[codex] add consolidation module extension paths

.bazelrc

@@ -44,7 +44,6 @@ common --remote_timeout=3600
 common --noexperimental_throttle_remote_action_building
 common --experimental_remote_execution_keepalive
 common --grpc_keepalive_time=30s
-common --experimental_remote_downloader=grpcs://remote.buildbuddy.io
 
 # This limits both in-flight executions and concurrent downloads. Even with high number
 # of jobs execution will still be limited by CPU cores, so this just pays a bit of
@@ -77,44 +76,6 @@ common:ci-bazel --build_metadata=TAG_workflow=bazel
 build:clippy --aspects=@rules_rust//rust:defs.bzl%rust_clippy_aspect
 build:clippy --output_groups=+clippy_checks
 build:clippy --@rules_rust//rust/settings:clippy.toml=//codex-rs:clippy.toml
-# Keep this deny-list in sync with `codex-rs/Cargo.toml` `[workspace.lints.clippy]`.
-# Cargo applies those lint levels to member crates that opt into `[lints] workspace = true`
-# in their own `Cargo.toml`, but `rules_rust` Bazel clippy does not read Cargo lint levels.
-# `clippy.toml` can configure lint behavior, but it cannot set allow/warn/deny/forbid levels.
-build:clippy --@rules_rust//rust/settings:clippy_flag=-Dwarnings
-build:clippy --@rules_rust//rust/settings:clippy_flag=--deny=clippy::expect_used
-build:clippy --@rules_rust//rust/settings:clippy_flag=--deny=clippy::identity_op
-build:clippy --@rules_rust//rust/settings:clippy_flag=--deny=clippy::manual_clamp
-build:clippy --@rules_rust//rust/settings:clippy_flag=--deny=clippy::manual_filter
-build:clippy --@rules_rust//rust/settings:clippy_flag=--deny=clippy::manual_find
-build:clippy --@rules_rust//rust/settings:clippy_flag=--deny=clippy::manual_flatten
-build:clippy --@rules_rust//rust/settings:clippy_flag=--deny=clippy::manual_map
-build:clippy --@rules_rust//rust/settings:clippy_flag=--deny=clippy::manual_memcpy
-build:clippy --@rules_rust//rust/settings:clippy_flag=--deny=clippy::manual_non_exhaustive
-build:clippy --@rules_rust//rust/settings:clippy_flag=--deny=clippy::manual_ok_or
-build:clippy --@rules_rust//rust/settings:clippy_flag=--deny=clippy::manual_range_contains
-build:clippy --@rules_rust//rust/settings:clippy_flag=--deny=clippy::manual_retain
-build:clippy --@rules_rust//rust/settings:clippy_flag=--deny=clippy::manual_strip
-build:clippy --@rules_rust//rust/settings:clippy_flag=--deny=clippy::manual_try_fold
-build:clippy --@rules_rust//rust/settings:clippy_flag=--deny=clippy::manual_unwrap_or
-build:clippy --@rules_rust//rust/settings:clippy_flag=--deny=clippy::needless_borrow
-build:clippy --@rules_rust//rust/settings:clippy_flag=--deny=clippy::needless_borrowed_reference
-build:clippy --@rules_rust//rust/settings:clippy_flag=--deny=clippy::needless_collect
-build:clippy --@rules_rust//rust/settings:clippy_flag=--deny=clippy::needless_late_init
-build:clippy --@rules_rust//rust/settings:clippy_flag=--deny=clippy::needless_option_as_deref
-build:clippy --@rules_rust//rust/settings:clippy_flag=--deny=clippy::needless_question_mark
-build:clippy --@rules_rust//rust/settings:clippy_flag=--deny=clippy::needless_update
-build:clippy --@rules_rust//rust/settings:clippy_flag=--deny=clippy::redundant_clone
-build:clippy --@rules_rust//rust/settings:clippy_flag=--deny=clippy::redundant_closure
-build:clippy --@rules_rust//rust/settings:clippy_flag=--deny=clippy::redundant_closure_for_method_calls
-build:clippy --@rules_rust//rust/settings:clippy_flag=--deny=clippy::redundant_static_lifetimes
-build:clippy --@rules_rust//rust/settings:clippy_flag=--deny=clippy::trivially_copy_pass_by_ref
-build:clippy --@rules_rust//rust/settings:clippy_flag=--deny=clippy::uninlined_format_args
-build:clippy --@rules_rust//rust/settings:clippy_flag=--deny=clippy::unnecessary_filter_map
-build:clippy --@rules_rust//rust/settings:clippy_flag=--deny=clippy::unnecessary_lazy_evaluations
-build:clippy --@rules_rust//rust/settings:clippy_flag=--deny=clippy::unnecessary_sort_by
-build:clippy --@rules_rust//rust/settings:clippy_flag=--deny=clippy::unnecessary_to_owned
-build:clippy --@rules_rust//rust/settings:clippy_flag=--deny=clippy::unwrap_used
 
 # Shared config for Bazel-backed argument-comment-lint.
 build:argument-comment-lint --aspects=//tools/argument-comment-lint:lint_aspect.bzl%rust_argument_comment_lint_aspect
@@ -125,6 +86,7 @@ build:argument-comment-lint --@rules_rust//rust/toolchain/channel=nightly
 common:ci-windows --config=ci-bazel
 common:ci-windows --build_metadata=TAG_os=windows
 common:ci-windows --repo_contents_cache=D:/a/.cache/bazel-repo-contents-cache
+common:ci-windows --repository_cache=D:/a/.cache/bazel-repo-cache
 
 # We prefer to run the build actions entirely remotely so we can dial up the concurrency.
 # We have platform-specific tests, so we want to execute the tests on all platforms using the strongest sandboxing available on each platform.

.codex/skills/babysit-pr/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: babysit-pr
-description: Babysit a GitHub pull request after creation by continuously polling review comments, CI checks/workflow runs, and mergeability state until the PR is merged/closed or user help is required. Diagnose failures, retry likely flaky failures up to 3 times, auto-fix/push branch-related issues when appropriate, and keep watching open PRs so fresh review feedback is surfaced promptly. Use when the user asks Codex to monitor a PR, watch CI, handle review comments, or keep an eye on failures and feedback on an open PR.
+description: Babysit a GitHub pull request after creation by continuously polling CI checks/workflow runs, new review comments, and mergeability state until the PR is ready to merge (or merged/closed). Diagnose failures, retry likely flaky failures up to 3 times, auto-fix/push branch-related issues when appropriate, and stop only when user help is required (for example CI infrastructure issues, exhausted flaky retries, or ambiguous/blocking situations). Use when the user asks Codex to monitor a PR, watch CI, handle review comments, or keep an eye on failures and feedback on an open PR.
 ---
 
 # PR Babysitter
@@ -9,8 +9,8 @@ description: Babysit a GitHub pull request after creation by continuously pollin
 Babysit a PR persistently until one of these terminal outcomes occurs:
 
 - The PR is merged or closed.
+- CI is successful, there are no unaddressed review comments surfaced by the watcher, required review approval is not blocking merge, and there are no potential merge conflicts (PR is mergeable / not reporting conflict risk).
 - A situation requires user help (for example CI infrastructure issues, repeated flaky failures after retry budget is exhausted, permission problems, or ambiguity that cannot be resolved safely).
-- Optional handoff milestone: the PR is currently green + mergeable + review-clean. Treat this as a progress state, not a watcher stop, so late-arriving review comments are still surfaced promptly while the PR remains open.
 
 Do not stop merely because a single snapshot returns `idle` while checks are still pending.
 
@@ -24,7 +24,7 @@ Accept any of the following:
 ## Core Workflow
 
 1. When the user asks to "monitor"/"watch"/"babysit" a PR, start with the watcher's continuous mode (`--watch`) unless you are intentionally doing a one-shot diagnostic snapshot.
-2. Run the watcher script to snapshot PR/review/CI state (or consume each streamed snapshot from `--watch`).
+2. Run the watcher script to snapshot PR/CI/review state (or consume each streamed snapshot from `--watch`).
 3. Inspect the `actions` list in the JSON response.
 4. If `diagnose_ci_failure` is present, inspect failed run logs and classify the failure.
 5. If the failure is likely caused by the current branch, patch code locally, commit, and push.
@@ -33,10 +33,10 @@ Accept any of the following:
 8. If a review item from another author is non-actionable, already addressed, or not valid, post one reply on the comment/thread explaining that decision (for example answering the question or explaining why no change is needed). If the watcher later surfaces your own reply, treat that self-authored item as already handled and do not reply again.
 9. If the failure is likely flaky/unrelated and `retry_failed_checks` is present, rerun failed jobs with `--retry-failed-now`.
 10. If both actionable review feedback and `retry_failed_checks` are present, prioritize review feedback first; a new commit will retrigger CI, so avoid rerunning flaky checks on the old SHA unless you intentionally defer the review change.
-11. On every loop, look for newly surfaced review feedback before acting on CI failures or mergeability state, then verify mergeability / merge-conflict status (for example via `gh pr view`) alongside CI.
+11. On every loop, verify mergeability / merge-conflict status (for example via `gh pr view`) in addition to CI and review state.
 12. After any push or rerun action, immediately return to step 1 and continue polling on the updated SHA/state.
 13. If you had been using `--watch` before pausing to patch/commit/push, relaunch `--watch` yourself in the same turn immediately after the push (do not wait for the user to re-invoke the skill).
-14. Repeat polling until `stop_pr_closed` appears or a user-help-required blocker is reached. A green + review-clean + mergeable PR is a progress milestone, not a reason to stop the watcher while the PR is still open.
+14. Repeat polling until the PR is green + review-clean + mergeable, `stop_pr_closed` appears, or a user-help-required blocker is reached.
 15. Maintain terminal/session ownership: while babysitting is active, keep consuming watcher output in the same turn; do not leave a detached `--watch` process running and then end the turn as if monitoring were complete.
 
 ## Commands
@@ -131,7 +131,7 @@ Use this loop in a live Codex session:
 8. Retry failed checks only when `retry_failed_checks` is present and you are not about to replace the current SHA with a review/CI fix commit.
 9. If you pushed a commit, resolved a review thread, replied to a review comment, or triggered a rerun, report the action briefly and continue polling (do not stop).
 10. After a review-fix push, proactively restart continuous monitoring (`--watch`) in the same turn unless a strict stop condition has already been reached.
-11. If everything is passing, mergeable, not blocked on required review approval, and there are no unaddressed review items, report that the PR is currently ready to merge but keep the watcher running so new review comments are surfaced quickly while the PR remains open.
+11. If everything is passing, mergeable, not blocked on required review approval, and there are no unaddressed review items, report success and stop.
 12. If blocked on a user-help-required issue (infra outage, exhausted flaky retries, unclear reviewer request, permissions), report the blocker and stop.
 13. Otherwise sleep according to the polling cadence below and repeat.
 
@@ -141,18 +141,19 @@ Do not hand control back to the user after a review-fix push just because a new
 If a `--watch` process is still running and no strict stop condition has been reached, the babysitting task is still in progress; keep streaming/consuming watcher output instead of ending the turn.
 
 ## Polling Cadence
-Keep review polling aggressive and continue monitoring even after CI turns green:
+Use adaptive polling and continue monitoring even after CI turns green:
 
 - While CI is not green (pending/running/queued or failing): poll every 1 minute.
-- After CI turns green: keep polling at the base cadence while the PR remains open so newly posted review comments are surfaced promptly instead of waiting on a long green-state backoff.
-- Reset the cadence immediately whenever anything changes (new commit/SHA, check status changes, new review comments, mergeability changes, review decision changes).
-- If CI stops being green again (new commit, rerun, or regression): stay on the base polling cadence.
+- After CI turns green: start at every 1 minute, then back off exponentially when there is no change (for example 1m, 2m, 4m, 8m, 16m, 32m), capping at every 1 hour.
+- Reset the green-state polling interval back to 1 minute whenever anything changes (new commit/SHA, check status changes, new review comments, mergeability changes, review decision changes).
+- If CI stops being green again (new commit, rerun, or regression): return to 1-minute polling.
 - If any poll shows the PR is merged or otherwise closed: stop polling immediately and report the terminal state.
 
 ## Stop Conditions (Strict)
 Stop only when one of the following is true:
 
 - PR merged or closed (stop as soon as a poll/snapshot confirms this).
+- PR is ready to merge: CI succeeded, no surfaced unaddressed review comments, not blocked on required review approval, and no merge conflict risk.
 - User intervention is required and Codex cannot safely proceed alone.
 
 Keep polling when:
@@ -161,14 +162,14 @@ Keep polling when:
 - CI is still running/queued.
 - Review state is quiet but CI is not terminal.
 - CI is green but mergeability is unknown/pending.
-- CI is green and mergeable, but the PR is still open and you are waiting for possible new review comments or merge-conflict changes.
-- The PR is green but blocked on review approval (`REVIEW_REQUIRED` / similar); continue polling at the base cadence and surface any new review comments without asking for confirmation to keep watching.
+- CI is green and mergeable, but the PR is still open and you are waiting for possible new review comments or merge-conflict changes per the green-state cadence.
+- The PR is green but blocked on review approval (`REVIEW_REQUIRED` / similar); continue polling on the green-state cadence and surface any new review comments without asking for confirmation to keep watching.
 
 ## Output Expectations
 Provide concise progress updates while monitoring and a final summary that includes:
 
 - During long unchanged monitoring periods, avoid emitting a full update on every poll; summarize only status changes plus occasional heartbeat updates.
-- Treat push confirmations, intermediate CI snapshots, ready-to-merge snapshots, and review-action updates as progress updates only; do not emit the final summary or end the babysitting session unless a strict stop condition is met.
+- Treat push confirmations, intermediate CI snapshots, and review-action updates as progress updates only; do not emit the final summary or end the babysitting session unless a strict stop condition is met.
 - A user request to "monitor" is not satisfied by a couple of sample polls; remain in the loop until a strict stop condition or an explicit user interruption.
 - A review-fix commit + push is not a completion event; immediately resume live monitoring (`--watch`) in the same turn and continue reporting progress updates.
 - When CI first transitions to all green for the current SHA, emit a one-time celebratory progress update (do not repeat it on every green poll). Preferred style: `🚀 CI is all green! 33/33 passed. Still on watch for review approval.`

.codex/skills/babysit-pr/agents/openai.yaml

@@ -1,4 +1,4 @@
 interface:
   display_name: "PR Babysitter"
-  short_description: "Watch PR review comments, CI, and merge conflicts"
-  default_prompt: "Babysit the current PR: monitor reviewer comments, CI, and merge-conflict status (prefer the watcher’s --watch mode for live monitoring); surface new review feedback before acting on CI or mergeability work, fix valid issues, push updates, and rerun flaky failures up to 3 times. Keep exactly one watcher session active for the PR (do not leave duplicate --watch terminals running). If you pause monitoring to patch review/CI feedback, restart --watch yourself immediately after the push in the same turn. If a watcher is still running and no strict stop condition has been reached, the task is still in progress: keep consuming watcher output and sending progress updates instead of ending the turn. Do not treat a green + mergeable PR as a terminal stop while it is still open; continue polling autonomously after any push/rerun so newly posted review comments are surfaced until a strict terminal stop condition is reached or the user interrupts."
+  short_description: "Watch PR CI, reviews, and merge conflicts"
+  default_prompt: "Babysit the current PR: monitor CI, reviewer comments, and merge-conflict status (prefer the watcher’s --watch mode for live monitoring); fix valid issues, push updates, and rerun flaky failures up to 3 times. Keep exactly one watcher session active for the PR (do not leave duplicate --watch terminals running). If you pause monitoring to patch review/CI feedback, restart --watch yourself immediately after the push in the same turn. If a watcher is still running and no strict stop condition has been reached, the task is still in progress: keep consuming watcher output and sending progress updates instead of ending the turn. Continue polling autonomously after any push/rerun until a strict terminal stop condition is reached or the user interrupts."

.codex/skills/babysit-pr/scripts/gh_pr_watch.py

@@ -45,6 +45,7 @@ MERGE_CONFLICT_OR_BLOCKING_STATES = {
     "DRAFT",
     "UNKNOWN",
 }
+GREEN_STATE_MAX_POLL_SECONDS = 60 * 60
 
 
 class GhCommandError(RuntimeError):
@@ -577,7 +578,7 @@ def recommend_actions(pr, checks_summary, failed_runs, new_review_items, retries
         return unique_actions(actions)
 
     if is_pr_ready_to_merge(pr, checks_summary, new_review_items):
-        actions.append("ready_to_merge")
+        actions.append("stop_ready_to_merge")
         return unique_actions(actions)
 
     if new_review_items:
@@ -605,6 +606,12 @@ def collect_snapshot(args):
     if not state.get("started_at"):
         state["started_at"] = int(time.time())
 
+    # `gh pr checks -R <repo>` requires an explicit PR/branch/url argument.
+    # After resolving `--pr auto`, reuse the concrete PR number.
+    checks = get_pr_checks(str(pr["number"]), repo=pr["repo"])
+    checks_summary = summarize_checks(checks)
+    workflow_runs = get_workflow_runs_for_sha(pr["repo"], pr["head_sha"])
+    failed_runs = failed_runs_from_workflow_runs(workflow_runs, pr["head_sha"])
     authenticated_login = get_authenticated_login()
     new_review_items = fetch_new_review_items(
         pr,
@@ -612,15 +619,6 @@ def collect_snapshot(args):
         fresh_state=fresh_state,
         authenticated_login=authenticated_login,
     )
-    # Surface review feedback before drilling into CI and mergeability details.
-    # That keeps the babysitter responsive to new comments even when other
-    # actions are also available.
-    # `gh pr checks -R <repo>` requires an explicit PR/branch/url argument.
-    # After resolving `--pr auto`, reuse the concrete PR number.
-    checks = get_pr_checks(str(pr["number"]), repo=pr["repo"])
-    checks_summary = summarize_checks(checks)
-    workflow_runs = get_workflow_runs_for_sha(pr["repo"], pr["head_sha"])
-    failed_runs = failed_runs_from_workflow_runs(workflow_runs, pr["head_sha"])
 
     retries_used = current_retry_count(state, pr["head_sha"])
     actions = recommend_actions(
@@ -763,6 +761,7 @@ def run_watch(args):
         if (
             "stop_pr_closed" in actions
             or "stop_exhausted_retries" in actions
+            or "stop_ready_to_merge" in actions
         ):
             print_event("stop", {"actions": snapshot.get("actions"), "pr": snapshot.get("pr")})
             return 0
@@ -770,13 +769,13 @@ def run_watch(args):
         current_change_key = snapshot_change_key(snapshot)
         changed = current_change_key != last_change_key
         green = is_ci_green(snapshot)
-        pr = snapshot.get("pr") or {}
-        pr_open = not bool(pr.get("closed")) and not bool(pr.get("merged"))
 
-        if not green or pr_open:
+        if not green:
             poll_seconds = args.poll_seconds
         elif changed or last_change_key is None:
             poll_seconds = args.poll_seconds
+        else:
+            poll_seconds = min(poll_seconds * 2, GREEN_STATE_MAX_POLL_SECONDS)
 
         last_change_key = current_change_key
         time.sleep(poll_seconds)

.codex/skills/babysit-pr/scripts/test_gh_pr_watch.py

@@ -1,155 +0,0 @@
-import argparse
-import importlib.util
-from pathlib import Path
-
-import pytest
-
-
-MODULE_PATH = Path(__file__).with_name("gh_pr_watch.py")
-MODULE_SPEC = importlib.util.spec_from_file_location("gh_pr_watch", MODULE_PATH)
-gh_pr_watch = importlib.util.module_from_spec(MODULE_SPEC)
-assert MODULE_SPEC.loader is not None
-MODULE_SPEC.loader.exec_module(gh_pr_watch)
-
-
-def sample_pr():
-    return {
-        "number": 123,
-        "url": "https://github.com/openai/codex/pull/123",
-        "repo": "openai/codex",
-        "head_sha": "abc123",
-        "head_branch": "feature",
-        "state": "OPEN",
-        "merged": False,
-        "closed": False,
-        "mergeable": "MERGEABLE",
-        "merge_state_status": "CLEAN",
-        "review_decision": "",
-    }
-
-
-def sample_checks(**overrides):
-    checks = {
-        "pending_count": 0,
-        "failed_count": 0,
-        "passed_count": 12,
-        "all_terminal": True,
-    }
-    checks.update(overrides)
-    return checks
-
-
-def test_collect_snapshot_fetches_review_items_before_ci(monkeypatch, tmp_path):
-    call_order = []
-    pr = sample_pr()
-
-    monkeypatch.setattr(gh_pr_watch, "resolve_pr", lambda *args, **kwargs: pr)
-    monkeypatch.setattr(gh_pr_watch, "load_state", lambda path: ({}, True))
-    monkeypatch.setattr(
-        gh_pr_watch,
-        "get_authenticated_login",
-        lambda: call_order.append("auth") or "octocat",
-    )
-    monkeypatch.setattr(
-        gh_pr_watch,
-        "fetch_new_review_items",
-        lambda *args, **kwargs: call_order.append("review") or [],
-    )
-    monkeypatch.setattr(
-        gh_pr_watch,
-        "get_pr_checks",
-        lambda *args, **kwargs: call_order.append("checks") or [],
-    )
-    monkeypatch.setattr(
-        gh_pr_watch,
-        "summarize_checks",
-        lambda checks: call_order.append("summarize") or sample_checks(),
-    )
-    monkeypatch.setattr(
-        gh_pr_watch,
-        "get_workflow_runs_for_sha",
-        lambda *args, **kwargs: call_order.append("workflow") or [],
-    )
-    monkeypatch.setattr(
-        gh_pr_watch,
-        "failed_runs_from_workflow_runs",
-        lambda *args, **kwargs: call_order.append("failed_runs") or [],
-    )
-    monkeypatch.setattr(
-        gh_pr_watch,
-        "recommend_actions",
-        lambda *args, **kwargs: call_order.append("recommend") or ["idle"],
-    )
-    monkeypatch.setattr(gh_pr_watch, "save_state", lambda *args, **kwargs: None)
-
-    args = argparse.Namespace(
-        pr="123",
-        repo=None,
-        state_file=str(tmp_path / "watcher-state.json"),
-        max_flaky_retries=3,
-    )
-
-    gh_pr_watch.collect_snapshot(args)
-
-    assert call_order.index("review") < call_order.index("checks")
-    assert call_order.index("review") < call_order.index("workflow")
-
-
-def test_recommend_actions_prioritizes_review_comments():
-    actions = gh_pr_watch.recommend_actions(
-        sample_pr(),
-        sample_checks(failed_count=1),
-        [{"run_id": 99}],
-        [{"kind": "review_comment", "id": "1"}],
-        0,
-        3,
-    )
-
-    assert actions == [
-        "process_review_comment",
-        "diagnose_ci_failure",
-        "retry_failed_checks",
-    ]
-
-
-def test_run_watch_keeps_polling_open_ready_to_merge_pr(monkeypatch):
-    sleeps = []
-    events = []
-    snapshot = {
-        "pr": sample_pr(),
-        "checks": sample_checks(),
-        "failed_runs": [],
-        "new_review_items": [],
-        "actions": ["ready_to_merge"],
-        "retry_state": {
-            "current_sha_retries_used": 0,
-            "max_flaky_retries": 3,
-        },
-    }
-
-    monkeypatch.setattr(
-        gh_pr_watch,
-        "collect_snapshot",
-        lambda args: (snapshot, Path("/tmp/codex-babysit-pr-state.json")),
-    )
-    monkeypatch.setattr(
-        gh_pr_watch,
-        "print_event",
-        lambda event, payload: events.append((event, payload)),
-    )
-
-    class StopWatch(Exception):
-        pass
-
-    def fake_sleep(seconds):
-        sleeps.append(seconds)
-        if len(sleeps) >= 2:
-            raise StopWatch
-
-    monkeypatch.setattr(gh_pr_watch.time, "sleep", fake_sleep)
-
-    with pytest.raises(StopWatch):
-        gh_pr_watch.run_watch(argparse.Namespace(poll_seconds=30))
-
-    assert sleeps == [30, 30]
-    assert [event for event, _ in events] == ["snapshot", "snapshot"]

.github/actions/setup-bazel-ci/action.yml

@@ -9,9 +9,9 @@ inputs:
     required: false
     default: "false"
 outputs:
-  repository-cache-path:
-    description: Filesystem path used for the Bazel repository cache.
-    value: ${{ steps.configure_bazel_repository_cache.outputs.repository-cache-path }}
+  cache-hit:
+    description: Whether the Bazel repository cache key was restored exactly.
+    value: ${{ steps.cache_bazel_repository_restore.outputs.cache-hit }}
 
 runs:
   using: composite
@@ -41,16 +41,17 @@ runs:
     - name: Set up Bazel
       uses: bazelbuild/setup-bazelisk@v3
 
-    - name: Configure Bazel repository cache
-      id: configure_bazel_repository_cache
-      shell: pwsh
-      run: |
-        # Keep the repository cache under HOME on all runners. Windows `D:\a`
-        # cache paths match `.bazelrc`, but `actions/cache/restore` currently
-        # returns HTTP 400 for that path in the Windows clippy job.
-        $repositoryCachePath = Join-Path $HOME '.cache/bazel-repo-cache'
-        "repository-cache-path=$repositoryCachePath" | Out-File -FilePath $env:GITHUB_OUTPUT -Encoding utf8 -Append
-        "BAZEL_REPOSITORY_CACHE=$repositoryCachePath" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
+    # Restore bazel repository cache so we don't have to redownload all the external dependencies
+    # on every CI run.
+    - name: Restore bazel repository cache
+      id: cache_bazel_repository_restore
+      uses: actions/cache/restore@v5
+      with:
+        path: |
+          ~/.cache/bazel-repo-cache
+        key: bazel-cache-${{ inputs.target }}-${{ hashFiles('MODULE.bazel', 'codex-rs/Cargo.lock', 'codex-rs/Cargo.toml') }}
+        restore-keys: |
+          bazel-cache-${{ inputs.target }}
 
     - name: Configure Bazel output root (Windows)
       if: runner.os == 'Windows'
@@ -59,68 +60,8 @@ runs:
         # Use the shortest available drive to reduce argv/path length issues,
         # but avoid the drive root because some Windows test launchers mis-handle
         # MANIFEST paths there.
-        $hasDDrive = Test-Path 'D:\'
-        $bazelOutputUserRoot = if ($hasDDrive) { 'D:\b' } else { 'C:\b' }
-        $repoContentsCache = Join-Path $env:RUNNER_TEMP "bazel-repo-contents-cache-$env:GITHUB_RUN_ID-$env:GITHUB_JOB"
+        $bazelOutputUserRoot = if (Test-Path 'D:\') { 'D:\b' } else { 'C:\b' }
         "BAZEL_OUTPUT_USER_ROOT=$bazelOutputUserRoot" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
-        "BAZEL_REPO_CONTENTS_CACHE=$repoContentsCache" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
-
-    - name: Expose MSVC SDK environment (Windows)
-      if: runner.os == 'Windows'
-      shell: pwsh
-      run: |
-        # Bazel exec-side Rust build scripts do not reliably inherit the MSVC developer
-        # shell on GitHub-hosted Windows runners, so discover the latest VS install and
-        # ask `VsDevCmd.bat` to materialize the x64/x64 compiler + SDK environment.
-        $vswhere = "${env:ProgramFiles(x86)}\Microsoft Visual Studio\Installer\vswhere.exe"
-        if (-not (Test-Path $vswhere)) {
-          throw "vswhere.exe not found"
-        }
-
-        $installPath = & $vswhere -latest -products * -requires Microsoft.VisualStudio.Component.VC.Tools.x86.x64 -property installationPath 2>$null
-        if (-not $installPath) {
-          throw "Could not locate a Visual Studio installation with VC tools"
-        }
-
-        $vsDevCmd = Join-Path $installPath 'Common7\Tools\VsDevCmd.bat'
-        if (-not (Test-Path $vsDevCmd)) {
-          throw "VsDevCmd.bat not found at $vsDevCmd"
-        }
-
-        # Keep the export surface explicit: these are the paths and SDK roots that the
-        # MSVC toolchain probes need later when Bazel runs Windows exec-platform build
-        # scripts such as `aws-lc-sys`.
-        $varsToExport = @(
-          'INCLUDE',
-          'LIB',
-          'LIBPATH',
-          'PATH',
-          'UCRTVersion',
-          'UniversalCRTSdkDir',
-          'VCINSTALLDIR',
-          'VCToolsInstallDir',
-          'WindowsLibPath',
-          'WindowsSdkBinPath',
-          'WindowsSdkDir',
-          'WindowsSDKLibVersion',
-          'WindowsSDKVersion'
-        )
-
-        # `VsDevCmd.bat` is a batch file, so invoke it under `cmd.exe`, suppress its
-        # banner, then dump the resulting environment with `set`. Re-export only the
-        # approved keys into `GITHUB_ENV` so later steps inherit the same MSVC context.
-        $envLines = & cmd.exe /c ('"{0}" -no_logo -arch=x64 -host_arch=x64 >nul && set' -f $vsDevCmd)
-        foreach ($line in $envLines) {
-          if ($line -notmatch '^(.*?)=(.*)$') {
-            continue
-          }
-
-          $name = $matches[1]
-          $value = $matches[2]
-          if ($varsToExport -contains $name) {
-            "$name=$value" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append
-          }
-        }
 
     - name: Enable Git long paths (Windows)
       if: runner.os == 'Windows'

.github/scripts/run-argument-comment-lint-bazel.sh

@@ -1,115 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-ci_config=ci-linux
-case "${RUNNER_OS:-}" in
-  macOS)
-    ci_config=ci-macos
-    ;;
-  Windows)
-    ci_config=ci-windows
-    ;;
-esac
-
-bazel_lint_args=("$@")
-if [[ "${RUNNER_OS:-}" == "Windows" ]]; then
-  has_host_platform_override=0
-  for arg in "${bazel_lint_args[@]}"; do
-    if [[ "$arg" == --host_platform=* ]]; then
-      has_host_platform_override=1
-      break
-    fi
-  done
-
-  if [[ $has_host_platform_override -eq 0 ]]; then
-    # The nightly Windows lint toolchain is registered with an MSVC exec
-    # platform even though the lint target platform stays on `windows-gnullvm`.
-    # Override the host platform here so the exec-side helper binaries actually
-    # match the registered toolchain set.
-    bazel_lint_args+=("--host_platform=//:local_windows_msvc")
-  fi
-
-  # Native Windows lint runs need exec-side Rust helper binaries and proc-macros
-  # to use rust-lld instead of the C++ linker path. The default `none`
-  # preference resolves to `cc` when a cc_toolchain is present, which currently
-  # routes these exec actions through clang++ with an argument shape it cannot
-  # consume.
-  bazel_lint_args+=("--@rules_rust//rust/settings:toolchain_linker_preference=rust")
-
-  # Some Rust top-level targets are still intentionally incompatible with the
-  # local Windows MSVC exec platform. Skip those explicit targets so the native
-  # lint aspect can run across the compatible crate graph instead of failing the
-  # whole build after analysis.
-  bazel_lint_args+=("--skip_incompatible_explicit_targets")
-fi
-
-bazel_startup_args=()
-if [[ -n "${BAZEL_OUTPUT_USER_ROOT:-}" ]]; then
-  bazel_startup_args+=("--output_user_root=${BAZEL_OUTPUT_USER_ROOT}")
-fi
-
-run_bazel() {
-  if [[ "${RUNNER_OS:-}" == "Windows" ]]; then
-    MSYS2_ARG_CONV_EXCL='*' bazel "$@"
-    return
-  fi
-
-  bazel "$@"
-}
-
-run_bazel_with_startup_args() {
-  if [[ ${#bazel_startup_args[@]} -gt 0 ]]; then
-    run_bazel "${bazel_startup_args[@]}" "$@"
-    return
-  fi
-
-  run_bazel "$@"
-}
-
-read_query_labels() {
-  local query="$1"
-  local query_stdout
-  local query_stderr
-  query_stdout="$(mktemp)"
-  query_stderr="$(mktemp)"
-
-  if ! run_bazel_with_startup_args \
-    --noexperimental_remote_repo_contents_cache \
-    query \
-    --keep_going \
-    --output=label \
-    "$query" >"$query_stdout" 2>"$query_stderr"; then
-    cat "$query_stderr" >&2
-    rm -f "$query_stdout" "$query_stderr"
-    exit 1
-  fi
-
-  cat "$query_stdout"
-  rm -f "$query_stdout" "$query_stderr"
-}
-
-final_build_targets=(//codex-rs/...)
-if [[ "${RUNNER_OS:-}" == "Windows" ]]; then
-  # Bazel's local Windows platform currently lacks a default test toolchain for
-  # `rust_test`, so target the concrete Rust crate rules directly. The lint
-  # aspect still walks their crate graph, which preserves incremental reuse for
-  # non-test code while avoiding non-Rust wrapper targets such as platform_data.
-  final_build_targets=()
-  while IFS= read -r label; do
-    [[ -n "$label" ]] || continue
-    final_build_targets+=("$label")
-  done < <(read_query_labels 'kind("rust_(library|binary|proc_macro) rule", //codex-rs/...)')
-
-  if [[ ${#final_build_targets[@]} -eq 0 ]]; then
-    echo "Failed to discover Windows Bazel lint targets." >&2
-    exit 1
-  fi
-fi
-
-./.github/scripts/run-bazel-ci.sh \
-  -- \
-  build \
-  "${bazel_lint_args[@]}" \
-  -- \
-  "${final_build_targets[@]}"

.github/scripts/run-bazel-ci.sh

@@ -5,7 +5,6 @@ set -euo pipefail
 print_failed_bazel_test_logs=0
 use_node_test_env=0
 remote_download_toplevel=0
-windows_msvc_host_platform=0
 
 while [[ $# -gt 0 ]]; do
   case "$1" in
@@ -21,10 +20,6 @@ while [[ $# -gt 0 ]]; do
       remote_download_toplevel=1
       shift
       ;;
-    --windows-msvc-host-platform)
-      windows_msvc_host_platform=1
-      shift
-      ;;
     --)
       shift
       break
@@ -37,7 +32,7 @@ while [[ $# -gt 0 ]]; do
 done
 
 if [[ $# -eq 0 ]]; then
-  echo "Usage: $0 [--print-failed-test-logs] [--use-node-test-env] [--remote-download-toplevel] [--windows-msvc-host-platform] -- <bazel args> -- <targets>" >&2
+  echo "Usage: $0 [--print-failed-test-logs] [--use-node-test-env] [--remote-download-toplevel] -- <bazel args> -- <targets>" >&2
   exit 1
 fi
 
@@ -46,15 +41,6 @@ if [[ -n "${BAZEL_OUTPUT_USER_ROOT:-}" ]]; then
   bazel_startup_args+=("--output_user_root=${BAZEL_OUTPUT_USER_ROOT}")
 fi
 
-run_bazel() {
-  if [[ "${RUNNER_OS:-}" == "Windows" ]]; then
-    MSYS2_ARG_CONV_EXCL='*' bazel "$@"
-    return
-  fi
-
-  bazel "$@"
-}
-
 ci_config=ci-linux
 case "${RUNNER_OS:-}" in
   macOS)
@@ -74,7 +60,7 @@ print_bazel_test_log_tails() {
     bazel_info_cmd+=("${bazel_startup_args[@]}")
   fi
 
-  testlogs_dir="$(run_bazel "${bazel_info_cmd[@]:1}" info bazel-testlogs 2>/dev/null || echo bazel-testlogs)"
+  testlogs_dir="$("${bazel_info_cmd[@]}" info bazel-testlogs 2>/dev/null || echo bazel-testlogs)"
 
   local failed_targets=()
   while IFS= read -r target; do
@@ -126,82 +112,20 @@ if [[ ${#bazel_args[@]} -eq 0 || ${#bazel_targets[@]} -eq 0 ]]; then
   exit 1
 fi
 
-if [[ $use_node_test_env -eq 1 ]]; then
+if [[ $use_node_test_env -eq 1 && "${RUNNER_OS:-}" != "Windows" ]]; then
   # Bazel test sandboxes on macOS may resolve an older Homebrew `node`
   # before the `actions/setup-node` runtime on PATH.
   node_bin="$(which node)"
-  if [[ "${RUNNER_OS:-}" == "Windows" ]]; then
-    node_bin="$(cygpath -w "${node_bin}")"
-  fi
   bazel_args+=("--test_env=CODEX_JS_REPL_NODE_PATH=${node_bin}")
 fi
 
 post_config_bazel_args=()
-if [[ "${RUNNER_OS:-}" == "Windows" && $windows_msvc_host_platform -eq 1 ]]; then
-  has_host_platform_override=0
-  for arg in "${bazel_args[@]}"; do
-    if [[ "$arg" == --host_platform=* ]]; then
-      has_host_platform_override=1
-      break
-    fi
-  done
-
-  if [[ $has_host_platform_override -eq 0 ]]; then
-    # Keep Windows Bazel targets on `windows-gnullvm` for cfg coverage, but opt
-    # specific jobs into an MSVC exec platform when they need helper binaries
-    # like Rust test wrappers and V8 generators to resolve a compatible host
-    # toolchain.
-    post_config_bazel_args+=("--host_platform=//:local_windows_msvc")
-  fi
-fi
-
 if [[ $remote_download_toplevel -eq 1 ]]; then
   # Override the CI config's remote_download_minimal setting when callers need
   # the built artifact to exist on disk after the command completes.
   post_config_bazel_args+=(--remote_download_toplevel)
 fi
 
-if [[ -n "${BAZEL_REPO_CONTENTS_CACHE:-}" ]]; then
-  # Windows self-hosted runners can run multiple Bazel jobs concurrently. Give
-  # each job its own repo contents cache so they do not fight over the shared
-  # path configured in `ci-windows`.
-  post_config_bazel_args+=("--repo_contents_cache=${BAZEL_REPO_CONTENTS_CACHE}")
-fi
-
-if [[ -n "${BAZEL_REPOSITORY_CACHE:-}" ]]; then
-  post_config_bazel_args+=("--repository_cache=${BAZEL_REPOSITORY_CACHE}")
-fi
-
-if [[ -n "${CODEX_BAZEL_EXECUTION_LOG_COMPACT_DIR:-}" ]]; then
-  post_config_bazel_args+=(
-    "--execution_log_compact_file=${CODEX_BAZEL_EXECUTION_LOG_COMPACT_DIR}/execution-log-${bazel_args[0]}-${GITHUB_JOB:-local}-$$.zst"
-  )
-fi
-
-if [[ "${RUNNER_OS:-}" == "Windows" ]]; then
-  windows_action_env_vars=(
-    INCLUDE
-    LIB
-    LIBPATH
-    PATH
-    UCRTVersion
-    UniversalCRTSdkDir
-    VCINSTALLDIR
-    VCToolsInstallDir
-    WindowsLibPath
-    WindowsSdkBinPath
-    WindowsSdkDir
-    WindowsSDKLibVersion
-    WindowsSDKVersion
-  )
-
-  for env_var in "${windows_action_env_vars[@]}"; do
-    if [[ -n "${!env_var:-}" ]]; then
-      post_config_bazel_args+=("--action_env=${env_var}" "--host_action_env=${env_var}")
-    fi
-  done
-fi
-
 bazel_console_log="$(mktemp)"
 trap 'rm -f "$bazel_console_log"' EXIT
 
@@ -225,7 +149,7 @@ if [[ -n "${BUILDBUDDY_API_KEY:-}" ]]; then
     bazel_run_args+=("${post_config_bazel_args[@]}")
   fi
   set +e
-  run_bazel "${bazel_cmd[@]:1}" \
+  "${bazel_cmd[@]}" \
     --noexperimental_remote_repo_contents_cache \
     "${bazel_run_args[@]}" \
     -- \
@@ -260,7 +184,7 @@ else
     bazel_run_args+=("${post_config_bazel_args[@]}")
   fi
   set +e
-  run_bazel "${bazel_cmd[@]:1}" \
+  "${bazel_cmd[@]}" \
     --noexperimental_remote_repo_contents_cache \
     "${bazel_run_args[@]}" \
     -- \

.github/scripts/verify_bazel_clippy_lints.py

@@ -1,234 +0,0 @@
-#!/usr/bin/env python3
-
-from __future__ import annotations
-
-import argparse
-import re
-import sys
-import tomllib
-from pathlib import Path
-
-
-ROOT = Path(__file__).resolve().parents[2]
-DEFAULT_CARGO_TOML = ROOT / "codex-rs" / "Cargo.toml"
-DEFAULT_BAZELRC = ROOT / ".bazelrc"
-BAZEL_CLIPPY_FLAG_PREFIX = "build:clippy --@rules_rust//rust/settings:clippy_flag="
-BAZEL_SPECIAL_FLAGS = {"-Dwarnings"}
-VALID_LEVELS = {"allow", "warn", "deny", "forbid"}
-LONG_FLAG_RE = re.compile(
-    r"^--(?P<level>allow|warn|deny|forbid)=clippy::(?P<lint>[a-z0-9_]+)$"
-)
-SHORT_FLAG_RE = re.compile(r"^-(?P<level>[AWDF])clippy::(?P<lint>[a-z0-9_]+)$")
-SHORT_LEVEL_NAMES = {
-    "A": "allow",
-    "W": "warn",
-    "D": "deny",
-    "F": "forbid",
-}
-
-
-def main() -> int:
-    parser = argparse.ArgumentParser(
-        description=(
-            "Verify that Bazel clippy flags in .bazelrc stay in sync with "
-            "codex-rs/Cargo.toml [workspace.lints.clippy]."
-        )
-    )
-    parser.add_argument(
-        "--cargo-toml",
-        type=Path,
-        default=DEFAULT_CARGO_TOML,
-        help="Path to the workspace Cargo.toml to inspect.",
-    )
-    parser.add_argument(
-        "--bazelrc",
-        type=Path,
-        default=DEFAULT_BAZELRC,
-        help="Path to the .bazelrc file to inspect.",
-    )
-    args = parser.parse_args()
-
-    cargo_toml = args.cargo_toml.resolve()
-    bazelrc = args.bazelrc.resolve()
-
-    cargo_lints = load_workspace_clippy_lints(cargo_toml)
-    bazel_lints = load_bazel_clippy_lints(bazelrc)
-
-    missing = sorted(cargo_lints.keys() - bazel_lints.keys())
-    extra = sorted(bazel_lints.keys() - cargo_lints.keys())
-    mismatched = sorted(
-        lint
-        for lint in cargo_lints.keys() & bazel_lints.keys()
-        if cargo_lints[lint] != bazel_lints[lint]
-    )
-
-    if missing or extra or mismatched:
-        print_sync_error(
-            cargo_toml=cargo_toml,
-            bazelrc=bazelrc,
-            cargo_lints=cargo_lints,
-            bazel_lints=bazel_lints,
-            missing=missing,
-            extra=extra,
-            mismatched=mismatched,
-        )
-        return 1
-
-    print(
-        "Bazel clippy flags in "
-        f"{display_path(bazelrc)} match "
-        f"{display_path(cargo_toml)} [workspace.lints.clippy]."
-    )
-    return 0
-
-
-def load_workspace_clippy_lints(cargo_toml: Path) -> dict[str, str]:
-    workspace = tomllib.loads(cargo_toml.read_text())["workspace"]
-    clippy_lints = workspace["lints"]["clippy"]
-    parsed: dict[str, str] = {}
-    for lint, level in clippy_lints.items():
-        if not isinstance(level, str):
-            raise SystemExit(
-                f"expected string lint level for clippy::{lint} in {cargo_toml}, got {level!r}"
-            )
-        normalized = level.strip().lower()
-        if normalized not in VALID_LEVELS:
-            raise SystemExit(
-                f"unsupported lint level {level!r} for clippy::{lint} in {cargo_toml}"
-            )
-        parsed[lint] = normalized
-    return parsed
-
-
-def load_bazel_clippy_lints(bazelrc: Path) -> dict[str, str]:
-    parsed: dict[str, str] = {}
-    line_numbers: dict[str, int] = {}
-
-    for lineno, line in enumerate(bazelrc.read_text().splitlines(), start=1):
-        if not line.startswith(BAZEL_CLIPPY_FLAG_PREFIX):
-            continue
-
-        flag = line.removeprefix(BAZEL_CLIPPY_FLAG_PREFIX).strip()
-        if flag in BAZEL_SPECIAL_FLAGS:
-            continue
-
-        parsed_flag = parse_bazel_lint_flag(flag)
-        if parsed_flag is None:
-            continue
-
-        lint, level = parsed_flag
-        if lint in parsed:
-            raise SystemExit(
-                f"duplicate Bazel clippy entry for clippy::{lint} at "
-                f"{bazelrc}:{line_numbers[lint]} and {bazelrc}:{lineno}"
-            )
-        parsed[lint] = level
-        line_numbers[lint] = lineno
-
-    return parsed
-
-
-def parse_bazel_lint_flag(flag: str) -> tuple[str, str] | None:
-    long_match = LONG_FLAG_RE.match(flag)
-    if long_match:
-        return long_match["lint"], long_match["level"]
-
-    short_match = SHORT_FLAG_RE.match(flag)
-    if short_match:
-        return short_match["lint"], SHORT_LEVEL_NAMES[short_match["level"]]
-
-    return None
-
-
-def print_sync_error(
-    *,
-    cargo_toml: Path,
-    bazelrc: Path,
-    cargo_lints: dict[str, str],
-    bazel_lints: dict[str, str],
-    missing: list[str],
-    extra: list[str],
-    mismatched: list[str],
-) -> None:
-    cargo_toml_display = display_path(cargo_toml)
-    bazelrc_display = display_path(bazelrc)
-    example_manifest = find_workspace_lints_example_manifest()
-
-    print(
-        "ERROR: Bazel clippy flags are out of sync with Cargo workspace clippy lints.",
-        file=sys.stderr,
-    )
-    print(file=sys.stderr)
-    print(
-        f"Cargo defines the source of truth in {cargo_toml_display} "
-        "[workspace.lints.clippy].",
-        file=sys.stderr,
-    )
-    if example_manifest is not None:
-        print(
-            "Cargo applies those lint levels to member crates that opt into "
-            f"`[lints] workspace = true`, for example {example_manifest}.",
-            file=sys.stderr,
-        )
-    print(
-        "Bazel clippy does not ingest Cargo lint levels automatically, and "
-        "`clippy.toml` can configure lint behavior but cannot set allow/warn/deny/forbid.",
-        file=sys.stderr,
-    )
-    print(
-        f"Update {bazelrc_display} so its `build:clippy` "
-        "`clippy_flag` entries match Cargo.",
-        file=sys.stderr,
-    )
-
-    if missing:
-        print(file=sys.stderr)
-        print("Missing Bazel entries:", file=sys.stderr)
-        for lint in missing:
-            print(f"  {render_bazelrc_line(lint, cargo_lints[lint])}", file=sys.stderr)
-
-    if mismatched:
-        print(file=sys.stderr)
-        print("Mismatched lint levels:", file=sys.stderr)
-        for lint in mismatched:
-            cargo_level = cargo_lints[lint]
-            bazel_level = bazel_lints[lint]
-            print(
-                f"  clippy::{lint}: Cargo has {cargo_level}, Bazel has {bazel_level}",
-                file=sys.stderr,
-            )
-            print(
-                f"    expected: {render_bazelrc_line(lint, cargo_level)}",
-                file=sys.stderr,
-            )
-
-    if extra:
-        print(file=sys.stderr)
-        print("Extra Bazel entries with no Cargo counterpart:", file=sys.stderr)
-        for lint in extra:
-            print(f"  {render_bazelrc_line(lint, bazel_lints[lint])}", file=sys.stderr)
-
-
-def render_bazelrc_line(lint: str, level: str) -> str:
-    return f"{BAZEL_CLIPPY_FLAG_PREFIX}--{level}=clippy::{lint}"
-
-
-def display_path(path: Path) -> str:
-    try:
-        return str(path.relative_to(ROOT))
-    except ValueError:
-        return str(path)
-
-
-def find_workspace_lints_example_manifest() -> str | None:
-    for cargo_toml in sorted((ROOT / "codex-rs").glob("**/Cargo.toml")):
-        if cargo_toml == DEFAULT_CARGO_TOML:
-            continue
-        data = tomllib.loads(cargo_toml.read_text())
-        if data.get("lints", {}).get("workspace") is True:
-            return str(cargo_toml.relative_to(ROOT))
-    return None
-
-
-if __name__ == "__main__":
-    sys.exit(main())

.github/scripts/verify_cargo_workspace_manifests.py

@@ -1,388 +0,0 @@
-#!/usr/bin/env python3
-
-"""Verify that codex-rs Cargo manifests follow workspace manifest policy.
-
-Checks:
-- Crates inherit `[workspace.package]` metadata.
-- Crates opt into `[lints] workspace = true`.
-- Crate names follow the codex-rs directory naming conventions.
-- Workspace manifests do not introduce workspace crate feature toggles.
-"""
-
-from __future__ import annotations
-
-import sys
-import tomllib
-from pathlib import Path
-
-
-ROOT = Path(__file__).resolve().parents[2]
-CARGO_RS_ROOT = ROOT / "codex-rs"
-WORKSPACE_PACKAGE_FIELDS = ("version", "edition", "license")
-TOP_LEVEL_NAME_EXCEPTIONS = {
-    "windows-sandbox-rs": "codex-windows-sandbox",
-}
-UTILITY_NAME_EXCEPTIONS = {
-    "path-utils": "codex-utils-path",
-}
-MANIFEST_FEATURE_EXCEPTIONS = {}
-OPTIONAL_DEPENDENCY_EXCEPTIONS = set()
-INTERNAL_DEPENDENCY_FEATURE_EXCEPTIONS = {}
-
-
-def main() -> int:
-    internal_package_names = workspace_package_names()
-    used_manifest_feature_exceptions: set[str] = set()
-    used_optional_dependency_exceptions: set[tuple[str, str, str]] = set()
-    used_internal_dependency_feature_exceptions: set[tuple[str, str, str]] = set()
-    failures_by_path: dict[str, list[str]] = {}
-
-    for path in manifests_to_verify():
-        if errors := manifest_errors(
-            path,
-            internal_package_names,
-            used_manifest_feature_exceptions,
-            used_optional_dependency_exceptions,
-            used_internal_dependency_feature_exceptions,
-        ):
-            failures_by_path[manifest_key(path)] = errors
-
-    add_unused_exception_errors(
-        failures_by_path,
-        used_manifest_feature_exceptions,
-        used_optional_dependency_exceptions,
-        used_internal_dependency_feature_exceptions,
-    )
-
-    if not failures_by_path:
-        return 0
-
-    print(
-        "Cargo manifests under codex-rs must inherit workspace package metadata, "
-        "opt into workspace lints, and avoid introducing new workspace crate "
-        "features."
-    )
-    print(
-        "Workspace crate features are disallowed because our Bazel build setup "
-        "does not honor them today, which can let issues hidden behind feature "
-        "gates go unnoticed, and because they add extra crate build "
-        "permutations we want to avoid."
-    )
-    print(
-        "Cargo only applies `codex-rs/Cargo.toml` `[workspace.lints.clippy]` "
-        "entries to a crate when that crate declares:"
-    )
-    print()
-    print("[lints]")
-    print("workspace = true")
-    print()
-    print(
-        "Without that opt-in, `cargo clippy` can miss violations that Bazel clippy "
-        "catches."
-    )
-    print()
-    print(
-        "Package-name checks apply to `codex-rs/<crate>/Cargo.toml` and "
-        "`codex-rs/utils/<crate>/Cargo.toml`."
-    )
-    print(
-        "Workspace crate features are forbidden; add a targeted exception here "
-        "only if there is a deliberate temporary migration in flight."
-    )
-    print()
-    for path in sorted(failures_by_path):
-        errors = failures_by_path[path]
-        print(f"{path}:")
-        for error in errors:
-            print(f"  - {error}")
-
-    return 1
-
-
-def manifest_errors(
-    path: Path,
-    internal_package_names: set[str],
-    used_manifest_feature_exceptions: set[str],
-    used_optional_dependency_exceptions: set[tuple[str, str, str]],
-    used_internal_dependency_feature_exceptions: set[tuple[str, str, str]],
-) -> list[str]:
-    manifest = load_manifest(path)
-    package = manifest.get("package")
-    if not isinstance(package, dict) and path != CARGO_RS_ROOT / "Cargo.toml":
-        return []
-
-    errors = []
-    if isinstance(package, dict):
-        for field in WORKSPACE_PACKAGE_FIELDS:
-            if not is_workspace_reference(package.get(field)):
-                errors.append(f"set `{field}.workspace = true` in `[package]`")
-
-        lints = manifest.get("lints")
-        if not (isinstance(lints, dict) and lints.get("workspace") is True):
-            errors.append("add `[lints]` with `workspace = true`")
-
-        expected_name = expected_package_name(path)
-        if expected_name is not None:
-            actual_name = package.get("name")
-            if actual_name != expected_name:
-                errors.append(
-                    f"set `[package].name` to `{expected_name}` (found `{actual_name}`)"
-                )
-
-    path_key = manifest_key(path)
-    features = manifest.get("features")
-    if features is not None:
-        normalized_features = normalize_feature_mapping(features)
-        expected_features = MANIFEST_FEATURE_EXCEPTIONS.get(path_key)
-        if expected_features is None:
-            errors.append(
-                "remove `[features]`; new workspace crate features are not allowed"
-            )
-        else:
-            used_manifest_feature_exceptions.add(path_key)
-            if normalized_features != expected_features:
-                errors.append(
-                    "limit `[features]` to the existing exception list while "
-                    "workspace crate features are being removed "
-                    f"(expected {render_feature_mapping(expected_features)})"
-                )
-
-    for section_name, dependencies in dependency_sections(manifest):
-        for dependency_name, dependency in dependencies.items():
-            if not isinstance(dependency, dict):
-                continue
-
-            if dependency.get("optional") is True:
-                exception_key = (path_key, section_name, dependency_name)
-                if exception_key in OPTIONAL_DEPENDENCY_EXCEPTIONS:
-                    used_optional_dependency_exceptions.add(exception_key)
-                else:
-                    errors.append(
-                        "remove `optional = true` from "
-                        f"`{dependency_entry_label(section_name, dependency_name)}`; "
-                        "new optional dependencies are not allowed because they "
-                        "create crate features"
-                    )
-
-            if not is_internal_dependency(path, dependency_name, dependency, internal_package_names):
-                continue
-
-            dependency_features = dependency.get("features")
-            if dependency_features is not None:
-                normalized_dependency_features = normalize_string_list(
-                    dependency_features
-                )
-                exception_key = (path_key, section_name, dependency_name)
-                expected_dependency_features = (
-                    INTERNAL_DEPENDENCY_FEATURE_EXCEPTIONS.get(exception_key)
-                )
-                if expected_dependency_features is None:
-                    errors.append(
-                        "remove `features = [...]` from workspace dependency "
-                        f"`{dependency_entry_label(section_name, dependency_name)}`; "
-                        "new workspace crate feature activations are not allowed"
-                    )
-                else:
-                    used_internal_dependency_feature_exceptions.add(exception_key)
-                    if normalized_dependency_features != expected_dependency_features:
-                        errors.append(
-                            "limit workspace dependency features on "
-                            f"`{dependency_entry_label(section_name, dependency_name)}` "
-                            "to the existing exception list while workspace crate "
-                            "features are being removed "
-                            f"(expected {render_string_list(expected_dependency_features)})"
-                        )
-
-            if dependency.get("default-features") is False:
-                errors.append(
-                    "remove `default-features = false` from workspace dependency "
-                    f"`{dependency_entry_label(section_name, dependency_name)}`; "
-                    "new workspace crate feature toggles are not allowed"
-                )
-
-    return errors
-
-
-def expected_package_name(path: Path) -> str | None:
-    parts = path.relative_to(CARGO_RS_ROOT).parts
-    if len(parts) == 2 and parts[1] == "Cargo.toml":
-        directory = parts[0]
-        return TOP_LEVEL_NAME_EXCEPTIONS.get(
-            directory,
-            directory if directory.startswith("codex-") else f"codex-{directory}",
-        )
-    if len(parts) == 3 and parts[0] == "utils" and parts[2] == "Cargo.toml":
-        directory = parts[1]
-        return UTILITY_NAME_EXCEPTIONS.get(directory, f"codex-utils-{directory}")
-    return None
-
-
-def is_workspace_reference(value: object) -> bool:
-    return isinstance(value, dict) and value.get("workspace") is True
-
-
-def manifest_key(path: Path) -> str:
-    return str(path.relative_to(ROOT))
-
-
-def normalize_feature_mapping(value: object) -> dict[str, tuple[str, ...]] | None:
-    if not isinstance(value, dict):
-        return None
-
-    normalized = {}
-    for key, features in value.items():
-        if not isinstance(key, str):
-            return None
-        normalized_features = normalize_string_list(features)
-        if normalized_features is None:
-            return None
-        normalized[key] = normalized_features
-    return normalized
-
-
-def normalize_string_list(value: object) -> tuple[str, ...] | None:
-    if not isinstance(value, list) or not all(isinstance(item, str) for item in value):
-        return None
-    return tuple(value)
-
-
-def render_feature_mapping(features: dict[str, tuple[str, ...]]) -> str:
-    entries = [
-        f"{name} = {render_string_list(items)}" for name, items in features.items()
-    ]
-    return ", ".join(entries)
-
-
-def render_string_list(items: tuple[str, ...]) -> str:
-    return "[" + ", ".join(f'"{item}"' for item in items) + "]"
-
-
-def dependency_sections(manifest: dict) -> list[tuple[str, dict]]:
-    sections = []
-    for section_name in ("dependencies", "dev-dependencies", "build-dependencies"):
-        dependencies = manifest.get(section_name)
-        if isinstance(dependencies, dict):
-            sections.append((section_name, dependencies))
-
-    workspace = manifest.get("workspace")
-    if isinstance(workspace, dict):
-        workspace_dependencies = workspace.get("dependencies")
-        if isinstance(workspace_dependencies, dict):
-            sections.append(("workspace.dependencies", workspace_dependencies))
-
-    target = manifest.get("target")
-    if not isinstance(target, dict):
-        return sections
-
-    for target_name, tables in target.items():
-        if not isinstance(tables, dict):
-            continue
-        for section_name in ("dependencies", "dev-dependencies", "build-dependencies"):
-            dependencies = tables.get(section_name)
-            if isinstance(dependencies, dict):
-                sections.append((f"target.{target_name}.{section_name}", dependencies))
-
-    return sections
-
-
-def dependency_entry_label(section_name: str, dependency_name: str) -> str:
-    return f"[{section_name}].{dependency_name}"
-
-
-def is_internal_dependency(
-    manifest_path: Path,
-    dependency_name: str,
-    dependency: dict,
-    internal_package_names: set[str],
-) -> bool:
-    package_name = dependency.get("package", dependency_name)
-    if isinstance(package_name, str) and package_name in internal_package_names:
-        return True
-
-    dependency_path = dependency.get("path")
-    if not isinstance(dependency_path, str):
-        return False
-
-    resolved_dependency_path = (manifest_path.parent / dependency_path).resolve()
-    try:
-        resolved_dependency_path.relative_to(CARGO_RS_ROOT)
-    except ValueError:
-        return False
-    return True
-
-
-def add_unused_exception_errors(
-    failures_by_path: dict[str, list[str]],
-    used_manifest_feature_exceptions: set[str],
-    used_optional_dependency_exceptions: set[tuple[str, str, str]],
-    used_internal_dependency_feature_exceptions: set[tuple[str, str, str]],
-) -> None:
-    for path_key in sorted(
-        set(MANIFEST_FEATURE_EXCEPTIONS) - used_manifest_feature_exceptions
-    ):
-        add_failure(
-            failures_by_path,
-            path_key,
-            "remove the stale `[features]` exception from "
-            "`MANIFEST_FEATURE_EXCEPTIONS`",
-        )
-
-    for path_key, section_name, dependency_name in sorted(
-        OPTIONAL_DEPENDENCY_EXCEPTIONS - used_optional_dependency_exceptions
-    ):
-        add_failure(
-            failures_by_path,
-            path_key,
-            "remove the stale optional-dependency exception for "
-            f"`{dependency_entry_label(section_name, dependency_name)}` from "
-            "`OPTIONAL_DEPENDENCY_EXCEPTIONS`",
-        )
-
-    for path_key, section_name, dependency_name in sorted(
-        set(INTERNAL_DEPENDENCY_FEATURE_EXCEPTIONS)
-        - used_internal_dependency_feature_exceptions
-    ):
-        add_failure(
-            failures_by_path,
-            path_key,
-            "remove the stale internal dependency feature exception for "
-            f"`{dependency_entry_label(section_name, dependency_name)}` from "
-            "`INTERNAL_DEPENDENCY_FEATURE_EXCEPTIONS`",
-        )
-
-
-def add_failure(failures_by_path: dict[str, list[str]], path_key: str, error: str) -> None:
-    failures_by_path.setdefault(path_key, []).append(error)
-
-
-def workspace_package_names() -> set[str]:
-    package_names = set()
-    for path in cargo_manifests():
-        manifest = load_manifest(path)
-        package = manifest.get("package")
-        if not isinstance(package, dict):
-            continue
-        package_name = package.get("name")
-        if isinstance(package_name, str):
-            package_names.add(package_name)
-    return package_names
-
-
-def load_manifest(path: Path) -> dict:
-    return tomllib.loads(path.read_text())
-
-
-def cargo_manifests() -> list[Path]:
-    return sorted(
-        path
-        for path in CARGO_RS_ROOT.rglob("Cargo.toml")
-        if path != CARGO_RS_ROOT / "Cargo.toml"
-    )
-
-
-def manifests_to_verify() -> list[Path]:
-    return [CARGO_RS_ROOT / "Cargo.toml", *cargo_manifests()]
-
-
-if __name__ == "__main__":
-    sys.exit(main())

.github/workflows/README.md

@@ -5,15 +5,15 @@ The workflows in this directory are split so that pull requests get fast, review
 ## Pull Requests
 
 - `bazel.yml` is the main pre-merge verification path for Rust code.
-  It runs Bazel `test` and Bazel `clippy` on the supported Bazel targets,
-  including the generated Rust test binaries needed to lint inline `#[cfg(test)]`
-  code.
+  It runs Bazel `test` and Bazel `clippy` on the supported Bazel targets.
 - `rust-ci.yml` keeps the Cargo-native PR checks intentionally small:
   - `cargo fmt --check`
   - `cargo shear`
   - `argument-comment-lint` on Linux, macOS, and Windows
   - `tools/argument-comment-lint` package tests when the lint or its workflow wiring changes
 
+The PR workflow still keeps the Linux lint lane on the default-targets-only invocation for now, but the released linter runs on Linux, macOS, and Windows before merge.
+
 ## Post-Merge On `main`
 
 - `bazel.yml` also runs on pushes to `main`.

