client

.github/workflows/cla.yml

@@ -46,4 +46,7 @@ jobs:
           path-to-document: https://github.com/openai/codex/blob/main/docs/CLA.md
           path-to-signatures: signatures/cla.json
           branch: cla-signatures
-          allowlist: codex,dependabot,dependabot[bot],github-actions[bot]
+          allowlist: |
+            codex
+            dependabot
+            dependabot[bot]

codex-rs/Cargo.lock

@@ -198,9 +198,9 @@ dependencies = [
 
 [[package]]
 name = "arboard"
-version = "3.6.1"
+version = "3.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0348a1c054491f4bfe6ab86a7b6ab1e44e45d899005de92f58b3df180b36ddaf"
+checksum = "55f533f8e0af236ffe5eb979b99381df3258853f00ba2e44b6e1955292c75227"
 dependencies = [
  "clipboard-win",
  "image",
@@ -212,7 +212,7 @@ dependencies = [
  "objc2-foundation",
  "parking_lot",
  "percent-encoding",
- "windows-sys 0.60.2",
+ "windows-sys 0.52.0",
  "wl-clipboard-rs",
  "x11rb",
 ]
@@ -1068,7 +1068,6 @@ dependencies = [
  "serde_json",
  "thiserror 2.0.17",
  "tokio",
- "tracing",
 ]
 
 [[package]]
@@ -1145,6 +1144,7 @@ dependencies = [
  "codex-apply-patch",
  "codex-arg0",
  "codex-async-utils",
+ "codex-client",
  "codex-core",
  "codex-execpolicy",
  "codex-file-search",
@@ -1187,7 +1187,6 @@ dependencies = [
  "seccompiler",
  "serde",
  "serde_json",
- "serde_yaml",
  "serial_test",
  "sha1",
  "sha2",
@@ -1283,7 +1282,6 @@ dependencies = [
  "serde_json",
  "shlex",
  "starlark",
- "tempfile",
  "thiserror 2.0.17",
 ]
 
@@ -1615,7 +1613,6 @@ dependencies = [
  "textwrap 0.16.2",
  "tokio",
  "tokio-stream",
- "tokio-util",
  "toml",
  "tracing",
  "tracing-appender",
@@ -2540,7 +2537,7 @@ checksum = "0ce92ff622d6dadf7349484f42c93271a0d49b7cc4d466a936405bacbe10aa78"
 dependencies = [
  "cfg-if",
  "rustix 1.0.8",
- "windows-sys 0.59.0",
+ "windows-sys 0.52.0",
 ]
 
 [[package]]
@@ -3297,9 +3294,9 @@ dependencies = [
 
 [[package]]
 name = "image"
-version = "0.25.9"
+version = "0.25.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e6506c6c10786659413faa717ceebcb8f70731c0a60cbae39795fdf114519c1a"
+checksum = "529feb3e6769d234375c4cf1ee2ce713682b8e76538cb13f9fc23e1400a591e7"
 dependencies = [
  "bytemuck",
  "byteorder-lite",
@@ -3307,8 +3304,8 @@ dependencies = [
  "num-traits",
  "png",
  "tiff",
- "zune-core 0.5.0",
- "zune-jpeg 0.5.5",
+ "zune-core",
+ "zune-jpeg",
 ]
 
 [[package]]
@@ -3444,7 +3441,7 @@ checksum = "e04d7f318608d35d4b61ddd75cbdaee86b023ebe2bd5a66ee0915f0bf93095a9"
 dependencies = [
  "hermit-abi",
  "libc",
- "windows-sys 0.59.0",
+ "windows-sys 0.52.0",
 ]
 
 [[package]]
@@ -4468,12 +4465,6 @@ version = "1.0.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a"
 
-[[package]]
-name = "pastey"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "57d6c094ee800037dff99e02cab0eaf3142826586742a270ab3d7a62656bd27a"
-
 [[package]]
 name = "path-absolutize"
 version = "3.1.1"
@@ -5089,9 +5080,9 @@ checksum = "2b15c43186be67a4fd63bee50d0303afffcef381492ebe2c5d87f324e1b8815c"
 
 [[package]]
 name = "reqwest"
-version = "0.12.24"
+version = "0.12.23"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9d0946410b9f7b082a427e4ef5c8ff541a88b357bc6c637c40db3a68ac70a36f"
+checksum = "d429f34c8092b2d42c7c93cec323bb4adeb7c67698f70839adec842ec10c7ceb"
 dependencies = [
  "base64",
  "bytes",
@@ -5152,9 +5143,8 @@ dependencies = [
 
