desired_height(&self, width: u16) -> u16 {
+        self.get_confirmation_prompt_height(width) + self.select_options.len() as u16
+    }
+}
 
 impl WidgetRef for &UserApprovalWidget<'_> {
     fn render_ref(&self, area: Rect, buf: &mut Buffer) {
-        // Take the area, wrap it in a block with a border, and divide up the
-        // remaining area into two chunks: one for the confirmation prompt and
-        // one for the response.
-        let outer = Block::default()
-            .title("Review")
-            .borders(Borders::ALL)
-            .border_type(BorderType::Rounded);
-        let inner = outer.inner(area);
-
-        // Determine how many rows we can allocate for the static confirmation
-        // prompt while *always* keeping enough space for the interactive
-        // response area (select list or input field). When the full prompt
-        // would exceed the available height we truncate it so the response
-        // options never get pushed out of view. This keeps the approval modal
-        // usable even when the overall bottom viewport is small.
-
-        // Full height of the prompt (may be larger than the available area).
-        let full_prompt_height = self.get_confirmation_prompt_height(inner.width);
-
-        // Minimum rows that must remain for the interactive section.
-        let min_response_rows = match self.mode {
-            Mode::Select => SELECT_OPTIONS.len() as u16,
-            // In input mode we need exactly two rows: one for the guidance
-            // prompt and one for the single-line input field.
-            Mode::Input => 2,
-        };
-
-        // Clamp prompt height so confirmation + response never exceed the
-        // available space. `saturating_sub` avoids underflow when the area is
-        // too small even for the minimal layout – in this unlikely case we
-        // fall back to zero-height prompt so at least the options are
-        // visible.
-        let prompt_height = full_prompt_height.min(inner.height.saturating_sub(min_response_rows));
-
-        let chunks = Layout::default()
+        let prompt_height = self.get_confirmation_prompt_height(area.width);
+        let [prompt_chunk, response_chunk] = Layout::default()
             .direction(Direction::Vertical)
             .constraints([Constraint::Length(prompt_height), Constraint::Min(0)])
-            .split(inner);
-        let prompt_chunk = chunks[0];
-        let response_chunk = chunks[1];
+            .areas(area);
 
-        // Build the inner lines based on the mode. Collect them into a List of
-        // non-wrapping lines rather than a Paragraph for predictable layout.
-        let lines = match self.mode {
-            Mode::Select => SELECT_OPTIONS
-                .iter()
-                .enumerate()
-                .map(|(idx, opt)| {
-                    let (prefix, style) = if idx == self.selected_option {
-                        ("▶", BLUE_FG)
-                    } else {
-                        (" ", PLAIN)
-                    };
-                    Line::styled(format!("  {prefix} {}", opt.label), style)
-                })
-                .collect(),
-            Mode::Input => {
-                vec![
-                    Line::from("Give the model feedback on this command:"),
-                    Line::from(self.input.value()),
-                ]
-            }
+        let lines: Vec<Line> = self
+            .select_options
+            .iter()
+            .enumerate()
+            .map(|(idx, opt)| {
+                let style = if idx == self.selected_option {
+                    Style::new().bg(Color::Cyan).fg(Color::Black)
+                } else {
+                    Style::new().bg(Color::DarkGray)
+                };
+                opt.label.clone().alignment(Alignment::Center).style(style)
+            })
+            .collect();
+
+        let [title_area, button_area, description_area] = Layout::vertical([
+            Constraint::Length(1),
+            Constraint::Length(1),
+            Constraint::Min(0),
+        ])
+        .areas(response_chunk.inner(Margin::new(1, 0)));
+        let title = match &self.approval_request {
+            ApprovalRequest::Exec { .. } => "Allow command?",
+            ApprovalRequest::ApplyPatch { .. } => "Apply changes?",
         };
+        Line::from(title).render(title_area, buf);
 
-        outer.render(area, buf);
         self.confirmation_prompt.clone().render(prompt_chunk, buf);
-        Widget::render(List::new(lines), response_chunk, buf);
+        let areas = Layout::horizontal(
+            lines
+                .iter()
+                .map(|l| Constraint::Length(l.width() as u16 + 2)),
+        )
+        .spacing(1)
+        .split(button_area);
+        for (idx, area) in areas.iter().enumerate() {
+            let line = &lines[idx];
+            line.render(*area, buf);
+        }
+
+        Line::from(self.select_options[self.selected_option].description)
+            .style(Style::new().italic().fg(Color::DarkGray))
+            .render(description_area.inner(Margin::new(1, 0)), buf);
+
+        Block::bordered()
+            .border_type(BorderType::QuadrantOutside)
+            .border_style(Style::default().fg(Color::Cyan))
+            .borders(Borders::LEFT)
+            .render_ref(
+                Rect::new(0, response_chunk.y, 1, response_chunk.height),
+                buf,
+            );
     }
 }