.github/workflows/bazel.yml

@@ -58,31 +58,11 @@ jobs:
           target: ${{ matrix.target }}
           install-test-prereqs: "true"
 
-      # Restore the Bazel repository cache explicitly so external dependencies
-      # do not need to be re-downloaded on every CI run. Keep restore failures
-      # non-fatal so transient cache-service errors degrade to a cold build
-      # instead of failing the job.
-      - name: Restore bazel repository cache
-        id: cache_bazel_repository_restore
-        continue-on-error: true
-        uses: actions/cache/restore@v5
-        with:
-          path: ${{ steps.setup_bazel.outputs.repository-cache-path }}
-          key: bazel-cache-${{ matrix.target }}-${{ hashFiles('MODULE.bazel', 'codex-rs/Cargo.lock', 'codex-rs/Cargo.toml') }}
-          restore-keys: |
-            bazel-cache-${{ matrix.target }}
-
       - name: Check MODULE.bazel.lock is up to date
         if: matrix.os == 'ubuntu-24.04' && matrix.target == 'x86_64-unknown-linux-gnu'
         shell: bash
         run: ./scripts/check-module-bazel-lock.sh
 
-      - name: Set up Bazel execution logs
-        shell: bash
-        run: |
-          mkdir -p "${RUNNER_TEMP}/bazel-execution-logs"
-          echo "CODEX_BAZEL_EXECUTION_LOG_COMPACT_DIR=${RUNNER_TEMP}/bazel-execution-logs" >> "${GITHUB_ENV}"
-
       - name: bazel test //...
         env:
           BUILDBUDDY_API_KEY: ${{ secrets.BUILDBUDDY_API_KEY }}
@@ -96,16 +76,9 @@ jobs:
             -//third_party/v8:all
           )
 
-          bazel_wrapper_args=(
-            --print-failed-test-logs
-            --use-node-test-env
-          )
-          if [[ "${RUNNER_OS}" == "Windows" ]]; then
-            bazel_wrapper_args+=(--windows-msvc-host-platform)
-          fi
-
           ./.github/scripts/run-bazel-ci.sh \
-            "${bazel_wrapper_args[@]}" \
+            --print-failed-test-logs \
+            --use-node-test-env \
             -- \
             test \
             --test_tag_filters=-argument-comment-lint \
@@ -114,23 +87,15 @@ jobs:
             -- \
             "${bazel_targets[@]}"
 
-      - name: Upload Bazel execution logs
-        if: always() && !cancelled()
-        continue-on-error: true
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
-        with:
-          name: bazel-execution-logs-test-${{ matrix.target }}
-          path: ${{ runner.temp }}/bazel-execution-logs
-          if-no-files-found: ignore
-
       # Save bazel repository cache explicitly; make non-fatal so cache uploading
       # never fails the overall job. Only save when key wasn't hit.
       - name: Save bazel repository cache
-        if: always() && !cancelled() && steps.cache_bazel_repository_restore.outputs.cache-hit != 'true'
+        if: always() && !cancelled() && steps.setup_bazel.outputs.cache-hit != 'true'
         continue-on-error: true
         uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
         with:
-          path: ${{ steps.setup_bazel.outputs.repository-cache-path }}
+          path: |
+            ~/.cache/bazel-repo-cache
           key: bazel-cache-${{ matrix.target }}-${{ hashFiles('MODULE.bazel', 'codex-rs/Cargo.lock', 'codex-rs/Cargo.toml') }}
 
   clippy:
@@ -161,71 +126,30 @@ jobs:
         with:
           target: ${{ matrix.target }}
 
-      # Restore the Bazel repository cache explicitly so external dependencies
-      # do not need to be re-downloaded on every CI run. Keep restore failures
-      # non-fatal so transient cache-service errors degrade to a cold build
-      # instead of failing the job.
-      - name: Restore bazel repository cache
-        id: cache_bazel_repository_restore
-        continue-on-error: true
-        uses: actions/cache/restore@v5
-        with:
-          path: ${{ steps.setup_bazel.outputs.repository-cache-path }}
-          key: bazel-cache-${{ matrix.target }}-${{ hashFiles('MODULE.bazel', 'codex-rs/Cargo.lock', 'codex-rs/Cargo.toml') }}
-          restore-keys: |
-            bazel-cache-${{ matrix.target }}
-
-      - name: Set up Bazel execution logs
-        shell: bash
-        run: |
-          mkdir -p "${RUNNER_TEMP}/bazel-execution-logs"
-          echo "CODEX_BAZEL_EXECUTION_LOG_COMPACT_DIR=${RUNNER_TEMP}/bazel-execution-logs" >> "${GITHUB_ENV}"
-
-      - name: bazel build --config=clippy lint targets
+      - name: bazel build --config=clippy //codex-rs/...
         env:
           BUILDBUDDY_API_KEY: ${{ secrets.BUILDBUDDY_API_KEY }}
         shell: bash
         run: |
-          bazel_clippy_args=(
-            --config=clippy
-            --build_metadata=COMMIT_SHA=${GITHUB_SHA}
-            --build_metadata=TAG_job=clippy
-          )
-          if [[ "${RUNNER_OS}" == "Windows" ]]; then
-            # Some explicit targets pulled in through //codex-rs/... are
-            # intentionally incompatible with `//:local_windows`, but the lint
-            # aspect still traverses their compatible Rust deps.
-            bazel_clippy_args+=(--skip_incompatible_explicit_targets)
-          fi
-
-          bazel_target_lines="$(./scripts/list-bazel-clippy-targets.sh)"
-          bazel_targets=()
-          while IFS= read -r target; do
-            bazel_targets+=("${target}")
-          done <<< "${bazel_target_lines}"
-
+          # Keep the initial Bazel clippy scope on codex-rs and out of the
+          # V8 proof-of-concept target for now.
           ./.github/scripts/run-bazel-ci.sh \
             -- \
             build \
-            "${bazel_clippy_args[@]}" \
+            --config=clippy \
+            --build_metadata=COMMIT_SHA=${GITHUB_SHA} \
+            --build_metadata=TAG_job=clippy \
             -- \
-            "${bazel_targets[@]}"
-
-      - name: Upload Bazel execution logs
-        if: always() && !cancelled()
-        continue-on-error: true
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
-        with:
-          name: bazel-execution-logs-clippy-${{ matrix.target }}
-          path: ${{ runner.temp }}/bazel-execution-logs
-          if-no-files-found: ignore
+            //codex-rs/... \
+            -//codex-rs/v8-poc:all
 
       # Save bazel repository cache explicitly; make non-fatal so cache uploading
       # never fails the overall job. Only save when key wasn't hit.
       - name: Save bazel repository cache
-        if: always() && !cancelled()
+        if: always() && !cancelled() && steps.setup_bazel.outputs.cache-hit != 'true'
         continue-on-error: true
         uses: actions/cache/save@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
         with:
-          path: ${{ steps.setup_bazel.outputs.repository-cache-path }}
+          path: |
+            ~/.cache/bazel-repo-cache
           key: bazel-cache-${{ matrix.target }}-${{ hashFiles('MODULE.bazel', 'codex-rs/Cargo.lock', 'codex-rs/Cargo.toml') }}

.github/workflows/ci.yml

@@ -14,12 +14,6 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
-      - name: Verify codex-rs Cargo manifests inherit workspace settings
-        run: python3 .github/scripts/verify_cargo_workspace_manifests.py
-
-      - name: Verify Bazel clippy flags match Cargo workspace lints
-        run: python3 .github/scripts/verify_bazel_clippy_lints.py
-
       - name: Setup pnpm
         uses: pnpm/action-setup@a8198c4bff370c8506180b035930dea56dbd5288 # v5
         with:

.github/workflows/issue-labeler.yml

@@ -52,15 +52,13 @@ jobs:
             6. code-review — Issues related to the code review feature or functionality.
             7. safety-check - Issues related to cyber risk detection or trusted access verification.
             8. auth - Problems related to authentication, login, or access tokens.
-            9. exec - Problems related to the "codex exec" command or functionality.
-            10. hooks - Problems related to event hooks
-            11. context - Problems related to compaction, context windows, or available context reporting.
-            12. skills - Problems related to skills or plugins
-            13. custom-model - Problems that involve using custom model providers, local models, or OSS models.
-            14. rate-limits - Problems related to token limits, rate limits, or token usage reporting.
-            15. sandbox - Issues related to local sandbox environments or tool call approvals to override sandbox restrictions.
-            16. tool-calls - Problems related to specific tool call invocations including unexpected errors, failures, or hangs.
-            17. TUI - Problems with the terminal user interface (TUI) including keyboard shortcuts, copy & pasting, menus, or screen update issues.
+            9. codex-exec - Problems related to the "codex exec" command or functionality.
+            10. context-management - Problems related to compaction, context windows, or available context reporting.
+            11. custom-model - Problems that involve using custom model providers, local models, or OSS models.
+            12. rate-limits - Problems related to token limits, rate limits, or token usage reporting.
+            13. sandbox - Issues related to local sandbox environments or tool call approvals to override sandbox restrictions.
+            14. tool-calls - Problems related to specific tool call invocations including unexpected errors, failures, or hangs.
+            15. TUI - Problems with the terminal user interface (TUI) including keyboard shortcuts, copy & pasting, menus, or screen update issues.
 
             Issue number: ${{ github.event.issue.number }}
 

.github/workflows/rust-ci-full.yml

@@ -99,13 +99,23 @@ jobs:
         run: |
           sudo DEBIAN_FRONTEND=noninteractive apt-get update
           sudo DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends pkg-config libcap-dev
+      - name: Install nightly argument-comment-lint toolchain
+        if: ${{ runner.os == 'Windows' }}
+        shell: bash
+        run: |
+          rustup toolchain install nightly-2025-09-18 \
+            --profile minimal \
+            --component llvm-tools-preview \
+            --component rustc-dev \
+            --component rust-src \
+            --no-self-update
+          rustup default nightly-2025-09-18
       - name: Run argument comment lint on codex-rs via Bazel
         if: ${{ runner.os != 'Windows' }}
         env:
           BUILDBUDDY_API_KEY: ${{ secrets.BUILDBUDDY_API_KEY }}
         shell: bash
         run: |
-          bazel_targets="$(./tools/argument-comment-lint/list-bazel-targets.sh)"
           ./.github/scripts/run-bazel-ci.sh \
             -- \
             build \
@@ -113,18 +123,11 @@ jobs:
             --keep_going \
             --build_metadata=COMMIT_SHA=${GITHUB_SHA} \
             -- \
-            ${bazel_targets}
-      - name: Run argument comment lint on codex-rs via Bazel
+            //codex-rs/...
+      - name: Run argument comment lint on codex-rs via packaged wrapper
         if: ${{ runner.os == 'Windows' }}
-        env:
-          BUILDBUDDY_API_KEY: ${{ secrets.BUILDBUDDY_API_KEY }}
         shell: bash
-        run: |
-          ./.github/scripts/run-argument-comment-lint-bazel.sh \
-            --config=argument-comment-lint \
-            --platforms=//:local_windows \
-            --keep_going \
-            --build_metadata=COMMIT_SHA=${GITHUB_SHA}
+        run: python3 ./tools/argument-comment-lint/run-prebuilt-linter.py
 
   # --- CI to validate on different os/targets --------------------------------
   lint_build:
@@ -445,10 +448,10 @@ jobs:
           set -euo pipefail
           RECIPE="${RUNNER_TEMP}/chef-recipe.json"
           cargo chef prepare --recipe-path "$RECIPE"
-          cargo chef cook --recipe-path "$RECIPE" --target ${{ matrix.target }} --release
+          cargo chef cook --recipe-path "$RECIPE" --target ${{ matrix.target }} --release --all-features
 
       - name: cargo clippy
-        run: cargo clippy --target ${{ matrix.target }} --tests --profile ${{ matrix.profile }} --timings -- -D warnings
+        run: cargo clippy --target ${{ matrix.target }} --all-features --tests --profile ${{ matrix.profile }} --timings -- -D warnings
 
       - name: Upload Cargo timings (clippy)
         if: always()
@@ -672,7 +675,7 @@ jobs:
 
       - name: tests
         id: test
-        run: cargo nextest run --no-fail-fast --target ${{ matrix.target }} --cargo-profile ci-test --timings
+        run: cargo nextest run --all-features --no-fail-fast --target ${{ matrix.target }} --cargo-profile ci-test --timings
         env:
           RUST_BACKTRACE: 1
           NEXTEST_STATUS_LEVEL: leak

.github/workflows/rust-ci.yml

@@ -159,13 +159,23 @@ jobs:
         run: |
           sudo DEBIAN_FRONTEND=noninteractive apt-get update
           sudo DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends pkg-config libcap-dev
+      - name: Install nightly argument-comment-lint toolchain
+        if: ${{ runner.os == 'Windows' }}
+        shell: bash
+        run: |
+          rustup toolchain install nightly-2025-09-18 \
+            --profile minimal \
+            --component llvm-tools-preview \
+            --component rustc-dev \
+            --component rust-src \
+            --no-self-update
+          rustup default nightly-2025-09-18
       - name: Run argument comment lint on codex-rs via Bazel
         if: ${{ runner.os != 'Windows' }}
         env:
           BUILDBUDDY_API_KEY: ${{ secrets.BUILDBUDDY_API_KEY }}
         shell: bash
         run: |
-          bazel_targets="$(./tools/argument-comment-lint/list-bazel-targets.sh)"
           ./.github/scripts/run-bazel-ci.sh \
             -- \
             build \
@@ -173,18 +183,11 @@ jobs:
             --keep_going \
             --build_metadata=COMMIT_SHA=${GITHUB_SHA} \
             -- \
-            ${bazel_targets}
-      - name: Run argument comment lint on codex-rs via Bazel
+            //codex-rs/...
+      - name: Run argument comment lint on codex-rs via packaged wrapper
         if: ${{ runner.os == 'Windows' }}
-        env:
-          BUILDBUDDY_API_KEY: ${{ secrets.BUILDBUDDY_API_KEY }}
         shell: bash
-        run: |
-          ./.github/scripts/run-argument-comment-lint-bazel.sh \
-            --config=argument-comment-lint \
-            --platforms=//:local_windows \
-            --keep_going \
-            --build_metadata=COMMIT_SHA=${GITHUB_SHA}
+        run: python3 ./tools/argument-comment-lint/run-prebuilt-linter.py
 
   # --- Gatherer job that you mark as the ONLY required status -----------------
   results:

.github/workflows/rust-release.yml

@@ -584,11 +584,14 @@ jobs:
       - name: Setup Node.js
         uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
         with:
-          # Node 24 bundles npm >= 11.5.1, which trusted publishing requires.
-          node-version: 24
+          node-version: 22
           registry-url: "https://registry.npmjs.org"
           scope: "@openai"
 
+      # Trusted publishing requires npm CLI version 11.5.1 or later.
+      - name: Update npm
+        run: npm install -g npm@latest
+
       - name: Download npm tarballs from release
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

AGENTS.md

@@ -15,10 +15,8 @@ In the codex-rs folder where the rust code lives:
 - When you cannot make that API change and still need a small positional-literal callsite in Rust, follow the `argument_comment_lint` convention:
   - Use an exact `/*param_name*/` comment before opaque literal arguments such as `None`, booleans, and numeric literals when passing them by position.
   - Do not add these comments for string or char literals unless the comment adds real clarity; those literals are intentionally exempt from the lint.
-  - The parameter name in the comment must exactly match the callee signature.
-  - You can run `just argument-comment-lint` to run the lint check locally. This is powered by Bazel, so running it the first time can be slow if Bazel is not warmed up, though incremental invocations should take <15s. Most of the time, it is best to update the PR and let CI take responsibility for checking this (or run it asynchronously in the background after submitting the PR). Note CI checks all three platforms, which the local run does not.
+  - If you add one of these comments, the parameter name must exactly match the callee signature.
 - When possible, make `match` statements exhaustive and avoid wildcard arms.
-- Newly added traits should include doc comments that explain their role and how implementations are expected to use them.
 - When writing tests, prefer comparing the equality of entire objects over fields one by one.
 - When making a change that adds or changes an API, ensure that the documentation in the `docs/` folder is up to date if applicable.
 - If you change `ConfigToml` or nested config types, run `just write-config-schema` to update `codex-rs/core/config.schema.json`.
@@ -51,6 +49,8 @@ Run `just fmt` (in `codex-rs` directory) automatically after you have finished m
 
 Before finalizing a large change to `codex-rs`, run `just fix -p <project>` (in `codex-rs` directory) to fix any linter issues in the code. Prefer scoping with `-p` to avoid slow workspace‑wide Clippy builds; only run `just fix` without `-p` if you changed shared crates. Do not re-run tests after running `fix` or `fmt`.
 
+Also run `just argument-comment-lint` to ensure the codebase is clean of comment lint errors.
+
 ## The `codex-core` crate
 
 Over time, the `codex-core` crate (defined in `codex-rs/core/`) has become bloated because it is the largest crate, so it is often easier to add something new to `codex-core` rather than refactor out the library code you need so your new code neither takes a dependency on, nor contributes to the size of, `codex-core`.

BUILD.bazel

@@ -17,19 +17,12 @@ platform(
 platform(
     name = "local_windows",
     constraint_values = [
+        # We just need to pick one of the ABIs. Do the same one we target.
         "@rules_rs//rs/experimental/platforms/constraints:windows_gnullvm",
     ],
     parents = ["@platforms//host"],
 )
 
-platform(
-    name = "local_windows_msvc",
-    constraint_values = [
-        "@rules_rs//rs/experimental/platforms/constraints:windows_msvc",
-    ],
-    parents = ["@platforms//host"],
-)
-
 alias(
     name = "rbe",
     actual = "@rbe_platform",

MODULE.bazel

@@ -71,8 +71,6 @@ single_version_override(
     patch_strip = 1,
     patches = [
         "//patches:rules_rs_windows_gnullvm_exec.patch",
-        "//patches:rules_rs_delete_git_worktree_pointer.patch",
-        "//patches:rules_rs_windows_exec_linker.patch",
     ],
     version = "0.0.43",
 )
@@ -84,15 +82,6 @@ rules_rust = use_extension("@rules_rs//rs/experimental:rules_rust.bzl", "rules_r
 rules_rust.patch(
     patches = [
         "//patches:rules_rust_windows_gnullvm_build_script.patch",
-        "//patches:rules_rust_windows_exec_msvc_build_script_env.patch",
-        "//patches:rules_rust_windows_bootstrap_process_wrapper_linker.patch",
-        "//patches:rules_rust_windows_build_script_runner_paths.patch",
-        "//patches:rules_rust_windows_msvc_direct_link_args.patch",
-        "//patches:rules_rust_windows_process_wrapper_skip_temp_outputs.patch",
-        "//patches:rules_rust_windows_exec_bin_target.patch",
-        "//patches:rules_rust_windows_exec_std.patch",
-        "//patches:rules_rust_windows_exec_rustc_dev_rlib.patch",
-        "//patches:rules_rust_repository_set_exec_constraints.patch",
     ],
     strip = 1,
 )
@@ -107,35 +96,6 @@ nightly_rust.toolchain(
     dev_components = True,
     edition = "2024",
 )
-# Keep Windows exec tools on MSVC so Bazel helper binaries link correctly, but
-# lint crate targets as `windows-gnullvm` to preserve the repo's actual cfgs.
-nightly_rust.repository_set(
-    name = "rust_windows_x86_64",
-    dev_components = True,
-    edition = "2024",
-    exec_triple = "x86_64-pc-windows-msvc",
-    exec_compatible_with = [
-        "@platforms//cpu:x86_64",
-        "@platforms//os:windows",
-        "@rules_rs//rs/experimental/platforms/constraints:windows_msvc",
-    ],
-    target_compatible_with = [
-        "@platforms//cpu:x86_64",
-        "@platforms//os:windows",
-        "@rules_rs//rs/experimental/platforms/constraints:windows_msvc",
-    ],
-    target_triple = "x86_64-pc-windows-msvc",
-    versions = ["nightly/2025-09-18"],
-)
-nightly_rust.repository_set(
-    name = "rust_windows_x86_64",
-    target_compatible_with = [
-        "@platforms//cpu:x86_64",
-        "@platforms//os:windows",
-        "@rules_rs//rs/experimental/platforms/constraints:windows_gnullvm",
-    ],
-    target_triple = "x86_64-pc-windows-gnullvm",
-)
 use_repo(nightly_rust, "rust_toolchains")
 
 toolchains = use_extension("@rules_rs//rs/experimental/toolchains:module_extension.bzl", "toolchains")
@@ -192,18 +152,8 @@ bazel_dep(name = "zstd", version = "1.5.7")
 
 crate.annotation(
     crate = "zstd-sys",
-    gen_build_script = "on",
-    patch_args = ["-p1"],
-    patches = [
-        "//patches:zstd-sys_windows_msvc_include_dirs.patch",
-    ],
-)
-crate.annotation(
-    crate = "ring",
-    patch_args = ["-p1"],
-    patches = [
-        "//patches:ring_windows_msvc_include_dirs.patch",
-    ],
+    gen_build_script = "off",
+    deps = ["@zstd"],
 )
 crate.annotation(
     build_script_env = {
@@ -213,8 +163,6 @@ crate.annotation(
     patch_args = ["-p1"],
     patches = [
         "//patches:aws-lc-sys_memcmp_check.patch",
-        "//patches:aws-lc-sys_windows_msvc_prebuilt_nasm.patch",
-        "//patches:aws-lc-sys_windows_msvc_memcmp_probe.patch",
     ],
 )
 
@@ -228,13 +176,6 @@ inject_repo(crate, "zstd")
 use_repo(crate, "argument_comment_lint_crates")
 
 bazel_dep(name = "bzip2", version = "1.0.8.bcr.3")
-single_version_override(
-    module_name = "bzip2",
-    patch_strip = 1,
-    patches = [
-        "//patches:bzip2_windows_stack_args.patch",
-    ],
-)
 
 crate.annotation(
     crate = "bzip2-sys",
@@ -248,30 +189,20 @@ bazel_dep(name = "zlib", version = "1.3.1.bcr.8")
 
 crate.annotation(
     crate = "libz-sys",
-    gen_build_script = "on",
+    gen_build_script = "off",
+    deps = ["@zlib"],
 )
 
 inject_repo(crate, "zlib")
 
-bazel_dep(name = "xz", version = "5.4.5.bcr.8")
-single_version_override(
-    module_name = "xz",
-    patch_strip = 1,
-    patches = [
-        "//patches:xz_windows_stack_args.patch",
-    ],
-)
-
+# TODO(zbarsky): Enable annotation after fixing windows arm64 builds.
 crate.annotation(
     crate = "lzma-sys",
-    gen_build_script = "off",
-    deps = ["@xz//:lzma"],
+    gen_build_script = "on",
 )
 
 bazel_dep(name = "openssl", version = "3.5.4.bcr.0")
 
-inject_repo(crate, "xz")
-
 crate.annotation(
     build_script_data = [
         "@openssl//:gen_dir",

MODULE.bazel.lock

@@ -228,8 +228,6 @@
     "https://bcr.bazel.build/modules/upb/0.0.0-20220923-a547704/MODULE.bazel": "7298990c00040a0e2f121f6c32544bab27d4452f80d9ce51349b1a28f3005c43",
     "https://bcr.bazel.build/modules/with_cfg.bzl/0.12.0/MODULE.bazel": "b573395fe63aef4299ba095173e2f62ccfee5ad9bbf7acaa95dba73af9fc2b38",
     "https://bcr.bazel.build/modules/with_cfg.bzl/0.12.0/source.json": "3f3fbaeafecaf629877ad152a2c9def21f8d330d91aa94c5dc75bbb98c10b8b8",
-    "https://bcr.bazel.build/modules/xz/5.4.5.bcr.8/MODULE.bazel": "e48a69bd54053c2ec5fffc2a29fb70122afd3e83ab6c07068f63bc6553fa57cc",
-    "https://bcr.bazel.build/modules/xz/5.4.5.bcr.8/source.json": "bd7e928ccd63505b44f4784f7bbf12cc11f9ff23bf3ca12ff2c91cd74846099e",
     "https://bcr.bazel.build/modules/zlib/1.2.11/MODULE.bazel": "07b389abc85fdbca459b69e2ec656ae5622873af3f845e1c9d80fe179f3effa0",
     "https://bcr.bazel.build/modules/zlib/1.3.1.bcr.5/MODULE.bazel": "eec517b5bbe5492629466e11dae908d043364302283de25581e3eb944326c4ca",
     "https://bcr.bazel.build/modules/zlib/1.3.1.bcr.8/MODULE.bazel": "772c674bb78a0342b8caf32ab5c25085c493ca4ff08398208dcbe4375fe9f776",
@@ -925,7 +923,7 @@
       "hyper-rustls_0.27.7": "{\"dependencies\":[{\"kind\":\"dev\",\"name\":\"cfg-if\",\"req\":\"^1\"},{\"name\":\"http\",\"req\":\"^1\"},{\"kind\":\"dev\",\"name\":\"http-body-util\",\"req\":\"^0.1\"},{\"default_features\":false,\"name\":\"hyper\",\"req\":\"^1\"},{\"default_features\":false,\"features\":[\"client-legacy\",\"tokio\"],\"name\":\"hyper-util\",\"req\":\"^0.1\"},{\"default_features\":false,\"features\":[\"server-auto\"],\"kind\":\"dev\",\"name\":\"hyper-util\",\"req\":\"^0.1\"},{\"name\":\"log\",\"optional\":true,\"req\":\"^0.4.4\"},{\"name\":\"pki-types\",\"package\":\"rustls-pki-types\",\"req\":\"^1\"},{\"default_features\":false,\"name\":\"rustls\",\"req\":\"^0.23\"},{\"default_features\":false,\"features\":[\"tls12\"],\"kind\":\"dev\",\"name\":\"rustls\",\"req\":\"^0.23\"},{\"name\":\"rustls-native-certs\",\"optional\":true,\"req\":\"^0.8\"},{\"kind\":\"dev\",\"name\":\"rustls-pemfile\",\"req\":\"^2\"},{\"name\":\"rustls-platform-verifier\",\"optional\":true,\"req\":\"^0.6\"},{\"name\":\"tokio\",\"req\":\"^1.0\"},{\"features\":[\"io-std\",\"macros\",\"net\",\"rt-multi-thread\"],\"kind\":\"dev\",\"name\":\"tokio\",\"req\":\"^1.0\"},{\"default_features\":false,\"name\":\"tokio-rustls\",\"req\":\"^0.26\"},{\"name\":\"tower-service\",\"req\":\"^0.3\"},{\"name\":\"webpki-roots\",\"optional\":true,\"req\":\"^1\"}],\"features\":{\"aws-lc-rs\":[\"rustls/aws_lc_rs\"],\"default\":[\"native-tokio\",\"http1\",\"tls12\",\"logging\",\"aws-lc-rs\"],\"fips\":[\"aws-lc-rs\",\"rustls/fips\"],\"http1\":[\"hyper-util/http1\"],\"http2\":[\"hyper-util/http2\"],\"logging\":[\"log\",\"tokio-rustls/logging\",\"rustls/logging\"],\"native-tokio\":[\"rustls-native-certs\"],\"ring\":[\"rustls/ring\"],\"tls12\":[\"tokio-rustls/tls12\",\"rustls/tls12\"],\"webpki-tokio\":[\"webpki-roots\"]}}",
       "hyper-timeout_0.5.2": "{\"dependencies\":[{\"kind\":\"dev\",\"name\":\"http-body-util\",\"req\":\"^0.1\"},{\"name\":\"hyper\",\"req\":\"^1.1\"},{\"features\":[\"http1\"],\"kind\":\"dev\",\"name\":\"hyper\",\"req\":\"^1.1\"},{\"kind\":\"dev\",\"name\":\"hyper-tls\",\"req\":\"^0.6\"},{\"features\":[\"client-legacy\",\"http1\"],\"name\":\"hyper-util\",\"req\":\"^0.1.10\"},{\"features\":[\"client-legacy\",\"http1\",\"server\",\"server-graceful\"],\"kind\":\"dev\",\"name\":\"hyper-util\",\"req\":\"^0.1.10\"},{\"name\":\"pin-project-lite\",\"req\":\"^0.2\"},{\"name\":\"tokio\",\"req\":\"^1.35\"},{\"features\":[\"io-std\",\"io-util\",\"macros\"],\"kind\":\"dev\",\"name\":\"tokio\",\"req\":\"^1.35\"},{\"name\":\"tower-service\",\"req\":\"^0.3\"}],\"features\":{}}",
       "hyper-tls_0.6.0": "{\"dependencies\":[{\"name\":\"bytes\",\"req\":\"^1\"},{\"name\":\"http-body-util\",\"req\":\"^0.1.0\"},{\"name\":\"hyper\",\"req\":\"^1\"},{\"features\":[\"client-legacy\",\"tokio\"],\"name\":\"hyper-util\",\"req\":\"^0.1.0\"},{\"features\":[\"http1\"],\"kind\":\"dev\",\"name\":\"hyper-util\",\"req\":\"^0.1.0\"},{\"name\":\"native-tls\",\"req\":\"^0.2.1\"},{\"name\":\"tokio\",\"req\":\"^1\"},{\"features\":[\"io-std\",\"macros\",\"io-util\"],\"kind\":\"dev\",\"name\":\"tokio\",\"req\":\"^1.0.0\"},{\"name\":\"tokio-native-tls\",\"req\":\"^0.3\"},{\"name\":\"tower-service\",\"req\":\"^0.3\"}],\"features\":{\"alpn\":[\"native-tls/alpn\"],\"vendored\":[\"native-tls/vendored\"]}}",
-      "hyper-util_0.1.20": "{\"dependencies\":[{\"name\":\"base64\",\"optional\":true,\"req\":\"^0.22\"},{\"name\":\"bytes\",\"req\":\"^1.7.1\"},{\"kind\":\"dev\",\"name\":\"bytes\",\"req\":\"^1\"},{\"name\":\"futures-channel\",\"optional\":true,\"req\":\"^0.3\"},{\"default_features\":false,\"name\":\"futures-util\",\"optional\":true,\"req\":\"^0.3.16\"},{\"default_features\":false,\"features\":[\"alloc\"],\"kind\":\"dev\",\"name\":\"futures-util\",\"req\":\"^0.3.16\"},{\"name\":\"http\",\"req\":\"^1.0\"},{\"name\":\"http-body\",\"req\":\"^1.0.0\"},{\"kind\":\"dev\",\"name\":\"http-body-util\",\"req\":\"^0.1.0\"},{\"name\":\"hyper\",\"req\":\"^1.8.0\"},{\"features\":[\"full\"],\"kind\":\"dev\",\"name\":\"hyper\",\"req\":\"^1.4.0\"},{\"name\":\"ipnet\",\"optional\":true,\"req\":\"^2.9\"},{\"name\":\"libc\",\"optional\":true,\"req\":\"^0.2\"},{\"name\":\"percent-encoding\",\"optional\":true,\"req\":\"^2.3\"},{\"name\":\"pin-project-lite\",\"req\":\"^0.2.4\"},{\"kind\":\"dev\",\"name\":\"pnet_datalink\",\"req\":\"^0.35.0\",\"target\":\"cfg(any(target_os = \\\"linux\\\", target_os = \\\"macos\\\"))\"},{\"kind\":\"dev\",\"name\":\"pretty_env_logger\",\"req\":\"^0.5\"},{\"features\":[\"all\"],\"name\":\"socket2\",\"optional\":true,\"req\":\">=0.5.9, <0.7\"},{\"name\":\"system-configuration\",\"optional\":true,\"req\":\"^0.7\",\"target\":\"cfg(target_os = \\\"macos\\\")\"},{\"default_features\":false,\"name\":\"tokio\",\"optional\":true,\"req\":\"^1\"},{\"features\":[\"macros\",\"test-util\",\"signal\"],\"kind\":\"dev\",\"name\":\"tokio\",\"req\":\"^1\"},{\"kind\":\"dev\",\"name\":\"tokio-test\",\"req\":\"^0.4\"},{\"name\":\"tower-layer\",\"optional\":true,\"req\":\"^0.3\"},{\"name\":\"tower-service\",\"optional\":true,\"req\":\"^0.3\"},{\"kind\":\"dev\",\"name\":\"tower-test\",\"req\":\"^0.4\"},{\"default_features\":false,\"features\":[\"std\"],\"name\":\"tracing\",\"optional\":true,\"req\":\"^0.1\"},{\"name\":\"windows-registry\",\"optional\":true,\"req\":\">=0.3, <0.7\",\"target\":\"cfg(windows)\"}],\"features\":{\"__internal_happy_eyeballs_tests\":[],\"client\":[\"hyper/client\",\"tokio/net\",\"dep:tracing\",\"dep:futures-channel\",\"dep:tower-service\"],\"client-legacy\":[\"client\",\"dep:socket2\",\"tokio/sync\",\"dep:libc\",\"dep:futures-util\"],\"client-pool\":[\"client\",\"dep:futures-util\",\"dep:tower-layer\"],\"client-proxy\":[\"client\",\"dep:base64\",\"dep:ipnet\",\"dep:percent-encoding\"],\"client-proxy-system\":[\"dep:system-configuration\",\"dep:windows-registry\"],\"default\":[],\"full\":[\"client\",\"client-legacy\",\"client-pool\",\"client-proxy\",\"client-proxy-system\",\"server\",\"server-auto\",\"server-graceful\",\"service\",\"http1\",\"http2\",\"tokio\",\"tracing\"],\"http1\":[\"hyper/http1\"],\"http2\":[\"hyper/http2\"],\"server\":[\"hyper/server\"],\"server-auto\":[\"server\",\"http1\",\"http2\"],\"server-graceful\":[\"server\",\"tokio/sync\"],\"service\":[\"dep:tower-service\"],\"tokio\":[\"dep:tokio\",\"tokio/rt\",\"tokio/time\"],\"tracing\":[\"dep:tracing\"]}}",
+      "hyper-util_0.1.19": "{\"dependencies\":[{\"name\":\"base64\",\"optional\":true,\"req\":\"^0.22\"},{\"name\":\"bytes\",\"req\":\"^1.7.1\"},{\"kind\":\"dev\",\"name\":\"bytes\",\"req\":\"^1\"},{\"name\":\"futures-channel\",\"optional\":true,\"req\":\"^0.3\"},{\"name\":\"futures-core\",\"req\":\"^0.3\"},{\"default_features\":false,\"name\":\"futures-util\",\"optional\":true,\"req\":\"^0.3.16\"},{\"default_features\":false,\"features\":[\"alloc\"],\"kind\":\"dev\",\"name\":\"futures-util\",\"req\":\"^0.3.16\"},{\"name\":\"http\",\"req\":\"^1.0\"},{\"name\":\"http-body\",\"req\":\"^1.0.0\"},{\"kind\":\"dev\",\"name\":\"http-body-util\",\"req\":\"^0.1.0\"},{\"name\":\"hyper\",\"req\":\"^1.8.0\"},{\"features\":[\"full\"],\"kind\":\"dev\",\"name\":\"hyper\",\"req\":\"^1.4.0\"},{\"name\":\"ipnet\",\"optional\":true,\"req\":\"^2.9\"},{\"name\":\"libc\",\"optional\":true,\"req\":\"^0.2\"},{\"name\":\"percent-encoding\",\"optional\":true,\"req\":\"^2.3\"},{\"name\":\"pin-project-lite\",\"req\":\"^0.2.4\"},{\"kind\":\"dev\",\"name\":\"pnet_datalink\",\"req\":\"^0.35.0\",\"target\":\"cfg(any(target_os = \\\"linux\\\", target_os = \\\"macos\\\"))\"},{\"kind\":\"dev\",\"name\":\"pretty_env_logger\",\"req\":\"^0.5\"},{\"features\":[\"all\"],\"name\":\"socket2\",\"optional\":true,\"req\":\">=0.5.9, <0.7\"},{\"name\":\"system-configuration\",\"optional\":true,\"req\":\">=0.5, <0.7\",\"target\":\"cfg(target_os = \\\"macos\\\")\"},{\"default_features\":false,\"name\":\"tokio\",\"optional\":true,\"req\":\"^1\"},{\"features\":[\"macros\",\"test-util\",\"signal\"],\"kind\":\"dev\",\"name\":\"tokio\",\"req\":\"^1\"},{\"kind\":\"dev\",\"name\":\"tokio-test\",\"req\":\"^0.4\"},{\"name\":\"tower-layer\",\"optional\":true,\"req\":\"^0.3\"},{\"name\":\"tower-service\",\"optional\":true,\"req\":\"^0.3\"},{\"kind\":\"dev\",\"name\":\"tower-test\",\"req\":\"^0.4\"},{\"default_features\":false,\"features\":[\"std\"],\"name\":\"tracing\",\"optional\":true,\"req\":\"^0.1\"},{\"name\":\"windows-registry\",\"optional\":true,\"req\":\">=0.3, <0.7\",\"target\":\"cfg(windows)\"}],\"features\":{\"__internal_happy_eyeballs_tests\":[],\"client\":[\"hyper/client\",\"tokio/net\",\"dep:tracing\",\"dep:futures-channel\",\"dep:tower-service\"],\"client-legacy\":[\"client\",\"dep:socket2\",\"tokio/sync\",\"dep:libc\",\"dep:futures-util\"],\"client-pool\":[\"client\",\"dep:futures-util\",\"dep:tower-layer\"],\"client-proxy\":[\"client\",\"dep:base64\",\"dep:ipnet\",\"dep:percent-encoding\"],\"client-proxy-system\":[\"dep:system-configuration\",\"dep:windows-registry\"],\"default\":[],\"full\":[\"client\",\"client-legacy\",\"client-pool\",\"client-proxy\",\"client-proxy-system\",\"server\",\"server-auto\",\"server-graceful\",\"service\",\"http1\",\"http2\",\"tokio\",\"tracing\"],\"http1\":[\"hyper/http1\"],\"http2\":[\"hyper/http2\"],\"server\":[\"hyper/server\"],\"server-auto\":[\"server\",\"http1\",\"http2\"],\"server-graceful\":[\"server\",\"tokio/sync\"],\"service\":[\"dep:tower-service\"],\"tokio\":[\"dep:tokio\",\"tokio/rt\",\"tokio/time\"],\"tracing\":[\"dep:tracing\"]}}",
       "hyper_1.8.1": "{\"dependencies\":[{\"name\":\"atomic-waker\",\"optional\":true,\"req\":\"^1.1.2\"},{\"name\":\"bytes\",\"req\":\"^1.2\"},{\"kind\":\"dev\",\"name\":\"form_urlencoded\",\"req\":\"^1\"},{\"name\":\"futures-channel\",\"optional\":true,\"req\":\"^0.3\"},{\"features\":[\"sink\"],\"kind\":\"dev\",\"name\":\"futures-channel\",\"req\":\"^0.3\"},{\"name\":\"futures-core\",\"optional\":true,\"req\":\"^0.3.31\"},{\"default_features\":false,\"features\":[\"alloc\"],\"name\":\"futures-util\",\"optional\":true,\"req\":\"^0.3\"},{\"default_features\":false,\"features\":[\"alloc\",\"sink\"],\"kind\":\"dev\",\"name\":\"futures-util\",\"req\":\"^0.3\"},{\"name\":\"h2\",\"optional\":true,\"req\":\"^0.4.2\"},{\"name\":\"http\",\"req\":\"^1\"},{\"name\":\"http-body\",\"req\":\"^1\"},{\"name\":\"http-body-util\",\"optional\":true,\"req\":\"^0.1\"},{\"kind\":\"dev\",\"name\":\"http-body-util\",\"req\":\"^0.1\"},{\"name\":\"httparse\",\"optional\":true,\"req\":\"^1.9\"},{\"name\":\"httpdate\",\"optional\":true,\"req\":\"^1.0\"},{\"name\":\"itoa\",\"optional\":true,\"req\":\"^1\"},{\"name\":\"pin-project-lite\",\"optional\":true,\"req\":\"^0.2.4\"},{\"kind\":\"dev\",\"name\":\"pin-project-lite\",\"req\":\"^0.2.4\"},{\"name\":\"pin-utils\",\"optional\":true,\"req\":\"^0.1\"},{\"kind\":\"dev\",\"name\":\"pretty_env_logger\",\"req\":\"^0.5\"},{\"features\":[\"derive\"],\"kind\":\"dev\",\"name\":\"serde\",\"req\":\"^1.0\"},{\"kind\":\"dev\",\"name\":\"serde_json\",\"req\":\"^1.0\"},{\"features\":[\"const_generics\",\"const_new\"],\"name\":\"smallvec\",\"optional\":true,\"req\":\"^1.12\"},{\"kind\":\"dev\",\"name\":\"spmc\",\"req\":\"^0.3\"},{\"features\":[\"sync\"],\"name\":\"tokio\",\"req\":\"^1\"},{\"features\":[\"fs\",\"macros\",\"net\",\"io-std\",\"io-util\",\"rt\",\"rt-multi-thread\",\"sync\",\"time\",\"test-util\"],\"kind\":\"dev\",\"name\":\"tokio\",\"req\":\"^1\"},{\"kind\":\"dev\",\"name\":\"tokio-test\",\"req\":\"^0.4\"},{\"kind\":\"dev\",\"name\":\"tokio-util\",\"req\":\"^0.7.10\"},{\"default_features\":false,\"features\":[\"std\"],\"name\":\"tracing\",\"optional\":true,\"req\":\"^0.1\"},{\"name\":\"want\",\"optional\":true,\"req\":\"^0.3\"}],\"features\":{\"capi\":[],\"client\":[\"dep:want\",\"dep:pin-project-lite\",\"dep:smallvec\"],\"default\":[],\"ffi\":[\"dep:http-body-util\",\"dep:futures-util\"],\"full\":[\"client\",\"http1\",\"http2\",\"server\"],\"http1\":[\"dep:atomic-waker\",\"dep:futures-channel\",\"dep:futures-core\",\"dep:httparse\",\"dep:itoa\",\"dep:pin-utils\"],\"http2\":[\"dep:futures-channel\",\"dep:futures-core\",\"dep:h2\"],\"nightly\":[],\"server\":[\"dep:httpdate\",\"dep:pin-project-lite\",\"dep:smallvec\"],\"tracing\":[\"dep:tracing\"]}}",
       "i18n-config_0.4.8": "{\"dependencies\":[{\"name\":\"basic-toml\",\"req\":\"^0.1\"},{\"name\":\"log\",\"req\":\"^0.4\"},{\"features\":[\"derive\"],\"name\":\"serde\",\"req\":\"^1.0\"},{\"name\":\"serde_derive\",\"req\":\"^1.0\"},{\"name\":\"thiserror\",\"req\":\"^1.0\"},{\"features\":[\"serde\"],\"name\":\"unic-langid\",\"req\":\"^0.9\"}],\"features\":{}}",
       "i18n-embed-fl_0.9.4": "{\"dependencies\":[{\"name\":\"dashmap\",\"optional\":true,\"req\":\"^6.0\"},{\"kind\":\"dev\",\"name\":\"doc-comment\",\"req\":\"^0.3\"},{\"kind\":\"dev\",\"name\":\"env_logger\",\"req\":\"^0.11\"},{\"name\":\"find-crate\",\"req\":\"^0.6\"},{\"name\":\"fluent\",\"req\":\"^0.16\"},{\"name\":\"fluent-syntax\",\"req\":\"^0.11\"},{\"name\":\"i18n-config\",\"req\":\"^0.4.7\"},{\"features\":[\"fluent-system\",\"filesystem-assets\"],\"name\":\"i18n-embed\",\"req\":\"^0.15.4\"},{\"kind\":\"dev\",\"name\":\"pretty_assertions\",\"req\":\"^1.4\"},{\"name\":\"proc-macro-error2\",\"req\":\"^2.0.1\"},{\"name\":\"proc-macro2\",\"req\":\"^1.0\"},{\"name\":\"quote\",\"req\":\"^1.0\"},{\"kind\":\"dev\",\"name\":\"rust-embed\",\"req\":\"^8.0\"},{\"name\":\"strsim\",\"req\":\"^0.11\"},{\"features\":[\"derive\",\"proc-macro\",\"parsing\",\"printing\",\"extra-traits\",\"full\"],\"name\":\"syn\",\"req\":\"^2.0\"},{\"name\":\"unic-langid\",\"req\":\"^0.9\"}],\"features\":{\"dashmap\":[\"dep:dashmap\"]}}",
@@ -1369,7 +1367,7 @@
       "syntect_5.3.0": "{\"dependencies\":[{\"name\":\"bincode\",\"optional\":true,\"req\":\"^1.0\"},{\"features\":[\"html_reports\"],\"kind\":\"dev\",\"name\":\"criterion\",\"req\":\"^0.3\"},{\"name\":\"fancy-regex\",\"optional\":true,\"req\":\"^0.16.2\"},{\"name\":\"flate2\",\"optional\":true,\"req\":\"^1.0\"},{\"name\":\"fnv\",\"optional\":true,\"req\":\"^1.0\"},{\"kind\":\"dev\",\"name\":\"getopts\",\"req\":\"^0.2\"},{\"name\":\"once_cell\",\"req\":\"^1.8\"},{\"default_features\":false,\"name\":\"onig\",\"optional\":true,\"req\":\"^6.5.1\"},{\"name\":\"plist\",\"optional\":true,\"req\":\"^1.3\"},{\"kind\":\"dev\",\"name\":\"pretty_assertions\",\"req\":\"^0.6\"},{\"kind\":\"dev\",\"name\":\"public-api\",\"req\":\"^0.50.1\"},{\"kind\":\"dev\",\"name\":\"rayon\",\"req\":\"^1.0.0\"},{\"kind\":\"dev\",\"name\":\"regex\",\"req\":\"^1.0\"},{\"name\":\"regex-syntax\",\"optional\":true,\"req\":\"^0.8\"},{\"kind\":\"dev\",\"name\":\"rustdoc-json\",\"req\":\"^0.9.7\"},{\"kind\":\"dev\",\"name\":\"rustup-toolchain\",\"req\":\"^0.1.5\"},{\"name\":\"serde\",\"req\":\"^1.0\"},{\"name\":\"serde_derive\",\"req\":\"^1.0\"},{\"name\":\"serde_json\",\"optional\":true,\"req\":\"^1.0\"},{\"kind\":\"dev\",\"name\":\"serde_json\",\"req\":\"^1.0\"},{\"name\":\"thiserror\",\"req\":\"^2.0.12\"},{\"name\":\"walkdir\",\"req\":\"^2.0\"},{\"name\":\"yaml-rust\",\"optional\":true,\"req\":\"^0.4.5\"}],\"features\":{\"default\":[\"default-onig\"],\"default-fancy\":[\"parsing\",\"default-syntaxes\",\"default-themes\",\"html\",\"plist-load\",\"yaml-load\",\"dump-load\",\"dump-create\",\"regex-fancy\"],\"default-onig\":[\"parsing\",\"default-syntaxes\",\"default-themes\",\"html\",\"plist-load\",\"yaml-load\",\"dump-load\",\"dump-create\",\"regex-onig\"],\"default-syntaxes\":[\"parsing\",\"dump-load\"],\"default-themes\":[\"dump-load\"],\"dump-create\":[\"flate2\",\"bincode\"],\"dump-load\":[\"flate2\",\"bincode\"],\"html\":[\"parsing\"],\"metadata\":[\"parsing\",\"plist-load\",\"dep:serde_json\"],\"parsing\":[\"regex-syntax\",\"fnv\",\"dump-create\",\"dump-load\"],\"plist-load\":[\"plist\",\"dep:serde_json\"],\"regex-fancy\":[\"fancy-regex\"],\"regex-onig\":[\"onig\"],\"yaml-load\":[\"yaml-rust\",\"parsing\"]}}",
       "sys-locale_0.3.2": "{\"dependencies\":[{\"name\":\"js-sys\",\"optional\":true,\"req\":\"^0.3\",\"target\":\"cfg(all(target_family = \\\"wasm\\\", not(unix)))\"},{\"name\":\"libc\",\"req\":\"^0.2\",\"target\":\"cfg(target_os = \\\"android\\\")\"},{\"name\":\"wasm-bindgen\",\"optional\":true,\"req\":\"^0.2\",\"target\":\"cfg(all(target_family = \\\"wasm\\\", not(unix)))\"},{\"kind\":\"dev\",\"name\":\"wasm-bindgen-test\",\"req\":\"^0.3\",\"target\":\"cfg(all(target_family = \\\"wasm\\\", not(unix)))\"},{\"features\":[\"Window\",\"WorkerGlobalScope\",\"Navigator\",\"WorkerNavigator\"],\"name\":\"web-sys\",\"optional\":true,\"req\":\"^0.3\",\"target\":\"cfg(all(target_family = \\\"wasm\\\", not(unix)))\"}],\"features\":{\"js\":[\"js-sys\",\"wasm-bindgen\",\"web-sys\"]}}",
       "system-configuration-sys_0.6.0": "{\"dependencies\":[{\"name\":\"core-foundation-sys\",\"req\":\"^0.8\"},{\"name\":\"libc\",\"req\":\"^0.2.149\"}],\"features\":{}}",
-      "system-configuration_0.7.0": "{\"dependencies\":[{\"name\":\"bitflags\",\"req\":\"^2\"},{\"name\":\"core-foundation\",\"req\":\"^0.9\"},{\"name\":\"system-configuration-sys\",\"req\":\"^0.6\"}],\"features\":{}}",
+      "system-configuration_0.6.1": "{\"dependencies\":[{\"name\":\"bitflags\",\"req\":\"^2\"},{\"name\":\"core-foundation\",\"req\":\"^0.9\"},{\"name\":\"system-configuration-sys\",\"req\":\"^0.6\"}],\"features\":{}}",
       "tagptr_0.2.0": "{\"dependencies\":[],\"features\":{}}",
       "tar_0.4.44": "{\"dependencies\":[{\"name\":\"filetime\",\"req\":\"^0.2.8\"},{\"name\":\"libc\",\"req\":\"^0.2\",\"target\":\"cfg(unix)\"},{\"kind\":\"dev\",\"name\":\"tempfile\",\"req\":\"^3\"},{\"name\":\"xattr\",\"optional\":true,\"req\":\"^1.1.3\",\"target\":\"cfg(unix)\"}],\"features\":{\"default\":[\"xattr\"]}}",
       "tempfile_3.24.0": "{\"dependencies\":[{\"kind\":\"dev\",\"name\":\"doc-comment\",\"req\":\"^0.3\"},{\"name\":\"fastrand\",\"req\":\"^2.1.1\"},{\"default_features\":false,\"name\":\"getrandom\",\"optional\":true,\"req\":\"^0.3.0\",\"target\":\"cfg(any(unix, windows, target_os = \\\"wasi\\\"))\"},{\"default_features\":false,\"features\":[\"std\"],\"name\":\"once_cell\",\"req\":\"^1.19.0\"},{\"features\":[\"fs\"],\"name\":\"rustix\",\"req\":\"^1.1.3\",\"target\":\"cfg(any(unix, target_os = \\\"wasi\\\"))\"},{\"features\":[\"Win32_Storage_FileSystem\",\"Win32_Foundation\"],\"name\":\"windows-sys\",\"req\":\">=0.52, <0.62\",\"target\":\"cfg(windows)\"}],\"features\":{\"default\":[\"getrandom\"],\"nightly\":[]}}",

codex-rs/Cargo.lock

@@ -408,11 +408,9 @@ dependencies = [
  "base64 0.22.1",
  "chrono",
  "codex-app-server-protocol",
- "codex-config",
  "codex-core",
  "codex-features",
  "codex-login",
- "codex-models-manager",
  "codex-protocol",
  "codex-utils-cargo-bin",
  "core_test_support",
@@ -449,7 +447,7 @@ dependencies = [
  "objc2-foundation",
  "parking_lot",
  "percent-encoding",
- "windows-sys 0.52.0",
+ "windows-sys 0.60.2",
  "wl-clipboard-rs",
  "x11rb",
 ]
@@ -1339,12 +1337,10 @@ checksum = "e9b18233253483ce2f65329a24072ec414db782531bdbb7d0bbc4bd2ce6b7e21"
 name = "codex-analytics"
 version = "0.0.0"
 dependencies = [
- "codex-app-server-protocol",
  "codex-git-utils",
  "codex-login",
  "codex-plugin",
  "codex-protocol",
- "os_info",
  "pretty_assertions",
  "serde",
  "serde_json",
@@ -1369,9 +1365,7 @@ dependencies = [
  "anyhow",
  "assert_matches",
  "async-trait",
- "base64 0.22.1",
  "bytes",
- "chrono",
  "codex-client",
  "codex-protocol",
  "codex-utils-rustls-provider",
@@ -1405,13 +1399,11 @@ dependencies = [
  "base64 0.22.1",
  "chrono",
  "clap",
- "codex-analytics",
  "codex-app-server-protocol",
  "codex-arg0",
  "codex-backend-client",
  "codex-chatgpt",
  "codex-cloud-requirements",
- "codex-config",
  "codex-core",
  "codex-exec-server",
  "codex-features",
@@ -1419,12 +1411,9 @@ dependencies = [
  "codex-file-search",
  "codex-git-utils",
  "codex-login",
- "codex-mcp",
- "codex-models-manager",
  "codex-otel",
  "codex-protocol",
  "codex-rmcp-client",
- "codex-rollout",
  "codex-sandboxing",
  "codex-shell-command",
  "codex-state",
@@ -1434,11 +1423,9 @@ dependencies = [
  "codex-utils-cli",
  "codex-utils-json-to-toml",
  "codex-utils-pty",
- "codex-utils-rustls-provider",
  "constant_time_eq",
  "core_test_support",
  "futures",
- "gethostname",
  "hmac",
  "jsonwebtoken",
  "opentelemetry",
@@ -1461,7 +1448,6 @@ dependencies = [
  "tracing",
  "tracing-opentelemetry",
  "tracing-subscriber",
- "url",
  "uuid",
  "wiremock",
 ]
@@ -1496,7 +1482,6 @@ dependencies = [
  "codex-experimental-api-macros",
  "codex-git-utils",
  "codex-protocol",
- "codex-shell-command",
  "codex-utils-absolute-path",
  "codex-utils-cargo-bin",
  "inventory",
@@ -1506,6 +1491,7 @@ dependencies = [
  "serde",
  "serde_json",
  "serde_with",
+ "shlex",
  "similar",
  "strum_macros 0.28.0",
  "tempfile",
@@ -1584,7 +1570,7 @@ dependencies = [
  "anyhow",
  "codex-backend-openapi-models",
  "codex-client",
- "codex-login",
+ "codex-core",
  "codex-protocol",
  "pretty_assertions",
  "reqwest",
@@ -1607,7 +1593,6 @@ version = "0.0.0"
 dependencies = [
  "anyhow",
  "clap",
- "codex-config",
  "codex-connectors",
  "codex-core",
  "codex-git-utils",
@@ -1642,7 +1627,6 @@ dependencies = [
  "codex-execpolicy",
  "codex-features",
  "codex-login",
- "codex-mcp",
  "codex-mcp-server",
  "codex-protocol",
  "codex-responses-api-proxy",
@@ -1654,7 +1638,6 @@ dependencies = [
  "codex-tui",
  "codex-utils-cargo-bin",
  "codex-utils-cli",
- "codex-utils-path",
  "codex-windows-sandbox",
  "libc",
  "owo-colors",
@@ -1710,9 +1693,7 @@ dependencies = [
  "base64 0.22.1",
  "chrono",
  "codex-backend-client",
- "codex-config",
  "codex-core",
- "codex-login",
  "codex-otel",
  "codex-protocol",
  "hmac",
@@ -1738,7 +1719,6 @@ dependencies = [
  "clap",
  "codex-client",
  "codex-cloud-tasks-client",
- "codex-cloud-tasks-mock-client",
  "codex-core",
  "codex-git-utils",
  "codex-login",
@@ -1768,21 +1748,12 @@ dependencies = [
  "chrono",
  "codex-backend-client",
  "codex-git-utils",
+ "diffy",
  "serde",
  "serde_json",
  "thiserror 2.0.18",
 ]
 