 [[package]]
 name = "rmcp"
-version = "0.10.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "38b18323edc657390a6ed4d7a9110b0dec2dc3ed128eb2a123edfbafabdbddc5"
+version = "0.9.0"
+source = "git+https://github.com/bolinfest/rust-sdk?branch=pr556#4d9cc16f4c76c84486344f542ed9a3e9364019ba"
 dependencies = [
  "async-trait",
  "base64",
@@ -5165,7 +5155,7 @@ dependencies = [
  "http-body",
  "http-body-util",
  "oauth2",
- "pastey",
+ "paste",
  "pin-project-lite",
  "process-wrap",
  "rand 0.9.2",
@@ -5187,9 +5177,8 @@ dependencies = [
 
 [[package]]
 name = "rmcp-macros"
-version = "0.10.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c75d0a62676bf8c8003c4e3c348e2ceb6a7b3e48323681aaf177fdccdac2ce50"
+version = "0.9.0"
+source = "git+https://github.com/bolinfest/rust-sdk?branch=pr556#4d9cc16f4c76c84486344f542ed9a3e9364019ba"
 dependencies = [
  "darling 0.21.3",
  "proc-macro2",
@@ -5229,7 +5218,7 @@ dependencies = [
  "errno",
  "libc",
  "linux-raw-sys 0.4.15",
- "windows-sys 0.59.0",
+ "windows-sys 0.52.0",
 ]
 
 [[package]]
@@ -5748,9 +5737,9 @@ dependencies = [
 
 [[package]]
 name = "serde_with"
-version = "3.16.1"
+version = "3.14.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4fa237f2807440d238e0364a218270b98f767a00d3dada77b1c53ae88940e2e7"
+checksum = "f2c45cd61fefa9db6f254525d46e392b852e0e61d9a1fd36e5bd183450a556d5"
 dependencies = [
  "base64",
  "chrono",
@@ -5759,7 +5748,8 @@ dependencies = [
  "indexmap 2.12.0",
  "schemars 0.9.0",
  "schemars 1.0.4",
- "serde_core",
+ "serde",
+ "serde_derive",
  "serde_json",
  "serde_with_macros",
  "time",
@@ -5767,29 +5757,16 @@ dependencies = [
 
 [[package]]
 name = "serde_with_macros"
-version = "3.16.1"
+version = "3.14.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "52a8e3ca0ca629121f70ab50f95249e5a6f925cc0f6ffe8256c45b728875706c"
+checksum = "de90945e6565ce0d9a25098082ed4ee4002e047cb59892c318d66821e14bb30f"
 dependencies = [
- "darling 0.21.3",
+ "darling 0.20.11",
  "proc-macro2",
  "quote",
  "syn 2.0.104",
 ]
 
-[[package]]
-name = "serde_yaml"
-version = "0.9.34+deprecated"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6a8b1a1a2ebf674015cc02edccce75287f1a0130d394307b36743c2f5d504b47"
-dependencies = [
- "indexmap 2.12.0",
- "itoa",
- "ryu",
- "serde",
- "unsafe-libyaml",
-]
-
 [[package]]
 name = "serial2"
 version = "0.2.31"
@@ -6433,7 +6410,7 @@ dependencies = [
  "half",
  "quick-error",
  "weezl",
- "zune-jpeg 0.4.19",
+ "zune-jpeg",
 ]
 
 [[package]]
@@ -6601,7 +6578,6 @@ dependencies = [
  "futures-sink",
  "futures-util",
  "pin-project-lite",
- "slab",
  "tokio",
 ]
 
@@ -6739,9 +6715,9 @@ checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3"
 
 [[package]]
 name = "tracing"
-version = "0.1.43"
+version = "0.1.41"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2d15d90a0b5c19378952d479dc858407149d7bb45a14de0142f6c534b16fc647"
+checksum = "784e0ac535deb450455cbfa28a6f0df145ea1bb7ae51b821cf5e7927fdcfbdd0"
 dependencies = [
  "log",
  "pin-project-lite",
@@ -6763,9 +6739,9 @@ dependencies = [
 
 [[package]]
 name = "tracing-attributes"
-version = "0.1.31"
+version = "0.1.30"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7490cfa5ec963746568740651ac6781f701c9c5ea257c58e057f3ba8cf69e8da"
+checksum = "81383ab64e72a7a8b8e13130c49e3dab29def6d0c7d76a03087b3cf71c5c6903"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -6774,9 +6750,9 @@ dependencies = [
 