-[[package]]
-name = "codex-cloud-tasks-mock-client"
-version = "0.0.0"
-dependencies = [
- "async-trait",
- "chrono",
- "codex-cloud-tasks-client",
- "diffy",
-]
-
 [[package]]
 name = "codex-code-mode"
 version = "0.0.0"
@@ -1797,10 +1768,6 @@ dependencies = [
  "v8",
 ]
 
-[[package]]
-name = "codex-collaboration-mode-templates"
-version = "0.0.0"
-
 [[package]]
 name = "codex-config"
 version = "0.0.0"
@@ -1808,13 +1775,8 @@ dependencies = [
  "anyhow",
  "codex-app-server-protocol",
  "codex-execpolicy",
- "codex-features",
- "codex-git-utils",
- "codex-model-provider-info",
- "codex-network-proxy",
  "codex-protocol",
  "codex-utils-absolute-path",
- "dunce",
  "futures",
  "multimap",
  "pretty_assertions",
@@ -1823,13 +1785,11 @@ dependencies = [
  "serde_json",
  "serde_path_to_error",
  "sha2",
- "tempfile",
  "thiserror 2.0.18",
  "tokio",
  "toml 0.9.11+spec-1.1.0",
  "toml_edit 0.24.0+spec-1.1.0",
  "tracing",
- "wildmatch",
 ]
 
 [[package]]
@@ -1856,6 +1816,7 @@ dependencies = [
  "async-trait",
  "base64 0.22.1",
  "bm25",
+ "chardetng",
  "chrono",
  "clap",
  "codex-analytics",
@@ -1871,19 +1832,14 @@ dependencies = [
  "codex-exec-server",
  "codex-execpolicy",
  "codex-features",
- "codex-feedback",
  "codex-git-utils",
  "codex-hooks",
  "codex-instructions",
  "codex-login",
- "codex-mcp",
- "codex-model-provider-info",
- "codex-models-manager",
  "codex-network-proxy",
  "codex-otel",
  "codex-plugin",
  "codex-protocol",
- "codex-response-debug-context",
  "codex-rmcp-client",
  "codex-rollout",
  "codex-sandboxing",
@@ -1913,6 +1869,7 @@ dependencies = [
  "ctor 0.6.3",
  "dirs",
  "dunce",
+ "encoding_rs",
  "env-flags",
  "eventsource-stream",
  "futures",
@@ -1921,6 +1878,7 @@ dependencies = [
  "image",
  "indexmap 2.13.0",
  "insta",
+ "landlock",
  "libc",
  "maplit",
  "notify",
@@ -1934,6 +1892,8 @@ dependencies = [
  "regex-lite",
  "reqwest",
  "rmcp",
+ "schemars 0.8.22",
+ "seccompiler",
  "serde",
  "serde_json",
  "serial_test",
@@ -1957,6 +1917,7 @@ dependencies = [
  "uuid",
  "walkdir",
  "which 8.0.0",
+ "wildmatch",
  "windows-sys 0.52.0",
  "wiremock",
  "zip",
@@ -2019,8 +1980,6 @@ dependencies = [
  "codex-core",
  "codex-feedback",
  "codex-git-utils",
- "codex-login",
- "codex-model-provider-info",
  "codex-otel",
  "codex-protocol",
  "codex-utils-absolute-path",
@@ -2123,6 +2082,7 @@ dependencies = [
 name = "codex-features"
 version = "0.0.0"
 dependencies = [
+ "codex-login",
  "codex-otel",
  "codex-protocol",
  "pretty_assertions",
@@ -2137,7 +2097,6 @@ name = "codex-feedback"
 version = "0.0.0"
 dependencies = [
  "anyhow",
- "codex-login",
  "codex-protocol",
  "pretty_assertions",
  "sentry",
@@ -2221,7 +2180,6 @@ version = "0.0.0"
 dependencies = [
  "cc",
  "clap",
- "codex-config",
  "codex-core",
  "codex-protocol",
  "codex-sandboxing",
@@ -2243,7 +2201,6 @@ name = "codex-lmstudio"
 version = "0.0.0"
 dependencies = [
  "codex-core",
- "codex-model-provider-info",
  "reqwest",
  "serde_json",
  "tokio",
@@ -2260,13 +2217,10 @@ dependencies = [
  "async-trait",
  "base64 0.22.1",
  "chrono",
- "codex-api",
  "codex-app-server-protocol",
  "codex-client",
  "codex-config",
  "codex-keyring-store",
- "codex-model-provider-info",
- "codex-otel",
  "codex-protocol",
  "codex-terminal-detection",
  "codex-utils-template",
@@ -2278,6 +2232,7 @@ dependencies = [
  "rand 0.9.2",
  "regex-lite",
  "reqwest",
+ "schemars 0.8.22",
  "serde",
  "serde_json",
  "serial_test",
@@ -2293,47 +2248,15 @@ dependencies = [
  "wiremock",
 ]
 
-[[package]]
-name = "codex-mcp"
-version = "0.0.0"
-dependencies = [
- "anyhow",
- "async-channel",
- "codex-async-utils",
- "codex-config",
- "codex-login",
- "codex-otel",
- "codex-plugin",
- "codex-protocol",
- "codex-rmcp-client",
- "codex-utils-plugins",
- "futures",
- "pretty_assertions",
- "regex-lite",
- "rmcp",
- "serde",
- "serde_json",
- "sha1",
- "tempfile",
- "thiserror 2.0.18",
- "tokio",
- "tokio-util",
- "tracing",
- "url",
-]
-
 [[package]]
 name = "codex-mcp-server"
 version = "0.0.0"
 dependencies = [
  "anyhow",
  "codex-arg0",
- "codex-config",
  "codex-core",
  "codex-exec-server",
  "codex-features",
- "codex-login",
- "codex-models-manager",
  "codex-protocol",
  "codex-shell-command",
  "codex-utils-cli",
@@ -2354,54 +2277,6 @@ dependencies = [
  "wiremock",
 ]
 
-[[package]]
-name = "codex-model-provider-info"
-version = "0.0.0"
-dependencies = [
- "codex-api",
- "codex-app-server-protocol",
- "codex-protocol",
- "codex-utils-absolute-path",
- "http 1.4.0",
- "maplit",
- "pretty_assertions",
- "schemars 0.8.22",
- "serde",
- "tempfile",
- "toml 0.9.11+spec-1.1.0",
-]
-
-[[package]]
-name = "codex-models-manager"
-version = "0.0.0"
-dependencies = [
- "base64 0.22.1",
- "chrono",
- "codex-api",
- "codex-app-server-protocol",
- "codex-collaboration-mode-templates",
- "codex-config",
- "codex-feedback",
- "codex-login",
- "codex-model-provider-info",
- "codex-otel",
- "codex-protocol",
- "codex-response-debug-context",
- "codex-utils-absolute-path",
- "codex-utils-output-truncation",
- "codex-utils-template",
- "core_test_support",
- "http 1.4.0",
- "pretty_assertions",
- "serde",
- "serde_json",
- "tempfile",
- "tokio",
- "tracing",
- "tracing-subscriber",
- "wiremock",
-]
-
 [[package]]
 name = "codex-network-proxy"
 version = "0.0.0"
@@ -2441,7 +2316,6 @@ dependencies = [
  "async-stream",
  "bytes",
  "codex-core",
- "codex-model-provider-info",
  "futures",
  "pretty_assertions",
  "reqwest",
@@ -2506,27 +2380,18 @@ name = "codex-protocol"
 version = "0.0.0"
 dependencies = [
  "anyhow",
- "chardetng",
- "chrono",
- "codex-async-utils",
  "codex-execpolicy",
  "codex-git-utils",
- "codex-network-proxy",
  "codex-utils-absolute-path",
  "codex-utils-image",
  "codex-utils-string",
  "codex-utils-template",
- "encoding_rs",
- "http 1.4.0",
  "icu_decimal",
  "icu_locale_core",
  "icu_provider",
- "landlock",
  "pretty_assertions",
  "quick-xml",
- "reqwest",
  "schemars 0.8.22",
- "seccompiler",
  "serde",
  "serde_json",
  "serde_with",
@@ -2534,24 +2399,11 @@ dependencies = [
  "strum_macros 0.28.0",
  "sys-locale",
  "tempfile",
- "thiserror 2.0.18",
- "tokio",
  "tracing",
  "ts-rs",
  "uuid",
 ]
 
-[[package]]
-name = "codex-response-debug-context"
-version = "0.0.0"
-dependencies = [
- "base64 0.22.1",
- "codex-api",
- "http 1.4.0",
- "pretty_assertions",
- "serde_json",
-]
-
 [[package]]
 name = "codex-responses-api-proxy"
 version = "0.0.0"
@@ -2561,7 +2413,6 @@ dependencies = [
  "codex-process-hardening",
  "ctor 0.6.3",
  "libc",
- "pretty_assertions",
  "reqwest",
  "serde",
  "serde_json",
@@ -2576,7 +2427,6 @@ dependencies = [
  "anyhow",
  "axum",
  "codex-client",
- "codex-config",
  "codex-keyring-store",
  "codex-protocol",
  "codex-utils-cargo-bin",
@@ -2588,6 +2438,7 @@ dependencies = [
  "pretty_assertions",
  "reqwest",
  "rmcp",
+ "schemars 0.8.22",
  "serde",
  "serde_json",
  "serial_test",
@@ -2764,15 +2615,11 @@ version = "0.0.0"
 dependencies = [
  "codex-app-server-protocol",
  "codex-code-mode",
- "codex-features",
  "codex-protocol",
- "codex-utils-absolute-path",
- "codex-utils-pty",
  "pretty_assertions",
  "rmcp",
  "serde",
  "serde_json",
- "tracing",
 ]
 
 [[package]]
@@ -2792,20 +2639,14 @@ dependencies = [
  "codex-chatgpt",
  "codex-cli",
  "codex-cloud-requirements",
- "codex-config",
  "codex-core",
- "codex-exec-server",
  "codex-features",
  "codex-feedback",
  "codex-file-search",
  "codex-git-utils",
  "codex-login",
- "codex-mcp",
- "codex-model-provider-info",
- "codex-models-manager",
  "codex-otel",
  "codex-protocol",
- "codex-rollout",
  "codex-shell-command",
  "codex-state",
  "codex-terminal-detection",
@@ -2864,7 +2705,6 @@ dependencies = [
  "unicode-segmentation",
  "unicode-width 0.2.1",
  "url",
- "urlencoding",
  "uuid",
  "vt100",
  "webbrowser",
@@ -2967,7 +2807,6 @@ version = "0.0.0"
 dependencies = [
  "codex-core",
  "codex-lmstudio",
- "codex-model-provider-info",
  "codex-ollama",
 ]
 
@@ -2994,7 +2833,6 @@ dependencies = [
 name = "codex-utils-plugins"
 version = "0.0.0"
 dependencies = [
- "codex-login",
  "serde",
  "serde_json",
  "tempfile",
@@ -3039,7 +2877,6 @@ name = "codex-utils-sandbox-summary"
 version = "0.0.0"
 dependencies = [
  "codex-core",
- "codex-model-provider-info",
  "codex-protocol",
  "codex-utils-absolute-path",
  "pretty_assertions",
@@ -3310,9 +3147,6 @@ dependencies = [
  "codex-core",
  "codex-exec-server",
  "codex-features",
- "codex-login",
- "codex-model-provider-info",
- "codex-models-manager",
  "codex-protocol",
  "codex-utils-absolute-path",
  "codex-utils-cargo-bin",
@@ -3967,7 +3801,7 @@ dependencies = [
  "libc",
  "option-ext",
  "redox_users 0.5.2",
- "windows-sys 0.59.0",
+ "windows-sys 0.61.2",
 ]
 
 [[package]]
@@ -4212,7 +4046,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb"
 dependencies = [
  "libc",
- "windows-sys 0.52.0",
+ "windows-sys 0.61.2",
 ]
 
 [[package]]
@@ -5118,13 +4952,14 @@ dependencies = [
 
 [[package]]
 name = "hyper-util"
-version = "0.1.20"
+version = "0.1.19"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "96547c2556ec9d12fb1578c4eaf448b04993e7fb79cbaad930a656880a6bdfa0"
+checksum = "727805d60e7938b76b826a6ef209eb70eaa1812794f9424d4a4e2d740662df5f"
 dependencies = [
  "base64 0.22.1",
  "bytes",
  "futures-channel",
+ "futures-core",
  "futures-util",
  "http 1.4.0",
  "http-body",
@@ -5133,7 +4968,7 @@ dependencies = [
  "libc",
  "percent-encoding",
  "pin-project-lite",
- "socket2 0.5.10",
+ "socket2 0.6.2",
  "system-configuration",
  "tokio",
  "tower-service",
@@ -5639,7 +5474,7 @@ checksum = "3640c1c38b8e4e43584d8df18be5fc6b0aa314ce6ebf51b53313d4306cca8e46"
 dependencies = [
  "hermit-abi",
  "libc",
- "windows-sys 0.52.0",
+ "windows-sys 0.61.2",
 ]
 
 [[package]]
@@ -6126,7 +5961,7 @@ name = "mcp_test_support"
 version = "0.0.0"
 dependencies = [
  "anyhow",
- "codex-login",
+ "codex-core",
  "codex-mcp-server",
  "codex-terminal-detection",
  "codex-utils-cargo-bin",
@@ -6417,7 +6252,7 @@ version = "0.50.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7957b9740744892f114936ab4a57b3f487491bbeafaf8083688b16841a4240e5"
 dependencies = [
- "windows-sys 0.59.0",
+ "windows-sys 0.61.2",
 ]
 
 [[package]]
@@ -6593,7 +6428,7 @@ version = "5.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "51e219e79014df21a225b1860a479e2dcd7cbd9130f4defd4bd0e191ea31d67d"
 dependencies = [
- "base64 0.21.7",
+ "base64 0.22.1",
  "chrono",
  "getrandom 0.2.17",
  "http 1.4.0",
@@ -7061,7 +6896,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7d8fae84b431384b68627d0f9b3b1245fcf9f46f6c0e3dc902e9dce64edd1967"
 dependencies = [
  "libc",
- "windows-sys 0.45.0",
+ "windows-sys 0.61.2",
 ]
 
 [[package]]
@@ -7607,7 +7442,7 @@ dependencies = [
  "quinn-udp",
  "rustc-hash 2.1.1",
  "rustls",
- "socket2 0.5.10",
+ "socket2 0.6.2",
  "thiserror 2.0.18",
  "tokio",
  "tracing",
@@ -7644,9 +7479,9 @@ dependencies = [
  "cfg_aliases 0.2.1",
  "libc",
  "once_cell",
- "socket2 0.5.10",
+ "socket2 0.6.2",
  "tracing",
- "windows-sys 0.52.0",
+ "windows-sys 0.60.2",
 ]
 
 [[package]]
@@ -8482,7 +8317,7 @@ dependencies = [
  "errno",
  "libc",
  "linux-raw-sys 0.11.0",
- "windows-sys 0.52.0",
+ "windows-sys 0.61.2",
 ]
 
 [[package]]
@@ -9881,9 +9716,9 @@ dependencies = [
 
 [[package]]
 name = "system-configuration"
-version = "0.7.0"
+version = "0.6.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a13f3d0daba03132c0aa9767f98351b3488edc2c100cda2d2ec2b04f3d8d3c8b"
+checksum = "3c879d448e9d986b661742763247d3693ed13609438cf3d006f51f5368a5ba6b"
 dependencies = [
  "bitflags 2.10.0",
  "core-foundation 0.9.4",
@@ -9916,7 +9751,7 @@ dependencies = [
  "getrandom 0.3.4",
  "once_cell",
  "rustix 1.1.3",
- "windows-sys 0.52.0",
+ "windows-sys 0.61.2",
 ]
 
 [[package]]
@@ -11362,7 +11197,7 @@ version = "0.1.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22"
 dependencies = [
- "windows-sys 0.48.0",
+ "windows-sys 0.61.2",
 ]
 
 [[package]]

codex-rs/Cargo.toml

@@ -18,9 +18,7 @@ members = [
     "cloud-requirements",
     "cloud-tasks",
     "cloud-tasks-client",
-    "cloud-tasks-mock-client",
     "cli",
-    "collaboration-mode-templates",
     "connectors",
     "config",
     "shell-command",
@@ -40,10 +38,7 @@ members = [
     "linux-sandbox",
     "lmstudio",
     "login",
-    "codex-mcp",
     "mcp-server",
-    "model-provider-info",
-    "models-manager",
     "network-proxy",
     "ollama",
     "process-hardening",
@@ -51,7 +46,6 @@ members = [
     "rollout",
     "rmcp-client",
     "responses-api-proxy",
-    "response-debug-context",
     "sandboxing",
     "stdio-to-uds",
     "otel",
@@ -102,9 +96,10 @@ license = "Apache-2.0"
 [workspace.dependencies]
 # Internal
 app_test_support = { path = "app-server/tests/common" }
-codex-analytics = { path = "analytics" }
 codex-ansi-escape = { path = "ansi-escape" }
+codex-analytics = { path = "analytics" }
 codex-api = { path = "codex-api" }
+codex-code-mode = { path = "code-mode" }
 codex-app-server = { path = "app-server" }
 codex-app-server-client = { path = "app-server-client" }
 codex-app-server-protocol = { path = "app-server-protocol" }
@@ -116,21 +111,17 @@ codex-backend-client = { path = "backend-client" }
 codex-chatgpt = { path = "chatgpt" }
 codex-cli = { path = "cli" }
 codex-client = { path = "codex-client" }
-codex-collaboration-mode-templates = { path = "collaboration-mode-templates" }
 codex-cloud-requirements = { path = "cloud-requirements" }
-codex-cloud-tasks-client = { path = "cloud-tasks-client" }
-codex-cloud-tasks-mock-client = { path = "cloud-tasks-mock-client" }
-codex-code-mode = { path = "code-mode" }
-codex-config = { path = "config" }
 codex-connectors = { path = "connectors" }
+codex-config = { path = "config" }
 codex-core = { path = "core" }
 codex-core-skills = { path = "core-skills" }
 codex-exec = { path = "exec" }
 codex-exec-server = { path = "exec-server" }
 codex-execpolicy = { path = "execpolicy" }
 codex-experimental-api-macros = { path = "codex-experimental-api-macros" }
-codex-features = { path = "features" }
 codex-feedback = { path = "feedback" }
+codex-features = { path = "features" }
 codex-file-search = { path = "file-search" }
 codex-git-utils = { path = "git-utils" }
 codex-hooks = { path = "hooks" }
@@ -139,20 +130,16 @@ codex-keyring-store = { path = "keyring-store" }
 codex-linux-sandbox = { path = "linux-sandbox" }
 codex-lmstudio = { path = "lmstudio" }
 codex-login = { path = "login" }
-codex-mcp = { path = "codex-mcp" }
 codex-mcp-server = { path = "mcp-server" }
-codex-model-provider-info = { path = "model-provider-info" }
-codex-models-manager = { path = "models-manager" }
 codex-network-proxy = { path = "network-proxy" }
 codex-ollama = { path = "ollama" }
 codex-otel = { path = "otel" }
 codex-plugin = { path = "plugin" }
 codex-process-hardening = { path = "process-hardening" }
 codex-protocol = { path = "protocol" }
-codex-responses-api-proxy = { path = "responses-api-proxy" }
-codex-response-debug-context = { path = "response-debug-context" }
-codex-rmcp-client = { path = "rmcp-client" }
 codex-rollout = { path = "rollout" }
+codex-responses-api-proxy = { path = "responses-api-proxy" }
+codex-rmcp-client = { path = "rmcp-client" }
 codex-sandboxing = { path = "sandboxing" }
 codex-secrets = { path = "secrets" }
 codex-shell-command = { path = "shell-command" }
@@ -163,6 +150,7 @@ codex-stdio-to-uds = { path = "stdio-to-uds" }
 codex-terminal-detection = { path = "terminal-detection" }
 codex-tools = { path = "tools" }
 codex-tui = { path = "tui" }
+codex-v8-poc = { path = "v8-poc" }
 codex-utils-absolute-path = { path = "utils/absolute-path" }
 codex-utils-approval-presets = { path = "utils/approval-presets" }
 codex-utils-cache = { path = "utils/cache" }
@@ -183,9 +171,8 @@ codex-utils-rustls-provider = { path = "utils/rustls-provider" }
 codex-utils-sandbox-summary = { path = "utils/sandbox-summary" }
 codex-utils-sleep-inhibitor = { path = "utils/sleep-inhibitor" }
 codex-utils-stream-parser = { path = "utils/stream-parser" }
-codex-utils-string = { path = "utils/string" }
 codex-utils-template = { path = "utils/template" }
-codex-v8-poc = { path = "v8-poc" }
+codex-utils-string = { path = "utils/string" }
 codex-windows-sandbox = { path = "windows-sandbox-rs" }
 core_test_support = { path = "core/tests/common" }
 mcp_test_support = { path = "mcp-server/tests/common" }
@@ -230,12 +217,12 @@ gethostname = "1.1.0"
 globset = "0.4"
 hmac = "0.12.1"
 http = "1.3.1"
-iana-time-zone = "0.1.64"
 icu_decimal = "2.1"
 icu_locale_core = "2.1"
 icu_provider = { version = "2.1", features = ["sync"] }
 ignore = "0.4.23"
 image = { version = "^0.25.9", default-features = false }
+iana-time-zone = "0.1.64"
 include_dir = "0.7.4"
 indexmap = "2.12.0"
 insta = "1.46.3"
@@ -277,6 +264,7 @@ regex-lite = "0.1.8"
 reqwest = "0.12"
 rmcp = { version = "0.15.0", default-features = false }
 runfiles = { git = "https://github.com/dzbarsky/rules_rust", rev = "b56cbaa8465e74127f1ea216f813cd377295ad81" }
+v8 = "=146.4.0"
 rustls = { version = "0.23", default-features = false, features = [
     "ring",
     "std",
@@ -345,7 +333,6 @@ unicode-width = "0.2"
 url = "2"
 urlencoding = "2.1"
 uuid = "1"
-v8 = "=146.4.0"
 vt100 = "0.16.2"
 walkdir = "2.5.0"
 webbrowser = "1.0"

codex-rs/analytics/Cargo.toml

@@ -13,12 +13,10 @@ path = "src/lib.rs"
 workspace = true
 
 [dependencies]
-codex-app-server-protocol = { workspace = true }
 codex-git-utils = { workspace = true }
 codex-login = { workspace = true }
 codex-plugin = { workspace = true }
 codex-protocol = { workspace = true }
-os_info = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
 sha1 = { workspace = true }
 tokio = { workspace = true, features = [

codex-rs/analytics/src/analytics_client.rs

@@ -0,0 +1,797 @@
+use codex_git_utils::collect_git_info;
+use codex_git_utils::get_git_repo_root;
+use codex_login::AuthManager;
+use codex_login::default_client::create_client;
+use codex_login::default_client::originator;
+use codex_plugin::PluginTelemetryMetadata;
+use codex_protocol::protocol::SkillScope;
+use serde::Serialize;
+use sha1::Digest;
+use sha1::Sha1;
+use std::collections::HashSet;
+use std::path::Path;
+use std::path::PathBuf;
+use std::sync::Arc;
+use std::sync::Mutex;
+use std::time::Duration;
+use tokio::sync::mpsc;
+
+#[derive(Clone)]
+pub struct TrackEventsContext {
+    pub model_slug: String,
+    pub thread_id: String,
+    pub turn_id: String,
+}
+
+pub fn build_track_events_context(
+    model_slug: String,
+    thread_id: String,
+    turn_id: String,
+) -> TrackEventsContext {
+    TrackEventsContext {
+        model_slug,
+        thread_id,
+        turn_id,
+    }
+}
+
+#[derive(Clone, Debug)]
+pub struct SkillInvocation {
+    pub skill_name: String,
+    pub skill_scope: SkillScope,
+    pub skill_path: PathBuf,
+    pub invocation_type: InvocationType,
+}
+
+#[derive(Clone, Copy, Debug, Serialize)]
+#[serde(rename_all = "lowercase")]
+pub enum InvocationType {
+    Explicit,
+    Implicit,
+}
+
+pub struct AppInvocation {
+    pub connector_id: Option<String>,
+    pub app_name: Option<String>,
+    pub invocation_type: Option<InvocationType>,
+}
+
+#[derive(Clone)]
+pub(crate) struct AnalyticsEventsQueue {
+    sender: mpsc::Sender<TrackEventsJob>,
+    app_used_emitted_keys: Arc<Mutex<HashSet<(String, String)>>>,
+    plugin_used_emitted_keys: Arc<Mutex<HashSet<(String, String)>>>,
+}
+
+#[derive(Clone)]
+pub struct AnalyticsEventsClient {
+    queue: AnalyticsEventsQueue,
+    analytics_enabled: Option<bool>,
+}
+
+impl AnalyticsEventsQueue {
+    pub(crate) fn new(auth_manager: Arc<AuthManager>, base_url: String) -> Self {
+        let (sender, mut receiver) = mpsc::channel(ANALYTICS_EVENTS_QUEUE_SIZE);
+        tokio::spawn(async move {
+            while let Some(job) = receiver.recv().await {
+                match job {
+                    TrackEventsJob::SkillInvocations(job) => {
+                        send_track_skill_invocations(&auth_manager, &base_url, job).await;
+                    }
+                    TrackEventsJob::AppMentioned(job) => {
+                        send_track_app_mentioned(&auth_manager, &base_url, job).await;
+                    }
+                    TrackEventsJob::AppUsed(job) => {
+                        send_track_app_used(&auth_manager, &base_url, job).await;
+                    }
+                    TrackEventsJob::PluginUsed(job) => {
+                        send_track_plugin_used(&auth_manager, &base_url, job).await;
+                    }
+                    TrackEventsJob::PluginInstalled(job) => {
+                        send_track_plugin_installed(&auth_manager, &base_url, job).await;
+                    }
+                    TrackEventsJob::PluginUninstalled(job) => {
+                        send_track_plugin_uninstalled(&auth_manager, &base_url, job).await;
+                    }
+                    TrackEventsJob::PluginEnabled(job) => {
+                        send_track_plugin_enabled(&auth_manager, &base_url, job).await;
+                    }
+                    TrackEventsJob::PluginDisabled(job) => {
+                        send_track_plugin_disabled(&auth_manager, &base_url, job).await;
+                    }
+                }
+            }
+        });
+        Self {
+            sender,
+            app_used_emitted_keys: Arc::new(Mutex::new(HashSet::new())),
+            plugin_used_emitted_keys: Arc::new(Mutex::new(HashSet::new())),
+        }
+    }
+
+    fn try_send(&self, job: TrackEventsJob) {
+        if self.sender.try_send(job).is_err() {
+            //TODO: add a metric for this
+            tracing::warn!("dropping analytics events: queue is full");
+        }
+    }
+
+    fn should_enqueue_app_used(&self, tracking: &TrackEventsContext, app: &AppInvocation) -> bool {
+        let Some(connector_id) = app.connector_id.as_ref() else {
+            return true;
+        };
+        let mut emitted = self
+            .app_used_emitted_keys
+            .lock()
+            .unwrap_or_else(std::sync::PoisonError::into_inner);
+        if emitted.len() >= ANALYTICS_EVENT_DEDUPE_MAX_KEYS {
+            emitted.clear();
+        }
+        emitted.insert((tracking.turn_id.clone(), connector_id.clone()))
+    }
+
+    fn should_enqueue_plugin_used(
+        &self,
+        tracking: &TrackEventsContext,
+        plugin: &PluginTelemetryMetadata,
+    ) -> bool {
+        let mut emitted = self
+            .plugin_used_emitted_keys
+            .lock()
+            .unwrap_or_else(std::sync::PoisonError::into_inner);
+        if emitted.len() >= ANALYTICS_EVENT_DEDUPE_MAX_KEYS {
+            emitted.clear();
+        }
+        emitted.insert((tracking.turn_id.clone(), plugin.plugin_id.as_key()))
+    }
+}
+
+impl AnalyticsEventsClient {
+    pub fn new(
+        auth_manager: Arc<AuthManager>,
+        base_url: String,
+        analytics_enabled: Option<bool>,
+    ) -> Self {
+        Self {
+            queue: AnalyticsEventsQueue::new(Arc::clone(&auth_manager), base_url),
+            analytics_enabled,
+        }
+    }
+
+    pub fn track_skill_invocations(
+        &self,
+        tracking: TrackEventsContext,
+        invocations: Vec<SkillInvocation>,
+    ) {
+        track_skill_invocations(
+            &self.queue,
+            self.analytics_enabled,
+            Some(tracking),
+            invocations,
+        );
+    }
+
+    pub fn track_app_mentioned(&self, tracking: TrackEventsContext, mentions: Vec<AppInvocation>) {
+        track_app_mentioned(
+            &self.queue,
+            self.analytics_enabled,
+            Some(tracking),
+            mentions,
+        );
+    }
+
+    pub fn track_app_used(&self, tracking: TrackEventsContext, app: AppInvocation) {
+        track_app_used(&self.queue, self.analytics_enabled, Some(tracking), app);
+    }
+
+    pub fn track_plugin_used(&self, tracking: TrackEventsContext, plugin: PluginTelemetryMetadata) {
+        track_plugin_used(&self.queue, self.analytics_enabled, Some(tracking), plugin);
+    }
+
+    pub fn track_plugin_installed(&self, plugin: PluginTelemetryMetadata) {
+        track_plugin_management(
+            &self.queue,
+            self.analytics_enabled,
+            PluginManagementEventType::Installed,
+            plugin,
+        );
+    }
+
+    pub fn track_plugin_uninstalled(&self, plugin: PluginTelemetryMetadata) {
+        track_plugin_management(
+            &self.queue,
+            self.analytics_enabled,
+            PluginManagementEventType::Uninstalled,
+            plugin,
+        );
+    }
+
+    pub fn track_plugin_enabled(&self, plugin: PluginTelemetryMetadata) {
+        track_plugin_management(
+            &self.queue,
+            self.analytics_enabled,
+            PluginManagementEventType::Enabled,
+            plugin,
+        );
+    }
+
+    pub fn track_plugin_disabled(&self, plugin: PluginTelemetryMetadata) {
+        track_plugin_management(
+            &self.queue,
+            self.analytics_enabled,
+            PluginManagementEventType::Disabled,
+            plugin,
+        );
+    }
+}
+
+enum TrackEventsJob {
+    SkillInvocations(TrackSkillInvocationsJob),
+    AppMentioned(TrackAppMentionedJob),
+    AppUsed(TrackAppUsedJob),
+    PluginUsed(TrackPluginUsedJob),
+    PluginInstalled(TrackPluginManagementJob),
+    PluginUninstalled(TrackPluginManagementJob),
+    PluginEnabled(TrackPluginManagementJob),
+    PluginDisabled(TrackPluginManagementJob),
+}
+
+struct TrackSkillInvocationsJob {
+    analytics_enabled: Option<bool>,
+    tracking: TrackEventsContext,
+    invocations: Vec<SkillInvocation>,
+}
+
+struct TrackAppMentionedJob {
+    analytics_enabled: Option<bool>,
+    tracking: TrackEventsContext,
+    mentions: Vec<AppInvocation>,
+}
+
+struct TrackAppUsedJob {
+    analytics_enabled: Option<bool>,
+    tracking: TrackEventsContext,
+    app: AppInvocation,
+}
+
+struct TrackPluginUsedJob {
+    analytics_enabled: Option<bool>,
+    tracking: TrackEventsContext,
+    plugin: PluginTelemetryMetadata,
+}
+
+struct TrackPluginManagementJob {
+    analytics_enabled: Option<bool>,
+    plugin: PluginTelemetryMetadata,
+}
+
+#[derive(Clone, Copy)]
+enum PluginManagementEventType {
+    Installed,
+    Uninstalled,
+    Enabled,
+    Disabled,
+}
+
+const ANALYTICS_EVENTS_QUEUE_SIZE: usize = 256;
+const ANALYTICS_EVENTS_TIMEOUT: Duration = Duration::from_secs(10);
+const ANALYTICS_EVENT_DEDUPE_MAX_KEYS: usize = 4096;
+
+#[derive(Serialize)]
+struct TrackEventsRequest {
+    events: Vec<TrackEventRequest>,
+}
+
+#[derive(Serialize)]
+#[serde(untagged)]
+enum TrackEventRequest {
+    SkillInvocation(SkillInvocationEventRequest),
+    AppMentioned(CodexAppMentionedEventRequest),
+    AppUsed(CodexAppUsedEventRequest),
+    PluginUsed(CodexPluginUsedEventRequest),
+    PluginInstalled(CodexPluginEventRequest),
+    PluginUninstalled(CodexPluginEventRequest),
+    PluginEnabled(CodexPluginEventRequest),
+    PluginDisabled(CodexPluginEventRequest),
+}
+
+#[derive(Serialize)]
+struct SkillInvocationEventRequest {
+    event_type: &'static str,
+    skill_id: String,
+    skill_name: String,
+    event_params: SkillInvocationEventParams,
+}
+
+#[derive(Serialize)]
+struct SkillInvocationEventParams {
+    product_client_id: Option<String>,
+    skill_scope: Option<String>,
+    repo_url: Option<String>,
+    thread_id: Option<String>,
+    invoke_type: Option<InvocationType>,
+    model_slug: Option<String>,
+}
+
+#[derive(Serialize)]
+struct CodexAppMetadata {
+    connector_id: Option<String>,
+    thread_id: Option<String>,
+    turn_id: Option<String>,
+    app_name: Option<String>,
+    product_client_id: Option<String>,
+    invoke_type: Option<InvocationType>,
+    model_slug: Option<String>,
+}
+
+#[derive(Serialize)]
+struct CodexAppMentionedEventRequest {
+    event_type: &'static str,
+    event_params: CodexAppMetadata,
+}
+
+#[derive(Serialize)]
+struct CodexAppUsedEventRequest {
+    event_type: &'static str,
+    event_params: CodexAppMetadata,
+}
+
+#[derive(Serialize)]
+struct CodexPluginMetadata {
+    plugin_id: Option<String>,
+    plugin_name: Option<String>,
+    marketplace_name: Option<String>,
+    has_skills: Option<bool>,
+    mcp_server_count: Option<usize>,
+    connector_ids: Option<Vec<String>>,
+    product_client_id: Option<String>,
+}
+
+#[derive(Serialize)]
+struct CodexPluginUsedMetadata {
+    #[serde(flatten)]
+    plugin: CodexPluginMetadata,
+    thread_id: Option<String>,
+    turn_id: Option<String>,
+    model_slug: Option<String>,
+}
+
+#[derive(Serialize)]
+struct CodexPluginEventRequest {
+    event_type: &'static str,
+    event_params: CodexPluginMetadata,
+}
+
+#[derive(Serialize)]
+struct CodexPluginUsedEventRequest {
+    event_type: &'static str,
+    event_params: CodexPluginUsedMetadata,
+}
+
+pub(crate) fn track_skill_invocations(
+    queue: &AnalyticsEventsQueue,
+    analytics_enabled: Option<bool>,
+    tracking: Option<TrackEventsContext>,
+    invocations: Vec<SkillInvocation>,
+) {
+    if analytics_enabled == Some(false) {
+        return;
+    }
+    let Some(tracking) = tracking else {
+        return;
+    };
+    if invocations.is_empty() {
+        return;
+    }
+    let job = TrackEventsJob::SkillInvocations(TrackSkillInvocationsJob {
+        analytics_enabled,
+        tracking,
+        invocations,
+    });
+    queue.try_send(job);
+}
+
+pub(crate) fn track_app_mentioned(
+    queue: &AnalyticsEventsQueue,
+    analytics_enabled: Option<bool>,
+    tracking: Option<TrackEventsContext>,
+    mentions: Vec<AppInvocation>,
+) {
+    if analytics_enabled == Some(false) {
+        return;
+    }
+    let Some(tracking) = tracking else {
+        return;
+    };
+    if mentions.is_empty() {
+        return;
+    }
+    let job = TrackEventsJob::AppMentioned(TrackAppMentionedJob {
+        analytics_enabled,
+        tracking,
+        mentions,
+    });
+    queue.try_send(job);
+}
+
+pub(crate) fn track_app_used(
+    queue: &AnalyticsEventsQueue,
+    analytics_enabled: Option<bool>,
+    tracking: Option<TrackEventsContext>,
+    app: AppInvocation,
+) {
+    if analytics_enabled == Some(false) {
+        return;
+    }
+    let Some(tracking) = tracking else {
+        return;
+    };
+    if !queue.should_enqueue_app_used(&tracking, &app) {
+        return;
+    }
+    let job = TrackEventsJob::AppUsed(TrackAppUsedJob {
+        analytics_enabled,
+        tracking,
+        app,
+    });
+    queue.try_send(job);
+}
+
+pub(crate) fn track_plugin_used(
+    queue: &AnalyticsEventsQueue,
+    analytics_enabled: Option<bool>,
+    tracking: Option<TrackEventsContext>,
+    plugin: PluginTelemetryMetadata,
+) {
+    if analytics_enabled == Some(false) {
+        return;
+    }
+    let Some(tracking) = tracking else {
+        return;
+    };
+    if !queue.should_enqueue_plugin_used(&tracking, &plugin) {
+        return;
+    }
+    let job = TrackEventsJob::PluginUsed(TrackPluginUsedJob {
+        analytics_enabled,
+        tracking,
+        plugin,
+    });
+    queue.try_send(job);
+}
+
+fn track_plugin_management(
+    queue: &AnalyticsEventsQueue,
+    analytics_enabled: Option<bool>,
+    event_type: PluginManagementEventType,
+    plugin: PluginTelemetryMetadata,
+) {
+    if analytics_enabled == Some(false) {
+        return;
+    }
+    let job = TrackPluginManagementJob {
+        analytics_enabled,
+        plugin,
+    };
+    let job = match event_type {
+        PluginManagementEventType::Installed => TrackEventsJob::PluginInstalled(job),
+        PluginManagementEventType::Uninstalled => TrackEventsJob::PluginUninstalled(job),
+        PluginManagementEventType::Enabled => TrackEventsJob::PluginEnabled(job),
+        PluginManagementEventType::Disabled => TrackEventsJob::PluginDisabled(job),
+    };
+    queue.try_send(job);
+}
+
+async fn send_track_skill_invocations(
+    auth_manager: &AuthManager,
+    base_url: &str,
+    job: TrackSkillInvocationsJob,
+) {
+    let TrackSkillInvocationsJob {
+        analytics_enabled,
+        tracking,
+        invocations,
+    } = job;
+    let mut events = Vec::with_capacity(invocations.len());
+    for invocation in invocations {
+        let skill_scope = match invocation.skill_scope {
+            SkillScope::User => "user",
+            SkillScope::Repo => "repo",
+            SkillScope::System => "system",
+            SkillScope::Admin => "admin",
+        };
+        let repo_root = get_git_repo_root(invocation.skill_path.as_path());
+        let repo_url = if let Some(root) = repo_root.as_ref() {
+            collect_git_info(root)
+                .await
+                .and_then(|info| info.repository_url)
+        } else {
+            None
+        };
+        let skill_id = skill_id_for_local_skill(
+            repo_url.as_deref(),
+            repo_root.as_deref(),
+            invocation.skill_path.as_path(),
+            invocation.skill_name.as_str(),
+        );
+        events.push(TrackEventRequest::SkillInvocation(
+            SkillInvocationEventRequest {
+                event_type: "skill_invocation",
+                skill_id,
+                skill_name: invocation.skill_name.clone(),
+                event_params: SkillInvocationEventParams {
+                    thread_id: Some(tracking.thread_id.clone()),
+                    invoke_type: Some(invocation.invocation_type),
+                    model_slug: Some(tracking.model_slug.clone()),
+                    product_client_id: Some(originator().value),
+                    repo_url,
+                    skill_scope: Some(skill_scope.to_string()),
+                },
+            },
+        ));
+    }
+
+    send_track_events(auth_manager, analytics_enabled, base_url, events).await;
+}
+
+async fn send_track_app_mentioned(
+    auth_manager: &AuthManager,
+    base_url: &str,
+    job: TrackAppMentionedJob,
+) {
+    let TrackAppMentionedJob {
+        analytics_enabled,
+        tracking,
+        mentions,
+    } = job;
+    let events = mentions
+        .into_iter()
+        .map(|mention| {
+            let event_params = codex_app_metadata(&tracking, mention);
+            TrackEventRequest::AppMentioned(CodexAppMentionedEventRequest {
+                event_type: "codex_app_mentioned",
+                event_params,
+            })
+        })
+        .collect::<Vec<_>>();
+
+    send_track_events(auth_manager, analytics_enabled, base_url, events).await;
+}
+
+async fn send_track_app_used(auth_manager: &AuthManager, base_url: &str, job: TrackAppUsedJob) {
+    let TrackAppUsedJob {
+        analytics_enabled,
+        tracking,
+        app,
+    } = job;
+    let event_params = codex_app_metadata(&tracking, app);
+    let events = vec![TrackEventRequest::AppUsed(CodexAppUsedEventRequest {
+        event_type: "codex_app_used",
+        event_params,
+    })];
+
+    send_track_events(auth_manager, analytics_enabled, base_url, events).await;
+}
+
+async fn send_track_plugin_used(
+    auth_manager: &AuthManager,
+    base_url: &str,
+    job: TrackPluginUsedJob,
+) {
+    let TrackPluginUsedJob {
+        analytics_enabled,
+        tracking,
+        plugin,
+    } = job;
+    let events = vec![TrackEventRequest::PluginUsed(CodexPluginUsedEventRequest {
+        event_type: "codex_plugin_used",
+        event_params: codex_plugin_used_metadata(&tracking, plugin),
+    })];
+
+    send_track_events(auth_manager, analytics_enabled, base_url, events).await;
+}
+
+async fn send_track_plugin_installed(
+    auth_manager: &AuthManager,
+    base_url: &str,
+    job: TrackPluginManagementJob,
+) {
+    send_track_plugin_management_event(auth_manager, base_url, job, "codex_plugin_installed").await;
+}
+
+async fn send_track_plugin_uninstalled(
+    auth_manager: &AuthManager,
+    base_url: &str,
+    job: TrackPluginManagementJob,
+) {
+    send_track_plugin_management_event(auth_manager, base_url, job, "codex_plugin_uninstalled")
+        .await;
+}
+
+async fn send_track_plugin_enabled(
+    auth_manager: &AuthManager,
+    base_url: &str,
+    job: TrackPluginManagementJob,
+) {
+    send_track_plugin_management_event(auth_manager, base_url, job, "codex_plugin_enabled").await;
+}
+
+async fn send_track_plugin_disabled(
+    auth_manager: &AuthManager,
+    base_url: &str,
+    job: TrackPluginManagementJob,
+) {
+    send_track_plugin_management_event(auth_manager, base_url, job, "codex_plugin_disabled").await;
+}
+
+async fn send_track_plugin_management_event(
+    auth_manager: &AuthManager,
+    base_url: &str,
+    job: TrackPluginManagementJob,
+    event_type: &'static str,
+) {
+    let TrackPluginManagementJob {
+        analytics_enabled,
+        plugin,
+    } = job;
+    let event_params = codex_plugin_metadata(plugin);
+    let event = CodexPluginEventRequest {
+        event_type,
+        event_params,
+    };
+    let events = vec![match event_type {
+        "codex_plugin_installed" => TrackEventRequest::PluginInstalled(event),
+        "codex_plugin_uninstalled" => TrackEventRequest::PluginUninstalled(event),
+        "codex_plugin_enabled" => TrackEventRequest::PluginEnabled(event),
+        "codex_plugin_disabled" => TrackEventRequest::PluginDisabled(event),
+        _ => unreachable!("unknown plugin management event type"),
+    }];
+
+    send_track_events(auth_manager, analytics_enabled, base_url, events).await;
+}
+
+fn codex_app_metadata(tracking: &TrackEventsContext, app: AppInvocation) -> CodexAppMetadata {
+    CodexAppMetadata {
+        connector_id: app.connector_id,
+        thread_id: Some(tracking.thread_id.clone()),
+        turn_id: Some(tracking.turn_id.clone()),
+        app_name: app.app_name,
+        product_client_id: Some(originator().value),
+        invoke_type: app.invocation_type,
+        model_slug: Some(tracking.model_slug.clone()),
+    }
+}
+
+fn codex_plugin_metadata(plugin: PluginTelemetryMetadata) -> CodexPluginMetadata {
+    let capability_summary = plugin.capability_summary;
+    CodexPluginMetadata {
+        plugin_id: Some(plugin.plugin_id.as_key()),
+        plugin_name: Some(plugin.plugin_id.plugin_name),
+        marketplace_name: Some(plugin.plugin_id.marketplace_name),
+        has_skills: capability_summary
+            .as_ref()
+            .map(|summary| summary.has_skills),
+        mcp_server_count: capability_summary
+            .as_ref()
+            .map(|summary| summary.mcp_server_names.len()),
+        connector_ids: capability_summary.map(|summary| {
+            summary
+                .app_connector_ids
+                .into_iter()
+                .map(|connector_id| connector_id.0)
+                .collect()
+        }),
+        product_client_id: Some(originator().value),
+    }
+}
+
+fn codex_plugin_used_metadata(
+    tracking: &TrackEventsContext,
+    plugin: PluginTelemetryMetadata,
+) -> CodexPluginUsedMetadata {
+    CodexPluginUsedMetadata {
+        plugin: codex_plugin_metadata(plugin),
+        thread_id: Some(tracking.thread_id.clone()),
+        turn_id: Some(tracking.turn_id.clone()),
+        model_slug: Some(tracking.model_slug.clone()),
+    }
+}
+
+async fn send_track_events(
+    auth_manager: &AuthManager,
+    analytics_enabled: Option<bool>,
+    base_url: &str,
+    events: Vec<TrackEventRequest>,
+) {
+    if analytics_enabled == Some(false) {
+        return;
+    }
+    if events.is_empty() {
+        return;
+    }
+    let Some(auth) = auth_manager.auth().await else {
+        return;
+    };
+    if !auth.is_chatgpt_auth() {
+        return;
+    }
+    let access_token = match auth.get_token() {
+        Ok(token) => token,
+        Err(_) => return,
+    };
+    let Some(account_id) = auth.get_account_id() else {
+        return;
+    };
+
+    let base_url = base_url.trim_end_matches('/');
+    let url = format!("{base_url}/codex/analytics-events/events");
+    let payload = TrackEventsRequest { events };
+
+    let response = create_client()
+        .post(&url)
+        .timeout(ANALYTICS_EVENTS_TIMEOUT)
+        .bearer_auth(&access_token)
+        .header("chatgpt-account-id", &account_id)
+        .header("Content-Type", "application/json")
+        .json(&payload)
+        .send()
+        .await;
+
+    match response {
+        Ok(response) if response.status().is_success() => {}
+        Ok(response) => {
+            let status = response.status();
+            let body = response.text().await.unwrap_or_default();
+            tracing::warn!("events failed with status {status}: {body}");
+        }
+        Err(err) => {
+            tracing::warn!("failed to send events request: {err}");
+        }
+    }
+}
+
+pub(crate) fn skill_id_for_local_skill(
+    repo_url: Option<&str>,
+    repo_root: Option<&Path>,
+    skill_path: &Path,
+    skill_name: &str,
+) -> String {
+    let path = normalize_path_for_skill_id(repo_url, repo_root, skill_path);
+    let prefix = if let Some(url) = repo_url {
+        format!("repo_{url}")
+    } else {
+        "personal".to_string()
+    };
+    let raw_id = format!("{prefix}_{path}_{skill_name}");
+    let mut hasher = Sha1::new();
+    hasher.update(raw_id.as_bytes());
+    format!("{:x}", hasher.finalize())
+}
+
+/// Returns a normalized path for skill ID construction.
+///
+/// - Repo-scoped skills use a path relative to the repo root.
+/// - User/admin/system skills use an absolute path.
+fn normalize_path_for_skill_id(
+    repo_url: Option<&str>,
+    repo_root: Option<&Path>,
+    skill_path: &Path,
+) -> String {
+    let resolved_path =
+        std::fs::canonicalize(skill_path).unwrap_or_else(|_| skill_path.to_path_buf());
+    match (repo_url, repo_root) {
+        (Some(_), Some(root)) => {
+            let resolved_root = std::fs::canonicalize(root).unwrap_or_else(|_| root.to_path_buf());
+            resolved_path
+                .strip_prefix(&resolved_root)
+                .unwrap_or(resolved_path.as_path())
+                .to_string_lossy()
+                .replace('\\', "/")
+        }
+        _ => resolved_path.to_string_lossy().replace('\\', "/"),
+    }
+}
+
+#[cfg(test)]
+#[path = "analytics_client_tests.rs"]
+mod tests;

codex-rs/analytics/src/analytics_client_tests.rs

@@ -1,55 +1,21 @@
-use crate::client::AnalyticsEventsQueue;
-use crate::events::AppServerRpcTransport;
-use crate::events::CodexAppMentionedEventRequest;
-use crate::events::CodexAppServerClientMetadata;
-use crate::events::CodexAppUsedEventRequest;
-use crate::events::CodexPluginEventRequest;
-use crate::events::CodexPluginUsedEventRequest;
-use crate::events::CodexRuntimeMetadata;
-use crate::events::ThreadInitializationMode;
-use crate::events::ThreadInitializedEvent;
-use crate::events::ThreadInitializedEventParams;
-use crate::events::TrackEventRequest;
-use crate::events::codex_app_metadata;
-use crate::events::codex_plugin_metadata;
-use crate::events::codex_plugin_used_metadata;
-use crate::events::subagent_thread_started_event_request;
-use crate::facts::AnalyticsFact;
-use crate::facts::AppInvocation;
-use crate::facts::AppMentionedInput;
-use crate::facts::AppUsedInput;
-use crate::facts::CustomAnalyticsFact;
-use crate::facts::InvocationType;
-use crate::facts::PluginState;
-use crate::facts::PluginStateChangedInput;
-use crate::facts::PluginUsedInput;
-use crate::facts::SkillInvocation;
-use crate::facts::SkillInvokedInput;
-use crate::facts::SubAgentThreadStartedInput;
-use crate::facts::TrackEventsContext;
-use crate::reducer::AnalyticsReducer;
-use crate::reducer::normalize_path_for_skill_id;
-use crate::reducer::skill_id_for_local_skill;
-use codex_app_server_protocol::ApprovalsReviewer as AppServerApprovalsReviewer;
-use codex_app_server_protocol::AskForApproval as AppServerAskForApproval;
-use codex_app_server_protocol::ClientInfo;
-use codex_app_server_protocol::ClientResponse;
-use codex_app_server_protocol::InitializeCapabilities;
-use codex_app_server_protocol::InitializeParams;
-use codex_app_server_protocol::RequestId;
-use codex_app_server_protocol::SandboxPolicy as AppServerSandboxPolicy;
-use codex_app_server_protocol::SessionSource as AppServerSessionSource;
-use codex_app_server_protocol::Thread;
-use codex_app_server_protocol::ThreadResumeResponse;
-use codex_app_server_protocol::ThreadStartResponse;
-use codex_app_server_protocol::ThreadStatus as AppServerThreadStatus;
-use codex_login::default_client::DEFAULT_ORIGINATOR;
+use super::AnalyticsEventsQueue;
+use super::AppInvocation;
+use super::CodexAppMentionedEventRequest;
+use super::CodexAppUsedEventRequest;
+use super::CodexPluginEventRequest;
+use super::CodexPluginUsedEventRequest;
+use super::InvocationType;
+use super::TrackEventRequest;
+use super::TrackEventsContext;
+use super::codex_app_metadata;
+use super::codex_plugin_metadata;
+use super::codex_plugin_used_metadata;
+use super::normalize_path_for_skill_id;
 use codex_login::default_client::originator;
 use codex_plugin::AppConnectorId;
 use codex_plugin::PluginCapabilitySummary;
 use codex_plugin::PluginId;
 use codex_plugin::PluginTelemetryMetadata;
-use codex_protocol::protocol::SubAgentSource;
 use pretty_assertions::assert_eq;
 use serde_json::json;
 use std::collections::HashSet;
@@ -58,62 +24,6 @@ use std::sync::Arc;
 use std::sync::Mutex;
 use tokio::sync::mpsc;
 
-fn sample_thread(thread_id: &str, ephemeral: bool) -> Thread {
-    Thread {
-        id: thread_id.to_string(),
-        forked_from_id: None,
-        preview: "first prompt".to_string(),
-        ephemeral,
-        model_provider: "openai".to_string(),
-        created_at: 1,
-        updated_at: 2,
-        status: AppServerThreadStatus::Idle,
-        path: None,
-        cwd: PathBuf::from("/tmp"),
-        cli_version: "0.0.0".to_string(),
-        source: AppServerSessionSource::Exec,
-        agent_nickname: None,
-        agent_role: None,
-        git_info: None,
-        name: None,
-        turns: Vec::new(),
-    }
-}
-
-fn sample_thread_start_response(thread_id: &str, ephemeral: bool, model: &str) -> ClientResponse {
-    ClientResponse::ThreadStart {
-        request_id: RequestId::Integer(1),
-        response: ThreadStartResponse {
-            thread: sample_thread(thread_id, ephemeral),
-            model: model.to_string(),
-            model_provider: "openai".to_string(),
-            service_tier: None,
-            cwd: PathBuf::from("/tmp"),
-            approval_policy: AppServerAskForApproval::OnFailure,
-            approvals_reviewer: AppServerApprovalsReviewer::User,
-            sandbox: AppServerSandboxPolicy::DangerFullAccess,
-            reasoning_effort: None,
-        },
-    }
-}
-
-fn sample_thread_resume_response(thread_id: &str, ephemeral: bool, model: &str) -> ClientResponse {
-    ClientResponse::ThreadResume {
-        request_id: RequestId::Integer(2),
-        response: ThreadResumeResponse {
-            thread: sample_thread(thread_id, ephemeral),
-            model: model.to_string(),
-            model_provider: "openai".to_string(),
-            service_tier: None,
-            cwd: PathBuf::from("/tmp"),
-            approval_policy: AppServerAskForApproval::OnFailure,
-            approvals_reviewer: AppServerApprovalsReviewer::User,
-            sandbox: AppServerSandboxPolicy::DangerFullAccess,
-            reasoning_effort: None,
-        },
-    }
-}
-
 fn expected_absolute_path(path: &PathBuf) -> String {
     std::fs::canonicalize(path)
         .unwrap_or_else(|_| path.to_path_buf())
@@ -284,320 +194,6 @@ fn app_used_dedupe_is_keyed_by_turn_and_connector() {
     assert_eq!(queue.should_enqueue_app_used(&turn_2, &app), true);
 }
 
-#[test]
-fn thread_initialized_event_serializes_expected_shape() {
-    let event = TrackEventRequest::ThreadInitialized(ThreadInitializedEvent {
-        event_type: "codex_thread_initialized",
-        event_params: ThreadInitializedEventParams {
-            thread_id: "thread-0".to_string(),
-            app_server_client: CodexAppServerClientMetadata {
-                product_client_id: DEFAULT_ORIGINATOR.to_string(),
-                client_name: Some("codex-tui".to_string()),
-                client_version: Some("1.0.0".to_string()),
-                rpc_transport: AppServerRpcTransport::Stdio,
-                experimental_api_enabled: Some(true),
-            },
-            runtime: CodexRuntimeMetadata {
-                codex_rs_version: "0.1.0".to_string(),
-                runtime_os: "macos".to_string(),
-                runtime_os_version: "15.3.1".to_string(),
-                runtime_arch: "aarch64".to_string(),
-            },
-            model: "gpt-5".to_string(),
-            ephemeral: true,
-            thread_source: Some("user"),
-            initialization_mode: ThreadInitializationMode::New,
-            subagent_source: None,
-            parent_thread_id: None,
-            created_at: 1,
-        },
-    });
-
-    let payload = serde_json::to_value(&event).expect("serialize thread initialized event");
-
-    assert_eq!(
-        payload,
-        json!({
-            "event_type": "codex_thread_initialized",
-            "event_params": {
-                "thread_id": "thread-0",
-                "app_server_client": {
-                    "product_client_id": DEFAULT_ORIGINATOR,
-                    "client_name": "codex-tui",
-                    "client_version": "1.0.0",
-                    "rpc_transport": "stdio",
-                    "experimental_api_enabled": true
-                },
-                "runtime": {
-                    "codex_rs_version": "0.1.0",
-                    "runtime_os": "macos",
-                    "runtime_os_version": "15.3.1",
-                    "runtime_arch": "aarch64"
-                },
-                "model": "gpt-5",
-                "ephemeral": true,
-                "thread_source": "user",
-                "initialization_mode": "new",
-                "subagent_source": null,
-                "parent_thread_id": null,
-                "created_at": 1
-            }
-        })
-    );
-}
-
-#[tokio::test]
-async fn initialize_caches_client_and_thread_lifecycle_publishes_once_initialized() {
-    let mut reducer = AnalyticsReducer::default();
-    let mut events = Vec::new();
-
-    reducer
-        .ingest(
-            AnalyticsFact::Response {
-                connection_id: 7,
-                response: Box::new(sample_thread_start_response(
-                    "thread-no-client",
-                    /*ephemeral*/ false,
-                    "gpt-5",
-                )),
-            },
-            &mut events,
-        )
-        .await;
-    assert!(events.is_empty(), "thread events should require initialize");
-
-    reducer
-        .ingest(
-            AnalyticsFact::Initialize {
-                connection_id: 7,
-                params: InitializeParams {
-                    client_info: ClientInfo {
-                        name: "codex-tui".to_string(),
-                        title: None,
-                        version: "1.0.0".to_string(),
-                    },
-                    capabilities: Some(InitializeCapabilities {
-                        experimental_api: false,
-                        opt_out_notification_methods: None,
-                    }),
-                },
-                product_client_id: DEFAULT_ORIGINATOR.to_string(),
-                runtime: CodexRuntimeMetadata {
-                    codex_rs_version: "0.99.0".to_string(),
-                    runtime_os: "linux".to_string(),
-                    runtime_os_version: "24.04".to_string(),
-                    runtime_arch: "x86_64".to_string(),
-                },
-                rpc_transport: AppServerRpcTransport::Websocket,
-            },
-            &mut events,
-        )
-        .await;
-    assert!(events.is_empty(), "initialize should not publish by itself");
-
-    reducer
-        .ingest(
-            AnalyticsFact::Response {
-                connection_id: 7,
-                response: Box::new(sample_thread_resume_response(
-                    "thread-1", /*ephemeral*/ true, "gpt-5",
-                )),
-            },
-            &mut events,
-        )
-        .await;
-
-    let payload = serde_json::to_value(&events).expect("serialize events");
-    assert_eq!(payload.as_array().expect("events array").len(), 1);
-    assert_eq!(payload[0]["event_type"], "codex_thread_initialized");
-    assert_eq!(
-        payload[0]["event_params"]["app_server_client"]["product_client_id"],
-        DEFAULT_ORIGINATOR
-    );
-    assert_eq!(
-        payload[0]["event_params"]["app_server_client"]["client_name"],
-        "codex-tui"
-    );
-    assert_eq!(
-        payload[0]["event_params"]["app_server_client"]["client_version"],
-        "1.0.0"
-    );
-    assert_eq!(
-        payload[0]["event_params"]["app_server_client"]["rpc_transport"],
-        "websocket"
-    );
-    assert_eq!(
-        payload[0]["event_params"]["app_server_client"]["experimental_api_enabled"],
-        false
-    );
-    assert_eq!(
-        payload[0]["event_params"]["runtime"]["codex_rs_version"],
-        "0.99.0"
-    );
-    assert_eq!(payload[0]["event_params"]["runtime"]["runtime_os"], "linux");
-    assert_eq!(
-        payload[0]["event_params"]["runtime"]["runtime_os_version"],
-        "24.04"
-    );
-    assert_eq!(
-        payload[0]["event_params"]["runtime"]["runtime_arch"],
-        "x86_64"
-    );
-    assert_eq!(payload[0]["event_params"]["initialization_mode"], "resumed");
-    assert_eq!(payload[0]["event_params"]["thread_source"], "user");
-    assert_eq!(payload[0]["event_params"]["subagent_source"], json!(null));
-    assert_eq!(payload[0]["event_params"]["parent_thread_id"], json!(null));
-}
-
-#[test]
-fn subagent_thread_started_review_serializes_expected_shape() {
-    let event = TrackEventRequest::ThreadInitialized(subagent_thread_started_event_request(
-        SubAgentThreadStartedInput {
-            thread_id: "thread-review".to_string(),
-            product_client_id: "codex-tui".to_string(),
-            client_name: "codex-tui".to_string(),
-            client_version: "1.0.0".to_string(),
-            model: "gpt-5".to_string(),
-            ephemeral: false,
-            subagent_source: SubAgentSource::Review,
-            created_at: 123,
-        },
-    ));
-
-    let payload = serde_json::to_value(&event).expect("serialize review subagent event");
-    assert_eq!(payload["event_params"]["thread_source"], "subagent");
-    assert_eq!(
-        payload["event_params"]["app_server_client"]["product_client_id"],
-        "codex-tui"
-    );
-    assert_eq!(
-        payload["event_params"]["app_server_client"]["client_name"],
-        "codex-tui"
-    );
-    assert_eq!(
-        payload["event_params"]["app_server_client"]["client_version"],
-        "1.0.0"
-    );
-    assert_eq!(
-        payload["event_params"]["app_server_client"]["rpc_transport"],
-        "in_process"
-    );
-    assert_eq!(payload["event_params"]["created_at"], 123);
-    assert_eq!(payload["event_params"]["initialization_mode"], "new");
-    assert_eq!(payload["event_params"]["subagent_source"], "review");
-    assert_eq!(payload["event_params"]["parent_thread_id"], json!(null));
-}
-
-#[test]
-fn subagent_thread_started_thread_spawn_serializes_parent_thread_id() {
-    let parent_thread_id =
-        codex_protocol::ThreadId::from_string("11111111-1111-1111-1111-111111111111")
-            .expect("valid thread id");
-    let event = TrackEventRequest::ThreadInitialized(subagent_thread_started_event_request(
-        SubAgentThreadStartedInput {
-            thread_id: "thread-spawn".to_string(),
-            product_client_id: "codex-tui".to_string(),
-            client_name: "codex-tui".to_string(),
-            client_version: "1.0.0".to_string(),
-            model: "gpt-5".to_string(),
-            ephemeral: true,
-            subagent_source: SubAgentSource::ThreadSpawn {
-                parent_thread_id,
-                depth: 1,
-                agent_path: None,
-                agent_nickname: None,
-                agent_role: None,
-            },
-            created_at: 124,
-        },
-    ));
-
-    let payload = serde_json::to_value(&event).expect("serialize thread spawn subagent event");
-    assert_eq!(payload["event_params"]["thread_source"], "subagent");
-    assert_eq!(payload["event_params"]["subagent_source"], "thread_spawn");
-    assert_eq!(
-        payload["event_params"]["parent_thread_id"],
-        "11111111-1111-1111-1111-111111111111"
-    );
-}
-
-#[test]
-fn subagent_thread_started_memory_consolidation_serializes_expected_shape() {
-    let event = TrackEventRequest::ThreadInitialized(subagent_thread_started_event_request(
-        SubAgentThreadStartedInput {
-            thread_id: "thread-memory".to_string(),
-            product_client_id: "codex-tui".to_string(),
-            client_name: "codex-tui".to_string(),
-            client_version: "1.0.0".to_string(),
-            model: "gpt-5".to_string(),
-            ephemeral: false,
-            subagent_source: SubAgentSource::MemoryConsolidation,
-            created_at: 125,
-        },
-    ));
-
-    let payload =
-        serde_json::to_value(&event).expect("serialize memory consolidation subagent event");
-    assert_eq!(
-        payload["event_params"]["subagent_source"],
-        "memory_consolidation"
-    );
-    assert_eq!(payload["event_params"]["parent_thread_id"], json!(null));
-}
-
-#[test]
-fn subagent_thread_started_other_serializes_expected_shape() {
-    let event = TrackEventRequest::ThreadInitialized(subagent_thread_started_event_request(
-        SubAgentThreadStartedInput {
-            thread_id: "thread-guardian".to_string(),
-            product_client_id: "codex-tui".to_string(),
-            client_name: "codex-tui".to_string(),
-            client_version: "1.0.0".to_string(),
-            model: "gpt-5".to_string(),
-            ephemeral: false,
-            subagent_source: SubAgentSource::Other("guardian".to_string()),
-            created_at: 126,
-        },
-    ));
-
-    let payload = serde_json::to_value(&event).expect("serialize other subagent event");
-    assert_eq!(payload["event_params"]["subagent_source"], "guardian");
-}
-
-#[tokio::test]
-async fn subagent_thread_started_publishes_without_initialize() {
-    let mut reducer = AnalyticsReducer::default();
-    let mut events = Vec::new();
-
-    reducer
-        .ingest(
-            AnalyticsFact::Custom(CustomAnalyticsFact::SubAgentThreadStarted(
-                SubAgentThreadStartedInput {
-                    thread_id: "thread-review".to_string(),
-                    product_client_id: "codex-tui".to_string(),
-                    client_name: "codex-tui".to_string(),
-                    client_version: "1.0.0".to_string(),
-                    model: "gpt-5".to_string(),
-                    ephemeral: false,
-                    subagent_source: SubAgentSource::Review,
-                    created_at: 127,
-                },
-            )),
-            &mut events,
-        )
-        .await;
-
-    let payload = serde_json::to_value(&events).expect("serialize events");
-    assert_eq!(payload.as_array().expect("events array").len(), 1);
-    assert_eq!(payload[0]["event_type"], "codex_thread_initialized");
-    assert_eq!(
-        payload[0]["event_params"]["app_server_client"]["product_client_id"],
-        "codex-tui"
-    );
-    assert_eq!(payload[0]["event_params"]["thread_source"], "subagent");
-    assert_eq!(payload[0]["event_params"]["subagent_source"], "review");
-}
-
 #[test]
 fn plugin_used_event_serializes_expected_shape() {
     let tracking = TrackEventsContext {
@@ -684,145 +280,6 @@ fn plugin_used_dedupe_is_keyed_by_turn_and_plugin() {
     assert_eq!(queue.should_enqueue_plugin_used(&turn_2, &plugin), true);
 }
 
-#[tokio::test]
-async fn reducer_ingests_skill_invoked_fact() {
-    let mut reducer = AnalyticsReducer::default();
-    let mut events = Vec::new();
-    let tracking = TrackEventsContext {
-        model_slug: "gpt-5".to_string(),
-        thread_id: "thread-1".to_string(),
-        turn_id: "turn-1".to_string(),
-    };
-    let skill_path = PathBuf::from("/Users/abc/.codex/skills/doc/SKILL.md");
-    let expected_skill_id = skill_id_for_local_skill(
-        /*repo_url*/ None,
-        /*repo_root*/ None,
-        skill_path.as_path(),
-        "doc",
-    );
-
-    reducer
-        .ingest(
-            AnalyticsFact::Custom(CustomAnalyticsFact::SkillInvoked(SkillInvokedInput {
-                tracking,
-                invocations: vec![SkillInvocation {
-                    skill_name: "doc".to_string(),
-                    skill_scope: codex_protocol::protocol::SkillScope::User,
-                    skill_path,
-                    invocation_type: InvocationType::Explicit,
-                }],
-            })),
-            &mut events,
-        )
-        .await;
-
-    let payload = serde_json::to_value(&events).expect("serialize events");
-    assert_eq!(
-        payload,
-        json!([{
-            "event_type": "skill_invocation",
-            "skill_id": expected_skill_id,
-            "skill_name": "doc",
-            "event_params": {
-                "product_client_id": originator().value,
-                "skill_scope": "user",
-                "repo_url": null,
-                "thread_id": "thread-1",
-                "invoke_type": "explicit",
-                "model_slug": "gpt-5"
-            }
-        }])
-    );
-}
-
-#[tokio::test]
-async fn reducer_ingests_app_and_plugin_facts() {
-    let mut reducer = AnalyticsReducer::default();
-    let mut events = Vec::new();
-    let tracking = TrackEventsContext {
-        model_slug: "gpt-5".to_string(),
-        thread_id: "thread-1".to_string(),
-        turn_id: "turn-1".to_string(),
-    };
-
-    reducer
-        .ingest(
-            AnalyticsFact::Custom(CustomAnalyticsFact::AppMentioned(AppMentionedInput {
-                tracking: tracking.clone(),
-                mentions: vec![AppInvocation {
-                    connector_id: Some("calendar".to_string()),
-                    app_name: Some("Calendar".to_string()),
-                    invocation_type: Some(InvocationType::Explicit),
-                }],
-            })),
-            &mut events,
-        )
-        .await;
-    reducer
-        .ingest(
-            AnalyticsFact::Custom(CustomAnalyticsFact::AppUsed(AppUsedInput {
-                tracking: tracking.clone(),
-                app: AppInvocation {
-                    connector_id: Some("drive".to_string()),
-                    app_name: Some("Drive".to_string()),
-                    invocation_type: Some(InvocationType::Implicit),
-                },
-            })),
-            &mut events,
-        )
-        .await;
-    reducer
-        .ingest(
-            AnalyticsFact::Custom(CustomAnalyticsFact::PluginUsed(PluginUsedInput {
-                tracking,
-                plugin: sample_plugin_metadata(),
-            })),
-            &mut events,
-        )
-        .await;
-
-    let payload = serde_json::to_value(&events).expect("serialize events");
-    assert_eq!(payload.as_array().expect("events array").len(), 3);
-    assert_eq!(payload[0]["event_type"], "codex_app_mentioned");
-    assert_eq!(payload[1]["event_type"], "codex_app_used");
-    assert_eq!(payload[2]["event_type"], "codex_plugin_used");
-}
-
-#[tokio::test]
-async fn reducer_ingests_plugin_state_changed_fact() {
-    let mut reducer = AnalyticsReducer::default();
-    let mut events = Vec::new();
-
-    reducer
-        .ingest(
-            AnalyticsFact::Custom(CustomAnalyticsFact::PluginStateChanged(
-                PluginStateChangedInput {
-                    plugin: sample_plugin_metadata(),
-                    state: PluginState::Disabled,
-                },
-            )),
-            &mut events,
-        )
-        .await;
-
-    let payload = serde_json::to_value(&events).expect("serialize events");
-    assert_eq!(
-        payload,
-        json!([{
-            "event_type": "codex_plugin_disabled",
-            "event_params": {
-                "plugin_id": "sample@test",
-                "plugin_name": "sample",
-                "marketplace_name": "test",
-                "has_skills": true,
-                "mcp_server_count": 2,
-                "connector_ids": ["calendar", "drive"],
-                "product_client_id": originator().value
-            }
-        }])
-    );
-}
-
 fn sample_plugin_metadata() -> PluginTelemetryMetadata {
     PluginTelemetryMetadata {
         plugin_id: PluginId::parse("sample@test").expect("valid plugin id"),

codex-rs/analytics/src/client.rs

@@ -1,279 +0,0 @@
-use crate::events::AppServerRpcTransport;
-use crate::events::TrackEventRequest;
-use crate::events::TrackEventsRequest;
-use crate::events::current_runtime_metadata;
-use crate::facts::AnalyticsFact;
-use crate::facts::AppInvocation;
-use crate::facts::AppMentionedInput;
-use crate::facts::AppUsedInput;
-use crate::facts::CustomAnalyticsFact;
-use crate::facts::PluginState;
-use crate::facts::PluginStateChangedInput;
-use crate::facts::SkillInvocation;
-use crate::facts::SkillInvokedInput;
-use crate::facts::SubAgentThreadStartedInput;
-use crate::facts::TrackEventsContext;
-use crate::reducer::AnalyticsReducer;
-use codex_app_server_protocol::ClientResponse;
-use codex_app_server_protocol::InitializeParams;
-use codex_login::AuthManager;
-use codex_login::default_client::create_client;
-use codex_plugin::PluginTelemetryMetadata;
-use std::collections::HashSet;
-use std::sync::Arc;
-use std::sync::Mutex;
-use std::time::Duration;
-use tokio::sync::mpsc;
-
-const ANALYTICS_EVENTS_QUEUE_SIZE: usize = 256;
-const ANALYTICS_EVENTS_TIMEOUT: Duration = Duration::from_secs(10);
-const ANALYTICS_EVENT_DEDUPE_MAX_KEYS: usize = 4096;
-
-#[derive(Clone)]
-pub(crate) struct AnalyticsEventsQueue {
-    pub(crate) sender: mpsc::Sender<AnalyticsFact>,
-    pub(crate) app_used_emitted_keys: Arc<Mutex<HashSet<(String, String)>>>,
-    pub(crate) plugin_used_emitted_keys: Arc<Mutex<HashSet<(String, String)>>>,
-}
-
-#[derive(Clone)]
-pub struct AnalyticsEventsClient {
-    queue: AnalyticsEventsQueue,
-    analytics_enabled: Option<bool>,
-}
-
-impl AnalyticsEventsQueue {
-    pub(crate) fn new(auth_manager: Arc<AuthManager>, base_url: String) -> Self {
-        let (sender, mut receiver) = mpsc::channel(ANALYTICS_EVENTS_QUEUE_SIZE);
-        tokio::spawn(async move {
-            let mut reducer = AnalyticsReducer::default();
-            while let Some(input) = receiver.recv().await {
-                let mut events = Vec::new();
-                reducer.ingest(input, &mut events).await;
-                send_track_events(&auth_manager, &base_url, events).await;
-            }
-        });
-        Self {
-            sender,
-            app_used_emitted_keys: Arc::new(Mutex::new(HashSet::new())),
-            plugin_used_emitted_keys: Arc::new(Mutex::new(HashSet::new())),
-        }
-    }
-
-    fn try_send(&self, input: AnalyticsFact) {
-        if self.sender.try_send(input).is_err() {
-            //TODO: add a metric for this
-            tracing::warn!("dropping analytics events: queue is full");
-        }
-    }
-
-    pub(crate) fn should_enqueue_app_used(
-        &self,
-        tracking: &TrackEventsContext,
-        app: &AppInvocation,
-    ) -> bool {
-        let Some(connector_id) = app.connector_id.as_ref() else {
-            return true;
-        };
-        let mut emitted = self
-            .app_used_emitted_keys
-            .lock()
-            .unwrap_or_else(std::sync::PoisonError::into_inner);
-        if emitted.len() >= ANALYTICS_EVENT_DEDUPE_MAX_KEYS {
-            emitted.clear();
-        }
-        emitted.insert((tracking.turn_id.clone(), connector_id.clone()))
-    }
-
-    pub(crate) fn should_enqueue_plugin_used(
-        &self,
-        tracking: &TrackEventsContext,
-        plugin: &PluginTelemetryMetadata,
-    ) -> bool {
-        let mut emitted = self
-            .plugin_used_emitted_keys
-            .lock()
-            .unwrap_or_else(std::sync::PoisonError::into_inner);
-        if emitted.len() >= ANALYTICS_EVENT_DEDUPE_MAX_KEYS {
-            emitted.clear();
-        }
-        emitted.insert((tracking.turn_id.clone(), plugin.plugin_id.as_key()))
-    }
-}
-
-impl AnalyticsEventsClient {
-    pub fn new(
-        auth_manager: Arc<AuthManager>,
-        base_url: String,
-        analytics_enabled: Option<bool>,
-    ) -> Self {
-        Self {
-            queue: AnalyticsEventsQueue::new(Arc::clone(&auth_manager), base_url),
-            analytics_enabled,
-        }
-    }
-
-    pub fn track_skill_invocations(
-        &self,
-        tracking: TrackEventsContext,
-        invocations: Vec<SkillInvocation>,
-    ) {
-        if invocations.is_empty() {
-            return;
-        }
-        self.record_fact(AnalyticsFact::Custom(CustomAnalyticsFact::SkillInvoked(
-            SkillInvokedInput {
-                tracking,
-                invocations,
-            },
-        )));
-    }
-
-    pub fn track_initialize(
-        &self,
-        connection_id: u64,
-        params: InitializeParams,
-        product_client_id: String,
-        rpc_transport: AppServerRpcTransport,
-    ) {
-        self.record_fact(AnalyticsFact::Initialize {
-            connection_id,
-            params,
-            product_client_id,
-            runtime: current_runtime_metadata(),
-            rpc_transport,
-        });
-    }
-
-    pub fn track_subagent_thread_started(&self, input: SubAgentThreadStartedInput) {
-        self.record_fact(AnalyticsFact::Custom(
-            CustomAnalyticsFact::SubAgentThreadStarted(input),
-        ));
-    }
-
-    pub fn track_app_mentioned(&self, tracking: TrackEventsContext, mentions: Vec<AppInvocation>) {
-        if mentions.is_empty() {
-            return;
-        }
-        self.record_fact(AnalyticsFact::Custom(CustomAnalyticsFact::AppMentioned(
-            AppMentionedInput { tracking, mentions },
-        )));
-    }
-
-    pub fn track_app_used(&self, tracking: TrackEventsContext, app: AppInvocation) {
-        if !self.queue.should_enqueue_app_used(&tracking, &app) {
-            return;
-        }
-        self.record_fact(AnalyticsFact::Custom(CustomAnalyticsFact::AppUsed(
-            AppUsedInput { tracking, app },
-        )));
-    }
-
-    pub fn track_plugin_used(&self, tracking: TrackEventsContext, plugin: PluginTelemetryMetadata) {
-        if !self.queue.should_enqueue_plugin_used(&tracking, &plugin) {
-            return;
-        }
-        self.record_fact(AnalyticsFact::Custom(CustomAnalyticsFact::PluginUsed(
-            crate::facts::PluginUsedInput { tracking, plugin },
-        )));
-    }
-
-    pub fn track_plugin_installed(&self, plugin: PluginTelemetryMetadata) {
-        self.record_fact(AnalyticsFact::Custom(
-            CustomAnalyticsFact::PluginStateChanged(PluginStateChangedInput {
-                plugin,
-                state: PluginState::Installed,
-            }),
-        ));
-    }
-
-    pub fn track_plugin_uninstalled(&self, plugin: PluginTelemetryMetadata) {
-        self.record_fact(AnalyticsFact::Custom(
-            CustomAnalyticsFact::PluginStateChanged(PluginStateChangedInput {
-                plugin,
-                state: PluginState::Uninstalled,
-            }),
-        ));
-    }
-
-    pub fn track_plugin_enabled(&self, plugin: PluginTelemetryMetadata) {
-        self.record_fact(AnalyticsFact::Custom(
-            CustomAnalyticsFact::PluginStateChanged(PluginStateChangedInput {
-                plugin,
-                state: PluginState::Enabled,
-            }),
-        ));
-    }
-
-    pub fn track_plugin_disabled(&self, plugin: PluginTelemetryMetadata) {
-        self.record_fact(AnalyticsFact::Custom(
-            CustomAnalyticsFact::PluginStateChanged(PluginStateChangedInput {
-                plugin,
-                state: PluginState::Disabled,
-            }),
-        ));
-    }
-
-    pub(crate) fn record_fact(&self, input: AnalyticsFact) {
-        if self.analytics_enabled == Some(false) {
-            return;
-        }
-        self.queue.try_send(input);
-    }
-
-    pub fn track_response(&self, connection_id: u64, response: ClientResponse) {
-        self.record_fact(AnalyticsFact::Response {
-            connection_id,
-            response: Box::new(response),
-        });
-    }
-}
-
-async fn send_track_events(
-    auth_manager: &AuthManager,
-    base_url: &str,
-    events: Vec<TrackEventRequest>,
-) {
-    if events.is_empty() {
-        return;
-    }
-    let Some(auth) = auth_manager.auth().await else {
-        return;
-    };
-    if !auth.is_chatgpt_auth() {
-        return;
-    }
-    let access_token = match auth.get_token() {
-        Ok(token) => token,
-        Err(_) => return,
-    };
-    let Some(account_id) = auth.get_account_id() else {
-        return;
-    };
-
-    let base_url = base_url.trim_end_matches('/');
-    let url = format!("{base_url}/codex/analytics-events/events");
-    let payload = TrackEventsRequest { events };
-
-    let response = create_client()
-        .post(&url)
-        .timeout(ANALYTICS_EVENTS_TIMEOUT)
-        .bearer_auth(&access_token)
-        .header("chatgpt-account-id", &account_id)
-        .header("Content-Type", "application/json")
-        .json(&payload)
-        .send()
-        .await;
-
-    match response {
-        Ok(response) if response.status().is_success() => {}
-        Ok(response) => {
-            let status = response.status();
-            let body = response.text().await.unwrap_or_default();
-            tracing::warn!("events failed with status {status}: {body}");
-        }
-        Err(err) => {
-            tracing::warn!("failed to send events request: {err}");
-        }
-    }
-}

codex-rs/analytics/src/events.rs

@@ -1,278 +0,0 @@
-use crate::facts::AppInvocation;
-use crate::facts::InvocationType;
-use crate::facts::PluginState;
-use crate::facts::SubAgentThreadStartedInput;
-use crate::facts::TrackEventsContext;
-use codex_login::default_client::originator;
-use codex_plugin::PluginTelemetryMetadata;
-use codex_protocol::protocol::SessionSource;
-use codex_protocol::protocol::SubAgentSource;
-use serde::Serialize;
-
-#[derive(Clone, Copy, Debug, Serialize)]
-#[serde(rename_all = "snake_case")]
-pub enum AppServerRpcTransport {
-    Stdio,
-    Websocket,
-    InProcess,
-}
-
-#[derive(Clone, Copy, Debug, Serialize)]
-#[serde(rename_all = "snake_case")]
-pub(crate) enum ThreadInitializationMode {
-    New,
-    Forked,
-    Resumed,
-}
-
-#[derive(Serialize)]
-pub(crate) struct TrackEventsRequest {
-    pub(crate) events: Vec<TrackEventRequest>,
-}
-
-#[derive(Serialize)]
-#[serde(untagged)]
-pub(crate) enum TrackEventRequest {
-    SkillInvocation(SkillInvocationEventRequest),
-    ThreadInitialized(ThreadInitializedEvent),
-    AppMentioned(CodexAppMentionedEventRequest),
-    AppUsed(CodexAppUsedEventRequest),
-    PluginUsed(CodexPluginUsedEventRequest),
-    PluginInstalled(CodexPluginEventRequest),
-    PluginUninstalled(CodexPluginEventRequest),
-    PluginEnabled(CodexPluginEventRequest),
-    PluginDisabled(CodexPluginEventRequest),
-}
-
-#[derive(Serialize)]
-pub(crate) struct SkillInvocationEventRequest {
-    pub(crate) event_type: &'static str,
-    pub(crate) skill_id: String,
-    pub(crate) skill_name: String,
-    pub(crate) event_params: SkillInvocationEventParams,
-}
-
-#[derive(Serialize)]
-pub(crate) struct SkillInvocationEventParams {
-    pub(crate) product_client_id: Option<String>,
-    pub(crate) skill_scope: Option<String>,
-    pub(crate) repo_url: Option<String>,
-    pub(crate) thread_id: Option<String>,
-    pub(crate) invoke_type: Option<InvocationType>,
-    pub(crate) model_slug: Option<String>,
-}
-
-#[derive(Clone, Serialize)]
-pub(crate) struct CodexAppServerClientMetadata {
-    pub(crate) product_client_id: String,
-    pub(crate) client_name: Option<String>,
-    pub(crate) client_version: Option<String>,
-    pub(crate) rpc_transport: AppServerRpcTransport,
-    pub(crate) experimental_api_enabled: Option<bool>,
-}
-
-#[derive(Clone, Serialize)]
-pub(crate) struct CodexRuntimeMetadata {
-    pub(crate) codex_rs_version: String,
-    pub(crate) runtime_os: String,
-    pub(crate) runtime_os_version: String,
-    pub(crate) runtime_arch: String,
-}
-
-#[derive(Serialize)]
-pub(crate) struct ThreadInitializedEventParams {
-    pub(crate) thread_id: String,
-    pub(crate) app_server_client: CodexAppServerClientMetadata,
-    pub(crate) runtime: CodexRuntimeMetadata,
-    pub(crate) model: String,
-    pub(crate) ephemeral: bool,
-    pub(crate) thread_source: Option<&'static str>,
-    pub(crate) initialization_mode: ThreadInitializationMode,
-    pub(crate) subagent_source: Option<String>,
-    pub(crate) parent_thread_id: Option<String>,
-    pub(crate) created_at: u64,
-}
-
-#[derive(Serialize)]
-pub(crate) struct ThreadInitializedEvent {
-    pub(crate) event_type: &'static str,
-    pub(crate) event_params: ThreadInitializedEventParams,
-}
-
-#[derive(Serialize)]
-pub(crate) struct CodexAppMetadata {
-    pub(crate) connector_id: Option<String>,
-    pub(crate) thread_id: Option<String>,
-    pub(crate) turn_id: Option<String>,
-    pub(crate) app_name: Option<String>,
-    pub(crate) product_client_id: Option<String>,
-    pub(crate) invoke_type: Option<InvocationType>,
-    pub(crate) model_slug: Option<String>,
-}
-
-#[derive(Serialize)]
-pub(crate) struct CodexAppMentionedEventRequest {
-    pub(crate) event_type: &'static str,
-    pub(crate) event_params: CodexAppMetadata,
-}
-
-#[derive(Serialize)]
-pub(crate) struct CodexAppUsedEventRequest {
-    pub(crate) event_type: &'static str,
-    pub(crate) event_params: CodexAppMetadata,
-}
-
-#[derive(Serialize)]
-pub(crate) struct CodexPluginMetadata {
-    pub(crate) plugin_id: Option<String>,
-    pub(crate) plugin_name: Option<String>,
-    pub(crate) marketplace_name: Option<String>,
-    pub(crate) has_skills: Option<bool>,
-    pub(crate) mcp_server_count: Option<usize>,
-    pub(crate) connector_ids: Option<Vec<String>>,
-    pub(crate) product_client_id: Option<String>,
-}
-
-#[derive(Serialize)]
-pub(crate) struct CodexPluginUsedMetadata {
-    #[serde(flatten)]
-    pub(crate) plugin: CodexPluginMetadata,
-    pub(crate) thread_id: Option<String>,
-    pub(crate) turn_id: Option<String>,
-    pub(crate) model_slug: Option<String>,
-}
-
-#[derive(Serialize)]
-pub(crate) struct CodexPluginEventRequest {
-    pub(crate) event_type: &'static str,
-    pub(crate) event_params: CodexPluginMetadata,
-}
-
-#[derive(Serialize)]
-pub(crate) struct CodexPluginUsedEventRequest {
-    pub(crate) event_type: &'static str,
-    pub(crate) event_params: CodexPluginUsedMetadata,
-}
-
-pub(crate) fn plugin_state_event_type(state: PluginState) -> &'static str {
-    match state {
-        PluginState::Installed => "codex_plugin_installed",
-        PluginState::Uninstalled => "codex_plugin_uninstalled",
-        PluginState::Enabled => "codex_plugin_enabled",
-        PluginState::Disabled => "codex_plugin_disabled",
-    }
-}
-
-pub(crate) fn codex_app_metadata(
-    tracking: &TrackEventsContext,
-    app: AppInvocation,
-) -> CodexAppMetadata {
-    CodexAppMetadata {
-        connector_id: app.connector_id,
-        thread_id: Some(tracking.thread_id.clone()),
-        turn_id: Some(tracking.turn_id.clone()),
-        app_name: app.app_name,
-        product_client_id: Some(originator().value),
-        invoke_type: app.invocation_type,
-        model_slug: Some(tracking.model_slug.clone()),
-    }
-}
-
-pub(crate) fn codex_plugin_metadata(plugin: PluginTelemetryMetadata) -> CodexPluginMetadata {
-    let capability_summary = plugin.capability_summary;
-    CodexPluginMetadata {
-        plugin_id: Some(plugin.plugin_id.as_key()),
-        plugin_name: Some(plugin.plugin_id.plugin_name),
-        marketplace_name: Some(plugin.plugin_id.marketplace_name),
-        has_skills: capability_summary
-            .as_ref()
-            .map(|summary| summary.has_skills),
-        mcp_server_count: capability_summary
-            .as_ref()
-            .map(|summary| summary.mcp_server_names.len()),
-        connector_ids: capability_summary.map(|summary| {
-            summary
-                .app_connector_ids
-                .into_iter()
-                .map(|connector_id| connector_id.0)
-                .collect()
-        }),
-        product_client_id: Some(originator().value),
-    }
-}
-
-pub(crate) fn codex_plugin_used_metadata(
-    tracking: &TrackEventsContext,
-    plugin: PluginTelemetryMetadata,
-) -> CodexPluginUsedMetadata {
-    CodexPluginUsedMetadata {
-        plugin: codex_plugin_metadata(plugin),
-        thread_id: Some(tracking.thread_id.clone()),
-        turn_id: Some(tracking.turn_id.clone()),
-        model_slug: Some(tracking.model_slug.clone()),
-    }
-}
-
-pub(crate) fn thread_source_name(thread_source: &SessionSource) -> Option<&'static str> {
-    match thread_source {
-        SessionSource::Cli | SessionSource::VSCode | SessionSource::Exec => Some("user"),
-        SessionSource::SubAgent(_) => Some("subagent"),
-        SessionSource::Mcp | SessionSource::Custom(_) | SessionSource::Unknown => None,
-    }
-}
-
-pub(crate) fn current_runtime_metadata() -> CodexRuntimeMetadata {
-    let os_info = os_info::get();
-    CodexRuntimeMetadata {
-        codex_rs_version: env!("CARGO_PKG_VERSION").to_string(),
-        runtime_os: std::env::consts::OS.to_string(),
-        runtime_os_version: os_info.version().to_string(),
-        runtime_arch: std::env::consts::ARCH.to_string(),
-    }
-}
-
-pub(crate) fn subagent_thread_started_event_request(
-    input: SubAgentThreadStartedInput,
-) -> ThreadInitializedEvent {
-    let event_params = ThreadInitializedEventParams {
-        thread_id: input.thread_id,
-        app_server_client: CodexAppServerClientMetadata {
-            product_client_id: input.product_client_id,
-            client_name: Some(input.client_name),
-            client_version: Some(input.client_version),
-            rpc_transport: AppServerRpcTransport::InProcess,
-            experimental_api_enabled: None,
-        },
-        runtime: current_runtime_metadata(),
-        model: input.model,
-        ephemeral: input.ephemeral,
-        thread_source: Some("subagent"),
-        initialization_mode: ThreadInitializationMode::New,
-        subagent_source: Some(subagent_source_name(&input.subagent_source)),
-        parent_thread_id: subagent_parent_thread_id(&input.subagent_source),
-        created_at: input.created_at,
-    };
-    ThreadInitializedEvent {
-        event_type: "codex_thread_initialized",
-        event_params,
-    }
-}
-
-fn subagent_source_name(subagent_source: &SubAgentSource) -> String {
-    match subagent_source {
-        SubAgentSource::Review => "review".to_string(),
-        SubAgentSource::Compact => "compact".to_string(),
-        SubAgentSource::ThreadSpawn { .. } => "thread_spawn".to_string(),
-        SubAgentSource::MemoryConsolidation => "memory_consolidation".to_string(),
-        SubAgentSource::Other(other) => other.clone(),
-    }
-}
-
-fn subagent_parent_thread_id(subagent_source: &SubAgentSource) -> Option<String> {
-    match subagent_source {
-        SubAgentSource::ThreadSpawn {
-            parent_thread_id, ..
-        } => Some(parent_thread_id.to_string()),
-        _ => None,
-    }
-}

codex-rs/analytics/src/facts.rs

@@ -1,130 +0,0 @@
-use crate::events::AppServerRpcTransport;
-use crate::events::CodexRuntimeMetadata;
-use codex_app_server_protocol::ClientRequest;
-use codex_app_server_protocol::ClientResponse;
-use codex_app_server_protocol::InitializeParams;
-use codex_app_server_protocol::RequestId;
-use codex_app_server_protocol::ServerNotification;
-use codex_plugin::PluginTelemetryMetadata;
-use codex_protocol::protocol::SkillScope;
-use codex_protocol::protocol::SubAgentSource;
-use serde::Serialize;
-use std::path::PathBuf;
-
-#[derive(Clone)]
-pub struct TrackEventsContext {
-    pub model_slug: String,
-    pub thread_id: String,
-    pub turn_id: String,
-}
-
-pub fn build_track_events_context(
-    model_slug: String,
-    thread_id: String,
-    turn_id: String,
-) -> TrackEventsContext {
-    TrackEventsContext {
-        model_slug,
-        thread_id,
-        turn_id,
-    }
-}
-
-#[derive(Clone, Debug)]
-pub struct SkillInvocation {
-    pub skill_name: String,
-    pub skill_scope: SkillScope,
-    pub skill_path: PathBuf,
-    pub invocation_type: InvocationType,
-}
-
-#[derive(Clone, Copy, Debug, Serialize)]
-#[serde(rename_all = "lowercase")]
-pub enum InvocationType {
-    Explicit,
-    Implicit,
-}
-
-pub struct AppInvocation {
-    pub connector_id: Option<String>,
-    pub app_name: Option<String>,
-    pub invocation_type: Option<InvocationType>,
-}
-
-#[derive(Clone)]
-pub struct SubAgentThreadStartedInput {
-    pub thread_id: String,
-    pub product_client_id: String,
-    pub client_name: String,
-    pub client_version: String,
-    pub model: String,
-    pub ephemeral: bool,
-    pub subagent_source: SubAgentSource,
-    pub created_at: u64,
-}
-
-#[allow(dead_code)]
-pub(crate) enum AnalyticsFact {
-    Initialize {
-        connection_id: u64,
-        params: InitializeParams,
-        product_client_id: String,
-        runtime: CodexRuntimeMetadata,
-        rpc_transport: AppServerRpcTransport,
-    },
-    Request {
-        connection_id: u64,
-        request_id: RequestId,
-        request: Box<ClientRequest>,
-    },
-    Response {
-        connection_id: u64,
-        response: Box<ClientResponse>,
-    },
-    Notification(Box<ServerNotification>),
-    // Facts that do not naturally exist on the app-server protocol surface, or
-    // would require non-trivial protocol reshaping on this branch.
-    Custom(CustomAnalyticsFact),
-}
-
-pub(crate) enum CustomAnalyticsFact {
-    SubAgentThreadStarted(SubAgentThreadStartedInput),
-    SkillInvoked(SkillInvokedInput),
-    AppMentioned(AppMentionedInput),
-    AppUsed(AppUsedInput),
-    PluginUsed(PluginUsedInput),
-    PluginStateChanged(PluginStateChangedInput),
-}
-
-pub(crate) struct SkillInvokedInput {
-    pub tracking: TrackEventsContext,
-    pub invocations: Vec<SkillInvocation>,
-}
-
-pub(crate) struct AppMentionedInput {
-    pub tracking: TrackEventsContext,
-    pub mentions: Vec<AppInvocation>,
-}
-
-pub(crate) struct AppUsedInput {
-    pub tracking: TrackEventsContext,
-    pub app: AppInvocation,
-}
-
-pub(crate) struct PluginUsedInput {
-    pub tracking: TrackEventsContext,
-    pub plugin: PluginTelemetryMetadata,
-}
-
-pub(crate) struct PluginStateChangedInput {
-    pub plugin: PluginTelemetryMetadata,
-    pub state: PluginState,
-}
-
-#[derive(Clone, Copy)]
-pub(crate) enum PluginState {
-    Installed,
-    Uninstalled,
-    Enabled,
-    Disabled,
-}

codex-rs/analytics/src/lib.rs

@@ -1,16 +1,8 @@
-mod client;
-mod events;
-mod facts;
-mod reducer;
+mod analytics_client;
 
-pub use client::AnalyticsEventsClient;
-pub use events::AppServerRpcTransport;
-pub use facts::AppInvocation;
-pub use facts::InvocationType;
-pub use facts::SkillInvocation;
-pub use facts::SubAgentThreadStartedInput;
-pub use facts::TrackEventsContext;
-pub use facts::build_track_events_context;
-
-#[cfg(test)]
-mod analytics_client_tests;
+pub use analytics_client::AnalyticsEventsClient;
+pub use analytics_client::AppInvocation;
+pub use analytics_client::InvocationType;
+pub use analytics_client::SkillInvocation;
+pub use analytics_client::TrackEventsContext;
+pub use analytics_client::build_track_events_context;

codex-rs/analytics/src/reducer.rs

@@ -1,320 +0,0 @@
-use crate::events::AppServerRpcTransport;
-use crate::events::CodexAppMentionedEventRequest;
-use crate::events::CodexAppServerClientMetadata;
-use crate::events::CodexAppUsedEventRequest;
-use crate::events::CodexPluginEventRequest;
-use crate::events::CodexPluginUsedEventRequest;
-use crate::events::CodexRuntimeMetadata;
-use crate::events::SkillInvocationEventParams;
-use crate::events::SkillInvocationEventRequest;
-use crate::events::ThreadInitializationMode;
-use crate::events::ThreadInitializedEvent;
-use crate::events::ThreadInitializedEventParams;
-use crate::events::TrackEventRequest;
-use crate::events::codex_app_metadata;
-use crate::events::codex_plugin_metadata;
-use crate::events::codex_plugin_used_metadata;
-use crate::events::plugin_state_event_type;
-use crate::events::subagent_thread_started_event_request;
-use crate::events::thread_source_name;
-use crate::facts::AnalyticsFact;
-use crate::facts::AppMentionedInput;
-use crate::facts::AppUsedInput;
-use crate::facts::CustomAnalyticsFact;
-use crate::facts::PluginState;
-use crate::facts::PluginStateChangedInput;
-use crate::facts::PluginUsedInput;
-use crate::facts::SkillInvokedInput;
-use crate::facts::SubAgentThreadStartedInput;
-use codex_app_server_protocol::ClientResponse;
-use codex_app_server_protocol::InitializeParams;
-use codex_git_utils::collect_git_info;
-use codex_git_utils::get_git_repo_root;
-use codex_login::default_client::originator;
-use codex_protocol::protocol::SessionSource;
-use codex_protocol::protocol::SkillScope;
-use sha1::Digest;
-use std::collections::HashMap;
-use std::path::Path;
-
-#[derive(Default)]
-pub(crate) struct AnalyticsReducer {
-    connections: HashMap<u64, ConnectionState>,
-}
-
-struct ConnectionState {
-    app_server_client: CodexAppServerClientMetadata,
-    runtime: CodexRuntimeMetadata,
-}
-
-impl AnalyticsReducer {
-    pub(crate) async fn ingest(&mut self, input: AnalyticsFact, out: &mut Vec<TrackEventRequest>) {
-        match input {
-            AnalyticsFact::Initialize {
-                connection_id,
-                params,
-                product_client_id,
-                runtime,
-                rpc_transport,
-            } => {
-                self.ingest_initialize(
-                    connection_id,
-                    params,
-                    product_client_id,
-                    runtime,
-                    rpc_transport,
-                );
-            }
-            AnalyticsFact::Request {
-                connection_id: _connection_id,
-                request_id: _request_id,
-                request: _request,
-            } => {}
-            AnalyticsFact::Response {
-                connection_id,
-                response,
-            } => {
-                self.ingest_response(connection_id, *response, out);
-            }
-            AnalyticsFact::Notification(_notification) => {}
-            AnalyticsFact::Custom(input) => match input {
-                CustomAnalyticsFact::SubAgentThreadStarted(input) => {
-                    self.ingest_subagent_thread_started(input, out);
-                }
-                CustomAnalyticsFact::SkillInvoked(input) => {
-                    self.ingest_skill_invoked(input, out).await;
-                }
-                CustomAnalyticsFact::AppMentioned(input) => {
-                    self.ingest_app_mentioned(input, out);
-                }
-                CustomAnalyticsFact::AppUsed(input) => {
-                    self.ingest_app_used(input, out);
-                }
-                CustomAnalyticsFact::PluginUsed(input) => {
-                    self.ingest_plugin_used(input, out);
-                }
-                CustomAnalyticsFact::PluginStateChanged(input) => {
-                    self.ingest_plugin_state_changed(input, out);
-                }
-            },
-        }
-    }
-
-    fn ingest_initialize(
-        &mut self,
-        connection_id: u64,
-        params: InitializeParams,
-        product_client_id: String,
-        runtime: CodexRuntimeMetadata,
-        rpc_transport: AppServerRpcTransport,
-    ) {
-        self.connections.insert(
-            connection_id,
-            ConnectionState {
-                app_server_client: CodexAppServerClientMetadata {
-                    product_client_id,
-                    client_name: Some(params.client_info.name),
-                    client_version: Some(params.client_info.version),
-                    rpc_transport,
-                    experimental_api_enabled: params
-                        .capabilities
-                        .map(|capabilities| capabilities.experimental_api),
-                },
-                runtime,
-            },
-        );
-    }
-
-    fn ingest_subagent_thread_started(
-        &mut self,
-        input: SubAgentThreadStartedInput,
-        out: &mut Vec<TrackEventRequest>,
-    ) {
-        out.push(TrackEventRequest::ThreadInitialized(
-            subagent_thread_started_event_request(input),
-        ));
-    }
-
-    async fn ingest_skill_invoked(
-        &mut self,
-        input: SkillInvokedInput,
-        out: &mut Vec<TrackEventRequest>,
-    ) {
-        let SkillInvokedInput {
-            tracking,
-            invocations,
-        } = input;
-        for invocation in invocations {
-            let skill_scope = match invocation.skill_scope {
-                SkillScope::User => "user",
-                SkillScope::Repo => "repo",
-                SkillScope::System => "system",
-                SkillScope::Admin => "admin",
-            };
-            let repo_root = get_git_repo_root(invocation.skill_path.as_path());
-            let repo_url = if let Some(root) = repo_root.as_ref() {
-                collect_git_info(root)
-                    .await
-                    .and_then(|info| info.repository_url)
-            } else {
-                None
-            };
-            let skill_id = skill_id_for_local_skill(
-                repo_url.as_deref(),
-                repo_root.as_deref(),
-                invocation.skill_path.as_path(),
-                invocation.skill_name.as_str(),
-            );
-            out.push(TrackEventRequest::SkillInvocation(
-                SkillInvocationEventRequest {
-                    event_type: "skill_invocation",
-                    skill_id,
-                    skill_name: invocation.skill_name.clone(),
-                    event_params: SkillInvocationEventParams {
-                        thread_id: Some(tracking.thread_id.clone()),
-                        invoke_type: Some(invocation.invocation_type),
-                        model_slug: Some(tracking.model_slug.clone()),
-                        product_client_id: Some(originator().value),
-                        repo_url,
-                        skill_scope: Some(skill_scope.to_string()),
-                    },
-                },
-            ));
-        }
-    }
-
-    fn ingest_app_mentioned(&mut self, input: AppMentionedInput, out: &mut Vec<TrackEventRequest>) {
-        let AppMentionedInput { tracking, mentions } = input;
-        out.extend(mentions.into_iter().map(|mention| {
-            let event_params = codex_app_metadata(&tracking, mention);
-            TrackEventRequest::AppMentioned(CodexAppMentionedEventRequest {
-                event_type: "codex_app_mentioned",
-                event_params,
-            })
-        }));
-    }
-
-    fn ingest_app_used(&mut self, input: AppUsedInput, out: &mut Vec<TrackEventRequest>) {
-        let AppUsedInput { tracking, app } = input;
-        let event_params = codex_app_metadata(&tracking, app);
-        out.push(TrackEventRequest::AppUsed(CodexAppUsedEventRequest {
-            event_type: "codex_app_used",
-            event_params,
-        }));
-    }
-
-    fn ingest_plugin_used(&mut self, input: PluginUsedInput, out: &mut Vec<TrackEventRequest>) {
-        let PluginUsedInput { tracking, plugin } = input;
-        out.push(TrackEventRequest::PluginUsed(CodexPluginUsedEventRequest {
-            event_type: "codex_plugin_used",
-            event_params: codex_plugin_used_metadata(&tracking, plugin),
-        }));
-    }
-
-    fn ingest_plugin_state_changed(
-        &mut self,
-        input: PluginStateChangedInput,
-        out: &mut Vec<TrackEventRequest>,
-    ) {
-        let PluginStateChangedInput { plugin, state } = input;
-        let event = CodexPluginEventRequest {
-            event_type: plugin_state_event_type(state),
-            event_params: codex_plugin_metadata(plugin),
-        };
-        out.push(match state {
-            PluginState::Installed => TrackEventRequest::PluginInstalled(event),
-            PluginState::Uninstalled => TrackEventRequest::PluginUninstalled(event),
-            PluginState::Enabled => TrackEventRequest::PluginEnabled(event),
-            PluginState::Disabled => TrackEventRequest::PluginDisabled(event),
-        });
-    }
-
-    fn ingest_response(
-        &mut self,
-        connection_id: u64,
-        response: ClientResponse,
-        out: &mut Vec<TrackEventRequest>,
-    ) {
-        let (thread, model, initialization_mode) = match response {
-            ClientResponse::ThreadStart { response, .. } => (
-                response.thread,
-                response.model,
-                ThreadInitializationMode::New,
-            ),
-            ClientResponse::ThreadResume { response, .. } => (
-                response.thread,
-                response.model,
-                ThreadInitializationMode::Resumed,
-            ),
-            ClientResponse::ThreadFork { response, .. } => (
-                response.thread,
-                response.model,
-                ThreadInitializationMode::Forked,
-            ),
-            _ => return,
-        };
-        let thread_source: SessionSource = thread.source.into();
-        let Some(connection_state) = self.connections.get(&connection_id) else {
-            return;
-        };
-        out.push(TrackEventRequest::ThreadInitialized(
-            ThreadInitializedEvent {
-                event_type: "codex_thread_initialized",
-                event_params: ThreadInitializedEventParams {
-                    thread_id: thread.id,
-                    app_server_client: connection_state.app_server_client.clone(),
-                    runtime: connection_state.runtime.clone(),
-                    model,
-                    ephemeral: thread.ephemeral,
-                    thread_source: thread_source_name(&thread_source),
-                    initialization_mode,
-                    subagent_source: None,
-                    parent_thread_id: None,
-                    created_at: u64::try_from(thread.created_at).unwrap_or_default(),
-                },
-            },
-        ));
-    }
-}
-
-pub(crate) fn skill_id_for_local_skill(
-    repo_url: Option<&str>,
-    repo_root: Option<&Path>,
-    skill_path: &Path,
-    skill_name: &str,
-) -> String {
-    let path = normalize_path_for_skill_id(repo_url, repo_root, skill_path);
-    let prefix = if let Some(url) = repo_url {
-        format!("repo_{url}")
-    } else {
-        "personal".to_string()
-    };
-    let raw_id = format!("{prefix}_{path}_{skill_name}");
-    let mut hasher = sha1::Sha1::new();
-    sha1::Digest::update(&mut hasher, raw_id.as_bytes());
-    format!("{:x}", sha1::Digest::finalize(hasher))
-}
-
-/// Returns a normalized path for skill ID construction.
-///
-/// - Repo-scoped skills use a path relative to the repo root.
-/// - User/admin/system skills use an absolute path.
-pub(crate) fn normalize_path_for_skill_id(
-    repo_url: Option<&str>,
-    repo_root: Option<&Path>,
-    skill_path: &Path,
-) -> String {
-    let resolved_path =
-        std::fs::canonicalize(skill_path).unwrap_or_else(|_| skill_path.to_path_buf());
-    match (repo_url, repo_root) {
-        (Some(_), Some(root)) => {
-            let resolved_root = std::fs::canonicalize(root).unwrap_or_else(|_| root.to_path_buf());
-            resolved_path
-                .strip_prefix(&resolved_root)
-                .unwrap_or(resolved_path.as_path())
-                .to_string_lossy()
-                .replace('\\', "/")
-        }
-        _ => resolved_path.to_string_lossy().replace('\\', "/"),
-    }
-}

codex-rs/ansi-escape/Cargo.toml

@@ -8,9 +8,6 @@ license.workspace = true
 name = "codex_ansi_escape"
 path = "src/lib.rs"
 