 [[package]]
 name = "tracing-core"
-version = "0.1.35"
+version = "0.1.34"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7a04e24fab5c89c6a36eb8558c9656f30d81de51dfa4d3b45f26b21d61fa0a6c"
+checksum = "b9d12581f227e93f094d3af2ae690a574abb8a2b9b7a96e7cfe9647b2b617678"
 dependencies = [
  "once_cell",
  "valuable",
@@ -7005,12 +6981,6 @@ version = "0.2.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ebc1c04c71510c7f702b52b7c350734c9ff1295c464a03335b00bb84fc54f853"
 
-[[package]]
-name = "unsafe-libyaml"
-version = "0.2.11"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "673aac59facbab8a9007c7f6108d11f63b603f7cabff99fabf650fea5c32b861"
-
 [[package]]
 name = "untrusted"
 version = "0.9.0"
@@ -7400,7 +7370,7 @@ version = "0.1.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb"
 dependencies = [
- "windows-sys 0.59.0",
+ "windows-sys 0.52.0",
 ]
 
 [[package]]
@@ -8125,28 +8095,13 @@ version = "0.4.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3f423a2c17029964870cfaabb1f13dfab7d092a62a29a89264f4d36990ca414a"
 
-[[package]]
-name = "zune-core"
-version = "0.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "111f7d9820f05fd715df3144e254d6fc02ee4088b0644c0ffd0efc9e6d9d2773"
-
 [[package]]
 name = "zune-jpeg"
 version = "0.4.19"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2c9e525af0a6a658e031e95f14b7f889976b74a11ba0eca5a5fc9ac8a1c43a6a"
 dependencies = [
- "zune-core 0.4.12",
-]
-
-[[package]]
-name = "zune-jpeg"
-version = "0.5.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dc6fb7703e32e9a07fb3f757360338b3a567a5054f21b5f52a666752e333d58e"
-dependencies = [
- "zune-core 0.5.0",
+ "zune-core",
 ]
 
 [[package]]

codex-rs/Cargo.toml

@@ -59,15 +59,15 @@ license = "Apache-2.0"
 # Internal
 app_test_support = { path = "app-server/tests/common" }
 codex-ansi-escape = { path = "ansi-escape" }
-codex-api = { path = "codex-api" }
 codex-app-server = { path = "app-server" }
 codex-app-server-protocol = { path = "app-server-protocol" }
 codex-apply-patch = { path = "apply-patch" }
 codex-arg0 = { path = "arg0" }
 codex-async-utils = { path = "async-utils" }
 codex-backend-client = { path = "backend-client" }
-codex-chatgpt = { path = "chatgpt" }
+codex-api = { path = "codex-api" }
 codex-client = { path = "codex-client" }
+codex-chatgpt = { path = "chatgpt" }
 codex-common = { path = "common" }
 codex-core = { path = "core" }
 codex-exec = { path = "exec" }
@@ -136,7 +136,7 @@ icu_decimal = "2.1"
 icu_locale_core = "2.1"
 icu_provider = { version = "2.1", features = ["sync"] }
 ignore = "0.4.23"
-image = { version = "^0.25.9", default-features = false }
+image = { version = "^0.25.8", default-features = false }
 indexmap = "2.12.0"
 insta = "1.43.2"
 itertools = "0.14.0"
@@ -169,17 +169,16 @@ pulldown-cmark = "0.10"
 rand = "0.9"
 ratatui = "0.29.0"
 ratatui-macros = "0.6.0"
-regex = "1.12.2"
 regex-lite = "0.1.7"
+regex = "1.12.2"
 reqwest = "0.12"
-rmcp = { version = "0.10.0", default-features = false }
+rmcp = { version = "0.9.0", default-features = false }
 schemars = "0.8.22"
 seccompiler = "0.5.0"
 sentry = "0.34.0"
 serde = "1"
 serde_json = "1"
-serde_yaml = "0.9"
-serde_with = "3.16"
+serde_with = "3.14"
 serial_test = "3.2.0"
 sha1 = "0.10.6"
 sha2 = "0.10"
@@ -204,7 +203,7 @@ tokio-util = "0.7.16"
 toml = "0.9.5"
 toml_edit = "0.23.5"
 tonic = "0.13.1"
-tracing = "0.1.43"
+tracing = "0.1.41"
 tracing-appender = "0.2.3"
 tracing-subscriber = "0.3.20"
 tracing-test = "0.2.5"
@@ -289,6 +288,7 @@ opt-level = 0
 # ratatui = { path = "../../ratatui" }
 crossterm = { git = "https://github.com/nornagon/crossterm", branch = "nornagon/color-query" }
 ratatui = { git = "https://github.com/nornagon/ratatui", branch = "nornagon-v0.29.0-patch" }
+rmcp = { git = "https://github.com/bolinfest/rust-sdk", branch = "pr556" }
 