-[lints]
-workspace = true
-
 [dependencies]
 ansi-to-tui = { workspace = true }
 ratatui = { workspace = true, features = [

codex-rs/app-server-client/src/lib.rs

@@ -1060,9 +1060,6 @@ mod tests {
                 items: Vec::new(),
                 status: codex_app_server_protocol::TurnStatus::Completed,
                 error: None,
-                started_at: None,
-                completed_at: Some(0),
-                duration_ms: Some(1),
             },
         })
     }
@@ -1837,9 +1834,6 @@ mod tests {
                             items: Vec::new(),
                             status: codex_app_server_protocol::TurnStatus::Completed,
                             error: None,
-                            started_at: None,
-                            completed_at: Some(0),
-                            duration_ms: None,
                         },
                     }
                 )

codex-rs/app-server-protocol/Cargo.toml

@@ -17,12 +17,12 @@ clap = { workspace = true, features = ["derive"] }
 codex-experimental-api-macros = { workspace = true }
 codex-git-utils = { workspace = true }
 codex-protocol = { workspace = true }
-codex-shell-command = { workspace = true }
 codex-utils-absolute-path = { workspace = true }
 schemars = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true }
 serde_with = { workspace = true }
+shlex = { workspace = true }
 strum_macros = { workspace = true }
 thiserror = { workspace = true }
 rmcp = { workspace = true, default-features = false, features = [

codex-rs/app-server-protocol/schema/json/ClientRequest.json

@@ -1042,17 +1042,6 @@
             "null"
           ]
         },
-        "detail": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/McpServerStatusDetail"
-            },
-            {
-              "type": "null"
-            }
-          ],
-          "description": "Controls how much MCP inventory data to fetch for each server. Defaults to `Full` when omitted."
-        },
         "limit": {
           "description": "Optional page size; defaults to a server-defined value.",
           "format": "uint32",
@@ -1219,25 +1208,6 @@
         }
       ]
     },
-    "McpResourceReadParams": {
-      "properties": {
-        "server": {
-          "type": "string"
-        },
-        "threadId": {
-          "type": "string"
-        },
-        "uri": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "server",
-        "threadId",
-        "uri"
-      ],
-      "type": "object"
-    },
     "McpServerOauthLoginParams": {
       "properties": {
         "name": {
@@ -1265,13 +1235,6 @@
       ],
       "type": "object"
     },
-    "McpServerStatusDetail": {
-      "enum": [
-        "full",
-        "toolsAndAuthOnly"
-      ],
-      "type": "string"
-    },
     "MergeStrategy": {
       "enum": [
         "replace",
@@ -4457,30 +4420,6 @@
       "title": "McpServerStatus/listRequest",
       "type": "object"
     },
-    {
-      "properties": {
-        "id": {
-          "$ref": "#/definitions/RequestId"
-        },
-        "method": {
-          "enum": [
-            "mcpServer/resource/read"
-          ],
-          "title": "McpServer/resource/readRequestMethod",
-          "type": "string"
-        },
-        "params": {
-          "$ref": "#/definitions/McpResourceReadParams"
-        }
-      },
-      "required": [
-        "id",
-        "method",
-        "params"
-      ],
-      "title": "McpServer/resource/readRequest",
-      "type": "object"
-    },
     {
       "properties": {
         "id": {

codex-rs/app-server-protocol/schema/json/ServerNotification.json

@@ -1163,176 +1163,6 @@
       ],
       "type": "object"
     },
-    "GuardianApprovalReviewAction": {
-      "oneOf": [
-        {
-          "properties": {
-            "command": {
-              "type": "string"
-            },
-            "cwd": {
-              "type": "string"
-            },
-            "source": {
-              "$ref": "#/definitions/GuardianCommandSource"
-            },
-            "type": {
-              "enum": [
-                "command"
-              ],
-              "title": "CommandGuardianApprovalReviewActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "command",
-            "cwd",
-            "source",
-            "type"
-          ],
-          "title": "CommandGuardianApprovalReviewAction",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "argv": {
-              "items": {
-                "type": "string"
-              },
-              "type": "array"
-            },
-            "cwd": {
-              "type": "string"
-            },
-            "program": {
-              "type": "string"
-            },
-            "source": {
-              "$ref": "#/definitions/GuardianCommandSource"
-            },
-            "type": {
-              "enum": [
-                "execve"
-              ],
-              "title": "ExecveGuardianApprovalReviewActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "argv",
-            "cwd",
-            "program",
-            "source",
-            "type"
-          ],
-          "title": "ExecveGuardianApprovalReviewAction",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "cwd": {
-              "type": "string"
-            },
-            "files": {
-              "items": {
-                "type": "string"
-              },
-              "type": "array"
-            },
-            "type": {
-              "enum": [
-                "applyPatch"
-              ],
-              "title": "ApplyPatchGuardianApprovalReviewActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "cwd",
-            "files",
-            "type"
-          ],
-          "title": "ApplyPatchGuardianApprovalReviewAction",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "host": {
-              "type": "string"
-            },
-            "port": {
-              "format": "uint16",
-              "minimum": 0.0,
-              "type": "integer"
-            },
-            "protocol": {
-              "$ref": "#/definitions/NetworkApprovalProtocol"
-            },
-            "target": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "networkAccess"
-              ],
-              "title": "NetworkAccessGuardianApprovalReviewActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "host",
-            "port",
-            "protocol",
-            "target",
-            "type"
-          ],
-          "title": "NetworkAccessGuardianApprovalReviewAction",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "connectorId": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "connectorName": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "server": {
-              "type": "string"
-            },
-            "toolName": {
-              "type": "string"
-            },
-            "toolTitle": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "mcpToolCall"
-              ],
-              "title": "McpToolCallGuardianApprovalReviewActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "server",
-            "toolName",
-            "type"
-          ],
-          "title": "McpToolCallGuardianApprovalReviewAction",
-          "type": "object"
-        }
-      ]
-    },
     "GuardianApprovalReviewStatus": {
       "description": "[UNSTABLE] Lifecycle state for a guardian approval review.",
       "enum": [
@@ -1343,13 +1173,6 @@
       ],
       "type": "string"
     },
-    "GuardianCommandSource": {
-      "enum": [
-        "shell",
-        "unifiedExec"
-      ],
-      "type": "string"
-    },
     "GuardianRiskLevel": {
       "description": "[UNSTABLE] Risk level assigned by guardian approval review.",
       "enum": [
@@ -1577,9 +1400,7 @@
     "ItemGuardianApprovalReviewCompletedNotification": {
       "description": "[UNSTABLE] Temporary notification payload for guardian automatic approval review. This shape is expected to change soon.\n\nTODO(ccunningham): Attach guardian review state to the reviewed tool item's lifecycle instead of sending separate standalone review notifications so the app-server API can persist and replay review state via `thread/read`.",
       "properties": {
-        "action": {
-          "$ref": "#/definitions/GuardianApprovalReviewAction"
-        },
+        "action": true,
         "review": {
           "$ref": "#/definitions/GuardianApprovalReview"
         },
@@ -1594,7 +1415,6 @@
         }
       },
       "required": [
-        "action",
         "review",
         "targetItemId",
         "threadId",
@@ -1605,9 +1425,7 @@
     "ItemGuardianApprovalReviewStartedNotification": {
       "description": "[UNSTABLE] Temporary notification payload for guardian automatic approval review. This shape is expected to change soon.\n\nTODO(ccunningham): Attach guardian review state to the reviewed tool item's lifecycle instead of sending separate standalone review notifications so the app-server API can persist and replay review state via `thread/read`.",
       "properties": {
-        "action": {
-          "$ref": "#/definitions/GuardianApprovalReviewAction"
-        },
+        "action": true,
         "review": {
           "$ref": "#/definitions/GuardianApprovalReview"
         },
@@ -1622,7 +1440,6 @@
         }
       },
       "required": [
-        "action",
         "review",
         "targetItemId",
         "threadId",
@@ -1855,15 +1672,6 @@
       ],
       "type": "object"
     },
-    "NetworkApprovalProtocol": {
-      "enum": [
-        "http",
-        "https",
-        "socks5Tcp",
-        "socks5Udp"
-      ],
-      "type": "string"
-    },
     "NonSteerableTurnKind": {
       "enum": [
         "review",
@@ -2425,13 +2233,6 @@
           "description": "Whether the thread is ephemeral and should not be materialized on disk.",
           "type": "boolean"
         },
-        "forkedFromId": {
-          "description": "Source thread id when this thread was created by forking another thread.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
         "gitInfo": {
           "anyOf": [
             {
@@ -3532,22 +3333,6 @@
     },
     "Turn": {
       "properties": {
-        "completedAt": {
-          "description": "Unix timestamp (in seconds) when the turn completed.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
-        "durationMs": {
-          "description": "Duration between turn start and completion in milliseconds, if known.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
         "error": {
           "anyOf": [
             {
@@ -3569,14 +3354,6 @@
           },
           "type": "array"
         },
-        "startedAt": {
-          "description": "Unix timestamp (in seconds) when the turn started.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
         "status": {
           "$ref": "#/definitions/TurnStatus"
         }

codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.schemas.json

@@ -1201,30 +1201,6 @@
           "title": "McpServerStatus/listRequest",
           "type": "object"
         },
-        {
-          "properties": {
-            "id": {
-              "$ref": "#/definitions/v2/RequestId"
-            },
-            "method": {
-              "enum": [
-                "mcpServer/resource/read"
-              ],
-              "title": "McpServer/resource/readRequestMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/v2/McpResourceReadParams"
-            }
-          },
-          "required": [
-            "id",
-            "method",
-            "params"
-          ],
-          "title": "McpServer/resource/readRequest",
-          "type": "object"
-        },
         {
           "properties": {
             "id": {
@@ -3087,7 +3063,7 @@
           "type": "string"
         },
         "protocol": {
-          "$ref": "#/definitions/v2/NetworkApprovalProtocol"
+          "$ref": "#/definitions/NetworkApprovalProtocol"
         }
       },
       "required": [
@@ -3096,6 +3072,15 @@
       ],
       "type": "object"
     },
+    "NetworkApprovalProtocol": {
+      "enum": [
+        "http",
+        "https",
+        "socks5Tcp",
+        "socks5Udp"
+      ],
+      "type": "string"
+    },
     "NetworkPolicyAmendment": {
       "properties": {
         "action": {
@@ -8092,176 +8077,6 @@
         ],
         "type": "object"
       },
-      "GuardianApprovalReviewAction": {
-        "oneOf": [
-          {
-            "properties": {
-              "command": {
-                "type": "string"
-              },
-              "cwd": {
-                "type": "string"
-              },
-              "source": {
-                "$ref": "#/definitions/v2/GuardianCommandSource"
-              },
-              "type": {
-                "enum": [
-                  "command"
-                ],
-                "title": "CommandGuardianApprovalReviewActionType",
-                "type": "string"
-              }
-            },
-            "required": [
-              "command",
-              "cwd",
-              "source",
-              "type"
-            ],
-            "title": "CommandGuardianApprovalReviewAction",
-            "type": "object"
-          },
-          {
-            "properties": {
-              "argv": {
-                "items": {
-                  "type": "string"
-                },
-                "type": "array"
-              },
-              "cwd": {
-                "type": "string"
-              },
-              "program": {
-                "type": "string"
-              },
-              "source": {
-                "$ref": "#/definitions/v2/GuardianCommandSource"
-              },
-              "type": {
-                "enum": [
-                  "execve"
-                ],
-                "title": "ExecveGuardianApprovalReviewActionType",
-                "type": "string"
-              }
-            },
-            "required": [
-              "argv",
-              "cwd",
-              "program",
-              "source",
-              "type"
-            ],
-            "title": "ExecveGuardianApprovalReviewAction",
-            "type": "object"
-          },
-          {
-            "properties": {
-              "cwd": {
-                "type": "string"
-              },
-              "files": {
-                "items": {
-                  "type": "string"
-                },
-                "type": "array"
-              },
-              "type": {
-                "enum": [
-                  "applyPatch"
-                ],
-                "title": "ApplyPatchGuardianApprovalReviewActionType",
-                "type": "string"
-              }
-            },
-            "required": [
-              "cwd",
-              "files",
-              "type"
-            ],
-            "title": "ApplyPatchGuardianApprovalReviewAction",
-            "type": "object"
-          },
-          {
-            "properties": {
-              "host": {
-                "type": "string"
-              },
-              "port": {
-                "format": "uint16",
-                "minimum": 0.0,
-                "type": "integer"
-              },
-              "protocol": {
-                "$ref": "#/definitions/v2/NetworkApprovalProtocol"
-              },
-              "target": {
-                "type": "string"
-              },
-              "type": {
-                "enum": [
-                  "networkAccess"
-                ],
-                "title": "NetworkAccessGuardianApprovalReviewActionType",
-                "type": "string"
-              }
-            },
-            "required": [
-              "host",
-              "port",
-              "protocol",
-              "target",
-              "type"
-            ],
-            "title": "NetworkAccessGuardianApprovalReviewAction",
-            "type": "object"
-          },
-          {
-            "properties": {
-              "connectorId": {
-                "type": [
-                  "string",
-                  "null"
-                ]
-              },
-              "connectorName": {
-                "type": [
-                  "string",
-                  "null"
-                ]
-              },
-              "server": {
-                "type": "string"
-              },
-              "toolName": {
-                "type": "string"
-              },
-              "toolTitle": {
-                "type": [
-                  "string",
-                  "null"
-                ]
-              },
-              "type": {
-                "enum": [
-                  "mcpToolCall"
-                ],
-                "title": "McpToolCallGuardianApprovalReviewActionType",
-                "type": "string"
-              }
-            },
-            "required": [
-              "server",
-              "toolName",
-              "type"
-            ],
-            "title": "McpToolCallGuardianApprovalReviewAction",
-            "type": "object"
-          }
-        ]
-      },
       "GuardianApprovalReviewStatus": {
         "description": "[UNSTABLE] Lifecycle state for a guardian approval review.",
         "enum": [
@@ -8272,13 +8087,6 @@
         ],
         "type": "string"
       },
-      "GuardianCommandSource": {
-        "enum": [
-          "shell",
-          "unifiedExec"
-        ],
-        "type": "string"
-      },
       "GuardianRiskLevel": {
         "description": "[UNSTABLE] Risk level assigned by guardian approval review.",
         "enum": [
@@ -8541,9 +8349,7 @@
         "$schema": "http://json-schema.org/draft-07/schema#",
         "description": "[UNSTABLE] Temporary notification payload for guardian automatic approval review. This shape is expected to change soon.\n\nTODO(ccunningham): Attach guardian review state to the reviewed tool item's lifecycle instead of sending separate standalone review notifications so the app-server API can persist and replay review state via `thread/read`.",
         "properties": {
-          "action": {
-            "$ref": "#/definitions/v2/GuardianApprovalReviewAction"
-          },
+          "action": true,
           "review": {
             "$ref": "#/definitions/v2/GuardianApprovalReview"
           },
@@ -8558,7 +8364,6 @@
           }
         },
         "required": [
-          "action",
           "review",
           "targetItemId",
           "threadId",
@@ -8571,9 +8376,7 @@
         "$schema": "http://json-schema.org/draft-07/schema#",
         "description": "[UNSTABLE] Temporary notification payload for guardian automatic approval review. This shape is expected to change soon.\n\nTODO(ccunningham): Attach guardian review state to the reviewed tool item's lifecycle instead of sending separate standalone review notifications so the app-server API can persist and replay review state via `thread/read`.",
         "properties": {
-          "action": {
-            "$ref": "#/definitions/v2/GuardianApprovalReviewAction"
-          },
+          "action": true,
           "review": {
             "$ref": "#/definitions/v2/GuardianApprovalReview"
           },
@@ -8588,7 +8391,6 @@
           }
         },
         "required": [
-          "action",
           "review",
           "targetItemId",
           "threadId",
@@ -8628,17 +8430,6 @@
               "null"
             ]
           },
-          "detail": {
-            "anyOf": [
-              {
-                "$ref": "#/definitions/v2/McpServerStatusDetail"
-              },
-              {
-                "type": "null"
-              }
-            ],
-            "description": "Controls how much MCP inventory data to fetch for each server. Defaults to `Full` when omitted."
-          },
           "limit": {
             "description": "Optional page size; defaults to a server-defined value.",
             "format": "uint32",
@@ -8964,43 +8755,6 @@
         ],
         "type": "string"
       },
-      "McpResourceReadParams": {
-        "$schema": "http://json-schema.org/draft-07/schema#",
-        "properties": {
-          "server": {
-            "type": "string"
-          },
-          "threadId": {
-            "type": "string"
-          },
-          "uri": {
-            "type": "string"
-          }
-        },
-        "required": [
-          "server",
-          "threadId",
-          "uri"
-        ],
-        "title": "McpResourceReadParams",
-        "type": "object"
-      },
-      "McpResourceReadResponse": {
-        "$schema": "http://json-schema.org/draft-07/schema#",
-        "properties": {
-          "contents": {
-            "items": {
-              "$ref": "#/definitions/v2/ResourceContent"
-            },
-            "type": "array"
-          }
-        },
-        "required": [
-          "contents"
-        ],
-        "title": "McpResourceReadResponse",
-        "type": "object"
-      },
       "McpServerOauthLoginCompletedNotification": {
         "$schema": "http://json-schema.org/draft-07/schema#",
         "properties": {
@@ -9116,13 +8870,6 @@
         ],
         "type": "object"
       },
-      "McpServerStatusDetail": {
-        "enum": [
-          "full",
-          "toolsAndAuthOnly"
-        ],
-        "type": "string"
-      },
       "McpServerStatusUpdatedNotification": {
         "$schema": "http://json-schema.org/draft-07/schema#",
         "properties": {
@@ -9502,15 +9249,6 @@
         ],
         "type": "string"
       },
-      "NetworkApprovalProtocol": {
-        "enum": [
-          "http",
-          "https",
-          "socks5Tcp",
-          "socks5Udp"
-        ],
-        "type": "string"
-      },
       "NetworkDomainPermission": {
         "enum": [
           "allow",
@@ -9552,12 +9290,6 @@
               "null"
             ]
           },
-          "dangerFullAccessDenylistOnly": {
-            "type": [
-              "boolean",
-              "null"
-            ]
-          },
           "dangerouslyAllowAllUnixSockets": {
             "type": [
               "boolean",
@@ -10728,57 +10460,6 @@
         ],
         "type": "object"
       },
-      "ResourceContent": {
-        "anyOf": [
-          {
-            "properties": {
-              "_meta": true,
-              "mimeType": {
-                "type": [
-                  "string",
-                  "null"
-                ]
-              },
-              "text": {
-                "type": "string"
-              },
-              "uri": {
-                "description": "The URI of this resource.",
-                "type": "string"
-              }
-            },
-            "required": [
-              "text",
-              "uri"
-            ],
-            "type": "object"
-          },
-          {
-            "properties": {
-              "_meta": true,
-              "blob": {
-                "type": "string"
-              },
-              "mimeType": {
-                "type": [
-                  "string",
-                  "null"
-                ]
-              },
-              "uri": {
-                "description": "The URI of this resource.",
-                "type": "string"
-              }
-            },
-            "required": [
-              "blob",
-              "uri"
-            ],
-            "type": "object"
-          }
-        ],
-        "description": "Contents returned when reading a resource from an MCP server."
-      },
       "ResourceTemplate": {
         "description": "A template description for resources available on the server.",
         "properties": {
@@ -12322,13 +12003,6 @@
             "description": "Whether the thread is ephemeral and should not be materialized on disk.",
             "type": "boolean"
           },
-          "forkedFromId": {
-            "description": "Source thread id when this thread was created by forking another thread.",
-            "type": [
-              "string",
-              "null"
-            ]
-          },
           "gitInfo": {
             "anyOf": [
               {
@@ -14465,22 +14139,6 @@
       },
       "Turn": {
         "properties": {
-          "completedAt": {
-            "description": "Unix timestamp (in seconds) when the turn completed.",
-            "format": "int64",
-            "type": [
-              "integer",
-              "null"
-            ]
-          },
-          "durationMs": {
-            "description": "Duration between turn start and completion in milliseconds, if known.",
-            "format": "int64",
-            "type": [
-              "integer",
-              "null"
-            ]
-          },
           "error": {
             "anyOf": [
               {
@@ -14502,14 +14160,6 @@
             },
             "type": "array"
           },
-          "startedAt": {
-            "description": "Unix timestamp (in seconds) when the turn started.",
-            "format": "int64",
-            "type": [
-              "integer",
-              "null"
-            ]
-          },
           "status": {
             "$ref": "#/definitions/v2/TurnStatus"
           }

codex-rs/app-server-protocol/schema/json/codex_app_server_protocol.v2.schemas.json

@@ -1776,30 +1776,6 @@
           "title": "McpServerStatus/listRequest",
           "type": "object"
         },
-        {
-          "properties": {
-            "id": {
-              "$ref": "#/definitions/RequestId"
-            },
-            "method": {
-              "enum": [
-                "mcpServer/resource/read"
-              ],
-              "title": "McpServer/resource/readRequestMethod",
-              "type": "string"
-            },
-            "params": {
-              "$ref": "#/definitions/McpResourceReadParams"
-            }
-          },
-          "required": [
-            "id",
-            "method",
-            "params"
-          ],
-          "title": "McpServer/resource/readRequest",
-          "type": "object"
-        },
         {
           "properties": {
             "id": {
@@ -4871,176 +4847,6 @@
       ],
       "type": "object"
     },
-    "GuardianApprovalReviewAction": {
-      "oneOf": [
-        {
-          "properties": {
-            "command": {
-              "type": "string"
-            },
-            "cwd": {
-              "type": "string"
-            },
-            "source": {
-              "$ref": "#/definitions/GuardianCommandSource"
-            },
-            "type": {
-              "enum": [
-                "command"
-              ],
-              "title": "CommandGuardianApprovalReviewActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "command",
-            "cwd",
-            "source",
-            "type"
-          ],
-          "title": "CommandGuardianApprovalReviewAction",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "argv": {
-              "items": {
-                "type": "string"
-              },
-              "type": "array"
-            },
-            "cwd": {
-              "type": "string"
-            },
-            "program": {
-              "type": "string"
-            },
-            "source": {
-              "$ref": "#/definitions/GuardianCommandSource"
-            },
-            "type": {
-              "enum": [
-                "execve"
-              ],
-              "title": "ExecveGuardianApprovalReviewActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "argv",
-            "cwd",
-            "program",
-            "source",
-            "type"
-          ],
-          "title": "ExecveGuardianApprovalReviewAction",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "cwd": {
-              "type": "string"
-            },
-            "files": {
-              "items": {
-                "type": "string"
-              },
-              "type": "array"
-            },
-            "type": {
-              "enum": [
-                "applyPatch"
-              ],
-              "title": "ApplyPatchGuardianApprovalReviewActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "cwd",
-            "files",
-            "type"
-          ],
-          "title": "ApplyPatchGuardianApprovalReviewAction",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "host": {
-              "type": "string"
-            },
-            "port": {
-              "format": "uint16",
-              "minimum": 0.0,
-              "type": "integer"
-            },
-            "protocol": {
-              "$ref": "#/definitions/NetworkApprovalProtocol"
-            },
-            "target": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "networkAccess"
-              ],
-              "title": "NetworkAccessGuardianApprovalReviewActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "host",
-            "port",
-            "protocol",
-            "target",
-            "type"
-          ],
-          "title": "NetworkAccessGuardianApprovalReviewAction",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "connectorId": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "connectorName": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "server": {
-              "type": "string"
-            },
-            "toolName": {
-              "type": "string"
-            },
-            "toolTitle": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "mcpToolCall"
-              ],
-              "title": "McpToolCallGuardianApprovalReviewActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "server",
-            "toolName",
-            "type"
-          ],
-          "title": "McpToolCallGuardianApprovalReviewAction",
-          "type": "object"
-        }
-      ]
-    },
     "GuardianApprovalReviewStatus": {
       "description": "[UNSTABLE] Lifecycle state for a guardian approval review.",
       "enum": [
@@ -5051,13 +4857,6 @@
       ],
       "type": "string"
     },
-    "GuardianCommandSource": {
-      "enum": [
-        "shell",
-        "unifiedExec"
-      ],
-      "type": "string"
-    },
     "GuardianRiskLevel": {
       "description": "[UNSTABLE] Risk level assigned by guardian approval review.",
       "enum": [
@@ -5364,9 +5163,7 @@
       "$schema": "http://json-schema.org/draft-07/schema#",
       "description": "[UNSTABLE] Temporary notification payload for guardian automatic approval review. This shape is expected to change soon.\n\nTODO(ccunningham): Attach guardian review state to the reviewed tool item's lifecycle instead of sending separate standalone review notifications so the app-server API can persist and replay review state via `thread/read`.",
       "properties": {
-        "action": {
-          "$ref": "#/definitions/GuardianApprovalReviewAction"
-        },
+        "action": true,
         "review": {
           "$ref": "#/definitions/GuardianApprovalReview"
         },
@@ -5381,7 +5178,6 @@
         }
       },
       "required": [
-        "action",
         "review",
         "targetItemId",
         "threadId",
@@ -5394,9 +5190,7 @@
       "$schema": "http://json-schema.org/draft-07/schema#",
       "description": "[UNSTABLE] Temporary notification payload for guardian automatic approval review. This shape is expected to change soon.\n\nTODO(ccunningham): Attach guardian review state to the reviewed tool item's lifecycle instead of sending separate standalone review notifications so the app-server API can persist and replay review state via `thread/read`.",
       "properties": {
-        "action": {
-          "$ref": "#/definitions/GuardianApprovalReviewAction"
-        },
+        "action": true,
         "review": {
           "$ref": "#/definitions/GuardianApprovalReview"
         },
@@ -5411,7 +5205,6 @@
         }
       },
       "required": [
-        "action",
         "review",
         "targetItemId",
         "threadId",
@@ -5451,17 +5244,6 @@
             "null"
           ]
         },
-        "detail": {
-          "anyOf": [
-            {
-              "$ref": "#/definitions/McpServerStatusDetail"
-            },
-            {
-              "type": "null"
-            }
-          ],
-          "description": "Controls how much MCP inventory data to fetch for each server. Defaults to `Full` when omitted."
-        },
         "limit": {
           "description": "Optional page size; defaults to a server-defined value.",
           "format": "uint32",
@@ -5787,43 +5569,6 @@
       ],
       "type": "string"
     },
-    "McpResourceReadParams": {
-      "$schema": "http://json-schema.org/draft-07/schema#",
-      "properties": {
-        "server": {
-          "type": "string"
-        },
-        "threadId": {
-          "type": "string"
-        },
-        "uri": {
-          "type": "string"
-        }
-      },
-      "required": [
-        "server",
-        "threadId",
-        "uri"
-      ],
-      "title": "McpResourceReadParams",
-      "type": "object"
-    },
-    "McpResourceReadResponse": {
-      "$schema": "http://json-schema.org/draft-07/schema#",
-      "properties": {
-        "contents": {
-          "items": {
-            "$ref": "#/definitions/ResourceContent"
-          },
-          "type": "array"
-        }
-      },
-      "required": [
-        "contents"
-      ],
-      "title": "McpResourceReadResponse",
-      "type": "object"
-    },
     "McpServerOauthLoginCompletedNotification": {
       "$schema": "http://json-schema.org/draft-07/schema#",
       "properties": {
@@ -5939,13 +5684,6 @@
       ],
       "type": "object"
     },
-    "McpServerStatusDetail": {
-      "enum": [
-        "full",
-        "toolsAndAuthOnly"
-      ],
-      "type": "string"
-    },
     "McpServerStatusUpdatedNotification": {
       "$schema": "http://json-schema.org/draft-07/schema#",
       "properties": {
@@ -6325,15 +6063,6 @@
       ],
       "type": "string"
     },
-    "NetworkApprovalProtocol": {
-      "enum": [
-        "http",
-        "https",
-        "socks5Tcp",
-        "socks5Udp"
-      ],
-      "type": "string"
-    },
     "NetworkDomainPermission": {
       "enum": [
         "allow",
@@ -6375,12 +6104,6 @@
             "null"
           ]
         },
-        "dangerFullAccessDenylistOnly": {
-          "type": [
-            "boolean",
-            "null"
-          ]
-        },
         "dangerouslyAllowAllUnixSockets": {
           "type": [
             "boolean",
@@ -7551,57 +7274,6 @@
       ],
       "type": "object"
     },
-    "ResourceContent": {
-      "anyOf": [
-        {
-          "properties": {
-            "_meta": true,
-            "mimeType": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "text": {
-              "type": "string"
-            },
-            "uri": {
-              "description": "The URI of this resource.",
-              "type": "string"
-            }
-          },
-          "required": [
-            "text",
-            "uri"
-          ],
-          "type": "object"
-        },
-        {
-          "properties": {
-            "_meta": true,
-            "blob": {
-              "type": "string"
-            },
-            "mimeType": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "uri": {
-              "description": "The URI of this resource.",
-              "type": "string"
-            }
-          },
-          "required": [
-            "blob",
-            "uri"
-          ],
-          "type": "object"
-        }
-      ],
-      "description": "Contents returned when reading a resource from an MCP server."
-    },
     "ResourceTemplate": {
       "description": "A template description for resources available on the server.",
       "properties": {
@@ -10177,13 +9849,6 @@
           "description": "Whether the thread is ephemeral and should not be materialized on disk.",
           "type": "boolean"
         },
-        "forkedFromId": {
-          "description": "Source thread id when this thread was created by forking another thread.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
         "gitInfo": {
           "anyOf": [
             {
@@ -12320,22 +11985,6 @@
     },
     "Turn": {
       "properties": {
-        "completedAt": {
-          "description": "Unix timestamp (in seconds) when the turn completed.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
-        "durationMs": {
-          "description": "Duration between turn start and completion in milliseconds, if known.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
         "error": {
           "anyOf": [
             {
@@ -12357,14 +12006,6 @@
           },
           "type": "array"
         },
-        "startedAt": {
-          "description": "Unix timestamp (in seconds) when the turn started.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
         "status": {
           "$ref": "#/definitions/TurnStatus"
         }

codex-rs/app-server-protocol/schema/json/v2/ConfigRequirementsReadResponse.json

@@ -1,14 +1,6 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
   "definitions": {
-    "ApprovalsReviewer": {
-      "description": "Configures who approval requests are routed to for review. Examples include sandbox escapes, blocked network access, MCP approval prompts, and ARC escalations. Defaults to `user`. `guardian_subagent` uses a carefully prompted subagent to gather relevant context and apply a risk-based decision framework before approving or denying the request.",
-      "enum": [
-        "user",
-        "guardian_subagent"
-      ],
-      "type": "string"
-    },
     "AskForApproval": {
       "oneOf": [
         {
@@ -151,12 +143,6 @@
             "null"
           ]
         },
-        "dangerFullAccessDenylistOnly": {
-          "type": [
-            "boolean",
-            "null"
-          ]
-        },
         "dangerouslyAllowAllUnixSockets": {
           "type": [
             "boolean",

codex-rs/app-server-protocol/schema/json/v2/ItemGuardianApprovalReviewCompletedNotification.json

@@ -37,176 +37,6 @@
       ],
       "type": "object"
     },
-    "GuardianApprovalReviewAction": {
-      "oneOf": [
-        {
-          "properties": {
-            "command": {
-              "type": "string"
-            },
-            "cwd": {
-              "type": "string"
-            },
-            "source": {
-              "$ref": "#/definitions/GuardianCommandSource"
-            },
-            "type": {
-              "enum": [
-                "command"
-              ],
-              "title": "CommandGuardianApprovalReviewActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "command",
-            "cwd",
-            "source",
-            "type"
-          ],
-          "title": "CommandGuardianApprovalReviewAction",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "argv": {
-              "items": {
-                "type": "string"
-              },
-              "type": "array"
-            },
-            "cwd": {
-              "type": "string"
-            },
-            "program": {
-              "type": "string"
-            },
-            "source": {
-              "$ref": "#/definitions/GuardianCommandSource"
-            },
-            "type": {
-              "enum": [
-                "execve"
-              ],
-              "title": "ExecveGuardianApprovalReviewActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "argv",
-            "cwd",
-            "program",
-            "source",
-            "type"
-          ],
-          "title": "ExecveGuardianApprovalReviewAction",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "cwd": {
-              "type": "string"
-            },
-            "files": {
-              "items": {
-                "type": "string"
-              },
-              "type": "array"
-            },
-            "type": {
-              "enum": [
-                "applyPatch"
-              ],
-              "title": "ApplyPatchGuardianApprovalReviewActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "cwd",
-            "files",
-            "type"
-          ],
-          "title": "ApplyPatchGuardianApprovalReviewAction",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "host": {
-              "type": "string"
-            },
-            "port": {
-              "format": "uint16",
-              "minimum": 0.0,
-              "type": "integer"
-            },
-            "protocol": {
-              "$ref": "#/definitions/NetworkApprovalProtocol"
-            },
-            "target": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "networkAccess"
-              ],
-              "title": "NetworkAccessGuardianApprovalReviewActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "host",
-            "port",
-            "protocol",
-            "target",
-            "type"
-          ],
-          "title": "NetworkAccessGuardianApprovalReviewAction",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "connectorId": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "connectorName": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "server": {
-              "type": "string"
-            },
-            "toolName": {
-              "type": "string"
-            },
-            "toolTitle": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "mcpToolCall"
-              ],
-              "title": "McpToolCallGuardianApprovalReviewActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "server",
-            "toolName",
-            "type"
-          ],
-          "title": "McpToolCallGuardianApprovalReviewAction",
-          "type": "object"
-        }
-      ]
-    },
     "GuardianApprovalReviewStatus": {
       "description": "[UNSTABLE] Lifecycle state for a guardian approval review.",
       "enum": [
@@ -217,13 +47,6 @@
       ],
       "type": "string"
     },
-    "GuardianCommandSource": {
-      "enum": [
-        "shell",
-        "unifiedExec"
-      ],
-      "type": "string"
-    },
     "GuardianRiskLevel": {
       "description": "[UNSTABLE] Risk level assigned by guardian approval review.",
       "enum": [
@@ -232,22 +55,11 @@
         "high"
       ],
       "type": "string"
-    },
-    "NetworkApprovalProtocol": {
-      "enum": [
-        "http",
-        "https",
-        "socks5Tcp",
-        "socks5Udp"
-      ],
-      "type": "string"
     }
   },
   "description": "[UNSTABLE] Temporary notification payload for guardian automatic approval review. This shape is expected to change soon.\n\nTODO(ccunningham): Attach guardian review state to the reviewed tool item's lifecycle instead of sending separate standalone review notifications so the app-server API can persist and replay review state via `thread/read`.",
   "properties": {
-    "action": {
-      "$ref": "#/definitions/GuardianApprovalReviewAction"
-    },
+    "action": true,
     "review": {
       "$ref": "#/definitions/GuardianApprovalReview"
     },
@@ -262,7 +74,6 @@
     }
   },
   "required": [
-    "action",
     "review",
     "targetItemId",
     "threadId",

codex-rs/app-server-protocol/schema/json/v2/ItemGuardianApprovalReviewStartedNotification.json

@@ -37,176 +37,6 @@
       ],
       "type": "object"
     },
-    "GuardianApprovalReviewAction": {
-      "oneOf": [
-        {
-          "properties": {
-            "command": {
-              "type": "string"
-            },
-            "cwd": {
-              "type": "string"
-            },
-            "source": {
-              "$ref": "#/definitions/GuardianCommandSource"
-            },
-            "type": {
-              "enum": [
-                "command"
-              ],
-              "title": "CommandGuardianApprovalReviewActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "command",
-            "cwd",
-            "source",
-            "type"
-          ],
-          "title": "CommandGuardianApprovalReviewAction",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "argv": {
-              "items": {
-                "type": "string"
-              },
-              "type": "array"
-            },
-            "cwd": {
-              "type": "string"
-            },
-            "program": {
-              "type": "string"
-            },
-            "source": {
-              "$ref": "#/definitions/GuardianCommandSource"
-            },
-            "type": {
-              "enum": [
-                "execve"
-              ],
-              "title": "ExecveGuardianApprovalReviewActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "argv",
-            "cwd",
-            "program",
-            "source",
-            "type"
-          ],
-          "title": "ExecveGuardianApprovalReviewAction",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "cwd": {
-              "type": "string"
-            },
-            "files": {
-              "items": {
-                "type": "string"
-              },
-              "type": "array"
-            },
-            "type": {
-              "enum": [
-                "applyPatch"
-              ],
-              "title": "ApplyPatchGuardianApprovalReviewActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "cwd",
-            "files",
-            "type"
-          ],
-          "title": "ApplyPatchGuardianApprovalReviewAction",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "host": {
-              "type": "string"
-            },
-            "port": {
-              "format": "uint16",
-              "minimum": 0.0,
-              "type": "integer"
-            },
-            "protocol": {
-              "$ref": "#/definitions/NetworkApprovalProtocol"
-            },
-            "target": {
-              "type": "string"
-            },
-            "type": {
-              "enum": [
-                "networkAccess"
-              ],
-              "title": "NetworkAccessGuardianApprovalReviewActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "host",
-            "port",
-            "protocol",
-            "target",
-            "type"
-          ],
-          "title": "NetworkAccessGuardianApprovalReviewAction",
-          "type": "object"
-        },
-        {
-          "properties": {
-            "connectorId": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "connectorName": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "server": {
-              "type": "string"
-            },
-            "toolName": {
-              "type": "string"
-            },
-            "toolTitle": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "type": {
-              "enum": [
-                "mcpToolCall"
-              ],
-              "title": "McpToolCallGuardianApprovalReviewActionType",
-              "type": "string"
-            }
-          },
-          "required": [
-            "server",
-            "toolName",
-            "type"
-          ],
-          "title": "McpToolCallGuardianApprovalReviewAction",
-          "type": "object"
-        }
-      ]
-    },
     "GuardianApprovalReviewStatus": {
       "description": "[UNSTABLE] Lifecycle state for a guardian approval review.",
       "enum": [
@@ -217,13 +47,6 @@
       ],
       "type": "string"
     },
-    "GuardianCommandSource": {
-      "enum": [
-        "shell",
-        "unifiedExec"
-      ],
-      "type": "string"
-    },
     "GuardianRiskLevel": {
       "description": "[UNSTABLE] Risk level assigned by guardian approval review.",
       "enum": [
@@ -232,22 +55,11 @@
         "high"
       ],
       "type": "string"
-    },
-    "NetworkApprovalProtocol": {
-      "enum": [
-        "http",
-        "https",
-        "socks5Tcp",
-        "socks5Udp"
-      ],
-      "type": "string"
     }
   },
   "description": "[UNSTABLE] Temporary notification payload for guardian automatic approval review. This shape is expected to change soon.\n\nTODO(ccunningham): Attach guardian review state to the reviewed tool item's lifecycle instead of sending separate standalone review notifications so the app-server API can persist and replay review state via `thread/read`.",
   "properties": {
-    "action": {
-      "$ref": "#/definitions/GuardianApprovalReviewAction"
-    },
+    "action": true,
     "review": {
       "$ref": "#/definitions/GuardianApprovalReview"
     },
@@ -262,7 +74,6 @@
     }
   },
   "required": [
-    "action",
     "review",
     "targetItemId",
     "threadId",

codex-rs/app-server-protocol/schema/json/v2/ListMcpServerStatusParams.json

@@ -1,14 +1,5 @@
 {
   "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "McpServerStatusDetail": {
-      "enum": [
-        "full",
-        "toolsAndAuthOnly"
-      ],
-      "type": "string"
-    }
-  },
   "properties": {
     "cursor": {
       "description": "Opaque pagination cursor returned by a previous call.",
@@ -17,17 +8,6 @@
         "null"
       ]
     },
-    "detail": {
-      "anyOf": [
-        {
-          "$ref": "#/definitions/McpServerStatusDetail"
-        },
-        {
-          "type": "null"
-        }
-      ],
-      "description": "Controls how much MCP inventory data to fetch for each server. Defaults to `Full` when omitted."
-    },
     "limit": {
       "description": "Optional page size; defaults to a server-defined value.",
       "format": "uint32",

codex-rs/app-server-protocol/schema/json/v2/McpResourceReadParams.json

@@ -1,21 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "properties": {
-    "server": {
-      "type": "string"
-    },
-    "threadId": {
-      "type": "string"
-    },
-    "uri": {
-      "type": "string"
-    }
-  },
-  "required": [
-    "server",
-    "threadId",
-    "uri"
-  ],
-  "title": "McpResourceReadParams",
-  "type": "object"
-}

codex-rs/app-server-protocol/schema/json/v2/McpResourceReadResponse.json

@@ -1,69 +0,0 @@
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "definitions": {
-    "ResourceContent": {
-      "anyOf": [
-        {
-          "properties": {
-            "_meta": true,
-            "mimeType": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "text": {
-              "type": "string"
-            },
-            "uri": {
-              "description": "The URI of this resource.",
-              "type": "string"
-            }
-          },
-          "required": [
-            "text",
-            "uri"
-          ],
-          "type": "object"
-        },
-        {
-          "properties": {
-            "_meta": true,
-            "blob": {
-              "type": "string"
-            },
-            "mimeType": {
-              "type": [
-                "string",
-                "null"
-              ]
-            },
-            "uri": {
-              "description": "The URI of this resource.",
-              "type": "string"
-            }
-          },
-          "required": [
-            "blob",
-            "uri"
-          ],
-          "type": "object"
-        }
-      ],
-      "description": "Contents returned when reading a resource from an MCP server."
-    }
-  },
-  "properties": {
-    "contents": {
-      "items": {
-        "$ref": "#/definitions/ResourceContent"
-      },
-      "type": "array"
-    }
-  },
-  "required": [
-    "contents"
-  ],
-  "title": "McpResourceReadResponse",
-  "type": "object"
-}

codex-rs/app-server-protocol/schema/json/v2/ReviewStartResponse.json

@@ -1267,22 +1267,6 @@
     },
     "Turn": {
       "properties": {
-        "completedAt": {
-          "description": "Unix timestamp (in seconds) when the turn completed.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
-        "durationMs": {
-          "description": "Duration between turn start and completion in milliseconds, if known.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
         "error": {
           "anyOf": [
             {
@@ -1304,14 +1288,6 @@
           },
           "type": "array"
         },
-        "startedAt": {
-          "description": "Unix timestamp (in seconds) when the turn started.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
         "status": {
           "$ref": "#/definitions/TurnStatus"
         }

codex-rs/app-server-protocol/schema/json/v2/ThreadForkResponse.json

@@ -1042,13 +1042,6 @@
           "description": "Whether the thread is ephemeral and should not be materialized on disk.",
           "type": "boolean"
         },
-        "forkedFromId": {
-          "description": "Source thread id when this thread was created by forking another thread.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
         "gitInfo": {
           "anyOf": [
             {
@@ -1856,22 +1849,6 @@
     },
     "Turn": {
       "properties": {
-        "completedAt": {
-          "description": "Unix timestamp (in seconds) when the turn completed.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
-        "durationMs": {
-          "description": "Duration between turn start and completion in milliseconds, if known.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
         "error": {
           "anyOf": [
             {
@@ -1893,14 +1870,6 @@
           },
           "type": "array"
         },
-        "startedAt": {
-          "description": "Unix timestamp (in seconds) when the turn started.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
         "status": {
           "$ref": "#/definitions/TurnStatus"
         }

codex-rs/app-server-protocol/schema/json/v2/ThreadListResponse.json

@@ -800,13 +800,6 @@
           "description": "Whether the thread is ephemeral and should not be materialized on disk.",
           "type": "boolean"
         },
-        "forkedFromId": {
-          "description": "Source thread id when this thread was created by forking another thread.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
         "gitInfo": {
           "anyOf": [
             {
@@ -1614,22 +1607,6 @@
     },
     "Turn": {
       "properties": {
-        "completedAt": {
-          "description": "Unix timestamp (in seconds) when the turn completed.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
-        "durationMs": {
-          "description": "Duration between turn start and completion in milliseconds, if known.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
         "error": {
           "anyOf": [
             {
@@ -1651,14 +1628,6 @@
           },
           "type": "array"
         },
-        "startedAt": {
-          "description": "Unix timestamp (in seconds) when the turn started.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
         "status": {
           "$ref": "#/definitions/TurnStatus"
         }

codex-rs/app-server-protocol/schema/json/v2/ThreadMetadataUpdateResponse.json

@@ -800,13 +800,6 @@
           "description": "Whether the thread is ephemeral and should not be materialized on disk.",
           "type": "boolean"
         },
-        "forkedFromId": {
-          "description": "Source thread id when this thread was created by forking another thread.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
         "gitInfo": {
           "anyOf": [
             {
@@ -1614,22 +1607,6 @@
     },
     "Turn": {
       "properties": {
-        "completedAt": {
-          "description": "Unix timestamp (in seconds) when the turn completed.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
-        "durationMs": {
-          "description": "Duration between turn start and completion in milliseconds, if known.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
         "error": {
           "anyOf": [
             {
@@ -1651,14 +1628,6 @@
           },
           "type": "array"
         },
-        "startedAt": {
-          "description": "Unix timestamp (in seconds) when the turn started.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
         "status": {
           "$ref": "#/definitions/TurnStatus"
         }

codex-rs/app-server-protocol/schema/json/v2/ThreadReadResponse.json

@@ -800,13 +800,6 @@
           "description": "Whether the thread is ephemeral and should not be materialized on disk.",
           "type": "boolean"
         },
-        "forkedFromId": {
-          "description": "Source thread id when this thread was created by forking another thread.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
         "gitInfo": {
           "anyOf": [
             {
@@ -1614,22 +1607,6 @@
     },
     "Turn": {
       "properties": {
-        "completedAt": {
-          "description": "Unix timestamp (in seconds) when the turn completed.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
-        "durationMs": {
-          "description": "Duration between turn start and completion in milliseconds, if known.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
         "error": {
           "anyOf": [
             {
@@ -1651,14 +1628,6 @@
           },
           "type": "array"
         },
-        "startedAt": {
-          "description": "Unix timestamp (in seconds) when the turn started.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
         "status": {
           "$ref": "#/definitions/TurnStatus"
         }

codex-rs/app-server-protocol/schema/json/v2/ThreadResumeResponse.json

@@ -1042,13 +1042,6 @@
           "description": "Whether the thread is ephemeral and should not be materialized on disk.",
           "type": "boolean"
         },
-        "forkedFromId": {
-          "description": "Source thread id when this thread was created by forking another thread.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
         "gitInfo": {
           "anyOf": [
             {
@@ -1856,22 +1849,6 @@
     },
     "Turn": {
       "properties": {
-        "completedAt": {
-          "description": "Unix timestamp (in seconds) when the turn completed.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
-        "durationMs": {
-          "description": "Duration between turn start and completion in milliseconds, if known.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
         "error": {
           "anyOf": [
             {
@@ -1893,14 +1870,6 @@
           },
           "type": "array"
         },
-        "startedAt": {
-          "description": "Unix timestamp (in seconds) when the turn started.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
         "status": {
           "$ref": "#/definitions/TurnStatus"
         }

codex-rs/app-server-protocol/schema/json/v2/ThreadRollbackResponse.json

@@ -800,13 +800,6 @@
           "description": "Whether the thread is ephemeral and should not be materialized on disk.",
           "type": "boolean"
         },
-        "forkedFromId": {
-          "description": "Source thread id when this thread was created by forking another thread.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
         "gitInfo": {
           "anyOf": [
             {
@@ -1614,22 +1607,6 @@
     },
     "Turn": {
       "properties": {
-        "completedAt": {
-          "description": "Unix timestamp (in seconds) when the turn completed.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
-        "durationMs": {
-          "description": "Duration between turn start and completion in milliseconds, if known.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
         "error": {
           "anyOf": [
             {
@@ -1651,14 +1628,6 @@
           },
           "type": "array"
         },
-        "startedAt": {
-          "description": "Unix timestamp (in seconds) when the turn started.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
         "status": {
           "$ref": "#/definitions/TurnStatus"
         }

codex-rs/app-server-protocol/schema/json/v2/ThreadStartResponse.json

@@ -1042,13 +1042,6 @@
           "description": "Whether the thread is ephemeral and should not be materialized on disk.",
           "type": "boolean"
         },
-        "forkedFromId": {
-          "description": "Source thread id when this thread was created by forking another thread.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
         "gitInfo": {
           "anyOf": [
             {
@@ -1856,22 +1849,6 @@
     },
     "Turn": {
       "properties": {
-        "completedAt": {
-          "description": "Unix timestamp (in seconds) when the turn completed.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
-        "durationMs": {
-          "description": "Duration between turn start and completion in milliseconds, if known.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
         "error": {
           "anyOf": [
             {
@@ -1893,14 +1870,6 @@
           },
           "type": "array"
         },
-        "startedAt": {
-          "description": "Unix timestamp (in seconds) when the turn started.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
         "status": {
           "$ref": "#/definitions/TurnStatus"
         }

codex-rs/app-server-protocol/schema/json/v2/ThreadStartedNotification.json

@@ -800,13 +800,6 @@
           "description": "Whether the thread is ephemeral and should not be materialized on disk.",
           "type": "boolean"
         },
-        "forkedFromId": {
-          "description": "Source thread id when this thread was created by forking another thread.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
         "gitInfo": {
           "anyOf": [
             {
@@ -1614,22 +1607,6 @@
     },
     "Turn": {
       "properties": {
-        "completedAt": {
-          "description": "Unix timestamp (in seconds) when the turn completed.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
-        "durationMs": {
-          "description": "Duration between turn start and completion in milliseconds, if known.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
         "error": {
           "anyOf": [
             {
@@ -1651,14 +1628,6 @@
           },
           "type": "array"
         },
-        "startedAt": {
-          "description": "Unix timestamp (in seconds) when the turn started.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
         "status": {
           "$ref": "#/definitions/TurnStatus"
         }

codex-rs/app-server-protocol/schema/json/v2/ThreadUnarchiveResponse.json

@@ -800,13 +800,6 @@
           "description": "Whether the thread is ephemeral and should not be materialized on disk.",
           "type": "boolean"
         },
-        "forkedFromId": {
-          "description": "Source thread id when this thread was created by forking another thread.",
-          "type": [
-            "string",
-            "null"
-          ]
-        },
         "gitInfo": {
           "anyOf": [
             {
@@ -1614,22 +1607,6 @@
     },
     "Turn": {
       "properties": {
-        "completedAt": {
-          "description": "Unix timestamp (in seconds) when the turn completed.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
-        "durationMs": {
-          "description": "Duration between turn start and completion in milliseconds, if known.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
         "error": {
           "anyOf": [
             {
@@ -1651,14 +1628,6 @@
           },
           "type": "array"
         },
-        "startedAt": {
-          "description": "Unix timestamp (in seconds) when the turn started.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
         "status": {
           "$ref": "#/definitions/TurnStatus"
         }

codex-rs/app-server-protocol/schema/json/v2/TurnCompletedNotification.json

@@ -1267,22 +1267,6 @@
     },
     "Turn": {
       "properties": {
-        "completedAt": {
-          "description": "Unix timestamp (in seconds) when the turn completed.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
-        "durationMs": {
-          "description": "Duration between turn start and completion in milliseconds, if known.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
         "error": {
           "anyOf": [
             {
@@ -1304,14 +1288,6 @@
           },
           "type": "array"
         },
-        "startedAt": {
-          "description": "Unix timestamp (in seconds) when the turn started.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
         "status": {
           "$ref": "#/definitions/TurnStatus"
         }

codex-rs/app-server-protocol/schema/json/v2/TurnStartResponse.json

@@ -1267,22 +1267,6 @@
     },
     "Turn": {
       "properties": {
-        "completedAt": {
-          "description": "Unix timestamp (in seconds) when the turn completed.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
-        "durationMs": {
-          "description": "Duration between turn start and completion in milliseconds, if known.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
         "error": {
           "anyOf": [
             {
@@ -1304,14 +1288,6 @@
           },
           "type": "array"
         },
-        "startedAt": {
-          "description": "Unix timestamp (in seconds) when the turn started.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
         "status": {
           "$ref": "#/definitions/TurnStatus"
         }

codex-rs/app-server-protocol/schema/json/v2/TurnStartedNotification.json

@@ -1267,22 +1267,6 @@
     },
     "Turn": {
       "properties": {
-        "completedAt": {
-          "description": "Unix timestamp (in seconds) when the turn completed.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
-        "durationMs": {
-          "description": "Duration between turn start and completion in milliseconds, if known.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
         "error": {
           "anyOf": [
             {
@@ -1304,14 +1288,6 @@
           },
           "type": "array"
         },
-        "startedAt": {
-          "description": "Unix timestamp (in seconds) when the turn started.",
-          "format": "int64",
-          "type": [
-            "integer",
-            "null"
-          ]
-        },
         "status": {
           "$ref": "#/definitions/TurnStatus"
         }

codex-rs/app-server-protocol/schema/typescript/ResourceContent.ts

@@ -1,17 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { JsonValue } from "./serde_json/JsonValue";
-
-/**
- * Contents returned when reading a resource from an MCP server.
- */
-export type ResourceContent = { 
-/**
- * The URI of this resource.
- */
-uri: string, mimeType?: string, text: string, _meta?: JsonValue, } | { 
-/**
- * The URI of this resource.
- */
-uri: string, mimeType?: string, blob: string, _meta?: JsonValue, };

codex-rs/app-server-protocol/schema/typescript/index.ts

@@ -55,7 +55,6 @@ export type { ReasoningItemReasoningSummary } from "./ReasoningItemReasoningSumm
 export type { ReasoningSummary } from "./ReasoningSummary";
 export type { RequestId } from "./RequestId";
 export type { Resource } from "./Resource";
-export type { ResourceContent } from "./ResourceContent";
 export type { ResourceTemplate } from "./ResourceTemplate";
 export type { ResponseItem } from "./ResponseItem";
 export type { ReviewDecision } from "./ReviewDecision";

codex-rs/app-server-protocol/schema/typescript/v2/GuardianApprovalReviewAction.ts

@@ -1,7 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { GuardianCommandSource } from "./GuardianCommandSource";
-import type { NetworkApprovalProtocol } from "./NetworkApprovalProtocol";
-
-export type GuardianApprovalReviewAction = { "type": "command", source: GuardianCommandSource, command: string, cwd: string, } | { "type": "execve", source: GuardianCommandSource, program: string, argv: Array<string>, cwd: string, } | { "type": "applyPatch", cwd: string, files: Array<string>, } | { "type": "networkAccess", target: string, host: string, protocol: NetworkApprovalProtocol, port: number, } | { "type": "mcpToolCall", server: string, toolName: string, connectorId: string | null, connectorName: string | null, toolTitle: string | null, };

codex-rs/app-server-protocol/schema/typescript/v2/GuardianCommandSource.ts

@@ -1,5 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-
-export type GuardianCommandSource = "shell" | "unifiedExec";

codex-rs/app-server-protocol/schema/typescript/v2/ItemGuardianApprovalReviewCompletedNotification.ts

@@ -1,8 +1,8 @@
 // GENERATED CODE! DO NOT MODIFY BY HAND!
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { JsonValue } from "../serde_json/JsonValue";
 import type { GuardianApprovalReview } from "./GuardianApprovalReview";
-import type { GuardianApprovalReviewAction } from "./GuardianApprovalReviewAction";
 
 /**
  * [UNSTABLE] Temporary notification payload for guardian automatic approval
@@ -12,4 +12,4 @@ import type { GuardianApprovalReviewAction } from "./GuardianApprovalReviewActio
  * lifecycle instead of sending separate standalone review notifications so the
  * app-server API can persist and replay review state via `thread/read`.
  */
-export type ItemGuardianApprovalReviewCompletedNotification = { threadId: string, turnId: string, targetItemId: string, review: GuardianApprovalReview, action: GuardianApprovalReviewAction, };
+export type ItemGuardianApprovalReviewCompletedNotification = { threadId: string, turnId: string, targetItemId: string, review: GuardianApprovalReview, action: JsonValue | null, };

codex-rs/app-server-protocol/schema/typescript/v2/ItemGuardianApprovalReviewStartedNotification.ts

@@ -1,8 +1,8 @@
 // GENERATED CODE! DO NOT MODIFY BY HAND!
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { JsonValue } from "../serde_json/JsonValue";
 import type { GuardianApprovalReview } from "./GuardianApprovalReview";
-import type { GuardianApprovalReviewAction } from "./GuardianApprovalReviewAction";
 
 /**
  * [UNSTABLE] Temporary notification payload for guardian automatic approval
@@ -12,4 +12,4 @@ import type { GuardianApprovalReviewAction } from "./GuardianApprovalReviewActio
  * lifecycle instead of sending separate standalone review notifications so the
  * app-server API can persist and replay review state via `thread/read`.
  */
-export type ItemGuardianApprovalReviewStartedNotification = { threadId: string, turnId: string, targetItemId: string, review: GuardianApprovalReview, action: GuardianApprovalReviewAction, };
+export type ItemGuardianApprovalReviewStartedNotification = { threadId: string, turnId: string, targetItemId: string, review: GuardianApprovalReview, action: JsonValue | null, };

codex-rs/app-server-protocol/schema/typescript/v2/ListMcpServerStatusParams.ts

@@ -1,7 +1,6 @@
 // GENERATED CODE! DO NOT MODIFY BY HAND!
 
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { McpServerStatusDetail } from "./McpServerStatusDetail";
 
 export type ListMcpServerStatusParams = { 
 /**
@@ -11,9 +10,4 @@ cursor?: string | null,
 /**
  * Optional page size; defaults to a server-defined value.
  */
-limit?: number | null, 
-/**
- * Controls how much MCP inventory data to fetch for each server.
- * Defaults to `Full` when omitted.
- */
-detail?: McpServerStatusDetail | null, };
+limit?: number | null, };

codex-rs/app-server-protocol/schema/typescript/v2/McpResourceReadParams.ts

@@ -1,5 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-
-export type McpResourceReadParams = { threadId: string, server: string, uri: string, };

codex-rs/app-server-protocol/schema/typescript/v2/McpResourceReadResponse.ts

@@ -1,6 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-import type { ResourceContent } from "../ResourceContent";
-
-export type McpResourceReadResponse = { contents: Array<ResourceContent>, };

codex-rs/app-server-protocol/schema/typescript/v2/McpServerStatusDetail.ts

@@ -1,5 +0,0 @@
-// GENERATED CODE! DO NOT MODIFY BY HAND!
-
-// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
-
-export type McpServerStatusDetail = "full" | "toolsAndAuthOnly";

codex-rs/app-server-protocol/schema/typescript/v2/NetworkRequirements.ts

@@ -29,4 +29,4 @@ unixSockets: { [key in string]?: NetworkUnixSocketPermission } | null,
 /**
  * Legacy compatibility view derived from `unix_sockets`.
  */
-allowUnixSockets: Array<string> | null, allowLocalBinding: boolean | null, dangerFullAccessDenylistOnly: boolean | null, };
+allowUnixSockets: Array<string> | null, allowLocalBinding: boolean | null, };

codex-rs/app-server-protocol/schema/typescript/v2/Thread.ts

@@ -7,10 +7,6 @@ import type { ThreadStatus } from "./ThreadStatus";
 import type { Turn } from "./Turn";
 
 export type Thread = { id: string, 
-/**
- * Source thread id when this thread was created by forking another thread.
- */
-forkedFromId: string | null, 
 /**
  * Usually the first user message in the thread, if available.
  */

codex-rs/app-server-protocol/schema/typescript/v2/ThreadForkParams.ts

@@ -27,7 +27,7 @@ model?: string | null, modelProvider?: string | null, serviceTier?: ServiceTier
  * Override where approval requests are routed for review on this thread
  * and subsequent turns.
  */
-approvalsReviewer?: ApprovalsReviewer | null, sandbox?: SandboxMode | null, config?: { [key in string]?: JsonValue } | null, baseInstructions?: string | null | null, developerInstructions?: string | null | null, ephemeral?: boolean, /**
+approvalsReviewer?: ApprovalsReviewer | null, sandbox?: SandboxMode | null, config?: { [key in string]?: JsonValue } | null, baseInstructions?: string | null, developerInstructions?: string | null, ephemeral?: boolean, /**
  * If true, persist additional rollout EventMsg variants required to
  * reconstruct a richer thread history on subsequent resume/fork/read.
  */

codex-rs/app-server-protocol/schema/typescript/v2/ThreadResumeParams.ts

@@ -36,7 +36,7 @@ model?: string | null, modelProvider?: string | null, serviceTier?: ServiceTier
  * Override where approval requests are routed for review on this thread
  * and subsequent turns.
  */
-approvalsReviewer?: ApprovalsReviewer | null, sandbox?: SandboxMode | null, config?: { [key in string]?: JsonValue } | null, baseInstructions?: string | null | null, developerInstructions?: string | null | null, personality?: Personality | null, /**
+approvalsReviewer?: ApprovalsReviewer | null, sandbox?: SandboxMode | null, config?: { [key in string]?: JsonValue } | null, baseInstructions?: string | null, developerInstructions?: string | null, personality?: Personality | null, /**
  * If true, persist additional rollout EventMsg variants required to
  * reconstruct a richer thread history on subsequent resume/fork/read.
  */

codex-rs/app-server-protocol/schema/typescript/v2/ThreadStartParams.ts

@@ -12,7 +12,7 @@ export type ThreadStartParams = {model?: string | null, modelProvider?: string |
  * Override where approval requests are routed for review on this thread
  * and subsequent turns.
  */
-approvalsReviewer?: ApprovalsReviewer | null, sandbox?: SandboxMode | null, config?: { [key in string]?: JsonValue } | null, serviceName?: string | null, baseInstructions?: string | null | null, developerInstructions?: string | null | null, personality?: Personality | null, ephemeral?: boolean | null, /**
+approvalsReviewer?: ApprovalsReviewer | null, sandbox?: SandboxMode | null, config?: { [key in string]?: JsonValue } | null, serviceName?: string | null, baseInstructions?: string | null, developerInstructions?: string | null, personality?: Personality | null, ephemeral?: boolean | null, /**
  * If true, opt into emitting raw Responses API items on the event stream.
  * This is for internal use only (e.g. Codex Cloud).
  */

codex-rs/app-server-protocol/schema/typescript/v2/Turn.ts

@@ -15,16 +15,4 @@ items: Array<ThreadItem>, status: TurnStatus,
 /**
  * Only populated when the Turn's status is failed.
  */
-error: TurnError | null, 
-/**
- * Unix timestamp (in seconds) when the turn started.
- */
-startedAt: number | null, 
-/**
- * Unix timestamp (in seconds) when the turn completed.
- */
-completedAt: number | null, 
-/**
- * Duration between turn start and completion in milliseconds, if known.
- */
-durationMs: number | null, };
+error: TurnError | null, };

codex-rs/app-server-protocol/schema/typescript/v2/index.ts

@@ -123,9 +123,7 @@ export type { GetAccountResponse } from "./GetAccountResponse";
 export type { GitInfo } from "./GitInfo";
 export type { GrantedPermissionProfile } from "./GrantedPermissionProfile";
 export type { GuardianApprovalReview } from "./GuardianApprovalReview";
-export type { GuardianApprovalReviewAction } from "./GuardianApprovalReviewAction";
 export type { GuardianApprovalReviewStatus } from "./GuardianApprovalReviewStatus";
-export type { GuardianCommandSource } from "./GuardianCommandSource";
 export type { GuardianRiskLevel } from "./GuardianRiskLevel";
 export type { HookCompletedNotification } from "./HookCompletedNotification";
 export type { HookEventName } from "./HookEventName";
@@ -172,8 +170,6 @@ export type { McpElicitationTitledSingleSelectEnumSchema } from "./McpElicitatio
 export type { McpElicitationUntitledEnumItems } from "./McpElicitationUntitledEnumItems";
 export type { McpElicitationUntitledMultiSelectEnumSchema } from "./McpElicitationUntitledMultiSelectEnumSchema";
 export type { McpElicitationUntitledSingleSelectEnumSchema } from "./McpElicitationUntitledSingleSelectEnumSchema";
-export type { McpResourceReadParams } from "./McpResourceReadParams";
-export type { McpResourceReadResponse } from "./McpResourceReadResponse";
 export type { McpServerElicitationAction } from "./McpServerElicitationAction";
 export type { McpServerElicitationRequestParams } from "./McpServerElicitationRequestParams";
 export type { McpServerElicitationRequestResponse } from "./McpServerElicitationRequestResponse";
@@ -183,7 +179,6 @@ export type { McpServerOauthLoginResponse } from "./McpServerOauthLoginResponse"
 export type { McpServerRefreshResponse } from "./McpServerRefreshResponse";
 export type { McpServerStartupState } from "./McpServerStartupState";
 export type { McpServerStatus } from "./McpServerStatus";
-export type { McpServerStatusDetail } from "./McpServerStatusDetail";
 export type { McpServerStatusUpdatedNotification } from "./McpServerStatusUpdatedNotification";
 export type { McpToolCallError } from "./McpToolCallError";
 export type { McpToolCallProgressNotification } from "./McpToolCallProgressNotification";

codex-rs/app-server-protocol/src/lib.rs

@@ -15,7 +15,6 @@ pub use export::generate_ts_with_options;
 pub use export::generate_types;
 pub use jsonrpc_lite::*;
 pub use protocol::common::*;
-pub use protocol::item_builders::*;
 pub use protocol::thread_history::*;
 pub use protocol::v1::ApplyPatchApprovalParams;
 pub use protocol::v1::ApplyPatchApprovalResponse;

codex-rs/app-server-protocol/src/protocol/common.rs

@@ -459,11 +459,6 @@ client_request_definitions! {
         response: v2::ListMcpServerStatusResponse,
     },
 
-    McpResourceRead => "mcpServer/resource/read" {
-        params: v2::McpResourceReadParams,
-        response: v2::McpResourceReadResponse,
-    },
-
     WindowsSandboxSetupStart => "windowsSandbox/setupStart" {
         params: v2::WindowsSandboxSetupStartParams,
         response: v2::WindowsSandboxSetupStartResponse,
@@ -1312,7 +1307,6 @@ mod tests {
             response: v2::ThreadStartResponse {
                 thread: v2::Thread {
                     id: "67e55044-10b1-426f-9247-bb680e5fe0c8".to_string(),
-                    forked_from_id: None,
                     preview: "first prompt".to_string(),
                     ephemeral: true,
                     model_provider: "openai".to_string(),
@@ -1349,7 +1343,6 @@ mod tests {
                 "response": {
                     "thread": {
                         "id": "67e55044-10b1-426f-9247-bb680e5fe0c8",
-                        "forkedFromId": null,
                         "preview": "first prompt",
                         "ephemeral": true,
                         "modelProvider": "openai",

codex-rs/app-server-protocol/src/protocol/item_builders.rs

@@ -1,299 +0,0 @@
-//! Shared builders for synthetic [`ThreadItem`] values emitted by the app-server layer.
-//!
-//! These items do not come from first-class core `ItemStarted` / `ItemCompleted` events.
-//! Instead, the app-server synthesizes them so clients can render a coherent lifecycle for
-//! approvals and other pre-execution flows before the underlying tool has started or when the
-//! tool never starts at all.
-//!
-//! Keeping these builders in one place is useful for two reasons:
-//! - Live notifications and rebuilt `thread/read` history both need to construct the same
-//!   synthetic items, so sharing the logic avoids drift between those paths.
-//! - The projection is presentation-specific. Core protocol events stay generic, while the
-//!   app-server protocol decides how to surface those events as `ThreadItem`s for clients.
-use crate::protocol::common::ServerNotification;
-use crate::protocol::v2::CommandAction;
-use crate::protocol::v2::CommandExecutionSource;
-use crate::protocol::v2::CommandExecutionStatus;
-use crate::protocol::v2::FileUpdateChange;
-use crate::protocol::v2::GuardianApprovalReview;
-use crate::protocol::v2::GuardianApprovalReviewStatus;
-use crate::protocol::v2::ItemGuardianApprovalReviewCompletedNotification;
-use crate::protocol::v2::ItemGuardianApprovalReviewStartedNotification;
-use crate::protocol::v2::PatchApplyStatus;
-use crate::protocol::v2::PatchChangeKind;
-use crate::protocol::v2::ThreadItem;
-use codex_protocol::ThreadId;
-use codex_protocol::protocol::ApplyPatchApprovalRequestEvent;
-use codex_protocol::protocol::ExecApprovalRequestEvent;
-use codex_protocol::protocol::ExecCommandBeginEvent;
-use codex_protocol::protocol::ExecCommandEndEvent;
-use codex_protocol::protocol::FileChange;
-use codex_protocol::protocol::GuardianAssessmentAction;
-use codex_protocol::protocol::GuardianAssessmentEvent;
-use codex_protocol::protocol::PatchApplyBeginEvent;
-use codex_protocol::protocol::PatchApplyEndEvent;
-use codex_shell_command::parse_command::parse_command;
-use codex_shell_command::parse_command::shlex_join;
-use std::collections::HashMap;
-use std::path::PathBuf;
-
-pub fn build_file_change_approval_request_item(
-    payload: &ApplyPatchApprovalRequestEvent,
-) -> ThreadItem {
-    ThreadItem::FileChange {
-        id: payload.call_id.clone(),
-        changes: convert_patch_changes(&payload.changes),
-        status: PatchApplyStatus::InProgress,
-    }
-}
-
-pub fn build_file_change_begin_item(payload: &PatchApplyBeginEvent) -> ThreadItem {
-    ThreadItem::FileChange {
-        id: payload.call_id.clone(),
-        changes: convert_patch_changes(&payload.changes),
-        status: PatchApplyStatus::InProgress,
-    }
-}
-
-pub fn build_file_change_end_item(payload: &PatchApplyEndEvent) -> ThreadItem {
-    ThreadItem::FileChange {
-        id: payload.call_id.clone(),
-        changes: convert_patch_changes(&payload.changes),
-        status: (&payload.status).into(),
-    }
-}
-
-pub fn build_command_execution_approval_request_item(
-    payload: &ExecApprovalRequestEvent,
-) -> ThreadItem {
-    ThreadItem::CommandExecution {
-        id: payload.call_id.clone(),
-        command: shlex_join(&payload.command),
-        cwd: payload.cwd.clone(),
-        process_id: None,
-        source: CommandExecutionSource::Agent,
-        status: CommandExecutionStatus::InProgress,
-        command_actions: payload
-            .parsed_cmd
-            .iter()
-            .cloned()
-            .map(CommandAction::from)
-            .collect(),
-        aggregated_output: None,
-        exit_code: None,
-        duration_ms: None,
-    }
-}
-
-pub fn build_command_execution_begin_item(payload: &ExecCommandBeginEvent) -> ThreadItem {
-    ThreadItem::CommandExecution {
-        id: payload.call_id.clone(),
-        command: shlex_join(&payload.command),
-        cwd: payload.cwd.clone(),
-        process_id: payload.process_id.clone(),
-        source: payload.source.into(),
-        status: CommandExecutionStatus::InProgress,
-        command_actions: payload
-            .parsed_cmd
-            .iter()
-            .cloned()
-            .map(CommandAction::from)
-            .collect(),
-        aggregated_output: None,
-        exit_code: None,
-        duration_ms: None,
-    }
-}
-
-pub fn build_command_execution_end_item(payload: &ExecCommandEndEvent) -> ThreadItem {
-    let aggregated_output = if payload.aggregated_output.is_empty() {
-        None
-    } else {
-        Some(payload.aggregated_output.clone())
-    };
-    let duration_ms = i64::try_from(payload.duration.as_millis()).unwrap_or(i64::MAX);
-
-    ThreadItem::CommandExecution {
-        id: payload.call_id.clone(),
-        command: shlex_join(&payload.command),
-        cwd: payload.cwd.clone(),
-        process_id: payload.process_id.clone(),
-        source: payload.source.into(),
-        status: (&payload.status).into(),
-        command_actions: payload
-            .parsed_cmd
-            .iter()
-            .cloned()
-            .map(CommandAction::from)
-            .collect(),
-        aggregated_output,
-        exit_code: Some(payload.exit_code),
-        duration_ms: Some(duration_ms),
-    }
-}
-
-/// Build a guardian-derived [`ThreadItem`].
-///
-/// Currently this only synthesizes [`ThreadItem::CommandExecution`] for
-/// [`GuardianAssessmentAction::Command`] and [`GuardianAssessmentAction::Execve`].
-pub fn build_item_from_guardian_event(
-    assessment: &GuardianAssessmentEvent,
-    status: CommandExecutionStatus,
-) -> Option<ThreadItem> {
-    match &assessment.action {
-        GuardianAssessmentAction::Command { command, cwd, .. } => {
-            let command = command.clone();
-            let command_actions = vec![CommandAction::Unknown {
-                command: command.clone(),
-            }];
-            Some(ThreadItem::CommandExecution {
-                id: assessment.id.clone(),
-                command,
-                cwd: cwd.clone(),
-                process_id: None,
-                source: CommandExecutionSource::Agent,
-                status,
-                command_actions,
-                aggregated_output: None,
-                exit_code: None,
-                duration_ms: None,
-            })
-        }
-        GuardianAssessmentAction::Execve {
-            program, argv, cwd, ..
-        } => {
-            let argv = if argv.is_empty() {
-                vec![program.clone()]
-            } else {
-                std::iter::once(program.clone())
-                    .chain(argv.iter().skip(1).cloned())
-                    .collect::<Vec<_>>()
-            };
-            let command = shlex_join(&argv);
-            let parsed_cmd = parse_command(&argv);
-            let command_actions = if parsed_cmd.is_empty() {
-                vec![CommandAction::Unknown {
-                    command: command.clone(),
-                }]
-            } else {
-                parsed_cmd.into_iter().map(CommandAction::from).collect()
-            };
-            Some(ThreadItem::CommandExecution {
-                id: assessment.id.clone(),
-                command,
-                cwd: cwd.clone(),
-                process_id: None,
-                source: CommandExecutionSource::Agent,
-                status,
-                command_actions,
-                aggregated_output: None,
-                exit_code: None,
-                duration_ms: None,
-            })
-        }
-        GuardianAssessmentAction::ApplyPatch { .. }
-        | GuardianAssessmentAction::NetworkAccess { .. }
-        | GuardianAssessmentAction::McpToolCall { .. } => None,
-    }
-}
-
-pub fn guardian_auto_approval_review_notification(
-    conversation_id: &ThreadId,
-    event_turn_id: &str,
-    assessment: &GuardianAssessmentEvent,
-) -> ServerNotification {
-    // TODO(ccunningham): Attach guardian review state to the reviewed tool
-    // item's lifecycle instead of sending standalone review notifications so
-    // the app-server API can persist and replay review state via `thread/read`.
-    let turn_id = if assessment.turn_id.is_empty() {
-        event_turn_id.to_string()
-    } else {
-        assessment.turn_id.clone()
-    };
-    let review = GuardianApprovalReview {
-        status: match assessment.status {
-            codex_protocol::protocol::GuardianAssessmentStatus::InProgress => {
-                GuardianApprovalReviewStatus::InProgress
-            }
-            codex_protocol::protocol::GuardianAssessmentStatus::Approved => {
-                GuardianApprovalReviewStatus::Approved
-            }
-            codex_protocol::protocol::GuardianAssessmentStatus::Denied => {
-                GuardianApprovalReviewStatus::Denied
-            }
-            codex_protocol::protocol::GuardianAssessmentStatus::Aborted => {
-                GuardianApprovalReviewStatus::Aborted
-            }
-        },
-        risk_score: assessment.risk_score,
-        risk_level: assessment.risk_level.map(Into::into),
-        rationale: assessment.rationale.clone(),
-    };
-    let action = assessment.action.clone().into();
-    match assessment.status {
-        codex_protocol::protocol::GuardianAssessmentStatus::InProgress => {
-            ServerNotification::ItemGuardianApprovalReviewStarted(
-                ItemGuardianApprovalReviewStartedNotification {
-                    thread_id: conversation_id.to_string(),
-                    turn_id,
-                    target_item_id: assessment.id.clone(),
-                    review,
-                    action,
-                },
-            )
-        }
-        codex_protocol::protocol::GuardianAssessmentStatus::Approved
-        | codex_protocol::protocol::GuardianAssessmentStatus::Denied
-        | codex_protocol::protocol::GuardianAssessmentStatus::Aborted => {
-            ServerNotification::ItemGuardianApprovalReviewCompleted(
-                ItemGuardianApprovalReviewCompletedNotification {
-                    thread_id: conversation_id.to_string(),
-                    turn_id,
-                    target_item_id: assessment.id.clone(),
-                    review,
-                    action,
-                },
-            )
-        }
-    }
-}
-
-pub fn convert_patch_changes(changes: &HashMap<PathBuf, FileChange>) -> Vec<FileUpdateChange> {
-    let mut converted: Vec<FileUpdateChange> = changes
-        .iter()
-        .map(|(path, change)| FileUpdateChange {
-            path: path.to_string_lossy().into_owned(),
-            kind: map_patch_change_kind(change),
-            diff: format_file_change_diff(change),
-        })
-        .collect();
-    converted.sort_by(|a, b| a.path.cmp(&b.path));
-    converted
-}
-
-fn map_patch_change_kind(change: &FileChange) -> PatchChangeKind {
-    match change {
-        FileChange::Add { .. } => PatchChangeKind::Add,
-        FileChange::Delete { .. } => PatchChangeKind::Delete,
-        FileChange::Update { move_path, .. } => PatchChangeKind::Update {
-            move_path: move_path.clone(),
-        },
-    }
-}
-
-fn format_file_change_diff(change: &FileChange) -> String {
-    match change {
-        FileChange::Add { content } => content.clone(),
-        FileChange::Delete { content } => content.clone(),
-        FileChange::Update {
-            unified_diff,
-            move_path,
-        } => {
-            if let Some(path) = move_path {
-                format!("{unified_diff}\n\nMoved to: {}", path.display())
-            } else {
-                unified_diff.clone()
-            }
-        }
-    }
-}

codex-rs/app-server-protocol/src/protocol/mod.rs

@@ -2,7 +2,6 @@
 // Exposes protocol pieces used by `lib.rs` via `pub use protocol::common::*;`.
 
 pub mod common;
-pub mod item_builders;
 mod mappers;
 mod serde_helpers;
 pub mod thread_history;

codex-rs/app-server-protocol/src/protocol/thread_history.rs

@@ -1,18 +1,16 @@
-use crate::protocol::item_builders::build_command_execution_begin_item;
-use crate::protocol::item_builders::build_command_execution_end_item;
-use crate::protocol::item_builders::build_file_change_approval_request_item;
-use crate::protocol::item_builders::build_file_change_begin_item;
-use crate::protocol::item_builders::build_file_change_end_item;
-use crate::protocol::item_builders::build_item_from_guardian_event;
 use crate::protocol::v2::CollabAgentState;
 use crate::protocol::v2::CollabAgentTool;
 use crate::protocol::v2::CollabAgentToolCallStatus;
+use crate::protocol::v2::CommandAction;
 use crate::protocol::v2::CommandExecutionStatus;
 use crate::protocol::v2::DynamicToolCallOutputContentItem;
 use crate::protocol::v2::DynamicToolCallStatus;
+use crate::protocol::v2::FileUpdateChange;
 use crate::protocol::v2::McpToolCallError;
 use crate::protocol::v2::McpToolCallResult;
 use crate::protocol::v2::McpToolCallStatus;
+use crate::protocol::v2::PatchApplyStatus;
+use crate::protocol::v2::PatchChangeKind;
 use crate::protocol::v2::ThreadItem;
 use crate::protocol::v2::Turn;
 use crate::protocol::v2::TurnError as V2TurnError;
@@ -33,8 +31,6 @@ use codex_protocol::protocol::ErrorEvent;
 use codex_protocol::protocol::EventMsg;
 use codex_protocol::protocol::ExecCommandBeginEvent;
 use codex_protocol::protocol::ExecCommandEndEvent;
-use codex_protocol::protocol::GuardianAssessmentEvent;
-use codex_protocol::protocol::GuardianAssessmentStatus;
 use codex_protocol::protocol::ImageGenerationBeginEvent;
 use codex_protocol::protocol::ImageGenerationEndEvent;
 use codex_protocol::protocol::ItemCompletedEvent;
@@ -57,14 +53,6 @@ use std::collections::HashMap;
 use tracing::warn;
 use uuid::Uuid;
 
-#[cfg(test)]
-use crate::protocol::v2::CommandAction;
-#[cfg(test)]
-use crate::protocol::v2::FileUpdateChange;
-#[cfg(test)]
-use crate::protocol::v2::PatchApplyStatus;
-#[cfg(test)]
-use crate::protocol::v2::PatchChangeKind;
 #[cfg(test)]
 use codex_protocol::protocol::ExecCommandStatus as CoreExecCommandStatus;
 #[cfg(test)]
@@ -161,7 +149,6 @@ impl ThreadHistoryBuilder {
             EventMsg::WebSearchEnd(payload) => self.handle_web_search_end(payload),
             EventMsg::ExecCommandBegin(payload) => self.handle_exec_command_begin(payload),
             EventMsg::ExecCommandEnd(payload) => self.handle_exec_command_end(payload),
-            EventMsg::GuardianAssessment(payload) => self.handle_guardian_assessment(payload),
             EventMsg::ApplyPatchApprovalRequest(payload) => {
                 self.handle_apply_patch_approval_request(payload)
             }
@@ -388,12 +375,57 @@ impl ThreadHistoryBuilder {
     }
 
     fn handle_exec_command_begin(&mut self, payload: &ExecCommandBeginEvent) {
-        let item = build_command_execution_begin_item(payload);
+        let command = shlex::try_join(payload.command.iter().map(String::as_str))
+            .unwrap_or_else(|_| payload.command.join(" "));
+        let command_actions = payload
+            .parsed_cmd
+            .iter()
+            .cloned()
+            .map(CommandAction::from)
+            .collect();
+        let item = ThreadItem::CommandExecution {
+            id: payload.call_id.clone(),
+            command,
+            cwd: payload.cwd.clone(),
+            process_id: payload.process_id.clone(),
+            source: payload.source.into(),
+            status: CommandExecutionStatus::InProgress,
+            command_actions,
+            aggregated_output: None,
+            exit_code: None,
+            duration_ms: None,
+        };
         self.upsert_item_in_turn_id(&payload.turn_id, item);
     }
 
     fn handle_exec_command_end(&mut self, payload: &ExecCommandEndEvent) {
-        let item = build_command_execution_end_item(payload);
+        let status: CommandExecutionStatus = (&payload.status).into();
+        let duration_ms = i64::try_from(payload.duration.as_millis()).unwrap_or(i64::MAX);
+        let aggregated_output = if payload.aggregated_output.is_empty() {
+            None
+        } else {
+            Some(payload.aggregated_output.clone())
+        };
+        let command = shlex::try_join(payload.command.iter().map(String::as_str))
+            .unwrap_or_else(|_| payload.command.join(" "));
+        let command_actions = payload
+            .parsed_cmd
+            .iter()
+            .cloned()
+            .map(CommandAction::from)
+            .collect();
+        let item = ThreadItem::CommandExecution {
+            id: payload.call_id.clone(),
+            command,
+            cwd: payload.cwd.clone(),
+            process_id: payload.process_id.clone(),
+            source: payload.source.into(),
+            status,
+            command_actions,
+            aggregated_output,
+            exit_code: Some(payload.exit_code),
+            duration_ms: Some(duration_ms),
+        };
         // Command completions can arrive out of order. Unified exec may return
         // while a PTY is still running, then emit ExecCommandEnd later from a
         // background exit watcher when that process finally exits. By then, a
@@ -402,26 +434,12 @@ impl ThreadHistoryBuilder {
         self.upsert_item_in_turn_id(&payload.turn_id, item);
     }
 
-    fn handle_guardian_assessment(&mut self, payload: &GuardianAssessmentEvent) {
-        let status = match payload.status {
-            GuardianAssessmentStatus::InProgress => CommandExecutionStatus::InProgress,
-            GuardianAssessmentStatus::Denied | GuardianAssessmentStatus::Aborted => {
-                CommandExecutionStatus::Declined
-            }
-            GuardianAssessmentStatus::Approved => return,
-        };
-        let Some(item) = build_item_from_guardian_event(payload, status) else {
-            return;
-        };
-        if payload.turn_id.is_empty() {
-            self.upsert_item_in_current_turn(item);
-        } else {
-            self.upsert_item_in_turn_id(&payload.turn_id, item);
-        }
-    }
-
     fn handle_apply_patch_approval_request(&mut self, payload: &ApplyPatchApprovalRequestEvent) {
-        let item = build_file_change_approval_request_item(payload);
+        let item = ThreadItem::FileChange {
+            id: payload.call_id.clone(),
+            changes: convert_patch_changes(&payload.changes),
+            status: PatchApplyStatus::InProgress,
+        };
         if payload.turn_id.is_empty() {
             self.upsert_item_in_current_turn(item);
         } else {
@@ -430,7 +448,11 @@ impl ThreadHistoryBuilder {
     }
 
     fn handle_patch_apply_begin(&mut self, payload: &PatchApplyBeginEvent) {
-        let item = build_file_change_begin_item(payload);
+        let item = ThreadItem::FileChange {
+            id: payload.call_id.clone(),
+            changes: convert_patch_changes(&payload.changes),
+            status: PatchApplyStatus::InProgress,
+        };
         if payload.turn_id.is_empty() {
             self.upsert_item_in_current_turn(item);
         } else {
@@ -439,7 +461,12 @@ impl ThreadHistoryBuilder {
     }
 
     fn handle_patch_apply_end(&mut self, payload: &PatchApplyEndEvent) {
-        let item = build_file_change_end_item(payload);
+        let status: PatchApplyStatus = (&payload.status).into();
+        let item = ThreadItem::FileChange {
+            id: payload.call_id.clone(),
+            changes: convert_patch_changes(&payload.changes),
+            status,
+        };
         if payload.turn_id.is_empty() {
             self.upsert_item_in_current_turn(item);
         } else {
@@ -864,29 +891,22 @@ impl ThreadHistoryBuilder {
     }
 
     fn handle_turn_aborted(&mut self, payload: &TurnAbortedEvent) {
-        let apply_abort = |turn: &mut PendingTurn| {
-            turn.status = TurnStatus::Interrupted;
-            turn.completed_at = payload.completed_at;
-            turn.duration_ms = payload.duration_ms;
-        };
         if let Some(turn_id) = payload.turn_id.as_deref() {
             // Prefer an exact ID match so we interrupt the turn explicitly targeted by the event.
             if let Some(turn) = self.current_turn.as_mut().filter(|turn| turn.id == turn_id) {
-                apply_abort(turn);
+                turn.status = TurnStatus::Interrupted;
                 return;
             }
 
             if let Some(turn) = self.turns.iter_mut().find(|turn| turn.id == turn_id) {
                 turn.status = TurnStatus::Interrupted;
-                turn.completed_at = payload.completed_at;
-                turn.duration_ms = payload.duration_ms;
                 return;
             }
         }
 
         // If the event has no ID (or refers to an unknown turn), fall back to the active turn.
         if let Some(turn) = self.current_turn.as_mut() {
-            apply_abort(turn);
+            turn.status = TurnStatus::Interrupted;
         }
     }
 
@@ -895,18 +915,15 @@ impl ThreadHistoryBuilder {
         self.current_turn = Some(
             self.new_turn(Some(payload.turn_id.clone()))
                 .with_status(TurnStatus::InProgress)
-                .with_started_at(payload.started_at)
                 .opened_explicitly(),
         );
     }
 
     fn handle_turn_complete(&mut self, payload: &TurnCompleteEvent) {
-        let mark_completed = |turn: &mut PendingTurn| {
-            if matches!(turn.status, TurnStatus::Completed | TurnStatus::InProgress) {
-                turn.status = TurnStatus::Completed;
+        let mark_completed = |status: &mut TurnStatus| {
+            if matches!(*status, TurnStatus::Completed | TurnStatus::InProgress) {
+                *status = TurnStatus::Completed;
             }
-            turn.completed_at = payload.completed_at;
-            turn.duration_ms = payload.duration_ms;
         };
 
         // Prefer an exact ID match from the active turn and then close it.
@@ -915,7 +932,7 @@ impl ThreadHistoryBuilder {
             .as_mut()
             .filter(|turn| turn.id == payload.turn_id)
         {
-            mark_completed(current_turn);
+            mark_completed(&mut current_turn.status);
             self.finish_current_turn();
             return;
         }
@@ -925,17 +942,13 @@ impl ThreadHistoryBuilder {
             .iter_mut()
             .find(|turn| turn.id == payload.turn_id)
         {
-            if matches!(turn.status, TurnStatus::Completed | TurnStatus::InProgress) {
-                turn.status = TurnStatus::Completed;
-            }
-            turn.completed_at = payload.completed_at;
-            turn.duration_ms = payload.duration_ms;
+            mark_completed(&mut turn.status);
             return;
         }
 
         // If the completion event cannot be matched, apply it to the active turn.
         if let Some(current_turn) = self.current_turn.as_mut() {
-            mark_completed(current_turn);
+            mark_completed(&mut current_turn.status);
             self.finish_current_turn();
         }
     }
@@ -968,7 +981,7 @@ impl ThreadHistoryBuilder {
             if turn.items.is_empty() && !turn.opened_explicitly && !turn.saw_compaction {
                 return;
             }
-            self.turns.push(Turn::from(turn));
+            self.turns.push(turn.into());
         }
     }
 
@@ -978,9 +991,6 @@ impl ThreadHistoryBuilder {
             items: Vec::new(),
             error: None,
             status: TurnStatus::Completed,
-            started_at: None,
-            completed_at: None,
-            duration_ms: None,
             opened_explicitly: false,
             saw_compaction: false,
             rollout_start_index: self.current_rollout_index,
@@ -1066,6 +1076,21 @@ fn render_review_output_text(output: &ReviewOutputEvent) -> String {
     }
 }
 
+pub fn convert_patch_changes(
+    changes: &HashMap<std::path::PathBuf, codex_protocol::protocol::FileChange>,
+) -> Vec<FileUpdateChange> {
+    let mut converted: Vec<FileUpdateChange> = changes
+        .iter()
+        .map(|(path, change)| FileUpdateChange {
+            path: path.to_string_lossy().into_owned(),
+            kind: map_patch_change_kind(change),
+            diff: format_file_change_diff(change),
+        })
+        .collect();
+    converted.sort_by(|a, b| a.path.cmp(&b.path));
+    converted
+}
+
 fn convert_dynamic_tool_content_items(
     items: &[codex_protocol::dynamic_tools::DynamicToolCallOutputContentItem],
 ) -> Vec<DynamicToolCallOutputContentItem> {
@@ -1083,6 +1108,33 @@ fn convert_dynamic_tool_content_items(
         .collect()
 }
 
+fn map_patch_change_kind(change: &codex_protocol::protocol::FileChange) -> PatchChangeKind {
+    match change {
+        codex_protocol::protocol::FileChange::Add { .. } => PatchChangeKind::Add,
+        codex_protocol::protocol::FileChange::Delete { .. } => PatchChangeKind::Delete,
+        codex_protocol::protocol::FileChange::Update { move_path, .. } => PatchChangeKind::Update {
+            move_path: move_path.clone(),
+        },
+    }
+}
+
+fn format_file_change_diff(change: &codex_protocol::protocol::FileChange) -> String {
+    match change {
+        codex_protocol::protocol::FileChange::Add { content } => content.clone(),
+        codex_protocol::protocol::FileChange::Delete { content } => content.clone(),
+        codex_protocol::protocol::FileChange::Update {
+            unified_diff,
+            move_path,
+        } => {
+            if let Some(path) = move_path {
+                format!("{unified_diff}\n\nMoved to: {}", path.display())
+            } else {
+                unified_diff.clone()
+            }
+        }
+    }
+}
+
 fn upsert_turn_item(items: &mut Vec<ThreadItem>, item: ThreadItem) {
     if let Some(existing_item) = items
         .iter_mut()
@@ -1099,9 +1151,6 @@ struct PendingTurn {
     items: Vec<ThreadItem>,
     error: Option<TurnError>,
     status: TurnStatus,
-    started_at: Option<i64>,
-    completed_at: Option<i64>,
-    duration_ms: Option<i64>,
     /// True when this turn originated from an explicit `turn_started`/`turn_complete`
     /// boundary, so we preserve it even if it has no renderable items.
     opened_explicitly: bool,
@@ -1122,11 +1171,6 @@ impl PendingTurn {
         self.status = status;
         self
     }
-
-    fn with_started_at(mut self, started_at: Option<i64>) -> Self {
-        self.started_at = started_at;
-        self
-    }
 }
 
 impl From<PendingTurn> for Turn {
@@ -1136,9 +1180,6 @@ impl From<PendingTurn> for Turn {
             items: value.items,
             error: value.error,
             status: value.status,
-            started_at: value.started_at,
-            completed_at: value.completed_at,
-            duration_ms: value.duration_ms,
         }
     }
 }
@@ -1150,9 +1191,6 @@ impl From<&PendingTurn> for Turn {
             items: value.items.clone(),
             error: value.error.clone(),
             status: value.status.clone(),
-            started_at: value.started_at,
-            completed_at: value.completed_at,
-            duration_ms: value.duration_ms,
         }
     }
 }
@@ -1304,7 +1342,6 @@ mod tests {
         let events = vec![
             EventMsg::TurnStarted(TurnStartedEvent {
                 turn_id: turn_id.to_string(),
-                started_at: None,
                 model_context_window: None,
                 collaboration_mode_kind: Default::default(),
             }),
@@ -1325,8 +1362,6 @@ mod tests {
             EventMsg::TurnComplete(TurnCompleteEvent {
                 turn_id: turn_id.to_string(),
                 last_agent_message: None,
-                completed_at: None,
-                duration_ms: None,
             }),
         ];
 
@@ -1379,7 +1414,6 @@ mod tests {
         let items = vec![
             RolloutItem::EventMsg(EventMsg::TurnStarted(TurnStartedEvent {
                 turn_id: "turn-image".into(),
-                started_at: None,
                 model_context_window: None,
                 collaboration_mode_kind: Default::default(),
             })),
@@ -1399,8 +1433,6 @@ mod tests {
             RolloutItem::EventMsg(EventMsg::TurnComplete(TurnCompleteEvent {
                 turn_id: "turn-image".into(),
                 last_agent_message: None,
-                completed_at: None,
-                duration_ms: None,
             })),
         ];
 
@@ -1412,9 +1444,6 @@ mod tests {
                 id: "turn-image".into(),
                 status: TurnStatus::Completed,
                 error: None,
-                started_at: None,
-                completed_at: None,
-                duration_ms: None,
                 items: vec![
                     ThreadItem::UserMessage {
                         id: "item-1".into(),
@@ -1504,8 +1533,6 @@ mod tests {
             EventMsg::TurnAborted(TurnAbortedEvent {
                 turn_id: Some("turn-1".into()),
                 reason: TurnAbortReason::Replaced,
-                completed_at: None,
-                duration_ms: None,
             }),
             EventMsg::UserMessage(UserMessageEvent {
                 message: "Let's try again".into(),
@@ -1703,7 +1730,6 @@ mod tests {
         let events = vec![
             EventMsg::TurnStarted(TurnStartedEvent {
                 turn_id: "turn-a".into(),
-                started_at: None,
                 model_context_window: None,
                 collaboration_mode_kind: Default::default(),
             }),
@@ -1722,8 +1748,6 @@ mod tests {
             EventMsg::TurnComplete(TurnCompleteEvent {
                 turn_id: "turn-a".into(),
                 last_agent_message: None,
-                completed_at: None,
-                duration_ms: None,
             }),
         ];
 
@@ -1760,7 +1784,6 @@ mod tests {
         let events = vec![
             EventMsg::TurnStarted(TurnStartedEvent {
                 turn_id: "turn-1".into(),
-                started_at: None,
                 model_context_window: None,
                 collaboration_mode_kind: Default::default(),
             }),
@@ -1866,7 +1889,6 @@ mod tests {
         let events = vec![
             EventMsg::TurnStarted(TurnStartedEvent {
                 turn_id: "turn-1".into(),
-                started_at: None,
                 model_context_window: None,
                 collaboration_mode_kind: Default::default(),
             }),
@@ -1926,7 +1948,6 @@ mod tests {
         let events = vec![
             EventMsg::TurnStarted(TurnStartedEvent {
                 turn_id: "turn-1".into(),
-                started_at: None,
                 model_context_window: None,
                 collaboration_mode_kind: Default::default(),
             }),
@@ -2009,144 +2030,11 @@ mod tests {
         );
     }
 
-    #[test]
-    fn reconstructs_declined_guardian_command_item() {
-        let events = vec![
-            EventMsg::TurnStarted(TurnStartedEvent {
-                turn_id: "turn-1".into(),
-                started_at: None,
-                model_context_window: None,
-                collaboration_mode_kind: Default::default(),
-            }),
-            EventMsg::UserMessage(UserMessageEvent {
-                message: "review this command".into(),
-                images: None,
-                text_elements: Vec::new(),
-                local_images: Vec::new(),
-            }),
-            EventMsg::GuardianAssessment(GuardianAssessmentEvent {
-                id: "guardian-exec".into(),
-                turn_id: "turn-1".into(),
-                status: GuardianAssessmentStatus::InProgress,
-                risk_score: None,
-                risk_level: None,
-                rationale: None,
-                action: serde_json::from_value(serde_json::json!({
-                    "type": "command",
-                    "source": "shell",
-                    "command": "rm -rf /tmp/guardian",
-                    "cwd": "/tmp",
-                }))
-                .expect("guardian action"),
-            }),
-            EventMsg::GuardianAssessment(GuardianAssessmentEvent {
-                id: "guardian-exec".into(),
-                turn_id: "turn-1".into(),
-                status: GuardianAssessmentStatus::Denied,
-                risk_score: Some(97),
-                risk_level: Some(codex_protocol::protocol::GuardianRiskLevel::High),
-                rationale: Some("Would delete user data.".into()),
-                action: serde_json::from_value(serde_json::json!({
-                    "type": "command",
-                    "source": "shell",
-                    "command": "rm -rf /tmp/guardian",
-                    "cwd": "/tmp",
-                }))
-                .expect("guardian action"),
-            }),
-        ];
-
-        let items = events
-            .into_iter()
-            .map(RolloutItem::EventMsg)
-            .collect::<Vec<_>>();
-        let turns = build_turns_from_rollout_items(&items);
-        assert_eq!(turns.len(), 1);
-        assert_eq!(turns[0].items.len(), 2);
-        assert_eq!(
-            turns[0].items[1],
-            ThreadItem::CommandExecution {
-                id: "guardian-exec".into(),
-                command: "rm -rf /tmp/guardian".into(),
-                cwd: PathBuf::from("/tmp"),
-                process_id: None,
-                source: CommandExecutionSource::Agent,
-                status: CommandExecutionStatus::Declined,
-                command_actions: vec![CommandAction::Unknown {
-                    command: "rm -rf /tmp/guardian".into(),
-                }],
-                aggregated_output: None,
-                exit_code: None,
-                duration_ms: None,
-            }
-        );
-    }
-
-    #[test]
-    fn reconstructs_in_progress_guardian_execve_item() {
-        let events = vec![
-            EventMsg::TurnStarted(TurnStartedEvent {
-                turn_id: "turn-1".into(),
-                started_at: None,
-                model_context_window: None,
-                collaboration_mode_kind: Default::default(),
-            }),
-            EventMsg::UserMessage(UserMessageEvent {
-                message: "run a subcommand".into(),
-                images: None,
-                text_elements: Vec::new(),
-                local_images: Vec::new(),
-            }),
-            EventMsg::GuardianAssessment(GuardianAssessmentEvent {
-                id: "guardian-execve".into(),
-                turn_id: "turn-1".into(),
-                status: GuardianAssessmentStatus::InProgress,
-                risk_score: None,
-                risk_level: None,
-                rationale: None,
-                action: serde_json::from_value(serde_json::json!({
-                    "type": "execve",
-                    "source": "shell",
-                    "program": "/bin/rm",
-                    "argv": ["/usr/bin/rm", "-f", "/tmp/file.sqlite"],
-                    "cwd": "/tmp",
-                }))
-                .expect("guardian action"),
-            }),
-        ];
-
-        let items = events
-            .into_iter()
-            .map(RolloutItem::EventMsg)
-            .collect::<Vec<_>>();
-        let turns = build_turns_from_rollout_items(&items);
-        assert_eq!(turns.len(), 1);
-        assert_eq!(turns[0].items.len(), 2);
-        assert_eq!(
-            turns[0].items[1],
-            ThreadItem::CommandExecution {
-                id: "guardian-execve".into(),
-                command: "/bin/rm -f /tmp/file.sqlite".into(),
-                cwd: PathBuf::from("/tmp"),
-                process_id: None,
-                source: CommandExecutionSource::Agent,
-                status: CommandExecutionStatus::InProgress,
-                command_actions: vec![CommandAction::Unknown {
-                    command: "/bin/rm -f /tmp/file.sqlite".into(),
-                }],
-                aggregated_output: None,
-                exit_code: None,
-                duration_ms: None,
-            }
-        );
-    }
-
     #[test]
     fn assigns_late_exec_completion_to_original_turn() {
         let events = vec![
             EventMsg::TurnStarted(TurnStartedEvent {
                 turn_id: "turn-a".into(),
-                started_at: None,
                 model_context_window: None,
                 collaboration_mode_kind: Default::default(),
             }),
@@ -2159,12 +2047,9 @@ mod tests {
             EventMsg::TurnComplete(TurnCompleteEvent {
                 turn_id: "turn-a".into(),
                 last_agent_message: None,
-                completed_at: None,
-                duration_ms: None,
             }),
             EventMsg::TurnStarted(TurnStartedEvent {
                 turn_id: "turn-b".into(),
-                started_at: None,
                 model_context_window: None,
                 collaboration_mode_kind: Default::default(),
             }),
@@ -2196,8 +2081,6 @@ mod tests {
             EventMsg::TurnComplete(TurnCompleteEvent {
                 turn_id: "turn-b".into(),
                 last_agent_message: None,
-                completed_at: None,
-                duration_ms: None,
             }),
         ];
 
@@ -2235,7 +2118,6 @@ mod tests {
         let events = vec![
             EventMsg::TurnStarted(TurnStartedEvent {
                 turn_id: "turn-a".into(),
-                started_at: None,
                 model_context_window: None,
                 collaboration_mode_kind: Default::default(),
             }),
@@ -2248,12 +2130,9 @@ mod tests {
             EventMsg::TurnComplete(TurnCompleteEvent {
                 turn_id: "turn-a".into(),
                 last_agent_message: None,
-                completed_at: None,
-                duration_ms: None,
             }),
             EventMsg::TurnStarted(TurnStartedEvent {
                 turn_id: "turn-b".into(),
-                started_at: None,
                 model_context_window: None,
                 collaboration_mode_kind: Default::default(),
             }),
@@ -2285,8 +2164,6 @@ mod tests {
             EventMsg::TurnComplete(TurnCompleteEvent {
                 turn_id: "turn-b".into(),
                 last_agent_message: None,
-                completed_at: None,
-                duration_ms: None,
             }),
         ];
 
@@ -2319,7 +2196,6 @@ mod tests {
         let events = vec![
             EventMsg::TurnStarted(TurnStartedEvent {
                 turn_id: turn_id.to_string(),
-                started_at: None,
                 model_context_window: None,
                 collaboration_mode_kind: Default::default(),
             }),
@@ -2383,7 +2259,6 @@ mod tests {
         let events = vec![
             EventMsg::TurnStarted(TurnStartedEvent {
                 turn_id: turn_id.to_string(),
-                started_at: None,
                 model_context_window: None,
                 collaboration_mode_kind: Default::default(),
             }),
@@ -2446,7 +2321,6 @@ mod tests {
         let events = vec![
             EventMsg::TurnStarted(TurnStartedEvent {
                 turn_id: "turn-a".into(),
-                started_at: None,
                 model_context_window: None,
                 collaboration_mode_kind: Default::default(),
             }),
@@ -2459,12 +2333,9 @@ mod tests {
             EventMsg::TurnComplete(TurnCompleteEvent {
                 turn_id: "turn-a".into(),
                 last_agent_message: None,
-                completed_at: None,
-                duration_ms: None,
             }),
             EventMsg::TurnStarted(TurnStartedEvent {
                 turn_id: "turn-b".into(),
-                started_at: None,
                 model_context_window: None,
                 collaboration_mode_kind: Default::default(),
             }),
@@ -2477,8 +2348,6 @@ mod tests {
             EventMsg::TurnComplete(TurnCompleteEvent {
                 turn_id: "turn-a".into(),
                 last_agent_message: None,
-                completed_at: None,
-                duration_ms: None,
             }),
             EventMsg::AgentMessage(AgentMessageEvent {
                 message: "still in b".into(),
@@ -2488,8 +2357,6 @@ mod tests {
             EventMsg::TurnComplete(TurnCompleteEvent {
                 turn_id: "turn-b".into(),
                 last_agent_message: None,
-                completed_at: None,
-                duration_ms: None,
             }),
         ];
 
@@ -2509,7 +2376,6 @@ mod tests {
         let events = vec![
             EventMsg::TurnStarted(TurnStartedEvent {
                 turn_id: "turn-a".into(),
-                started_at: None,
                 model_context_window: None,
                 collaboration_mode_kind: Default::default(),
             }),
@@ -2522,12 +2388,9 @@ mod tests {
             EventMsg::TurnComplete(TurnCompleteEvent {
                 turn_id: "turn-a".into(),
                 last_agent_message: None,
-                completed_at: None,
-                duration_ms: None,
             }),
             EventMsg::TurnStarted(TurnStartedEvent {
                 turn_id: "turn-b".into(),
-                started_at: None,
                 model_context_window: None,
                 collaboration_mode_kind: Default::default(),
             }),
@@ -2540,8 +2403,6 @@ mod tests {
             EventMsg::TurnAborted(TurnAbortedEvent {
                 turn_id: Some("turn-a".into()),
                 reason: TurnAbortReason::Replaced,
-                completed_at: None,
-                duration_ms: None,
             }),
             EventMsg::AgentMessage(AgentMessageEvent {
                 message: "still in b".into(),
@@ -2567,7 +2428,6 @@ mod tests {
         let items = vec![
             RolloutItem::EventMsg(EventMsg::TurnStarted(TurnStartedEvent {
                 turn_id: "turn-compact".into(),
-                started_at: None,
                 model_context_window: None,
                 collaboration_mode_kind: Default::default(),
             })),
@@ -2578,8 +2438,6 @@ mod tests {
             RolloutItem::EventMsg(EventMsg::TurnComplete(TurnCompleteEvent {
                 turn_id: "turn-compact".into(),
                 last_agent_message: None,
-                completed_at: None,
-                duration_ms: None,
             })),
         ];
 
@@ -2590,9 +2448,6 @@ mod tests {
                 id: "turn-compact".into(),
                 status: TurnStatus::Completed,
                 error: None,
-                started_at: None,
-                completed_at: None,
-                duration_ms: None,
                 items: Vec::new(),
             }]
         );
@@ -2810,7 +2665,6 @@ mod tests {
         let events = vec![
             EventMsg::TurnStarted(TurnStartedEvent {
                 turn_id: "turn-a".into(),
-                started_at: None,
                 model_context_window: None,
                 collaboration_mode_kind: Default::default(),
             }),
@@ -2823,8 +2677,6 @@ mod tests {
             EventMsg::TurnComplete(TurnCompleteEvent {
                 turn_id: "turn-a".into(),
                 last_agent_message: None,
-                completed_at: None,
-                duration_ms: None,
             }),
             EventMsg::Error(ErrorEvent {
                 message: "request-level failure".into(),
@@ -2844,9 +2696,6 @@ mod tests {
                 id: "turn-a".into(),
                 status: TurnStatus::Completed,
                 error: None,
-                started_at: None,
-                completed_at: None,
-                duration_ms: None,
                 items: vec![ThreadItem::UserMessage {
                     id: "item-1".into(),
                     content: vec![UserInput::Text {
@@ -2863,7 +2712,6 @@ mod tests {
         let events = vec![
             EventMsg::TurnStarted(TurnStartedEvent {
                 turn_id: "turn-a".into(),
-                started_at: None,
                 model_context_window: None,
                 collaboration_mode_kind: Default::default(),
             }),
@@ -2882,8 +2730,6 @@ mod tests {
             EventMsg::TurnComplete(TurnCompleteEvent {
                 turn_id: "turn-a".into(),
                 last_agent_message: None,
-                completed_at: None,
-                duration_ms: None,
             }),
         ];
 
@@ -2919,7 +2765,6 @@ mod tests {
         let items = vec![
             RolloutItem::EventMsg(EventMsg::TurnStarted(TurnStartedEvent {
                 turn_id: "turn-a".into(),
-                started_at: None,
                 model_context_window: None,
                 collaboration_mode_kind: Default::default(),
             })),
@@ -2933,8 +2778,6 @@ mod tests {
             RolloutItem::EventMsg(EventMsg::TurnComplete(TurnCompleteEvent {
                 turn_id: "turn-a".into(),
                 last_agent_message: None,
-                completed_at: None,
-                duration_ms: None,
             })),
         ];
 
@@ -2965,7 +2808,6 @@ mod tests {
         let items = vec![
             RolloutItem::EventMsg(EventMsg::TurnStarted(TurnStartedEvent {
                 turn_id: "turn-a".into(),
-                started_at: None,
                 model_context_window: None,
                 collaboration_mode_kind: Default::default(),
             })),
@@ -2981,8 +2823,6 @@ mod tests {
             RolloutItem::EventMsg(EventMsg::TurnComplete(TurnCompleteEvent {
                 turn_id: "turn-a".into(),
                 last_agent_message: None,
-                completed_at: None,
-                duration_ms: None,
             })),
         ];
 

codex-rs/app-server-protocol/src/protocol/v2.rs

@@ -8,8 +8,6 @@ use codex_experimental_api_macros::ExperimentalApi;
 use codex_protocol::account::PlanType;
 use codex_protocol::approvals::ElicitationRequest as CoreElicitationRequest;
 use codex_protocol::approvals::ExecPolicyAmendment as CoreExecPolicyAmendment;
-use codex_protocol::approvals::GuardianAssessmentAction as CoreGuardianAssessmentAction;
-use codex_protocol::approvals::GuardianCommandSource as CoreGuardianCommandSource;
 use codex_protocol::approvals::NetworkApprovalContext as CoreNetworkApprovalContext;
 use codex_protocol::approvals::NetworkApprovalProtocol as CoreNetworkApprovalProtocol;
 use codex_protocol::approvals::NetworkPolicyAmendment as CoreNetworkPolicyAmendment;
@@ -29,7 +27,6 @@ use codex_protocol::config_types::WebSearchToolConfig;
 use codex_protocol::items::AgentMessageContent as CoreAgentMessageContent;
 use codex_protocol::items::TurnItem as CoreTurnItem;
 use codex_protocol::mcp::Resource as McpResource;
-pub use codex_protocol::mcp::ResourceContent as McpResourceContent;
 use codex_protocol::mcp::ResourceTemplate as McpResourceTemplate;
 use codex_protocol::mcp::Tool as McpTool;
 use codex_protocol::memory_citation::MemoryCitation as CoreMemoryCitation;
@@ -851,8 +848,6 @@ pub struct ConfigReadResponse {
 pub struct ConfigRequirements {
     #[experimental(nested)]
     pub allowed_approval_policies: Option<Vec<AskForApproval>>,
-    #[experimental("configRequirements/read.allowedApprovalsReviewers")]
-    pub allowed_approvals_reviewers: Option<Vec<ApprovalsReviewer>>,
     pub allowed_sandbox_modes: Option<Vec<SandboxMode>>,
     pub allowed_web_search_modes: Option<Vec<WebSearchMode>>,
     pub feature_requirements: Option<BTreeMap<String, bool>>,
@@ -885,7 +880,6 @@ pub struct NetworkRequirements {
     /// Legacy compatibility view derived from `unix_sockets`.
     pub allow_unix_sockets: Option<Vec<String>>,
     pub allow_local_binding: Option<bool>,
-    pub danger_full_access_denylist_only: Option<bool>,
 }
 
 #[derive(Serialize, Deserialize, Debug, Clone, Copy, PartialEq, Eq, JsonSchema, TS)]
@@ -1951,18 +1945,6 @@ pub struct ListMcpServerStatusParams {
     /// Optional page size; defaults to a server-defined value.
     #[ts(optional = nullable)]
     pub limit: Option<u32>,
-    /// Controls how much MCP inventory data to fetch for each server.
-    /// Defaults to `Full` when omitted.
-    #[ts(optional = nullable)]
-    pub detail: Option<McpServerStatusDetail>,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, Copy, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(rename_all = "camelCase", export_to = "v2/")]
-pub enum McpServerStatusDetail {
-    Full,
-    ToolsAndAuthOnly,
 }
 
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
@@ -1986,22 +1968,6 @@ pub struct ListMcpServerStatusResponse {
     pub next_cursor: Option<String>,
 }
 
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct McpResourceReadParams {
-    pub thread_id: String,
-    pub server: String,
-    pub uri: String,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct McpResourceReadResponse {
-    pub contents: Vec<McpResourceContent>,
-}
-
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Default, JsonSchema, TS)]
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
@@ -2603,22 +2569,10 @@ pub struct ThreadStartParams {
     pub config: Option<HashMap<String, JsonValue>>,
     #[ts(optional = nullable)]
     pub service_name: Option<String>,
-    #[serde(
-        default,
-        deserialize_with = "super::serde_helpers::deserialize_double_option",
-        serialize_with = "super::serde_helpers::serialize_double_option",
-        skip_serializing_if = "Option::is_none"
-    )]
     #[ts(optional = nullable)]
-    pub base_instructions: Option<Option<String>>,
-    #[serde(
-        default,
-        deserialize_with = "super::serde_helpers::deserialize_double_option",
-        serialize_with = "super::serde_helpers::serialize_double_option",
-        skip_serializing_if = "Option::is_none"
-    )]
+    pub base_instructions: Option<String>,
     #[ts(optional = nullable)]
-    pub developer_instructions: Option<Option<String>>,
+    pub developer_instructions: Option<String>,
     #[ts(optional = nullable)]
     pub personality: Option<Personality>,
     #[ts(optional = nullable)]
@@ -2733,22 +2687,10 @@ pub struct ThreadResumeParams {
     pub sandbox: Option<SandboxMode>,
     #[ts(optional = nullable)]
     pub config: Option<HashMap<String, serde_json::Value>>,
-    #[serde(
-        default,
-        deserialize_with = "super::serde_helpers::deserialize_double_option",
-        serialize_with = "super::serde_helpers::serialize_double_option",
-        skip_serializing_if = "Option::is_none"
-    )]
     #[ts(optional = nullable)]
-    pub base_instructions: Option<Option<String>>,
-    #[serde(
-        default,
-        deserialize_with = "super::serde_helpers::deserialize_double_option",
-        serialize_with = "super::serde_helpers::serialize_double_option",
-        skip_serializing_if = "Option::is_none"
-    )]
+    pub base_instructions: Option<String>,
     #[ts(optional = nullable)]
-    pub developer_instructions: Option<Option<String>>,
+    pub developer_instructions: Option<String>,
     #[ts(optional = nullable)]
     pub personality: Option<Personality>,
     /// If true, persist additional rollout EventMsg variants required to
@@ -2822,22 +2764,10 @@ pub struct ThreadForkParams {
     pub sandbox: Option<SandboxMode>,
     #[ts(optional = nullable)]
     pub config: Option<HashMap<String, serde_json::Value>>,
-    #[serde(
-        default,
-        deserialize_with = "super::serde_helpers::deserialize_double_option",
-        serialize_with = "super::serde_helpers::serialize_double_option",
-        skip_serializing_if = "Option::is_none"
-    )]
     #[ts(optional = nullable)]
-    pub base_instructions: Option<Option<String>>,
-    #[serde(
-        default,
-        deserialize_with = "super::serde_helpers::deserialize_double_option",
-        serialize_with = "super::serde_helpers::serialize_double_option",
-        skip_serializing_if = "Option::is_none"
-    )]
+    pub base_instructions: Option<String>,
     #[ts(optional = nullable)]
-    pub developer_instructions: Option<Option<String>>,
+    pub developer_instructions: Option<String>,
     #[serde(default, skip_serializing_if = "std::ops::Not::not")]
     pub ephemeral: bool,
     /// If true, persist additional rollout EventMsg variants required to
@@ -3642,8 +3572,6 @@ impl From<CoreSkillErrorInfo> for SkillErrorInfo {
 #[ts(export_to = "v2/")]
 pub struct Thread {
     pub id: String,
-    /// Source thread id when this thread was created by forking another thread.
-    pub forked_from_id: Option<String>,
     /// Usually the first user message in the thread, if available.
     pub preview: String,
     /// Whether the thread is ephemeral and should not be materialized on disk.
@@ -3759,15 +3687,6 @@ pub struct Turn {
     pub status: TurnStatus,
     /// Only populated when the Turn's status is failed.
     pub error: Option<TurnError>,
-    /// Unix timestamp (in seconds) when the turn started.
-    #[ts(type = "number | null")]
-    pub started_at: Option<i64>,
-    /// Unix timestamp (in seconds) when the turn completed.
-    #[ts(type = "number | null")]
-    pub completed_at: Option<i64>,
-    /// Duration between turn start and completion in milliseconds, if known.
-    #[ts(type = "number | null")]
-    pub duration_ms: Option<i64>,
 }
 
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
@@ -4526,237 +4445,14 @@ impl From<CoreGuardianRiskLevel> for GuardianRiskLevel {
 #[ts(export_to = "v2/")]
 pub struct GuardianApprovalReview {
     pub status: GuardianApprovalReviewStatus,
+    #[serde(alias = "risk_score")]
     #[ts(type = "number | null")]
     pub risk_score: Option<u8>,
+    #[serde(alias = "risk_level")]
     pub risk_level: Option<GuardianRiskLevel>,
     pub rationale: Option<String>,
 }
 
-#[derive(Serialize, Deserialize, Debug, Clone, Copy, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub enum GuardianCommandSource {
-    Shell,
-    UnifiedExec,
-}
-
-impl From<CoreGuardianCommandSource> for GuardianCommandSource {
-    fn from(value: CoreGuardianCommandSource) -> Self {
-        match value {
-            CoreGuardianCommandSource::Shell => Self::Shell,
-            CoreGuardianCommandSource::UnifiedExec => Self::UnifiedExec,
-        }
-    }
-}
-
-impl From<GuardianCommandSource> for CoreGuardianCommandSource {
-    fn from(value: GuardianCommandSource) -> Self {
-        match value {
-            GuardianCommandSource::Shell => Self::Shell,
-            GuardianCommandSource::UnifiedExec => Self::UnifiedExec,
-        }
-    }
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct GuardianCommandReviewAction {
-    pub source: GuardianCommandSource,
-    pub command: String,
-    pub cwd: PathBuf,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct GuardianExecveReviewAction {
-    pub source: GuardianCommandSource,
-    pub program: String,
-    pub argv: Vec<String>,
-    pub cwd: PathBuf,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct GuardianApplyPatchReviewAction {
-    pub cwd: PathBuf,
-    pub files: Vec<PathBuf>,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct GuardianNetworkAccessReviewAction {
-    pub target: String,
-    pub host: String,
-    pub protocol: NetworkApprovalProtocol,
-    pub port: u16,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct GuardianMcpToolCallReviewAction {
-    pub server: String,
-    pub tool_name: String,
-    pub connector_id: Option<String>,
-    pub connector_name: Option<String>,
-    pub tool_title: Option<String>,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(tag = "type", rename_all = "camelCase")]
-#[ts(tag = "type", rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub enum GuardianApprovalReviewAction {
-    #[serde(rename_all = "camelCase")]
-    #[ts(rename_all = "camelCase")]
-    Command {
-        source: GuardianCommandSource,
-        command: String,
-        cwd: PathBuf,
-    },
-    #[serde(rename_all = "camelCase")]
-    #[ts(rename_all = "camelCase")]
-    Execve {
-        source: GuardianCommandSource,
-        program: String,
-        argv: Vec<String>,
-        cwd: PathBuf,
-    },
-    #[serde(rename_all = "camelCase")]
-    #[ts(rename_all = "camelCase")]
-    ApplyPatch { cwd: PathBuf, files: Vec<PathBuf> },
-    #[serde(rename_all = "camelCase")]
-    #[ts(rename_all = "camelCase")]
-    NetworkAccess {
-        target: String,
-        host: String,
-        protocol: NetworkApprovalProtocol,
-        port: u16,
-    },
-    #[serde(rename_all = "camelCase")]
-    #[ts(rename_all = "camelCase")]
-    McpToolCall {
-        server: String,
-        tool_name: String,
-        connector_id: Option<String>,
-        connector_name: Option<String>,
-        tool_title: Option<String>,
-    },
-}
-
-impl From<CoreGuardianAssessmentAction> for GuardianApprovalReviewAction {
-    fn from(value: CoreGuardianAssessmentAction) -> Self {
-        match value {
-            CoreGuardianAssessmentAction::Command {
-                source,
-                command,
-                cwd,
-            } => Self::Command {
-                source: source.into(),
-                command,
-                cwd,
-            },
-            CoreGuardianAssessmentAction::Execve {
-                source,
-                program,
-                argv,
-                cwd,
-            } => Self::Execve {
-                source: source.into(),
-                program,
-                argv,
-                cwd,
-            },
-            CoreGuardianAssessmentAction::ApplyPatch { cwd, files } => {
-                Self::ApplyPatch { cwd, files }
-            }
-            CoreGuardianAssessmentAction::NetworkAccess {
-                target,
-                host,
-                protocol,
-                port,
-            } => Self::NetworkAccess {
-                target,
-                host,
-                protocol: protocol.into(),
-                port,
-            },
-            CoreGuardianAssessmentAction::McpToolCall {
-                server,
-                tool_name,
-                connector_id,
-                connector_name,
-                tool_title,
-            } => Self::McpToolCall {
-                server,
-                tool_name,
-                connector_id,
-                connector_name,
-                tool_title,
-            },
-        }
-    }
-}
-
-impl From<GuardianApprovalReviewAction> for CoreGuardianAssessmentAction {
-    fn from(value: GuardianApprovalReviewAction) -> Self {
-        match value {
-            GuardianApprovalReviewAction::Command {
-                source,
-                command,
-                cwd,
-            } => Self::Command {
-                source: source.into(),
-                command,
-                cwd,
-            },
-            GuardianApprovalReviewAction::Execve {
-                source,
-                program,
-                argv,
-                cwd,
-            } => Self::Execve {
-                source: source.into(),
-                program,
-                argv,
-                cwd,
-            },
-            GuardianApprovalReviewAction::ApplyPatch { cwd, files } => {
-                Self::ApplyPatch { cwd, files }
-            }
-            GuardianApprovalReviewAction::NetworkAccess {
-                target,
-                host,
-                protocol,
-                port,
-            } => Self::NetworkAccess {
-                target,
-                host,
-                protocol: protocol.to_core(),
-                port,
-            },
-            GuardianApprovalReviewAction::McpToolCall {
-                server,
-                tool_name,
-                connector_id,
-                connector_name,
-                tool_title,
-            } => Self::McpToolCall {
-                server,
-                tool_name,
-                connector_id,
-                connector_name,
-                tool_title,
-            },
-        }
-    }
-}
-
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
 #[serde(tag = "type", rename_all = "camelCase")]
 #[ts(tag = "type", rename_all = "camelCase")]
@@ -5237,7 +4933,7 @@ pub struct ItemGuardianApprovalReviewStartedNotification {
     pub turn_id: String,
     pub target_item_id: String,
     pub review: GuardianApprovalReview,
-    pub action: GuardianApprovalReviewAction,
+    pub action: Option<JsonValue>,
 }
 
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
@@ -5254,7 +4950,7 @@ pub struct ItemGuardianApprovalReviewCompletedNotification {
     pub turn_id: String,
     pub target_item_id: String,
     pub review: GuardianApprovalReview,
-    pub action: GuardianApprovalReviewAction,
+    pub action: Option<JsonValue>,
 }
 
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
@@ -7392,7 +7088,6 @@ mod tests {
                     request_permissions: false,
                     mcp_elicitations: false,
                 }]),
-                allowed_approvals_reviewers: None,
                 allowed_sandbox_modes: None,
                 allowed_web_search_modes: None,
                 feature_requirements: None,
@@ -7792,6 +7487,26 @@ mod tests {
         );
     }
 
+    #[test]
+    fn automatic_approval_review_deserializes_legacy_snake_case_risk_fields() {
+        let review: GuardianApprovalReview = serde_json::from_value(json!({
+            "status": "denied",
+            "risk_score": 91,
+            "risk_level": "high",
+            "rationale": "too risky"
+        }))
+        .expect("legacy snake_case automatic review should deserialize");
+        assert_eq!(
+            review,
+            GuardianApprovalReview {
+                status: GuardianApprovalReviewStatus::Denied,
+                risk_score: Some(91),
+                risk_level: Some(GuardianRiskLevel::High),
+                rationale: Some("too risky".to_string()),
+            }
+        );
+    }
+
     #[test]
     fn automatic_approval_review_deserializes_aborted_status() {
         let review: GuardianApprovalReview = serde_json::from_value(json!({
@@ -7812,31 +7527,6 @@ mod tests {
         );
     }
 
-    #[test]
-    fn guardian_approval_review_action_round_trips_command_shape() {
-        let value = json!({
-            "type": "command",
-            "source": "shell",
-            "command": "rm -rf /tmp/example.sqlite",
-            "cwd": "/tmp",
-        });
-        let action: GuardianApprovalReviewAction =
-            serde_json::from_value(value.clone()).expect("guardian review action");
-
-        assert_eq!(
-            action,
-            GuardianApprovalReviewAction::Command {
-                source: GuardianCommandSource::Shell,
-                command: "rm -rf /tmp/example.sqlite".to_string(),
-                cwd: "/tmp".into(),
-            }
-        );
-        assert_eq!(
-            serde_json::to_value(&action).expect("serialize guardian review action"),
-            value
-        );
-    }
-
     #[test]
     fn network_requirements_deserializes_legacy_fields() {
         let requirements: NetworkRequirements = serde_json::from_value(json!({
@@ -7857,7 +7547,6 @@ mod tests {
                 dangerously_allow_all_unix_sockets: None,
                 domains: None,
                 managed_allowed_domains_only: None,
-                danger_full_access_denylist_only: None,
                 allowed_domains: Some(vec!["api.openai.com".to_string()]),
                 denied_domains: Some(vec!["blocked.example.com".to_string()]),
                 unix_sockets: None,
@@ -7884,7 +7573,6 @@ mod tests {
                 ),
             ])),
             managed_allowed_domains_only: Some(true),
-            danger_full_access_denylist_only: Some(true),
             allowed_domains: Some(vec!["api.openai.com".to_string()]),
             denied_domains: Some(vec!["blocked.example.com".to_string()]),
             unix_sockets: Some(BTreeMap::from([
@@ -7915,7 +7603,6 @@ mod tests {
                     "blocked.example.com": "deny"
                 },
                 "managedAllowedDomainsOnly": true,
-                "dangerFullAccessDenylistOnly": true,
                 "allowedDomains": ["api.openai.com"],
                 "deniedDomains": ["blocked.example.com"],
                 "unixSockets": {
@@ -8361,35 +8048,6 @@ mod tests {
         assert_eq!(serialized_without_override.get("serviceTier"), None);
     }
 
-    #[test]
-    fn thread_start_params_preserve_explicit_null_instructions() {
-        let params: ThreadStartParams = serde_json::from_value(json!({
-            "baseInstructions": null,
-            "developerInstructions": null,
-        }))
-        .expect("params should deserialize");
-        assert_eq!(params.base_instructions, Some(None));
-        assert_eq!(params.developer_instructions, Some(None));
-
-        let serialized = serde_json::to_value(&params).expect("params should serialize");
-        assert_eq!(
-            serialized.get("baseInstructions"),
-            Some(&serde_json::Value::Null)
-        );
-        assert_eq!(
-            serialized.get("developerInstructions"),
-            Some(&serde_json::Value::Null)
-        );
-
-        let serialized_without_override =
-            serde_json::to_value(ThreadStartParams::default()).expect("params should serialize");
-        assert_eq!(serialized_without_override.get("baseInstructions"), None);
-        assert_eq!(
-            serialized_without_override.get("developerInstructions"),
-            None
-        );
-    }
-
     #[test]
     fn turn_start_params_preserve_explicit_null_service_tier() {
         let params: TurnStartParams = serde_json::from_value(json!({

codex-rs/app-server/BUILD.bazel

@@ -3,6 +3,5 @@ load("//:defs.bzl", "codex_rust_crate")
 codex_rust_crate(
     name = "app-server",
     crate_name = "codex_app_server",
-    integration_test_timeout = "long",
     test_tags = ["no-sandbox"],
 )

codex-rs/app-server/Cargo.toml

@@ -29,10 +29,8 @@ axum = { workspace = true, default-features = false, features = [
     "tokio",
     "ws",
 ] }
-codex-analytics = { workspace = true }
 codex-arg0 = { workspace = true }
 codex-cloud-requirements = { workspace = true }
-codex-config = { workspace = true }
 codex-core = { workspace = true }
 codex-exec-server = { workspace = true }
 codex-features = { workspace = true }
@@ -45,24 +43,19 @@ codex-backend-client = { workspace = true }
 codex-file-search = { workspace = true }
 codex-chatgpt = { workspace = true }
 codex-login = { workspace = true }
-codex-mcp = { workspace = true }
-codex-models-manager = { workspace = true }
 codex-protocol = { workspace = true }
 codex-app-server-protocol = { workspace = true }
 codex-feedback = { workspace = true }
 codex-rmcp-client = { workspace = true }
-codex-rollout = { workspace = true }
 codex-sandboxing = { workspace = true }
 codex-state = { workspace = true }
 codex-tools = { workspace = true }
 codex-utils-absolute-path = { workspace = true }
 codex-utils-json-to-toml = { workspace = true }
-codex-utils-rustls-provider = { workspace = true }
 chrono = { workspace = true }
 clap = { workspace = true, features = ["derive"] }
 constant_time_eq = { workspace = true }
 futures = { workspace = true }
-gethostname = { workspace = true }
 hmac = { workspace = true }
 jsonwebtoken = { workspace = true }
 owo-colors = { workspace = true, features = ["supports-colors"] }
@@ -83,7 +76,6 @@ tokio-util = { workspace = true }
 tokio-tungstenite = { workspace = true }
 tracing = { workspace = true, features = ["log"] }
 tracing-subscriber = { workspace = true, features = ["env-filter", "fmt", "json"] }
-url = { workspace = true }
 uuid = { workspace = true, features = ["serde", "v7"] }
 
 [dev-dependencies]

codex-rs/app-server/README.md

@@ -25,7 +25,6 @@ Supported transports:
 
 - stdio (`--listen stdio://`, default): newline-delimited JSON (JSONL)
 - websocket (`--listen ws://IP:PORT`): one JSON-RPC message per websocket text frame (**experimental / unsupported**)
-- off (`--listen off`): do not expose a local transport
 
 When running with `--listen ws://IP:PORT`, the same listener also serves basic HTTP health probes:
 
@@ -133,9 +132,9 @@ Example with notification opt-out:
 
 ## API Overview
 
-- `thread/start` — create a new thread; emits `thread/started` (including the current `thread.status`) and auto-subscribes you to turn/item events for that thread. When the request includes a `cwd` and the resolved sandbox is `workspace-write` or full access, app-server also marks that project as trusted in the user `config.toml`.
+- `thread/start` — create a new thread; emits `thread/started` (including the current `thread.status`) and auto-subscribes you to turn/item events for that thread.
 - `thread/resume` — reopen an existing thread by id so subsequent `turn/start` calls append to it.
-- `thread/fork` — fork an existing thread into a new thread id by copying the stored history; if the source thread is currently mid-turn, the fork records the same interruption marker as `turn/interrupt` instead of inheriting an unmarked partial turn suffix. The returned `thread.forkedFromId` points at the source thread when known. Accepts `ephemeral: true` for an in-memory temporary fork, emits `thread/started` (including the current `thread.status`), and auto-subscribes you to turn/item events for the new thread.
+- `thread/fork` — fork an existing thread into a new thread id by copying the stored history; if the source thread is currently mid-turn, the fork records the same interruption marker as `turn/interrupt` instead of inheriting an unmarked partial turn suffix. Accepts `ephemeral: true` for an in-memory temporary fork, emits `thread/started` (including the current `thread.status`), and auto-subscribes you to turn/item events for the new thread.
 - `thread/list` — page through stored rollouts; supports cursor-based pagination and optional `modelProviders`, `sourceKinds`, `archived`, `cwd`, and `searchTerm` filters. Each returned `thread` includes `status` (`ThreadStatus`), defaulting to `notLoaded` when the thread is not currently loaded.
 - `thread/loaded/list` — list the thread ids currently loaded in memory.
 - `thread/read` — read a stored thread by id without resuming it; optionally include turns via `includeTurns`. The returned `thread` includes `status` (`ThreadStatus`), defaulting to `notLoaded` when the thread is not currently loaded.
@@ -187,8 +186,7 @@ Example with notification opt-out:
 - `mcpServer/oauth/login` — start an OAuth login for a configured MCP server; returns an `authorization_url` and later emits `mcpServer/oauthLogin/completed` once the browser flow finishes.
 - `tool/requestUserInput` — prompt the user with 1–3 short questions for a tool call and return their answers (experimental).
 - `config/mcpServer/reload` — reload MCP server config from disk and queue a refresh for loaded threads (applied on each thread's next active turn); returns `{}`. Use this after editing `config.toml` without restarting the server.
-- `mcpServerStatus/list` — enumerate configured MCP servers with their tools and auth status, plus resources/resource templates for `full` detail; supports cursor+limit pagination. If `detail` is omitted, the server defaults to `full`.
-- `mcpServer/resource/read` — read a resource from a thread's configured MCP server by `threadId`, `server`, and `uri`, returning text/blob resource `contents`.
+- `mcpServerStatus/list` — enumerate configured MCP servers with their tools, resources, resource templates, and auth status; supports cursor+limit pagination.
 - `windowsSandbox/setupStart` — start Windows sandbox setup for the selected mode (`elevated` or `unelevated`); accepts an optional absolute `cwd` to target setup for a specific workspace, returns `{ started: true }` immediately, and later emits `windowsSandbox/setupCompleted`.
 - `feedback/upload` — submit a feedback report (classification + optional reason/logs, conversation_id, and optional `extraLogFiles` attachments array); returns the tracking thread id.
 - `config/read` — fetch the effective config on disk after resolving config layering.
@@ -196,7 +194,7 @@ Example with notification opt-out:
 - `externalAgentConfig/import` — apply selected external-agent migration items by passing explicit `migrationItems` with `cwd` (`null` for home).
 - `config/value/write` — write a single config key/value to the user's config.toml on disk.
 - `config/batchWrite` — apply multiple config edits atomically to the user's config.toml on disk, with optional `reloadUserConfig: true` to hot-reload loaded threads.
-- `configRequirements/read` — fetch loaded requirements constraints from `requirements.toml` and/or MDM (or `null` if none are configured), including allow-lists (`allowedApprovalPolicies`, `allowedSandboxModes`, `allowedWebSearchModes`), pinned feature values (`featureRequirements`), `enforceResidency`, and `network` constraints such as canonical domain/socket permissions plus `managedAllowedDomainsOnly` and `dangerFullAccessDenylistOnly`.
+- `configRequirements/read` — fetch loaded requirements constraints from `requirements.toml` and/or MDM (or `null` if none are configured), including allow-lists (`allowedApprovalPolicies`, `allowedSandboxModes`, `allowedWebSearchModes`), pinned feature values (`featureRequirements`), `enforceResidency`, and `network` constraints such as canonical domain/socket permissions plus `managedAllowedDomainsOnly`.
 
 ### Example: Start or resume a thread
 
@@ -275,7 +273,7 @@ Experimental API: `thread/start`, `thread/resume`, and `thread/fork` accept `per
 - `modelProviders` — restrict results to specific providers; unset, null, or an empty array will include all providers.
 - `sourceKinds` — restrict results to specific sources; omit or pass `[]` for interactive sessions only (`cli`, `vscode`).
 - `archived` — when `true`, list archived threads only. When `false` or `null`, list non-archived threads (default).
-- `cwd` — restrict results to threads whose session cwd exactly matches this path. Relative paths are resolved against the app-server process cwd before matching.
+- `cwd` — restrict results to threads whose session cwd exactly matches this path.
 - `searchTerm` — restrict results to threads whose extracted title contains this substring (case-sensitive).
 - Responses include `agentNickname` and `agentRole` for AgentControl-spawned thread sub-agents when available.
 
@@ -915,10 +913,10 @@ All items emit shared lifecycle events:
 
 - `item/started` — emits the full `item` when a new unit of work begins so the UI can render it immediately; the `item.id` in this payload matches the `itemId` used by deltas.
 - `item/completed` — sends the final `item` once that work itself finishes (for example, after a tool call or message completes); treat this as the authoritative execution/result state.
-- `item/autoApprovalReview/started` — [UNSTABLE] temporary guardian notification carrying `{threadId, turnId, targetItemId, review, action}` when guardian approval review begins. This shape is expected to change soon.
-- `item/autoApprovalReview/completed` — [UNSTABLE] temporary guardian notification carrying `{threadId, turnId, targetItemId, review, action}` when guardian approval review resolves. This shape is expected to change soon.
+- `item/autoApprovalReview/started` — [UNSTABLE] temporary guardian notification carrying `{threadId, turnId, targetItemId, review, action?}` when guardian approval review begins. This shape is expected to change soon.
+- `item/autoApprovalReview/completed` — [UNSTABLE] temporary guardian notification carrying `{threadId, turnId, targetItemId, review, action?}` when guardian approval review resolves. This shape is expected to change soon.
 
-`review` is [UNSTABLE] and currently has `{status, riskScore?, riskLevel?, rationale?}`, where `status` is one of `inProgress`, `approved`, `denied`, or `aborted`. `action` is a tagged union with `type: "command" | "execve" | "applyPatch" | "networkAccess" | "mcpToolCall"`. Command-like actions include a `source` discriminator (`"shell"` or `"unifiedExec"`). These notifications are separate from the target item's own `item/completed` lifecycle and are intentionally temporary while the guardian app protocol is still being designed.
+`review` is [UNSTABLE] and currently has `{status, riskScore?, riskLevel?, rationale?}`, where `status` is one of `inProgress`, `approved`, `denied`, or `aborted`. `action` is the guardian action summary payload from core when available and is intended to support temporary standalone pending-review UI. These notifications are separate from the target item's own `item/completed` lifecycle and are intentionally temporary while the guardian app protocol is still being designed.
 
 There are additional item-specific events:
 

codex-rs/app-server/src/app_server_tracing.rs

@@ -86,7 +86,6 @@ fn transport_name(transport: AppServerTransport) -> &'static str {
     match transport {
         AppServerTransport::Stdio => "stdio",
         AppServerTransport::WebSocket { .. } => "websocket",
-        AppServerTransport::Off => "off",
     }
 }
 

codex-rs/app-server/src/codex_message_processor.rs

@@ -20,7 +20,6 @@ use crate::thread_status::resolve_thread_status;
 use chrono::DateTime;
 use chrono::SecondsFormat;
 use chrono::Utc;
-use codex_analytics::AnalyticsEventsClient;
 use codex_app_server_protocol::Account;
 use codex_app_server_protocol::AccountLoginCompletedNotification;
 use codex_app_server_protocol::AccountUpdatedNotification;
@@ -29,12 +28,10 @@ use codex_app_server_protocol::AppsListParams;
 use codex_app_server_protocol::AppsListResponse;
 use codex_app_server_protocol::AskForApproval;
 use codex_app_server_protocol::AuthMode;
-use codex_app_server_protocol::AuthMode as CoreAuthMode;
 use codex_app_server_protocol::CancelLoginAccountParams;
 use codex_app_server_protocol::CancelLoginAccountResponse;
 use codex_app_server_protocol::CancelLoginAccountStatus;
 use codex_app_server_protocol::ClientRequest;
-use codex_app_server_protocol::ClientResponse;
 use codex_app_server_protocol::CodexErrorInfo as AppServerCodexErrorInfo;
 use codex_app_server_protocol::CollaborationModeListParams;
 use codex_app_server_protocol::CollaborationModeListResponse;
@@ -76,14 +73,11 @@ use codex_app_server_protocol::LoginAccountResponse;
 use codex_app_server_protocol::LoginApiKeyParams;
 use codex_app_server_protocol::LogoutAccountResponse;
 use codex_app_server_protocol::MarketplaceInterface;
-use codex_app_server_protocol::McpResourceReadParams;
-use codex_app_server_protocol::McpResourceReadResponse;
 use codex_app_server_protocol::McpServerOauthLoginCompletedNotification;
 use codex_app_server_protocol::McpServerOauthLoginParams;
 use codex_app_server_protocol::McpServerOauthLoginResponse;
 use codex_app_server_protocol::McpServerRefreshResponse;
 use codex_app_server_protocol::McpServerStatus;
-use codex_app_server_protocol::McpServerStatusDetail;
 use codex_app_server_protocol::MockExperimentalMethodParams;
 use codex_app_server_protocol::MockExperimentalMethodResponse;
 use codex_app_server_protocol::ModelListParams;
@@ -185,7 +179,8 @@ use codex_arg0::Arg0DispatchPaths;
 use codex_backend_client::Client as BackendClient;
 use codex_chatgpt::connectors;
 use codex_cloud_requirements::cloud_requirements_loader;
-use codex_config::types::McpServerTransportConfig;
+use codex_core::AuthManager;
+use codex_core::CodexAuth;
 use codex_core::CodexThread;
 use codex_core::Cursor as RolloutCursor;
 use codex_core::ForkSnapshot;
@@ -196,16 +191,23 @@ use codex_core::SteerInputError;
 use codex_core::ThreadConfigSnapshot;
 use codex_core::ThreadManager;
 use codex_core::ThreadSortKey as CoreThreadSortKey;
+use codex_core::auth::AuthMode as CoreAuthMode;
+use codex_core::auth::CLIENT_ID;
+use codex_core::auth::login_with_api_key;
 use codex_core::config::Config;
 use codex_core::config::ConfigOverrides;
 use codex_core::config::NetworkProxyAuditMetadata;
 use codex_core::config::edit::ConfigEdit;
 use codex_core::config::edit::ConfigEditsBuilder;
+use codex_core::config::types::McpServerTransportConfig;
 use codex_core::config_loader::CloudRequirementsLoadError;
 use codex_core::config_loader::CloudRequirementsLoadErrorCode;
 use codex_core::config_loader::CloudRequirementsLoader;
 use codex_core::config_loader::LoaderOverrides;
 use codex_core::config_loader::load_config_layers_state;
+use codex_core::default_client::set_default_client_residency_requirement;
+use codex_core::error::CodexErr;
+use codex_core::error::Result as CodexResult;
 use codex_core::exec::ExecCapturePolicy;
 use codex_core::exec::ExecExpiration;
 use codex_core::exec::ExecParams;
@@ -214,6 +216,11 @@ use codex_core::find_archived_thread_path_by_id_str;
 use codex_core::find_thread_name_by_id;
 use codex_core::find_thread_names_by_ids;
 use codex_core::find_thread_path_by_id_str;
+use codex_core::mcp::auth::discover_supported_scopes;
+use codex_core::mcp::auth::resolve_oauth_scopes;
+use codex_core::mcp::collect_mcp_snapshot;
+use codex_core::mcp::group_tools_by_server;
+use codex_core::models_manager::collaboration_mode_presets::CollaborationModesConfig;
 use codex_core::parse_cursor;
 use codex_core::plugins::MarketplaceError;
 use codex_core::plugins::MarketplacePluginSource;
@@ -228,6 +235,9 @@ use codex_core::read_head_for_summary;
 use codex_core::read_session_meta_line;
 use codex_core::rollout_date_parts;
 use codex_core::sandboxing::SandboxPermissions;
+use codex_core::state_db::StateDbHandle;
+use codex_core::state_db::get_state_db;
+use codex_core::state_db::reconcile_rollout;
 use codex_core::windows_sandbox::WindowsSandboxLevelExt;
 use codex_core::windows_sandbox::WindowsSandboxSetupMode as CoreWindowsSandboxSetupMode;
 use codex_core::windows_sandbox::WindowsSandboxSetupRequest;
@@ -236,34 +246,18 @@ use codex_features::Feature;
 use codex_features::Stage;
 use codex_feedback::CodexFeedback;
 use codex_git_utils::git_diff_to_remote;
-use codex_git_utils::resolve_root_git_project_for_trust;
-use codex_login::AuthManager;
-use codex_login::CLIENT_ID;
-use codex_login::CodexAuth;
 use codex_login::ServerOptions as LoginServerOptions;
 use codex_login::ShutdownHandle;
 use codex_login::auth::login_with_chatgpt_auth_tokens;
 use codex_login::complete_device_code_login;
-use codex_login::default_client::set_default_client_residency_requirement;
-use codex_login::login_with_api_key;
 use codex_login::request_device_code;
 use codex_login::run_login_server;
-use codex_mcp::mcp::McpSnapshotDetail;
-use codex_mcp::mcp::auth::discover_supported_scopes;
-use codex_mcp::mcp::auth::resolve_oauth_scopes;
-use codex_mcp::mcp::collect_mcp_snapshot_with_detail;
-use codex_mcp::mcp::effective_mcp_servers;
-use codex_mcp::mcp::qualified_mcp_tool_name_prefix;
-use codex_models_manager::collaboration_mode_presets::CollaborationModesConfig;
 use codex_protocol::ThreadId;
 use codex_protocol::config_types::CollaborationMode;
 use codex_protocol::config_types::ForcedLoginMethod;
 use codex_protocol::config_types::Personality;
-use codex_protocol::config_types::TrustLevel;
 use codex_protocol::config_types::WindowsSandboxLevel;
 use codex_protocol::dynamic_tools::DynamicToolSpec as CoreDynamicToolSpec;
-use codex_protocol::error::CodexErr;
-use codex_protocol::error::Result as CodexResult;
 use codex_protocol::items::TurnItem;
 use codex_protocol::models::ResponseItem;
 use codex_protocol::protocol::AgentStatus;
@@ -288,9 +282,6 @@ use codex_protocol::protocol::W3cTraceContext;
 use codex_protocol::user_input::MAX_USER_INPUT_TEXT_CHARS;
 use codex_protocol::user_input::UserInput as CoreInputItem;
 use codex_rmcp_client::perform_oauth_login_return_url;
-use codex_rollout::state_db::StateDbHandle;
-use codex_rollout::state_db::get_state_db;
-use codex_rollout::state_db::reconcile_rollout;
 use codex_state::StateRuntime;
 use codex_state::ThreadMetadata;
 use codex_state::ThreadMetadataBuilder;
@@ -412,7 +403,6 @@ pub(crate) struct CodexMessageProcessor {
     auth_manager: Arc<AuthManager>,
     thread_manager: Arc<ThreadManager>,
     outgoing: Arc<OutgoingMessageSender>,
-    analytics_events_client: AnalyticsEventsClient,
     arg0_paths: Arg0DispatchPaths,
     config: Arc<Config>,
     cli_overrides: Arc<RwLock<Vec<(String, TomlValue)>>>,
@@ -443,8 +433,6 @@ struct ListenerTaskContext {
     thread_manager: Arc<ThreadManager>,
     thread_state_manager: ThreadStateManager,
     outgoing: Arc<OutgoingMessageSender>,
-    analytics_events_client: AnalyticsEventsClient,
-    general_analytics_enabled: bool,
     thread_watch_manager: ThreadWatchManager,
     fallback_model_provider: String,
     codex_home: PathBuf,
@@ -467,7 +455,6 @@ pub(crate) struct CodexMessageProcessorArgs {
     pub(crate) auth_manager: Arc<AuthManager>,
     pub(crate) thread_manager: Arc<ThreadManager>,
     pub(crate) outgoing: Arc<OutgoingMessageSender>,
-    pub(crate) analytics_events_client: AnalyticsEventsClient,
     pub(crate) arg0_paths: Arg0DispatchPaths,
     pub(crate) config: Arc<Config>,
     pub(crate) cli_overrides: Arc<RwLock<Vec<(String, TomlValue)>>>,
@@ -478,15 +465,24 @@ pub(crate) struct CodexMessageProcessorArgs {
 }
 
 impl CodexMessageProcessor {
-    pub(crate) fn handle_config_mutation(&self) {
-        self.clear_plugin_related_caches();
-    }
-
-    fn clear_plugin_related_caches(&self) {
+    pub(crate) fn clear_plugin_related_caches(&self) {
         self.thread_manager.plugins_manager().clear_cache();
         self.thread_manager.skills_manager().clear_cache();
     }
 
+    pub(crate) async fn maybe_start_plugin_startup_tasks_for_latest_config(&self) {
+        match self.load_latest_config(/*fallback_cwd*/ None).await {
+            Ok(config) => self
+                .thread_manager
+                .plugins_manager()
+                .maybe_start_plugin_startup_tasks_for_config(
+                    &config,
+                    self.thread_manager.auth_manager(),
+                ),
+            Err(err) => warn!("failed to load latest config for plugin startup tasks: {err:?}"),
+        }
+    }
+
     fn current_account_updated_notification(&self) -> AccountUpdatedNotification {
         let auth = self.auth_manager.auth_cached();
         AccountUpdatedNotification {
@@ -523,7 +519,6 @@ impl CodexMessageProcessor {
             auth_manager,
             thread_manager,
             outgoing,
-            analytics_events_client,
             arg0_paths,
             config,
             cli_overrides,
@@ -536,7 +531,6 @@ impl CodexMessageProcessor {
             auth_manager,
             thread_manager,
             outgoing: outgoing.clone(),
-            analytics_events_client,
             arg0_paths,
             config,
             cli_overrides,
@@ -686,7 +680,6 @@ impl CodexMessageProcessor {
         connection_id: ConnectionId,
         request: ClientRequest,
         app_server_client_name: Option<String>,
-        app_server_client_version: Option<String>,
         request_context: RequestContext,
     ) {
         let to_connection_request_id = |request_id| ConnectionRequestId {
@@ -703,8 +696,6 @@ impl CodexMessageProcessor {
                 self.thread_start(
                     to_connection_request_id(request_id),
                     params,
-                    app_server_client_name.clone(),
-                    app_server_client_version.clone(),
                     request_context,
                 )
                 .await;
@@ -809,7 +800,6 @@ impl CodexMessageProcessor {
                     to_connection_request_id(request_id),
                     params,
                     app_server_client_name.clone(),
-                    app_server_client_version.clone(),
                 )
                 .await;
             }
@@ -884,10 +874,6 @@ impl CodexMessageProcessor {
                 self.list_mcp_server_status(to_connection_request_id(request_id), params)
                     .await;
             }
-            ClientRequest::McpResourceRead { request_id, params } => {
-                self.read_mcp_resource(to_connection_request_id(request_id), params)
-                    .await;
-            }
             ClientRequest::WindowsSandboxSetupStart { request_id, params } => {
                 self.windows_sandbox_setup_start(to_connection_request_id(request_id), params)
                     .await;
@@ -1029,7 +1015,7 @@ impl CodexMessageProcessor {
         &mut self,
         params: &LoginApiKeyParams,
     ) -> std::result::Result<(), JSONRPCErrorError> {
-        if self.auth_manager.is_external_chatgpt_auth_active() {
+        if self.auth_manager.is_external_auth_active() {
             return Err(self.external_auth_active_error());
         }
 
@@ -1108,7 +1094,7 @@ impl CodexMessageProcessor {
     ) -> std::result::Result<LoginServerOptions, JSONRPCErrorError> {
         let config = self.config.as_ref();
 
-        if self.auth_manager.is_external_chatgpt_auth_active() {
+        if self.auth_manager.is_external_auth_active() {
             return Err(self.external_auth_active_error());
         }
 
@@ -1545,7 +1531,7 @@ impl CodexMessageProcessor {
     }
 
     async fn refresh_token_if_requested(&self, do_refresh: bool) -> RefreshTokenRequestOutcome {
-        if self.auth_manager.is_external_chatgpt_auth_active() {
+        if self.auth_manager.is_external_auth_active() {
             return RefreshTokenRequestOutcome::NotAttemptedOrSucceeded;
         }
         if do_refresh && let Err(err) = self.auth_manager.refresh_token().await {
@@ -2060,8 +2046,6 @@ impl CodexMessageProcessor {
         &self,
         request_id: ConnectionRequestId,
         params: ThreadStartParams,
-        app_server_client_name: Option<String>,
-        app_server_client_version: Option<String>,
         request_context: RequestContext,
     ) {
         let ThreadStartParams {
@@ -2102,8 +2086,6 @@ impl CodexMessageProcessor {
             thread_manager: Arc::clone(&self.thread_manager),
             thread_state_manager: self.thread_state_manager.clone(),
             outgoing: Arc::clone(&self.outgoing),
-            analytics_events_client: self.analytics_events_client.clone(),
-            general_analytics_enabled: self.config.features.enabled(Feature::GeneralAnalytics),
             thread_watch_manager: self.thread_watch_manager.clone(),
             fallback_model_provider: self.config.model_provider_id.clone(),
             codex_home: self.config.codex_home.clone(),
@@ -2117,8 +2099,6 @@ impl CodexMessageProcessor {
                 runtime_feature_enablement,
                 cloud_requirements,
                 request_id,
-                app_server_client_name,
-                app_server_client_version,
                 config,
                 typesafe_overrides,
                 dynamic_tools,
@@ -2192,8 +2172,6 @@ impl CodexMessageProcessor {
         runtime_feature_enablement: BTreeMap<String, bool>,
         cloud_requirements: CloudRequirementsLoader,
         request_id: ConnectionRequestId,
-        app_server_client_name: Option<String>,
-        app_server_client_version: Option<String>,
         config_overrides: Option<HashMap<String, serde_json::Value>>,
         typesafe_overrides: ConfigOverrides,
         dynamic_tools: Option<Vec<ApiDynamicToolSpec>>,
@@ -2202,11 +2180,10 @@ impl CodexMessageProcessor {
         experimental_raw_events: bool,
         request_trace: Option<W3cTraceContext>,
     ) {
-        let requested_cwd = typesafe_overrides.cwd.clone();
-        let mut config = match derive_config_from_params(
+        let config = match derive_config_from_params(
             &cli_overrides,
-            config_overrides.clone(),
-            typesafe_overrides.clone(),
+            config_overrides,
+            typesafe_overrides,
             &cloud_requirements,
             &listener_task_context.codex_home,
             &runtime_feature_enablement,
@@ -2224,70 +2201,6 @@ impl CodexMessageProcessor {
             }
         };
 
-        // The user may have requested WorkspaceWrite or DangerFullAccess via
-        // the command line, though in the process of deriving the Config, it
-        // could be downgraded to ReadOnly (perhaps there is no sandbox
-        // available on Windows or the enterprise config disallows it). The cwd
-        // should still be considered "trusted" in this case.
-        let requested_sandbox_trusts_project = matches!(
-            typesafe_overrides.sandbox_mode,
-            Some(
-                codex_protocol::config_types::SandboxMode::WorkspaceWrite
-                    | codex_protocol::config_types::SandboxMode::DangerFullAccess
-            )
-        );
-
-        if requested_cwd.is_some()
-            && !config.active_project.is_trusted()
-            && (requested_sandbox_trusts_project
-                || matches!(
-                    config.permissions.sandbox_policy.get(),
-                    codex_protocol::protocol::SandboxPolicy::WorkspaceWrite { .. }
-                        | codex_protocol::protocol::SandboxPolicy::DangerFullAccess
-                        | codex_protocol::protocol::SandboxPolicy::ExternalSandbox { .. }
-                ))
-        {
-            let trust_target = resolve_root_git_project_for_trust(config.cwd.as_path())
-                .unwrap_or_else(|| config.cwd.to_path_buf());
-            if let Err(err) = codex_core::config::set_project_trust_level(
-                &listener_task_context.codex_home,
-                trust_target.as_path(),
-                TrustLevel::Trusted,
-            ) {
-                let error = JSONRPCErrorError {
-                    code: INTERNAL_ERROR_CODE,
-                    message: format!("failed to persist trusted project state: {err}"),
-                    data: None,
-                };
-                listener_task_context
-                    .outgoing
-                    .send_error(request_id, error)
-                    .await;
-                return;
-            }
-
-            config = match derive_config_from_params(
-                &cli_overrides,
-                config_overrides,
-                typesafe_overrides,
-                &cloud_requirements,
-                &listener_task_context.codex_home,
-                &runtime_feature_enablement,
-            )
-            .await
-            {
-                Ok(config) => config,
-                Err(err) => {
-                    let error = config_load_error(&err);
-                    listener_task_context
-                        .outgoing
-                        .send_error(request_id, error)
-                        .await;
-                    return;
-                }
-            };
-        }
-
         let dynamic_tools = dynamic_tools.unwrap_or_default();
         let core_dynamic_tools = if dynamic_tools.is_empty() {
             Vec::new()
@@ -2340,19 +2253,6 @@ impl CodexMessageProcessor {
                     session_configured,
                     ..
                 } = new_conv;
-                if let Err(error) = Self::set_app_server_client_info(
-                    thread.as_ref(),
-                    app_server_client_name,
-                    app_server_client_version,
-                )
-                .await
-                {
-                    listener_task_context
-                        .outgoing
-                        .send_error(request_id, error)
-                        .await;
-                    return;
-                }
                 let config_snapshot = thread
                     .config_snapshot()
                     .instrument(tracing::info_span!(
@@ -2418,17 +2318,6 @@ impl CodexMessageProcessor {
                     sandbox: config_snapshot.sandbox_policy.into(),
                     reasoning_effort: config_snapshot.reasoning_effort,
                 };
-                if listener_task_context.general_analytics_enabled {
-                    listener_task_context
-                        .analytics_events_client
-                        .track_response(
-                            request_id.connection_id.0,
-                            ClientResponse::ThreadStart {
-                                request_id: request_id.request_id.clone(),
-                                response: response.clone(),
-                            },
-                        );
-                }
 
                 listener_task_context
                     .outgoing
@@ -2473,8 +2362,8 @@ impl CodexMessageProcessor {
         approval_policy: Option<codex_app_server_protocol::AskForApproval>,
         approvals_reviewer: Option<codex_app_server_protocol::ApprovalsReviewer>,
         sandbox: Option<SandboxMode>,
-        base_instructions: Option<Option<String>>,
-        developer_instructions: Option<Option<String>>,
+        base_instructions: Option<String>,
+        developer_instructions: Option<String>,
         personality: Option<Personality>,
     ) -> ConfigOverrides {
         ConfigOverrides {
@@ -3386,13 +3275,6 @@ impl CodexMessageProcessor {
             cwd,
             search_term,
         } = params;
-        let cwd = match normalize_thread_list_cwd_filter(cwd) {
-            Ok(cwd) => cwd,
-            Err(error) => {
-                self.outgoing.send_error(request_id, error).await;
-                return;
-            }
-        };
 
         let requested_page_size = limit
             .map(|value| value as usize)
@@ -3411,7 +3293,7 @@ impl CodexMessageProcessor {
                     model_providers,
                     source_kinds,
                     archived: archived.unwrap_or(false),
-                    cwd,
+                    cwd: cwd.map(PathBuf::from),
                     search_term,
                 },
             )
@@ -3620,11 +3502,6 @@ impl CodexMessageProcessor {
             }
             build_thread_from_snapshot(thread_uuid, &config_snapshot, loaded_rollout_path)
         };
-        if thread.forked_from_id.is_none()
-            && let Some(rollout_path) = rollout_path.as_ref()
-        {
-            thread.forked_from_id = forked_from_id_from_rollout(rollout_path).await;
-        }
         self.attach_thread_name(thread_uuid, &mut thread).await;
 
         if include_turns && let Some(rollout_path) = rollout_path.as_ref() {
@@ -3919,15 +3796,6 @@ impl CodexMessageProcessor {
                     sandbox: session_configured.sandbox_policy.into(),
                     reasoning_effort: session_configured.reasoning_effort,
                 };
-                if self.config.features.enabled(Feature::GeneralAnalytics) {
-                    self.analytics_events_client.track_response(
-                        request_id.connection_id.0,
-                        ClientResponse::ThreadResume {
-                            request_id: request_id.request_id.clone(),
-                            response: response.clone(),
-                        },
-                    );
-                }
 
                 self.outgoing.send_response(request_id, response).await;
             }
@@ -4363,13 +4231,6 @@ impl CodexMessageProcessor {
             developer_instructions,
             /*personality*/ None,
         );
-        if typesafe_overrides.base_instructions.is_none()
-            && let Ok(history) = RolloutRecorder::get_rollout_history(&rollout_path).await
-            && let Some(base_instructions) = history.get_base_instructions()
-        {
-            typesafe_overrides.base_instructions =
-                Some(base_instructions.map(|base_instructions| base_instructions.text));
-        }
         typesafe_overrides.ephemeral = ephemeral.then_some(true);
         // Derive a Config using the same logic as new conversation, honoring overrides if provided.
         let cloud_requirements = self.current_cloud_requirements();
@@ -4461,12 +4322,7 @@ impl CodexMessageProcessor {
             )
             .await
             {
-                Ok(summary) => {
-                    let mut thread = summary_to_thread(summary);
-                    thread.forked_from_id =
-                        forked_from_id_from_rollout(fork_rollout_path.as_path()).await;
-                    thread
-                }
+                Ok(summary) => summary_to_thread(summary),
                 Err(err) => {
                     self.send_internal_error(
                         request_id,
@@ -4500,14 +4356,6 @@ impl CodexMessageProcessor {
                 }
             };
             thread.preview = preview_from_rollout_items(&history_items);
-            thread.forked_from_id = source_thread_id
-                .or_else(|| {
-                    history_items.iter().find_map(|item| match item {
-                        RolloutItem::SessionMeta(meta_line) => Some(meta_line.meta.id),
-                        _ => None,
-                    })
-                })
-                .map(|id| id.to_string());
             if let Err(message) = populate_thread_turns(
                 &mut thread,
                 ThreadTurnSource::HistoryItems(&history_items),
@@ -4555,15 +4403,6 @@ impl CodexMessageProcessor {
             sandbox: session_configured.sandbox_policy.into(),
             reasoning_effort: session_configured.reasoning_effort,
         };
-        if self.config.features.enabled(Feature::GeneralAnalytics) {
-            self.analytics_events_client.track_response(
-                request_id.connection_id.0,
-                ClientResponse::ThreadFork {
-                    request_id: request_id.request_id.clone(),
-                    response: response.clone(),
-                },
-            );
-        }
 
         self.outgoing.send_response(request_id, response).await;
 
@@ -5161,12 +5000,9 @@ impl CodexMessageProcessor {
                 return;
             }
         };
-        let mcp_config = config.to_mcp_config(self.thread_manager.plugins_manager().as_ref());
-        let auth = self.auth_manager.auth().await;
 
         tokio::spawn(async move {
-            Self::list_mcp_server_status_task(outgoing, request, params, config, mcp_config, auth)
-                .await;
+            Self::list_mcp_server_status_task(outgoing, request, params, config).await;
         });
     }
 
@@ -5175,72 +5011,15 @@ impl CodexMessageProcessor {
         request_id: ConnectionRequestId,
         params: ListMcpServerStatusParams,
         config: Config,
-        mcp_config: codex_mcp::mcp::McpConfig,
-        auth: Option<CodexAuth>,
     ) {
-        let detail = match params.detail.unwrap_or(McpServerStatusDetail::Full) {
-            McpServerStatusDetail::Full => McpSnapshotDetail::Full,
-            McpServerStatusDetail::ToolsAndAuthOnly => McpSnapshotDetail::ToolsAndAuthOnly,
-        };
+        let snapshot = collect_mcp_snapshot(&config).await;
 
-        let snapshot = collect_mcp_snapshot_with_detail(
-            &mcp_config,
-            auth.as_ref(),
-            request_id.request_id.to_string(),
-            detail,
-        )
-        .await;
-
-        // Rebuild the tool list per original server name instead of using
-        // `group_tools_by_server()`: qualified tool names are sanitized for the
-        // Responses API, so a config key like `some-server` is encoded as the
-        // `mcp__some_server__` prefix. Matching with the original server name's
-        // sanitized prefix preserves `/mcp` output for hyphenated names.
-        let effective_servers = effective_mcp_servers(&mcp_config, auth.as_ref());
-        let mut sanitized_prefix_counts = HashMap::<String, usize>::new();
-        for name in effective_servers.keys() {
-            let prefix = qualified_mcp_tool_name_prefix(name);
-            *sanitized_prefix_counts.entry(prefix).or_default() += 1;
-        }
-        let tools_by_server = effective_servers
-            .keys()
-            .map(|name| {
-                let prefix = qualified_mcp_tool_name_prefix(name);
-                // If multiple server names normalize to the same prefix, the
-                // qualified tool namespace is ambiguous (for example
-                // `some-server` and `some_server` both become
-                // `mcp__some_server__`). In that case, avoid attributing the
-                // same tools to multiple servers.
-                let tools = if sanitized_prefix_counts
-                    .get(&prefix)
-                    .copied()
-                    .unwrap_or_default()
-                    == 1
-                {
-                    snapshot
-                        .tools
-                        .iter()
-                        .filter_map(|(qualified_name, tool)| {
-                            qualified_name
-                                .strip_prefix(&prefix)
-                                .map(|tool_name| (tool_name.to_string(), tool.clone()))
-                        })
-                        .collect::<HashMap<_, _>>()
-                } else {
-                    HashMap::new()
-                };
-                (name.clone(), tools)
-            })
-            .collect::<HashMap<_, _>>();
+        let tools_by_server = group_tools_by_server(&snapshot.tools);
 
         let mut server_names: Vec<String> = config
             .mcp_servers
             .keys()
             .cloned()
-            // Include built-in/plugin MCP servers that are present in the
-            // effective runtime config even when they are not user-declared in
-            // `config.mcp_servers`.
-            .chain(effective_servers.keys().cloned())
             .chain(snapshot.auth_statuses.keys().cloned())
             .chain(snapshot.resources.keys().cloned())
             .chain(snapshot.resource_templates.keys().cloned())
@@ -5310,58 +5089,6 @@ impl CodexMessageProcessor {
         outgoing.send_response(request_id, response).await;
     }
 
-    async fn read_mcp_resource(
-        &self,
-        request_id: ConnectionRequestId,
-        params: McpResourceReadParams,
-    ) {
-        let outgoing = Arc::clone(&self.outgoing);
-        let (_, thread) = match self.load_thread(&params.thread_id).await {
-            Ok(thread) => thread,
-            Err(error) => {
-                self.outgoing.send_error(request_id, error).await;
-                return;
-            }
-        };
-
-        tokio::spawn(async move {
-            let result = thread.read_mcp_resource(&params.server, &params.uri).await;
-            match result {
-                Ok(result) => match serde_json::from_value::<McpResourceReadResponse>(result) {
-                    Ok(response) => {
-                        outgoing.send_response(request_id, response).await;
-                    }
-                    Err(error) => {
-                        outgoing
-                            .send_error(
-                                request_id,
-                                JSONRPCErrorError {
-                                    code: INTERNAL_ERROR_CODE,
-                                    message: format!(
-                                        "failed to deserialize MCP resource read response: {error}"
-                                    ),
-                                    data: None,
-                                },
-                            )
-                            .await;
-                    }
-                },
-                Err(error) => {
-                    outgoing
-                        .send_error(
-                            request_id,
-                            JSONRPCErrorError {
-                                code: INTERNAL_ERROR_CODE,
-                                message: format!("{error:#}"),
-                                data: None,
-                            },
-                        )
-                        .await;
-                }
-            }
-        });
-    }
-
     async fn send_invalid_request_error(&self, request_id: ConnectionRequestId, message: String) {
         let error = JSONRPCErrorError {
             code: INVALID_REQUEST_ERROR_CODE,
@@ -5697,11 +5424,7 @@ impl CodexMessageProcessor {
                 .set_enabled(Feature::Apps, thread.enabled(Feature::Apps));
         }
 
-        let auth = self.auth_manager.auth().await;
-        if !config
-            .features
-            .apps_enabled_for_auth(auth.as_ref().is_some_and(CodexAuth::is_chatgpt_auth))
-        {
+        if !config.features.apps_enabled(Some(&self.auth_manager)).await {
             self.outgoing
                 .send_response(
                     request_id,
@@ -6032,7 +5755,6 @@ impl CodexMessageProcessor {
             force_remote_sync,
         } = params;
         let roots = cwds.unwrap_or_default();
-        plugins_manager.maybe_start_non_curated_plugin_cache_refresh_for_roots(&roots);
 
         let mut config = match self.load_latest_config(/*fallback_cwd*/ None).await {
             Ok(config) => config,
@@ -6369,11 +6091,9 @@ impl CodexMessageProcessor {
                 }
 
                 let plugin_apps = load_plugin_apps(result.installed_path.as_path());
-                let auth = self.auth_manager.auth().await;
                 let apps_needing_auth = if plugin_apps.is_empty()
-                    || !config.features.apps_enabled_for_auth(
-                        auth.as_ref().is_some_and(CodexAuth::is_chatgpt_auth),
-                    ) {
+                    || !config.features.apps_enabled(Some(&self.auth_manager)).await
+                {
                     Vec::new()
                 } else {
                     let (all_connectors_result, accessible_connectors_result) = tokio::join!(
@@ -6568,7 +6288,6 @@ impl CodexMessageProcessor {
         request_id: ConnectionRequestId,
         params: TurnStartParams,
         app_server_client_name: Option<String>,
-        app_server_client_version: Option<String>,
     ) {
         if let Err(error) = Self::validate_v2_input_limit(&params.input) {
             self.outgoing.send_error(request_id, error).await;
@@ -6581,12 +6300,8 @@ impl CodexMessageProcessor {
                 return;
             }
         };
-        if let Err(error) = Self::set_app_server_client_info(
-            thread.as_ref(),
-            app_server_client_name,
-            app_server_client_version,
-        )
-        .await
+        if let Err(error) =
+            Self::set_app_server_client_name(thread.as_ref(), app_server_client_name).await
         {
             self.outgoing.send_error(request_id, error).await;
             return;
@@ -6664,9 +6379,6 @@ impl CodexMessageProcessor {
                     items: vec![],
                     error: None,
                     status: TurnStatus::InProgress,
-                    started_at: None,
-                    completed_at: None,
-                    duration_ms: None,
                 };
 
                 let response = TurnStartResponse { turn };
@@ -6683,17 +6395,16 @@ impl CodexMessageProcessor {
         }
     }
 
-    async fn set_app_server_client_info(
+    async fn set_app_server_client_name(
         thread: &CodexThread,
         app_server_client_name: Option<String>,
-        app_server_client_version: Option<String>,
     ) -> Result<(), JSONRPCErrorError> {
         thread
-            .set_app_server_client_info(app_server_client_name, app_server_client_version)
+            .set_app_server_client_name(app_server_client_name)
             .await
             .map_err(|err| JSONRPCErrorError {
                 code: INTERNAL_ERROR_CODE,
-                message: format!("failed to set app server client info: {err}"),
+                message: format!("failed to set app server client name: {err}"),
                 data: None,
             })
     }
@@ -7003,9 +6714,6 @@ impl CodexMessageProcessor {
             items,
             error: None,
             status: TurnStatus::InProgress,
-            started_at: None,
-            completed_at: None,
-            duration_ms: None,
         }
     }
 
@@ -7276,8 +6984,6 @@ impl CodexMessageProcessor {
                 thread_manager: Arc::clone(&self.thread_manager),
                 thread_state_manager: self.thread_state_manager.clone(),
                 outgoing: Arc::clone(&self.outgoing),
-                analytics_events_client: self.analytics_events_client.clone(),
-                general_analytics_enabled: self.config.features.enabled(Feature::GeneralAnalytics),
                 thread_watch_manager: self.thread_watch_manager.clone(),
                 fallback_model_provider: self.config.model_provider_id.clone(),
                 codex_home: self.config.codex_home.clone(),
@@ -7365,8 +7071,6 @@ impl CodexMessageProcessor {
                 thread_manager: Arc::clone(&self.thread_manager),
                 thread_state_manager: self.thread_state_manager.clone(),
                 outgoing: Arc::clone(&self.outgoing),
-                analytics_events_client: self.analytics_events_client.clone(),
-                general_analytics_enabled: self.config.features.enabled(Feature::GeneralAnalytics),
                 thread_watch_manager: self.thread_watch_manager.clone(),
                 fallback_model_provider: self.config.model_provider_id.clone(),
                 codex_home: self.config.codex_home.clone(),
@@ -7398,8 +7102,6 @@ impl CodexMessageProcessor {
             outgoing,
             thread_manager,
             thread_state_manager,
-            analytics_events_client: _,
-            general_analytics_enabled: _,
             thread_watch_manager,
             fallback_model_provider,
             codex_home,
@@ -7834,57 +7536,6 @@ impl CodexMessageProcessor {
     }
 }
 
-fn normalize_thread_list_cwd_filter(
-    cwd: Option<String>,
-) -> Result<Option<PathBuf>, JSONRPCErrorError> {
-    let Some(cwd) = cwd else {
-        return Ok(None);
-    };
-    AbsolutePathBuf::relative_to_current_dir(cwd.as_str())
-        .map(AbsolutePathBuf::into_path_buf)
-        .map(Some)
-        .map_err(|err| JSONRPCErrorError {
-            code: INVALID_PARAMS_ERROR_CODE,
-            message: format!("invalid thread/list cwd filter `{cwd}`: {err}"),
-            data: None,
-        })
-}
-
-#[cfg(test)]
-mod thread_list_cwd_filter_tests {
-    use super::normalize_thread_list_cwd_filter;
-    use codex_utils_absolute_path::AbsolutePathBuf;
-    use pretty_assertions::assert_eq;
-    use std::path::PathBuf;
-
-    #[test]
-    fn normalize_thread_list_cwd_filter_preserves_absolute_paths() {
-        let cwd = if cfg!(windows) {
-            String::from(r"C:\srv\repo-b")
-        } else {
-            String::from("/srv/repo-b")
-        };
-
-        assert_eq!(
-            normalize_thread_list_cwd_filter(Some(cwd.clone())).expect("cwd filter should parse"),
-            Some(PathBuf::from(cwd))
-        );
-    }
-
-    #[test]
-    fn normalize_thread_list_cwd_filter_resolves_relative_paths_against_server_cwd()
-    -> std::io::Result<()> {
-        let expected = AbsolutePathBuf::relative_to_current_dir("repo-b")?.to_path_buf();
-
-        assert_eq!(
-            normalize_thread_list_cwd_filter(Some(String::from("repo-b")))
-                .expect("cwd filter should parse"),
-            Some(expected)
-        );
-        Ok(())
-    }
-}
-
 #[allow(clippy::too_many_arguments)]
 async fn handle_thread_listener_command(
     conversation_id: ThreadId,
@@ -8860,7 +8511,6 @@ async fn load_thread_summary_for_rollout(
                 rollout_path.display()
             )
         })?;
-    thread.forked_from_id = forked_from_id_from_rollout(rollout_path).await;
     if let Some(persisted_metadata) = persisted_metadata {
         merge_mutable_thread_metadata(
             &mut thread,
@@ -8872,14 +8522,6 @@ async fn load_thread_summary_for_rollout(
     Ok(thread)
 }
 
-async fn forked_from_id_from_rollout(path: &Path) -> Option<String> {
-    read_session_meta_line(path)
-        .await
-        .ok()
-        .and_then(|meta_line| meta_line.meta.forked_from_id)
-        .map(|thread_id| thread_id.to_string())
-}
-
 fn merge_mutable_thread_metadata(thread: &mut Thread, persisted_thread: Thread) {
     thread.git_info = persisted_thread.git_info;
 }
@@ -8960,7 +8602,6 @@ fn build_thread_from_snapshot(
     let now = time::OffsetDateTime::now_utc().unix_timestamp();
     Thread {
         id: thread_id.to_string(),
-        forked_from_id: None,
         preview: String::new(),
         ephemeral: config_snapshot.ephemeral,
         model_provider: config_snapshot.model_provider_id.clone(),
@@ -9003,7 +8644,6 @@ pub(crate) fn summary_to_thread(summary: ConversationSummary) -> Thread {
 
     Thread {
         id: conversation_id.to_string(),
-        forked_from_id: None,
         preview,
         ephemeral: false,
         model_provider,
@@ -9500,44 +9140,6 @@ mod tests {
         Ok(())
     }
 
-    #[tokio::test]
-    async fn read_summary_from_rollout_preserves_forked_from_id() -> Result<()> {
-        use codex_protocol::protocol::RolloutItem;
-        use codex_protocol::protocol::RolloutLine;
-        use codex_protocol::protocol::SessionMetaLine;
-        use std::fs;
-
-        let temp_dir = TempDir::new()?;
-        let path = temp_dir.path().join("rollout.jsonl");
-
-        let conversation_id = ThreadId::from_string("bfd12a78-5900-467b-9bc5-d3d35df08191")?;
-        let forked_from_id = ThreadId::from_string("ad7f0408-99b8-4f6e-a46f-bd0eec433370")?;
-        let timestamp = "2025-09-05T16:53:11.850Z".to_string();
-
-        let session_meta = SessionMeta {
-            id: conversation_id,
-            forked_from_id: Some(forked_from_id),
-            timestamp: timestamp.clone(),
-            model_provider: Some("test-provider".to_string()),
-            ..SessionMeta::default()
-        };
-
-        let line = RolloutLine {
-            timestamp,
-            item: RolloutItem::SessionMeta(SessionMetaLine {
-                meta: session_meta,
-                git: None,
-            }),
-        };
-        fs::write(&path, format!("{}\n", serde_json::to_string(&line)?))?;
-
-        assert_eq!(
-            forked_from_id_from_rollout(path.as_path()).await,
-            Some(forked_from_id.to_string())
-        );
-        Ok(())
-    }
-
     #[tokio::test]
     async fn aborting_pending_request_clears_pending_state() -> Result<()> {
         let thread_id = ThreadId::from_string("bfd12a78-5900-467b-9bc5-d3d35df08191")?;
@@ -9655,7 +9257,6 @@ mod tests {
             state.track_current_turn_event(&EventMsg::TurnStarted(
                 codex_protocol::protocol::TurnStartedEvent {
                     turn_id: "turn-1".to_string(),
-                    started_at: None,
                     model_context_window: None,
                     collaboration_mode_kind: Default::default(),
                 },

codex-rs/app-server/src/codex_message_processor/plugin_mcp_oauth.rs

@@ -3,12 +3,12 @@ use std::sync::Arc;
 
 use codex_app_server_protocol::McpServerOauthLoginCompletedNotification;
 use codex_app_server_protocol::ServerNotification;
-use codex_config::types::McpServerConfig;
 use codex_core::config::Config;
-use codex_mcp::mcp::auth::McpOAuthLoginSupport;
-use codex_mcp::mcp::auth::oauth_login_support;
-use codex_mcp::mcp::auth::resolve_oauth_scopes;
-use codex_mcp::mcp::auth::should_retry_without_scopes;
+use codex_core::config::types::McpServerConfig;
+use codex_core::mcp::auth::McpOAuthLoginSupport;
+use codex_core::mcp::auth::oauth_login_support;
+use codex_core::mcp::auth::resolve_oauth_scopes;
+use codex_core::mcp::auth::should_retry_without_scopes;
 use codex_rmcp_client::perform_oauth_login_silent;
 use tracing::warn;
 

codex-rs/app-server/src/command_exec.rs

@@ -18,12 +18,12 @@ use codex_app_server_protocol::CommandExecWriteParams;
 use codex_app_server_protocol::CommandExecWriteResponse;
 use codex_app_server_protocol::JSONRPCErrorError;
 use codex_app_server_protocol::ServerNotification;
+use codex_core::bytes_to_string_smart;
 use codex_core::config::StartedNetworkProxy;
 use codex_core::exec::DEFAULT_EXEC_COMMAND_TIMEOUT_MS;
 use codex_core::exec::ExecExpiration;
 use codex_core::exec::IO_DRAIN_TIMEOUT_MS;
 use codex_core::sandboxing::ExecRequest;
-use codex_protocol::exec_output::bytes_to_string_smart;
 use codex_sandboxing::SandboxType;
 use codex_utils_pty::DEFAULT_OUTPUT_BYTES_CAP;
 use codex_utils_pty::ProcessHandle;

codex-rs/app-server/src/config_api.rs

@@ -1,7 +1,6 @@
 use crate::error_code::INTERNAL_ERROR_CODE;
 use crate::error_code::INVALID_REQUEST_ERROR_CODE;
 use async_trait::async_trait;
-use codex_analytics::AnalyticsEventsClient;
 use codex_app_server_protocol::ConfigBatchWriteParams;
 use codex_app_server_protocol::ConfigReadParams;
 use codex_app_server_protocol::ConfigReadResponse;
@@ -17,6 +16,7 @@ use codex_app_server_protocol::NetworkDomainPermission;
 use codex_app_server_protocol::NetworkRequirements;
 use codex_app_server_protocol::NetworkUnixSocketPermission;
 use codex_app_server_protocol::SandboxMode;
+use codex_core::AnalyticsEventsClient;
 use codex_core::ThreadManager;
 use codex_core::config::Config;
 use codex_core::config::ConfigService;
@@ -366,12 +366,6 @@ fn map_requirements_toml_to_api(requirements: ConfigRequirementsToml) -> ConfigR
                 .map(codex_app_server_protocol::AskForApproval::from)
                 .collect()
         }),
-        allowed_approvals_reviewers: requirements.allowed_approvals_reviewers.map(|reviewers| {
-            reviewers
-                .into_iter()
-                .map(codex_app_server_protocol::ApprovalsReviewer::from)
-                .collect()
-        }),
         allowed_sandbox_modes: requirements.allowed_sandbox_modes.map(|modes| {
             modes
                 .into_iter()
@@ -449,7 +443,6 @@ fn map_network_requirements_to_api(
                 .collect()
         }),
         managed_allowed_domains_only: network.managed_allowed_domains_only,
-        danger_full_access_denylist_only: network.danger_full_access_denylist_only,
         allowed_domains,
         denied_domains,
         unix_sockets: network.unix_sockets.map(|unix_sockets| {
@@ -517,16 +510,15 @@ fn config_write_error(code: ConfigWriteErrorCode, message: impl Into<String>) ->
 #[cfg(test)]
 mod tests {
     use super::*;
-    use codex_analytics::AnalyticsEventsClient;
+    use codex_core::AnalyticsEventsClient;
+    use codex_core::AuthManager;
+    use codex_core::CodexAuth;
     use codex_core::config_loader::NetworkDomainPermissionToml as CoreNetworkDomainPermissionToml;
     use codex_core::config_loader::NetworkDomainPermissionsToml as CoreNetworkDomainPermissionsToml;
     use codex_core::config_loader::NetworkRequirementsToml as CoreNetworkRequirementsToml;
     use codex_core::config_loader::NetworkUnixSocketPermissionToml as CoreNetworkUnixSocketPermissionToml;
     use codex_core::config_loader::NetworkUnixSocketPermissionsToml as CoreNetworkUnixSocketPermissionsToml;
     use codex_features::Feature;
-    use codex_login::AuthManager;
-    use codex_login::CodexAuth;
-    use codex_protocol::config_types::ApprovalsReviewer as CoreApprovalsReviewer;
     use codex_protocol::protocol::AskForApproval as CoreAskForApproval;
     use pretty_assertions::assert_eq;
     use serde_json::json;
@@ -553,10 +545,6 @@ mod tests {
                 CoreAskForApproval::Never,
                 CoreAskForApproval::OnRequest,
             ]),
-            allowed_approvals_reviewers: Some(vec![
-                CoreApprovalsReviewer::User,
-                CoreApprovalsReviewer::GuardianSubagent,
-            ]),
             allowed_sandbox_modes: Some(vec![
                 CoreSandboxModeRequirement::ReadOnly,
                 CoreSandboxModeRequirement::ExternalSandbox,
@@ -595,7 +583,6 @@ mod tests {
                     ]),
                 }),
                 managed_allowed_domains_only: Some(false),
-                danger_full_access_denylist_only: Some(true),
                 unix_sockets: Some(CoreNetworkUnixSocketPermissionsToml {
                     entries: std::collections::BTreeMap::from([(
                         "/tmp/proxy.sock".to_string(),
@@ -615,13 +602,6 @@ mod tests {
                 codex_app_server_protocol::AskForApproval::OnRequest,
             ])
         );
-        assert_eq!(
-            mapped.allowed_approvals_reviewers,
-            Some(vec![
-                codex_app_server_protocol::ApprovalsReviewer::User,
-                codex_app_server_protocol::ApprovalsReviewer::GuardianSubagent,
-            ])
-        );
         assert_eq!(
             mapped.allowed_sandbox_modes,
             Some(vec![SandboxMode::ReadOnly]),
@@ -655,7 +635,6 @@ mod tests {
                     ("example.com".to_string(), NetworkDomainPermission::Deny),
                 ])),
                 managed_allowed_domains_only: Some(false),
-                danger_full_access_denylist_only: Some(true),
                 allowed_domains: Some(vec!["api.openai.com".to_string()]),
                 denied_domains: Some(vec!["example.com".to_string()]),
                 unix_sockets: Some(std::collections::BTreeMap::from([(
@@ -672,7 +651,6 @@ mod tests {
     fn map_requirements_toml_to_api_omits_unix_socket_none_entries_from_legacy_network_fields() {
         let requirements = ConfigRequirementsToml {
             allowed_approval_policies: None,
-            allowed_approvals_reviewers: None,
             allowed_sandbox_modes: None,
             allowed_web_search_modes: None,
             guardian_developer_instructions: None,
@@ -690,7 +668,6 @@ mod tests {
                 dangerously_allow_all_unix_sockets: None,
                 domains: None,
                 managed_allowed_domains_only: None,
-                danger_full_access_denylist_only: None,
                 unix_sockets: Some(CoreNetworkUnixSocketPermissionsToml {
                     entries: std::collections::BTreeMap::from([(
                         "/tmp/ignored.sock".to_string(),
@@ -714,7 +691,6 @@ mod tests {
                 dangerously_allow_all_unix_sockets: None,
                 domains: None,
                 managed_allowed_domains_only: None,
-                danger_full_access_denylist_only: None,
                 allowed_domains: None,
                 denied_domains: None,
                 unix_sockets: Some(std::collections::BTreeMap::from([(
@@ -731,7 +707,6 @@ mod tests {
     fn map_requirements_toml_to_api_normalizes_allowed_web_search_modes() {
         let requirements = ConfigRequirementsToml {
             allowed_approval_policies: None,
-            allowed_approvals_reviewers: None,
             allowed_sandbox_modes: None,
             allowed_web_search_modes: Some(Vec::new()),
             guardian_developer_instructions: None,

codex-rs/app-server/src/in_process.rs

@@ -64,7 +64,6 @@ use crate::outgoing_message::QueuedOutgoingMessage;
 use crate::transport::CHANNEL_CAPACITY;
 use crate::transport::OutboundConnectionState;
 use crate::transport::route_outgoing_envelope;
-use codex_analytics::AppServerRpcTransport;
 use codex_app_server_protocol::ClientNotification;
 use codex_app_server_protocol::ClientRequest;
 use codex_app_server_protocol::ConfigWarningNotification;
@@ -80,7 +79,6 @@ use codex_core::config_loader::CloudRequirementsLoader;
 use codex_core::config_loader::LoaderOverrides;
 use codex_exec_server::EnvironmentManager;
 use codex_feedback::CodexFeedback;
-use codex_login::AuthManager;
 use codex_protocol::protocol::SessionSource;
 use tokio::sync::mpsc;
 use tokio::sync::oneshot;
@@ -380,8 +378,6 @@ fn start_uninitialized(args: InProcessStartArgs) -> InProcessClientHandle {
         });
 
         let processor_outgoing = Arc::clone(&outgoing_message_sender);
-        let auth_manager =
-            AuthManager::shared_from_config(args.config.as_ref(), args.enable_codex_api_key_env);
         let (processor_tx, mut processor_rx) = mpsc::channel::<ProcessorCommand>(channel_capacity);
         let mut processor_handle = tokio::spawn(async move {
             let mut processor = MessageProcessor::new(MessageProcessorArgs {
@@ -396,8 +392,7 @@ fn start_uninitialized(args: InProcessStartArgs) -> InProcessClientHandle {
                 log_db: None,
                 config_warnings: args.config_warnings,
                 session_source: args.session_source,
-                auth_manager,
-                rpc_transport: AppServerRpcTransport::InProcess,
+                enable_codex_api_key_env: args.enable_codex_api_key_env,
             });
             let mut thread_created_rx = processor.thread_created_receiver();
             let mut session = ConnectionSessionState::default();
@@ -826,9 +821,6 @@ mod tests {
                     items: Vec::new(),
                     status: TurnStatus::Completed,
                     error: None,
-                    started_at: None,
-                    completed_at: Some(0),
-                    duration_ms: None,
                 },
             })
         ));

codex-rs/app-server/src/lib.rs

@@ -2,13 +2,12 @@
 
 use codex_arg0::Arg0DispatchPaths;
 use codex_cloud_requirements::cloud_requirements_loader;
+use codex_core::AuthManager;
 use codex_core::config::Config;
 use codex_core::config::ConfigBuilder;
 use codex_core::config_loader::CloudRequirementsLoader;
 use codex_core::config_loader::ConfigLayerStackOrdering;
 use codex_core::config_loader::LoaderOverrides;
-use codex_features::Feature;
-use codex_login::AuthManager;
 use codex_utils_cli::CliConfigOverrides;
 use std::collections::HashMap;
 use std::collections::HashSet;
@@ -30,10 +29,8 @@ use crate::transport::OutboundConnectionState;
 use crate::transport::TransportEvent;
 use crate::transport::auth::policy_from_settings;
 use crate::transport::route_outgoing_envelope;
-use crate::transport::start_remote_control;
 use crate::transport::start_stdio_connection;
 use crate::transport::start_websocket_acceptor;
-use codex_analytics::AppServerRpcTransport;
 use codex_app_server_protocol::ConfigLayerSource;
 use codex_app_server_protocol::ConfigWarningNotification;
 use codex_app_server_protocol::JSONRPCMessage;
@@ -48,7 +45,6 @@ use codex_feedback::CodexFeedback;
 use codex_protocol::protocol::SessionSource;
 use codex_state::log_db;
 use tokio::sync::mpsc;
-use tokio::sync::oneshot;
 use tokio::task::JoinHandle;
 use tokio_util::sync::CancellationToken;
 use toml::Value as TomlValue;
@@ -399,8 +395,11 @@ pub async fn run_main_with_transport(
                 }
             }
 
-            let auth_manager =
-                AuthManager::shared_from_config(&config, /*enable_codex_api_key_env*/ false);
+            let auth_manager = AuthManager::shared(
+                config.codex_home.clone(),
+                /*enable_codex_api_key_env*/ false,
+                config.cli_auth_credentials_store_mode,
+            );
             cloud_requirements_loader(
                 auth_manager,
                 config.chatgpt_base_url,
@@ -457,9 +456,7 @@ pub async fn run_main_with_transport(
             range: None,
         });
     }
-    if let Some(warning) =
-        codex_core::config::system_bwrap_warning(config.permissions.sandbox_policy.get())
-    {
+    if let Some(warning) = codex_core::config::system_bwrap_warning() {
         config_warnings.push(ConfigWarningNotification {
             summary: warning,
             details: None,
@@ -502,13 +499,13 @@ pub async fn run_main_with_transport(
 
     let feedback_layer = feedback.logger_layer();
     let feedback_metadata_layer = feedback.metadata_layer();
-    let state_db = codex_state::StateRuntime::init(
+    let log_db = codex_state::StateRuntime::init(
         config.sqlite_home.clone(),
         config.model_provider_id.clone(),
     )
     .await
-    .ok();
-    let log_db = state_db.clone().map(log_db::start);
+    .ok()
+    .map(log_db::start);
     let log_db_layer = log_db
         .clone()
         .map(|layer| layer.with_filter(Targets::new().with_default(Level::TRACE)));
@@ -535,18 +532,11 @@ pub async fn run_main_with_transport(
     let single_client_mode = matches!(&transport, AppServerTransport::Stdio);
     let shutdown_when_no_connections = single_client_mode;
     let graceful_signal_restart_enabled = !single_client_mode;
-    let mut app_server_client_name_rx = None;
 
     match transport {
         AppServerTransport::Stdio => {
-            let (stdio_client_name_tx, stdio_client_name_rx) = oneshot::channel::<String>();
-            app_server_client_name_rx = Some(stdio_client_name_rx);
-            start_stdio_connection(
-                transport_event_tx.clone(),
-                &mut transport_accept_handles,
-                stdio_client_name_tx,
-            )
-            .await?;
+            start_stdio_connection(transport_event_tx.clone(), &mut transport_accept_handles)
+                .await?;
         }
         AppServerTransport::WebSocket { bind_address } => {
             let accept_handle = start_websocket_acceptor(
@@ -558,29 +548,6 @@ pub async fn run_main_with_transport(
             .await?;
             transport_accept_handles.push(accept_handle);
         }
-        AppServerTransport::Off => {}
-    }
-
-    let auth_manager =
-        AuthManager::shared_from_config(&config, /*enable_codex_api_key_env*/ false);
-
-    if config.features.enabled(Feature::RemoteControl) {
-        let accept_handle = start_remote_control(
-            config.chatgpt_base_url.clone(),
-            state_db.clone(),
-            auth_manager.clone(),
-            transport_event_tx.clone(),
-            transport_shutdown_token.clone(),
-            app_server_client_name_rx,
-        )
-        .await?;
-        transport_accept_handles.push(accept_handle);
-    }
-    if transport_accept_handles.is_empty() {
-        return Err(std::io::Error::new(
-            ErrorKind::InvalidInput,
-            "no transport configured; use --listen or enable remote control",
-        ));
     }
 
     let outbound_handle = tokio::spawn(async move {
@@ -641,8 +608,6 @@ pub async fn run_main_with_transport(
     let processor_handle = tokio::spawn({
         let outgoing_message_sender = Arc::new(OutgoingMessageSender::new(outgoing_tx));
         let outbound_control_tx = outbound_control_tx;
-        let auth_manager =
-            AuthManager::shared_from_config(&config, /*enable_codex_api_key_env*/ false);
         let cli_overrides: Vec<(String, TomlValue)> = cli_kv_overrides.clone();
         let loader_overrides = loader_overrides_for_config_api;
         let mut processor = MessageProcessor::new(MessageProcessorArgs {
@@ -657,8 +622,7 @@ pub async fn run_main_with_transport(
             log_db,
             config_warnings,
             session_source,
-            auth_manager,
-            rpc_transport: analytics_rpc_transport(transport),
+            enable_codex_api_key_env: false,
         });
         let mut thread_created_rx = processor.thread_created_receiver();
         let mut running_turn_count_rx = processor.subscribe_running_assistant_turn_count();
@@ -882,15 +846,6 @@ pub async fn run_main_with_transport(
     Ok(())
 }
 
-fn analytics_rpc_transport(transport: AppServerTransport) -> AppServerRpcTransport {
-    match transport {
-        AppServerTransport::Stdio => AppServerRpcTransport::Stdio,
-        AppServerTransport::WebSocket { .. } | AppServerTransport::Off => {
-            AppServerRpcTransport::Websocket
-        }
-    }
-}
-
 #[cfg(test)]
 mod tests {
     use super::LogFormat;

codex-rs/app-server/src/main.rs

@@ -16,7 +16,7 @@ const MANAGED_CONFIG_PATH_ENV_VAR: &str = "CODEX_APP_SERVER_MANAGED_CONFIG_PATH"
 #[derive(Debug, Parser)]
 struct AppServerArgs {
     /// Transport endpoint URL. Supported values: `stdio://` (default),
-    /// `ws://IP:PORT`, `off`.
+    /// `ws://IP:PORT`.
     #[arg(
         long = "listen",
         value_name = "URL",

codex-rs/app-server/src/message_processor.rs

@@ -20,10 +20,7 @@ use crate::outgoing_message::OutgoingMessageSender;
 use crate::outgoing_message::RequestContext;
 use crate::transport::AppServerTransport;
 use async_trait::async_trait;
-use codex_analytics::AnalyticsEventsClient;
-use codex_analytics::AppServerRpcTransport;
 use codex_app_server_protocol::AppListUpdatedNotification;
-use codex_app_server_protocol::AuthMode as LoginAuthMode;
 use codex_app_server_protocol::ChatgptAuthTokensRefreshParams;
 use codex_app_server_protocol::ChatgptAuthTokensRefreshReason;
 use codex_app_server_protocol::ChatgptAuthTokensRefreshResponse;
@@ -58,24 +55,25 @@ use codex_app_server_protocol::ServerRequestPayload;
 use codex_app_server_protocol::experimental_required_message;
 use codex_arg0::Arg0DispatchPaths;
 use codex_chatgpt::connectors;
+use codex_core::AnalyticsEventsClient;
+use codex_core::AuthManager;
 use codex_core::ThreadManager;
 use codex_core::config::Config;
 use codex_core::config_loader::CloudRequirementsLoader;
 use codex_core::config_loader::LoaderOverrides;
+use codex_core::default_client::SetOriginatorError;
+use codex_core::default_client::USER_AGENT_SUFFIX;
+use codex_core::default_client::get_codex_user_agent;
+use codex_core::default_client::set_default_client_residency_requirement;
+use codex_core::default_client::set_default_originator;
+use codex_core::models_manager::collaboration_mode_presets::CollaborationModesConfig;
 use codex_exec_server::EnvironmentManager;
 use codex_features::Feature;
 use codex_feedback::CodexFeedback;
-use codex_login::AuthManager;
-use codex_login::auth::ExternalAuth;
 use codex_login::auth::ExternalAuthRefreshContext;
 use codex_login::auth::ExternalAuthRefreshReason;
+use codex_login::auth::ExternalAuthRefresher;
 use codex_login::auth::ExternalAuthTokens;
-use codex_login::default_client::SetOriginatorError;
-use codex_login::default_client::USER_AGENT_SUFFIX;
-use codex_login::default_client::get_codex_user_agent;
-use codex_login::default_client::set_default_client_residency_requirement;
-use codex_login::default_client::set_default_originator;
-use codex_models_manager::collaboration_mode_presets::CollaborationModesConfig;
 use codex_protocol::ThreadId;
 use codex_protocol::protocol::SessionSource;
 use codex_protocol::protocol::W3cTraceContext;
@@ -104,11 +102,7 @@ impl ExternalAuthRefreshBridge {
 }
 
 #[async_trait]
-impl ExternalAuth for ExternalAuthRefreshBridge {
-    fn auth_mode(&self) -> LoginAuthMode {
-        LoginAuthMode::Chatgpt
-    }
-
+impl ExternalAuthRefresher for ExternalAuthRefreshBridge {
     async fn refresh(
         &self,
         context: ExternalAuthRefreshContext,
@@ -150,11 +144,11 @@ impl ExternalAuth for ExternalAuthRefreshBridge {
         let response: ChatgptAuthTokensRefreshResponse =
             serde_json::from_value(result).map_err(std::io::Error::other)?;
 
-        Ok(ExternalAuthTokens::chatgpt(
-            response.access_token,
-            response.chatgpt_account_id,
-            response.chatgpt_plan_type,
-        ))
+        Ok(ExternalAuthTokens {
+            access_token: response.access_token,
+            chatgpt_account_id: response.chatgpt_account_id,
+            chatgpt_plan_type: response.chatgpt_plan_type,
+        })
     }
 }
 
@@ -165,11 +159,9 @@ pub(crate) struct MessageProcessor {
     external_agent_config_api: ExternalAgentConfigApi,
     fs_api: FsApi,
     auth_manager: Arc<AuthManager>,
-    analytics_events_client: AnalyticsEventsClient,
     fs_watch_manager: FsWatchManager,
     config: Arc<Config>,
     config_warnings: Arc<Vec<ConfigWarningNotification>>,
-    rpc_transport: AppServerRpcTransport,
 }
 
 #[derive(Clone, Debug, Default)]
@@ -193,8 +185,7 @@ pub(crate) struct MessageProcessorArgs {
     pub(crate) log_db: Option<LogDbLayer>,
     pub(crate) config_warnings: Vec<ConfigWarningNotification>,
     pub(crate) session_source: SessionSource,
-    pub(crate) auth_manager: Arc<AuthManager>,
-    pub(crate) rpc_transport: AppServerRpcTransport,
+    pub(crate) enable_codex_api_key_env: bool,
 }
 
 impl MessageProcessor {
@@ -213,12 +204,13 @@ impl MessageProcessor {
             log_db,
             config_warnings,
             session_source,
-            auth_manager,
-            rpc_transport,
+            enable_codex_api_key_env,
         } = args;
-        auth_manager.set_external_auth(Arc::new(ExternalAuthRefreshBridge {
-            outgoing: outgoing.clone(),
-        }));
+        let auth_manager = AuthManager::shared(
+            config.codex_home.clone(),
+            enable_codex_api_key_env,
+            config.cli_auth_credentials_store_mode,
+        );
         let thread_manager = Arc::new(ThreadManager::new(
             config.as_ref(),
             auth_manager.clone(),
@@ -230,6 +222,10 @@ impl MessageProcessor {
             },
             environment_manager,
         ));
+        auth_manager.set_forced_chatgpt_workspace_id(config.forced_chatgpt_workspace_id.clone());
+        auth_manager.set_external_auth_refresher(Arc::new(ExternalAuthRefreshBridge {
+            outgoing: outgoing.clone(),
+        }));
         let analytics_events_client = AnalyticsEventsClient::new(
             Arc::clone(&auth_manager),
             config.chatgpt_base_url.trim_end_matches('/').to_string(),
@@ -246,7 +242,6 @@ impl MessageProcessor {
             auth_manager: auth_manager.clone(),
             thread_manager: Arc::clone(&thread_manager),
             outgoing: outgoing.clone(),
-            analytics_events_client: analytics_events_client.clone(),
             arg0_paths,
             config: Arc::clone(&config),
             cli_overrides: cli_overrides.clone(),
@@ -267,7 +262,7 @@ impl MessageProcessor {
             loader_overrides,
             cloud_requirements,
             thread_manager,
-            analytics_events_client.clone(),
+            analytics_events_client,
         );
         let external_agent_config_api = ExternalAgentConfigApi::new(config.codex_home.clone());
         let fs_api = FsApi::default();
@@ -280,16 +275,14 @@ impl MessageProcessor {
             external_agent_config_api,
             fs_api,
             auth_manager,
-            analytics_events_client,
             fs_watch_manager,
             config,
             config_warnings: Arc::new(config_warnings),
-            rpc_transport,
         }
     }
 
     pub(crate) fn clear_runtime_references(&self) {
-        self.auth_manager.clear_external_auth();
+        self.auth_manager.clear_external_auth_refresher();
     }
 
     pub(crate) async fn process_request(
@@ -554,7 +547,6 @@ impl MessageProcessor {
                 // shared thread when another connected client did not opt into
                 // experimental API). Proposed direction is instance-global first-write-wins
                 // with initialize-time mismatch rejection.
-                let analytics_initialize_params = params.clone();
                 let (experimental_api_enabled, opt_out_notification_methods) =
                     match params.capabilities {
                         Some(capabilities) => (
@@ -576,7 +568,7 @@ impl MessageProcessor {
                 session.app_server_client_name = Some(name.clone());
                 session.client_version = Some(version.clone());
                 let originator = name.clone();
-                if let Err(error) = set_default_originator(originator.clone()) {
+                if let Err(error) = set_default_originator(originator) {
                     match error {
                         SetOriginatorError::InvalidHeaderValue => {
                             let error = JSONRPCErrorError {
@@ -599,14 +591,6 @@ impl MessageProcessor {
                         }
                     }
                 }
-                if self.config.features.enabled(Feature::GeneralAnalytics) {
-                    self.analytics_events_client.track_initialize(
-                        connection_id.0,
-                        analytics_initialize_params,
-                        originator,
-                        self.rpc_transport,
-                    );
-                }
                 set_default_client_residency_requirement(self.config.enforce_residency.value());
                 let user_agent_suffix = format!("{name}; {version}");
                 if let Ok(mut suffix) = USER_AGENT_SUFFIX.lock() {
@@ -844,7 +828,6 @@ impl MessageProcessor {
                         connection_id,
                         other,
                         session.app_server_client_name.clone(),
-                        session.client_version.clone(),
                         request_context,
                     )
                     .boxed()
@@ -865,8 +848,16 @@ impl MessageProcessor {
         request_id: ConnectionRequestId,
         params: ConfigValueWriteParams,
     ) {
-        let result = self.config_api.write_value(params).await;
-        self.handle_config_mutation_result(request_id, result).await
+        match self.config_api.write_value(params).await {
+            Ok(response) => {
+                self.codex_message_processor.clear_plugin_related_caches();
+                self.codex_message_processor
+                    .maybe_start_plugin_startup_tasks_for_latest_config()
+                    .await;
+                self.outgoing.send_response(request_id, response).await;
+            }
+            Err(error) => self.outgoing.send_error(request_id, error).await,
+        }
     }
 
     async fn handle_config_batch_write(
@@ -874,8 +865,8 @@ impl MessageProcessor {
         request_id: ConnectionRequestId,
         params: ConfigBatchWriteParams,
     ) {
-        let result = self.config_api.batch_write(params).await;
-        self.handle_config_mutation_result(request_id, result).await;
+        self.handle_config_mutation_result(request_id, self.config_api.batch_write(params).await)
+            .await;
     }
 
     async fn handle_experimental_feature_enablement_set(
@@ -884,15 +875,23 @@ impl MessageProcessor {
         params: ExperimentalFeatureEnablementSetParams,
     ) {
         let should_refresh_apps_list = params.enablement.get("apps").copied() == Some(true);
-        let result = self
+        match self
             .config_api
             .set_experimental_feature_enablement(params)
-            .await;
-        let is_ok = result.is_ok();
-        self.handle_config_mutation_result(request_id, result).await;
-        if should_refresh_apps_list && is_ok {
-            self.refresh_apps_list_after_experimental_feature_enablement_set()
-                .await;
+            .await
+        {
+            Ok(response) => {
+                self.codex_message_processor.clear_plugin_related_caches();
+                self.codex_message_processor
+                    .maybe_start_plugin_startup_tasks_for_latest_config()
+                    .await;
+                self.outgoing.send_response(request_id, response).await;
+                if should_refresh_apps_list {
+                    self.refresh_apps_list_after_experimental_feature_enablement_set()
+                        .await;
+                }
+            }
+            Err(error) => self.outgoing.send_error(request_id, error).await,
         }
     }
 
@@ -911,11 +910,7 @@ impl MessageProcessor {
                 return;
             }
         };
-        let auth = self.auth_manager.auth().await;
-        if !config.features.apps_enabled_for_auth(
-            auth.as_ref()
-                .is_some_and(codex_login::CodexAuth::is_chatgpt_auth),
-        ) {
+        if !config.features.apps_enabled(Some(&self.auth_manager)).await {
             return;
         }
 
@@ -969,7 +964,10 @@ impl MessageProcessor {
     ) {
         match result {
             Ok(response) => {
-                self.codex_message_processor.handle_config_mutation();
+                self.codex_message_processor.clear_plugin_related_caches();
+                self.codex_message_processor
+                    .maybe_start_plugin_startup_tasks_for_latest_config()
+                    .await;
                 self.outgoing.send_response(request_id, response).await;
             }
             Err(error) => self.outgoing.send_error(request_id, error).await,

codex-rs/app-server/src/message_processor/tracing_tests.rs

@@ -7,7 +7,6 @@ use crate::transport::AppServerTransport;
 use anyhow::Result;
 use app_test_support::create_mock_responses_server_repeating_assistant;
 use app_test_support::write_mock_responses_config_toml;
-use codex_analytics::AppServerRpcTransport;
 use codex_app_server_protocol::ClientInfo;
 use codex_app_server_protocol::ClientRequest;
 use codex_app_server_protocol::InitializeCapabilities;
@@ -27,7 +26,6 @@ use codex_core::config_loader::CloudRequirementsLoader;
 use codex_core::config_loader::LoaderOverrides;
 use codex_exec_server::EnvironmentManager;
 use codex_feedback::CodexFeedback;
-use codex_login::AuthManager;
 use codex_protocol::protocol::SessionSource;
 use codex_protocol::protocol::W3cTraceContext;
 use opentelemetry::global;
@@ -235,8 +233,6 @@ fn build_test_processor(
 ) {
     let (outgoing_tx, outgoing_rx) = mpsc::channel(16);
     let outgoing = Arc::new(OutgoingMessageSender::new(outgoing_tx));
-    let auth_manager =
-        AuthManager::shared_from_config(config.as_ref(), /*enable_codex_api_key_env*/ false);
     let processor = MessageProcessor::new(MessageProcessorArgs {
         outgoing,
         arg0_paths: Arg0DispatchPaths::default(),
@@ -249,8 +245,7 @@ fn build_test_processor(
         log_db: None,
         config_warnings: Vec::new(),
         session_source: SessionSource::VSCode,
-        auth_manager,
-        rpc_transport: AppServerRpcTransport::Stdio,
+        enable_codex_api_key_env: false,
     });
     (processor, outgoing_rx)
 }

codex-rs/app-server/src/models.rs

@@ -4,7 +4,7 @@ use codex_app_server_protocol::Model;
 use codex_app_server_protocol::ModelUpgradeInfo;
 use codex_app_server_protocol::ReasoningEffortOption;
 use codex_core::ThreadManager;
-use codex_models_manager::manager::RefreshStrategy;
+use codex_core::models_manager::manager::RefreshStrategy;
 use codex_protocol::openai_models::ModelPreset;
 use codex_protocol::openai_models::ReasoningEffortPreset;
 

codex-rs/app-server/src/thread_state.rs

@@ -16,7 +16,6 @@ use std::sync::Weak;
 use tokio::sync::Mutex;
 use tokio::sync::mpsc;
 use tokio::sync::oneshot;
-use tracing::error;
 
 type PendingInterruptQueue = Vec<(
     ConnectionRequestId,
@@ -45,7 +44,6 @@ pub(crate) enum ThreadListenerCommand {
 /// Per-conversation accumulation of the latest states e.g. error message while a turn runs.
 #[derive(Default, Clone)]
 pub(crate) struct TurnSummary {
-    pub(crate) started_at: Option<i64>,
     pub(crate) file_change_started: HashSet<String>,
     pub(crate) command_execution_started: HashSet<String>,
     pub(crate) last_error: Option<TurnError>,
@@ -111,50 +109,13 @@ impl ThreadState {
     }
 
     pub(crate) fn track_current_turn_event(&mut self, event: &EventMsg) {
-        if let EventMsg::TurnStarted(payload) = event {
-            self.turn_summary.started_at = payload.started_at;
-        }
         self.current_turn_history.handle_event(event);
-        if matches!(event, EventMsg::TurnAborted(_) | EventMsg::TurnComplete(_))
-            && !self.current_turn_history.has_active_turn()
-        {
+        if !self.current_turn_history.has_active_turn() {
             self.current_turn_history.reset();
         }
     }
 }
 
-pub(crate) async fn resolve_server_request_on_thread_listener(
-    thread_state: &Arc<Mutex<ThreadState>>,
-    request_id: RequestId,
-) {
-    let (completion_tx, completion_rx) = oneshot::channel();
-    let listener_command_tx = {
-        let state = thread_state.lock().await;
-        state.listener_command_tx()
-    };
-    let Some(listener_command_tx) = listener_command_tx else {
-        error!("failed to remove pending client request: thread listener is not running");
-        return;
-    };
-
-    if listener_command_tx
-        .send(ThreadListenerCommand::ResolveServerRequest {
-            request_id,
-            completion_tx,
-        })
-        .is_err()
-    {
-        error!(
-            "failed to remove pending client request: thread listener command channel is closed"
-        );
-        return;
-    }
-
-    if let Err(err) = completion_rx.await {
-        error!("failed to remove pending client request: {err}");
-    }
-}
-
 struct ThreadEntry {
     state: Arc<Mutex<ThreadState>>,
     connection_ids: HashSet<ConnectionId>,

codex-rs/app-server/src/thread_status.rs

@@ -792,7 +792,6 @@ mod tests {
     fn test_thread(thread_id: &str, source: codex_app_server_protocol::SessionSource) -> Thread {
         Thread {
             id: thread_id.to_string(),
-            forked_from_id: None,
             preview: String::new(),
             ephemeral: false,
             model_provider: "mock-provider".to_string(),

codex-rs/app-server/src/transport/mod.rs

@@ -17,7 +17,6 @@ use std::str::FromStr;
 use std::sync::Arc;
 use std::sync::RwLock;
 use std::sync::atomic::AtomicBool;
-use std::sync::atomic::AtomicU64;
 use std::sync::atomic::Ordering;
 use tokio::sync::mpsc;
 use tokio_util::sync::CancellationToken;
@@ -29,11 +28,9 @@ use tracing::warn;
 /// plenty for an interactive CLI.
 pub(crate) const CHANNEL_CAPACITY: usize = 128;
 
-mod remote_control;
 mod stdio;
 mod websocket;
 
-pub(crate) use remote_control::start_remote_control;
 pub(crate) use stdio::start_stdio_connection;
 pub(crate) use websocket::start_websocket_acceptor;
 
@@ -41,7 +38,6 @@ pub(crate) use websocket::start_websocket_acceptor;
 pub enum AppServerTransport {
     Stdio,
     WebSocket { bind_address: SocketAddr },
-    Off,
 }
 
 #[derive(Debug, Clone, Eq, PartialEq)]
@@ -55,7 +51,7 @@ impl std::fmt::Display for AppServerTransportParseError {
         match self {
             AppServerTransportParseError::UnsupportedListenUrl(listen_url) => write!(
                 f,
-                "unsupported --listen URL `{listen_url}`; expected `stdio://`, `ws://IP:PORT`, or `off`"
+                "unsupported --listen URL `{listen_url}`; expected `stdio://` or `ws://IP:PORT`"
             ),
             AppServerTransportParseError::InvalidWebSocketListenUrl(listen_url) => write!(
                 f,
@@ -75,10 +71,6 @@ impl AppServerTransport {
             return Ok(Self::Stdio);
         }
 
-        if listen_url == "off" {
-            return Ok(Self::Off);
-        }
-
         if let Some(socket_addr) = listen_url.strip_prefix("ws://") {
             let bind_address = socket_addr.parse::<SocketAddr>().map_err(|_| {
                 AppServerTransportParseError::InvalidWebSocketListenUrl(listen_url.to_string())
@@ -174,12 +166,6 @@ impl OutboundConnectionState {
     }
 }
 
-static CONNECTION_ID_COUNTER: AtomicU64 = AtomicU64::new(0);
-
-fn next_connection_id() -> ConnectionId {
-    ConnectionId(CONNECTION_ID_COUNTER.fetch_add(1, Ordering::Relaxed))
-}
-
 async fn forward_incoming_message(
     transport_event_tx: &mpsc::Sender<TransportEvent>,
     writer: &mpsc::Sender<QueuedOutgoingMessage>,
@@ -392,11 +378,8 @@ pub(crate) async fn route_outgoing_envelope(
 #[cfg(test)]
 mod tests {
     use super::*;
+    use crate::error_code::OVERLOADED_ERROR_CODE;
     use codex_app_server_protocol::ConfigWarningNotification;
-    use codex_app_server_protocol::JSONRPCNotification;
-    use codex_app_server_protocol::JSONRPCRequest;
-    use codex_app_server_protocol::JSONRPCResponse;
-    use codex_app_server_protocol::RequestId;
     use codex_app_server_protocol::ServerNotification;
     use codex_utils_absolute_path::AbsolutePathBuf;
     use pretty_assertions::assert_eq;
@@ -410,10 +393,41 @@ mod tests {
     }
 
     #[test]
-    fn listen_off_parses_as_off_transport() {
+    fn app_server_transport_parses_stdio_listen_url() {
+        let transport = AppServerTransport::from_listen_url(AppServerTransport::DEFAULT_LISTEN_URL)
+            .expect("stdio listen URL should parse");
+        assert_eq!(transport, AppServerTransport::Stdio);
+    }
+
+    #[test]
+    fn app_server_transport_parses_websocket_listen_url() {
+        let transport = AppServerTransport::from_listen_url("ws://127.0.0.1:1234")
+            .expect("websocket listen URL should parse");
         assert_eq!(
-            AppServerTransport::from_listen_url("off"),
-            Ok(AppServerTransport::Off)
+            transport,
+            AppServerTransport::WebSocket {
+                bind_address: "127.0.0.1:1234".parse().expect("valid socket address"),
+            }
+        );
+    }
+
+    #[test]
+    fn app_server_transport_rejects_invalid_websocket_listen_url() {
+        let err = AppServerTransport::from_listen_url("ws://localhost:1234")
+            .expect_err("hostname bind address should be rejected");
+        assert_eq!(
+            err.to_string(),
+            "invalid websocket --listen URL `ws://localhost:1234`; expected `ws://IP:PORT`"
+        );
+    }
+
+    #[test]
+    fn app_server_transport_rejects_unsupported_listen_url() {
+        let err = AppServerTransport::from_listen_url("http://127.0.0.1:1234")
+            .expect_err("unsupported scheme should fail");
+        assert_eq!(
+            err.to_string(),
+            "unsupported --listen URL `http://127.0.0.1:1234`; expected `stdio://` or `ws://IP:PORT`"
         );
     }
 
@@ -423,10 +437,11 @@ mod tests {
         let (transport_event_tx, mut transport_event_rx) = mpsc::channel(1);
         let (writer_tx, mut writer_rx) = mpsc::channel(1);
 
-        let first_message = JSONRPCMessage::Notification(JSONRPCNotification {
-            method: "initialized".to_string(),
-            params: None,
-        });
+        let first_message =
+            JSONRPCMessage::Notification(codex_app_server_protocol::JSONRPCNotification {
+                method: "initialized".to_string(),
+                params: None,
+            });
         transport_event_tx
             .send(TransportEvent::IncomingMessage {
                 connection_id,
@@ -435,8 +450,8 @@ mod tests {
             .await
             .expect("queue should accept first message");
 
-        let request = JSONRPCMessage::Request(JSONRPCRequest {
-            id: RequestId::Integer(7),
+        let request = JSONRPCMessage::Request(codex_app_server_protocol::JSONRPCRequest {
+            id: codex_app_server_protocol::RequestId::Integer(7),
             method: "config/read".to_string(),
             params: Some(json!({ "includeLayers": false })),
             trace: None,
@@ -484,10 +499,11 @@ mod tests {
         let (transport_event_tx, mut transport_event_rx) = mpsc::channel(1);
         let (writer_tx, _writer_rx) = mpsc::channel(1);
 
-        let first_message = JSONRPCMessage::Notification(JSONRPCNotification {
-            method: "initialized".to_string(),
-            params: None,
-        });
+        let first_message =
+            JSONRPCMessage::Notification(codex_app_server_protocol::JSONRPCNotification {
+                method: "initialized".to_string(),
+                params: None,
+            });
         transport_event_tx
             .send(TransportEvent::IncomingMessage {
                 connection_id,
@@ -496,8 +512,8 @@ mod tests {
             .await
             .expect("queue should accept first message");
 
-        let response = JSONRPCMessage::Response(JSONRPCResponse {
-            id: RequestId::Integer(7),
+        let response = JSONRPCMessage::Response(codex_app_server_protocol::JSONRPCResponse {
+            id: codex_app_server_protocol::RequestId::Integer(7),
             result: json!({"ok": true}),
         });
         let transport_event_tx_for_enqueue = transport_event_tx.clone();
@@ -537,10 +553,11 @@ mod tests {
         match forwarded_event {
             TransportEvent::IncomingMessage {
                 connection_id: queued_connection_id,
-                message: JSONRPCMessage::Response(JSONRPCResponse { id, result }),
+                message:
+                    JSONRPCMessage::Response(codex_app_server_protocol::JSONRPCResponse { id, result }),
             } => {
                 assert_eq!(queued_connection_id, connection_id);
-                assert_eq!(id, RequestId::Integer(7));
+                assert_eq!(id, codex_app_server_protocol::RequestId::Integer(7));
                 assert_eq!(result, json!({"ok": true}));
             }
             _ => panic!("expected forwarded response message"),
@@ -556,10 +573,12 @@ mod tests {
         transport_event_tx
             .send(TransportEvent::IncomingMessage {
                 connection_id,
-                message: JSONRPCMessage::Notification(JSONRPCNotification {
-                    method: "initialized".to_string(),
-                    params: None,
-                }),
+                message: JSONRPCMessage::Notification(
+                    codex_app_server_protocol::JSONRPCNotification {
+                        method: "initialized".to_string(),
+                        params: None,
+                    },
+                ),
             })
             .await
             .expect("transport queue should accept first message");
@@ -578,15 +597,15 @@ mod tests {
             .await
             .expect("writer queue should accept first message");
 
-        let request = JSONRPCMessage::Request(JSONRPCRequest {
-            id: RequestId::Integer(7),
+        let request = JSONRPCMessage::Request(codex_app_server_protocol::JSONRPCRequest {
+            id: codex_app_server_protocol::RequestId::Integer(7),
             method: "config/read".to_string(),
             params: Some(json!({ "includeLayers": false })),
             trace: None,
         });
 
-        let enqueue_result = timeout(
-            Duration::from_millis(100),
+        let enqueue_result = tokio::time::timeout(
+            std::time::Duration::from_millis(100),
             enqueue_incoming_message(&transport_event_tx, &writer_tx, connection_id, request),
         )
         .await
@@ -762,7 +781,7 @@ mod tests {
             OutgoingEnvelope::ToConnection {
                 connection_id,
                 message: OutgoingMessage::Request(ServerRequest::CommandExecutionRequestApproval {
-                    request_id: RequestId::Integer(1),
+                    request_id: codex_app_server_protocol::RequestId::Integer(1),
                     params: codex_app_server_protocol::CommandExecutionRequestApprovalParams {
                         thread_id: "thr_123".to_string(),
                         turn_id: "turn_123".to_string(),
@@ -824,7 +843,7 @@ mod tests {
             OutgoingEnvelope::ToConnection {
                 connection_id,
                 message: OutgoingMessage::Request(ServerRequest::CommandExecutionRequestApproval {
-                    request_id: RequestId::Integer(1),
+                    request_id: codex_app_server_protocol::RequestId::Integer(1),
                     params: codex_app_server_protocol::CommandExecutionRequestApprovalParams {
                         thread_id: "thr_123".to_string(),
                         turn_id: "turn_123".to_string(),

codex-rs/app-server/src/transport/remote_control/client_tracker.rs

@@ -1,568 +0,0 @@
-use super::CHANNEL_CAPACITY;
-use super::TransportEvent;
-use super::next_connection_id;
-use super::protocol::ClientEnvelope;
-pub use super::protocol::ClientEvent;
-pub use super::protocol::ClientId;
-use super::protocol::PongStatus;
-use super::protocol::ServerEvent;
-use super::protocol::StreamId;
-use crate::outgoing_message::ConnectionId;
-use crate::outgoing_message::QueuedOutgoingMessage;
-use crate::transport::remote_control::QueuedServerEnvelope;
-use codex_app_server_protocol::JSONRPCMessage;
-use std::collections::HashMap;
-use tokio::sync::mpsc;
-use tokio::sync::watch;
-use tokio::task::JoinSet;
-use tokio::time::Duration;
-use tokio::time::Instant;
-use tokio_util::sync::CancellationToken;
-
-const REMOTE_CONTROL_CLIENT_IDLE_TIMEOUT: Duration = Duration::from_secs(10 * 60);
-pub(crate) const REMOTE_CONTROL_IDLE_SWEEP_INTERVAL: Duration = Duration::from_secs(30);
-
-#[derive(Debug)]
-pub(crate) struct Stopped;
-
-struct ClientState {
-    connection_id: ConnectionId,
-    disconnect_token: CancellationToken,
-    last_activity_at: Instant,
-    last_inbound_seq_id: Option<u64>,
-    status_tx: watch::Sender<PongStatus>,
-}
-
-pub(crate) struct ClientTracker {
-    clients: HashMap<(ClientId, StreamId), ClientState>,
-    legacy_stream_ids: HashMap<ClientId, StreamId>,
-    join_set: JoinSet<(ClientId, StreamId)>,
-    server_event_tx: mpsc::Sender<QueuedServerEnvelope>,
-    transport_event_tx: mpsc::Sender<TransportEvent>,
-    shutdown_token: CancellationToken,
-}
-
-impl ClientTracker {
-    pub(crate) fn new(
-        server_event_tx: mpsc::Sender<QueuedServerEnvelope>,
-        transport_event_tx: mpsc::Sender<TransportEvent>,
-        shutdown_token: &CancellationToken,
-    ) -> Self {
-        Self {
-            clients: HashMap::new(),
-            legacy_stream_ids: HashMap::new(),
-            join_set: JoinSet::new(),
-            server_event_tx,
-            transport_event_tx,
-            shutdown_token: shutdown_token.child_token(),
-        }
-    }
-
-    pub(crate) async fn bookkeep_join_set(&mut self) -> Option<(ClientId, StreamId)> {
-        while let Some(join_result) = self.join_set.join_next().await {
-            let Ok(client_key) = join_result else {
-                continue;
-            };
-            return Some(client_key);
-        }
-        futures::future::pending().await
-    }
-
-    pub(crate) async fn shutdown(&mut self) {
-        self.shutdown_token.cancel();
-
-        while let Some(client_key) = self.clients.keys().next().cloned() {
-            let _ = self.close_client(&client_key).await;
-        }
-
-        self.drain_join_set().await;
-    }
-
-    async fn drain_join_set(&mut self) {
-        while self.join_set.join_next().await.is_some() {}
-    }
-
-    pub(crate) async fn handle_message(
-        &mut self,
-        client_envelope: ClientEnvelope,
-    ) -> Result<(), Stopped> {
-        let ClientEnvelope {
-            client_id,
-            event,
-            stream_id,
-            seq_id,
-            cursor: _,
-        } = client_envelope;
-        let is_legacy_stream_id = stream_id.is_none();
-        let is_initialize = matches!(&event, ClientEvent::ClientMessage { message } if remote_control_message_starts_connection(message));
-        let stream_id = match stream_id {
-            Some(stream_id) => stream_id,
-            None if is_initialize => {
-                // TODO(ruslan): delete this fallback once all clients are updated to send stream_id.
-                self.legacy_stream_ids
-                    .remove(&client_id)
-                    .unwrap_or_else(StreamId::new_random)
-            }
-            None => self
-                .legacy_stream_ids
-                .get(&client_id)
-                .cloned()
-                .unwrap_or_else(|| {
-                    if matches!(&event, ClientEvent::Ping) {
-                        StreamId::new_random()
-                    } else {
-                        StreamId(String::new())
-                    }
-                }),
-        };
-        if stream_id.0.is_empty() {
-            return Ok(());
-        }
-        let client_key = (client_id.clone(), stream_id.clone());
-        match event {
-            ClientEvent::ClientMessage { message } => {
-                if let Some(seq_id) = seq_id
-                    && let Some(client) = self.clients.get(&client_key)
-                    && client
-                        .last_inbound_seq_id
-                        .is_some_and(|last_seq_id| last_seq_id >= seq_id)
-                    && !is_initialize
-                {
-                    return Ok(());
-                }
-
-                if is_initialize && self.clients.contains_key(&client_key) {
-                    self.close_client(&client_key).await?;
-                }
-
-                if let Some(connection_id) = self.clients.get_mut(&client_key).map(|client| {
-                    client.last_activity_at = Instant::now();
-                    if let Some(seq_id) = seq_id {
-                        client.last_inbound_seq_id = Some(seq_id);
-                    }
-                    client.connection_id
-                }) {
-                    self.send_transport_event(TransportEvent::IncomingMessage {
-                        connection_id,
-                        message,
-                    })
-                    .await?;
-                    return Ok(());
-                }
-
-                if !is_initialize {
-                    return Ok(());
-                }
-
-                let connection_id = next_connection_id();
-                let (writer_tx, writer_rx) =
-                    mpsc::channel::<QueuedOutgoingMessage>(CHANNEL_CAPACITY);
-                let disconnect_token = self.shutdown_token.child_token();
-                self.send_transport_event(TransportEvent::ConnectionOpened {
-                    connection_id,
-                    writer: writer_tx,
-                    disconnect_sender: Some(disconnect_token.clone()),
-                })
-                .await?;
-
-                let (status_tx, status_rx) = watch::channel(PongStatus::Active);
-                self.join_set.spawn(Self::run_client_outbound(
-                    client_id.clone(),
-                    stream_id.clone(),
-                    self.server_event_tx.clone(),
-                    writer_rx,
-                    status_rx,
-                    disconnect_token.clone(),
-                ));
-                self.clients.insert(
-                    client_key,
-                    ClientState {
-                        connection_id,
-                        disconnect_token,
-                        last_activity_at: Instant::now(),
-                        last_inbound_seq_id: if is_legacy_stream_id { None } else { seq_id },
-                        status_tx,
-                    },
-                );
-                if is_legacy_stream_id {
-                    self.legacy_stream_ids.insert(client_id.clone(), stream_id);
-                }
-                self.send_transport_event(TransportEvent::IncomingMessage {
-                    connection_id,
-                    message,
-                })
-                .await
-            }
-            ClientEvent::Ack => Ok(()),
-            ClientEvent::Ping => {
-                if let Some(client) = self.clients.get_mut(&client_key) {
-                    client.last_activity_at = Instant::now();
-                    let _ = client.status_tx.send(PongStatus::Active);
-                    return Ok(());
-                }
-
-                let server_event_tx = self.server_event_tx.clone();
-                tokio::spawn(async move {
-                    let server_envelope = QueuedServerEnvelope {
-                        event: ServerEvent::Pong {
-                            status: PongStatus::Unknown,
-                        },
-                        client_id,
-                        stream_id,
-                        write_complete_tx: None,
-                    };
-                    let _ = server_event_tx.send(server_envelope).await;
-                });
-                Ok(())
-            }
-            ClientEvent::ClientClosed => self.close_client(&client_key).await,
-        }
-    }
-
-    async fn run_client_outbound(
-        client_id: ClientId,
-        stream_id: StreamId,
-        server_event_tx: mpsc::Sender<QueuedServerEnvelope>,
-        mut writer_rx: mpsc::Receiver<QueuedOutgoingMessage>,
-        mut status_rx: watch::Receiver<PongStatus>,
-        disconnect_token: CancellationToken,
-    ) -> (ClientId, StreamId) {
-        loop {
-            let (event, write_complete_tx) = tokio::select! {
-                _ = disconnect_token.cancelled() => {
-                    break;
-                }
-                queued_message = writer_rx.recv() => {
-                    let Some(queued_message) = queued_message else {
-                        break;
-                    };
-                    let event = ServerEvent::ServerMessage {
-                        message: Box::new(queued_message.message),
-                    };
-                    (event, queued_message.write_complete_tx)
-                }
-                changed = status_rx.changed() => {
-                    if changed.is_err() {
-                        break;
-                    }
-                    let event = ServerEvent::Pong { status: status_rx.borrow().clone() };
-                    (event, None)
-                }
-            };
-            let send_result = tokio::select! {
-                _ = disconnect_token.cancelled() => {
-                    break;
-                }
-                send_result = server_event_tx.send(QueuedServerEnvelope {
-                    event,
-                    client_id: client_id.clone(),
-                    stream_id: stream_id.clone(),
-                    write_complete_tx,
-                }) => send_result,
-            };
-            if send_result.is_err() {
-                break;
-            }
-        }
-        (client_id, stream_id)
-    }
-
-    pub(crate) async fn close_expired_clients(
-        &mut self,
-    ) -> Result<Vec<(ClientId, StreamId)>, Stopped> {
-        let now = Instant::now();
-        let expired_client_ids: Vec<(ClientId, StreamId)> = self
-            .clients
-            .iter()
-            .filter_map(|(client_key, client)| {
-                (!remote_control_client_is_alive(client, now)).then_some(client_key.clone())
-            })
-            .collect();
-        for client_key in &expired_client_ids {
-            self.close_client(client_key).await?;
-        }
-        Ok(expired_client_ids)
-    }
-
-    pub(super) async fn close_client(
-        &mut self,
-        client_key: &(ClientId, StreamId),
-    ) -> Result<(), Stopped> {
-        let Some(client) = self.clients.remove(client_key) else {
-            return Ok(());
-        };
-        if self
-            .legacy_stream_ids
-            .get(&client_key.0)
-            .is_some_and(|stream_id| stream_id == &client_key.1)
-        {
-            self.legacy_stream_ids.remove(&client_key.0);
-        }
-        client.disconnect_token.cancel();
-        self.send_transport_event(TransportEvent::ConnectionClosed {
-            connection_id: client.connection_id,
-        })
-        .await
-    }
-
-    async fn send_transport_event(&self, event: TransportEvent) -> Result<(), Stopped> {
-        self.transport_event_tx
-            .send(event)
-            .await
-            .map_err(|_| Stopped)
-    }
-}
-
-fn remote_control_message_starts_connection(message: &JSONRPCMessage) -> bool {
-    matches!(
-        message,
-        JSONRPCMessage::Request(codex_app_server_protocol::JSONRPCRequest { method, .. })
-            if method == "initialize"
-    )
-}
-
-fn remote_control_client_is_alive(client: &ClientState, now: Instant) -> bool {
-    now.duration_since(client.last_activity_at) < REMOTE_CONTROL_CLIENT_IDLE_TIMEOUT
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use crate::outgoing_message::OutgoingMessage;
-    use crate::transport::remote_control::protocol::ClientEnvelope;
-    use crate::transport::remote_control::protocol::ClientEvent;
-    use codex_app_server_protocol::ConfigWarningNotification;
-    use codex_app_server_protocol::JSONRPCRequest;
-    use codex_app_server_protocol::RequestId;
-    use codex_app_server_protocol::ServerNotification;
-    use pretty_assertions::assert_eq;
-    use serde_json::json;
-    use tokio::time::timeout;
-
-    fn initialize_envelope(client_id: &str) -> ClientEnvelope {
-        initialize_envelope_with_stream_id(client_id, /*stream_id*/ None)
-    }
-
-    fn initialize_envelope_with_stream_id(
-        client_id: &str,
-        stream_id: Option<&str>,
-    ) -> ClientEnvelope {
-        ClientEnvelope {
-            event: ClientEvent::ClientMessage {
-                message: JSONRPCMessage::Request(JSONRPCRequest {
-                    id: RequestId::Integer(1),
-                    method: "initialize".to_string(),
-                    params: Some(json!({
-                        "clientInfo": {
-                            "name": "remote-test-client",
-                            "version": "0.1.0"
-                        }
-                    })),
-                    trace: None,
-                }),
-            },
-            client_id: ClientId(client_id.to_string()),
-            stream_id: stream_id.map(|stream_id| StreamId(stream_id.to_string())),
-            seq_id: Some(0),
-            cursor: None,
-        }
-    }
-
-    #[tokio::test]
-    async fn cancelled_outbound_task_emits_connection_closed() {
-        let (server_event_tx, _server_event_rx) = mpsc::channel(CHANNEL_CAPACITY);
-        let (transport_event_tx, mut transport_event_rx) = mpsc::channel(CHANNEL_CAPACITY);
-        let shutdown_token = CancellationToken::new();
-        let mut client_tracker =
-            ClientTracker::new(server_event_tx, transport_event_tx, &shutdown_token);
-
-        client_tracker
-            .handle_message(initialize_envelope("client-1"))
-            .await
-            .expect("initialize should open client");
-
-        let (connection_id, disconnect_sender) = match transport_event_rx
-            .recv()
-            .await
-            .expect("connection opened should be sent")
-        {
-            TransportEvent::ConnectionOpened {
-                connection_id,
-                disconnect_sender: Some(disconnect_sender),
-                ..
-            } => (connection_id, disconnect_sender),
-            other => panic!("expected connection opened, got {other:?}"),
-        };
-        match transport_event_rx
-            .recv()
-            .await
-            .expect("initialize should be forwarded")
-        {
-            TransportEvent::IncomingMessage {
-                connection_id: incoming_connection_id,
-                ..
-            } => assert_eq!(incoming_connection_id, connection_id),
-            other => panic!("expected incoming initialize, got {other:?}"),
-        }
-
-        disconnect_sender.cancel();
-        let closed_client_id = timeout(Duration::from_secs(1), client_tracker.bookkeep_join_set())
-            .await
-            .expect("bookkeeping should process the closed task")
-            .expect("closed task should return client id");
-        assert_eq!(closed_client_id.0, ClientId("client-1".to_string()));
-        client_tracker
-            .close_client(&closed_client_id)
-            .await
-            .expect("closed client should emit connection closed");
-
-        match transport_event_rx
-            .recv()
-            .await
-            .expect("connection closed should be sent")
-        {
-            TransportEvent::ConnectionClosed {
-                connection_id: closed_connection_id,
-            } => assert_eq!(closed_connection_id, connection_id),
-            other => panic!("expected connection closed, got {other:?}"),
-        }
-    }
-
-    #[tokio::test]
-    async fn shutdown_cancels_blocked_outbound_forwarding() {
-        let (server_event_tx, _server_event_rx) = mpsc::channel(1);
-        let (transport_event_tx, mut transport_event_rx) = mpsc::channel(CHANNEL_CAPACITY);
-        let shutdown_token = CancellationToken::new();
-        let mut client_tracker =
-            ClientTracker::new(server_event_tx.clone(), transport_event_tx, &shutdown_token);
-
-        server_event_tx
-            .send(QueuedServerEnvelope {
-                event: ServerEvent::Pong {
-                    status: PongStatus::Unknown,
-                },
-                client_id: ClientId("queued-client".to_string()),
-                stream_id: StreamId("queued-stream".to_string()),
-                write_complete_tx: None,
-            })
-            .await
-            .expect("server event queue should accept prefill");
-
-        client_tracker
-            .handle_message(initialize_envelope("client-1"))
-            .await
-            .expect("initialize should open client");
-
-        let writer = match transport_event_rx
-            .recv()
-            .await
-            .expect("connection opened should be sent")
-        {
-            TransportEvent::ConnectionOpened { writer, .. } => writer,
-            other => panic!("expected connection opened, got {other:?}"),
-        };
-        let _ = transport_event_rx
-            .recv()
-            .await
-            .expect("initialize should be forwarded");
-
-        writer
-            .send(QueuedOutgoingMessage::new(
-                OutgoingMessage::AppServerNotification(ServerNotification::ConfigWarning(
-                    ConfigWarningNotification {
-                        summary: "test".to_string(),
-                        details: None,
-                        path: None,
-                        range: None,
-                    },
-                )),
-            ))
-            .await
-            .expect("writer should accept queued message");
-
-        timeout(Duration::from_secs(1), client_tracker.shutdown())
-            .await
-            .expect("shutdown should not hang on blocked server forwarding");
-    }
-
-    #[tokio::test]
-    async fn initialize_with_new_stream_id_opens_new_connection_for_same_client() {
-        let (server_event_tx, _server_event_rx) = mpsc::channel(CHANNEL_CAPACITY);
-        let (transport_event_tx, mut transport_event_rx) = mpsc::channel(CHANNEL_CAPACITY);
-        let shutdown_token = CancellationToken::new();
-        let mut client_tracker =
-            ClientTracker::new(server_event_tx, transport_event_tx, &shutdown_token);
-
-        client_tracker
-            .handle_message(initialize_envelope_with_stream_id(
-                "client-1",
-                Some("stream-1"),
-            ))
-            .await
-            .expect("first initialize should open client");
-        let first_connection_id = match transport_event_rx.recv().await.expect("open event") {
-            TransportEvent::ConnectionOpened { connection_id, .. } => connection_id,
-            other => panic!("expected connection opened, got {other:?}"),
-        };
-        let _ = transport_event_rx.recv().await.expect("initialize event");
-
-        client_tracker
-            .handle_message(initialize_envelope_with_stream_id(
-                "client-1",
-                Some("stream-2"),
-            ))
-            .await
-            .expect("second initialize should open client");
-        let second_connection_id = match transport_event_rx.recv().await.expect("open event") {
-            TransportEvent::ConnectionOpened { connection_id, .. } => connection_id,
-            other => panic!("expected connection opened, got {other:?}"),
-        };
-
-        assert_ne!(first_connection_id, second_connection_id);
-    }
-
-    #[tokio::test]
-    async fn legacy_initialize_without_stream_id_resets_inbound_seq_id() {
-        let (server_event_tx, _server_event_rx) = mpsc::channel(CHANNEL_CAPACITY);
-        let (transport_event_tx, mut transport_event_rx) = mpsc::channel(CHANNEL_CAPACITY);
-        let shutdown_token = CancellationToken::new();
-        let mut client_tracker =
-            ClientTracker::new(server_event_tx, transport_event_tx, &shutdown_token);
-
-        client_tracker
-            .handle_message(initialize_envelope("client-1"))
-            .await
-            .expect("initialize should open client");
-        let connection_id = match transport_event_rx.recv().await.expect("open event") {
-            TransportEvent::ConnectionOpened { connection_id, .. } => connection_id,
-            other => panic!("expected connection opened, got {other:?}"),
-        };
-        let _ = transport_event_rx.recv().await.expect("initialize event");
-
-        client_tracker
-            .handle_message(ClientEnvelope {
-                event: ClientEvent::ClientMessage {
-                    message: JSONRPCMessage::Notification(
-                        codex_app_server_protocol::JSONRPCNotification {
-                            method: "initialized".to_string(),
-                            params: None,
-                        },
-                    ),
-                },
-                client_id: ClientId("client-1".to_string()),
-                stream_id: None,
-                seq_id: Some(0),
-                cursor: None,
-            })
-            .await
-            .expect("legacy followup should be forwarded");
-
-        match transport_event_rx.recv().await.expect("followup event") {
-            TransportEvent::IncomingMessage {
-                connection_id: incoming_connection_id,
-                ..
-            } => assert_eq!(incoming_connection_id, connection_id),
-            other => panic!("expected incoming message, got {other:?}"),
-        }
-    }
-}