 # Uncomment to debug local changes.
 # rmcp = { path = "../../rust-sdk/crates/rmcp" }

codex-rs/app-server-protocol/src/protocol/common.rs

@@ -131,7 +131,7 @@ client_request_definitions! {
     },
     ReviewStart => "review/start" {
         params: v2::ReviewStartParams,
-        response: v2::ReviewStartResponse,
+        response: v2::TurnStartResponse,
     },
 
     ModelList => "model/list" {
@@ -164,12 +164,6 @@ client_request_definitions! {
         response: v2::FeedbackUploadResponse,
     },
 
-    /// Execute a command (argv vector) under the server's sandbox.
-    OneOffCommandExec => "command/exec" {
-        params: v2::CommandExecParams,
-        response: v2::CommandExecResponse,
-    },
-
     ConfigRead => "config/read" {
         params: v2::ConfigReadParams,
         response: v2::ConfigReadResponse,
@@ -512,12 +506,10 @@ server_notification_definitions! {
     TurnStarted => "turn/started" (v2::TurnStartedNotification),
     TurnCompleted => "turn/completed" (v2::TurnCompletedNotification),
     TurnDiffUpdated => "turn/diff/updated" (v2::TurnDiffUpdatedNotification),
-    TurnPlanUpdated => "turn/plan/updated" (v2::TurnPlanUpdatedNotification),
     ItemStarted => "item/started" (v2::ItemStartedNotification),
     ItemCompleted => "item/completed" (v2::ItemCompletedNotification),
     AgentMessageDelta => "item/agentMessage/delta" (v2::AgentMessageDeltaNotification),
     CommandExecutionOutputDelta => "item/commandExecution/outputDelta" (v2::CommandExecutionOutputDeltaNotification),
-    FileChangeOutputDelta => "item/fileChange/outputDelta" (v2::FileChangeOutputDeltaNotification),
     McpToolCallProgress => "item/mcpToolCall/progress" (v2::McpToolCallProgressNotification),
     AccountUpdated => "account/updated" (v2::AccountUpdatedNotification),
     AccountRateLimitsUpdated => "account/rateLimits/updated" (v2::AccountRateLimitsUpdatedNotification),

codex-rs/app-server-protocol/src/protocol/mappers.rs

@@ -1,15 +0,0 @@
-use crate::protocol::v1;
-use crate::protocol::v2;
-
-impl From<v1::ExecOneOffCommandParams> for v2::CommandExecParams {
-    fn from(value: v1::ExecOneOffCommandParams) -> Self {
-        Self {
-            command: value.command,
-            timeout_ms: value
-                .timeout_ms
-                .map(|timeout| i64::try_from(timeout).unwrap_or(60_000)),
-            cwd: value.cwd,
-            sandbox_policy: value.sandbox_policy.map(std::convert::Into::into),
-        }
-    }
-}

codex-rs/app-server-protocol/src/protocol/mod.rs

@@ -2,7 +2,6 @@
 // Exposes protocol pieces used by `lib.rs` via `pub use protocol::common::*;`.
 
 pub mod common;
-mod mappers;
 pub mod thread_history;
 pub mod v1;
 pub mod v2;

codex-rs/app-server-protocol/src/protocol/thread_history.rs

@@ -1,6 +1,5 @@
 use crate::protocol::v2::ThreadItem;
 use crate::protocol::v2::Turn;
-use crate::protocol::v2::TurnError;
 use crate::protocol::v2::TurnStatus;
 use crate::protocol::v2::UserInput;
 use codex_protocol::protocol::AgentReasoningEvent;
@@ -143,7 +142,6 @@ impl ThreadHistoryBuilder {
         PendingTurn {
             id: self.next_turn_id(),
             items: Vec::new(),
-            error: None,
             status: TurnStatus::Completed,
         }
     }
@@ -192,7 +190,6 @@ impl ThreadHistoryBuilder {
 struct PendingTurn {
     id: String,
     items: Vec<ThreadItem>,
-    error: Option<TurnError>,
     status: TurnStatus,
 }
 
@@ -201,7 +198,6 @@ impl From<PendingTurn> for Turn {
         Self {
             id: value.id,
             items: value.items,
-            error: value.error,
             status: value.status,
         }
     }

codex-rs/app-server-protocol/src/protocol/v2.rs

@@ -11,8 +11,6 @@ use codex_protocol::items::AgentMessageContent as CoreAgentMessageContent;
 use codex_protocol::items::TurnItem as CoreTurnItem;
 use codex_protocol::models::ResponseItem;
 use codex_protocol::parse_command::ParsedCommand as CoreParsedCommand;
-use codex_protocol::plan_tool::PlanItemArg as CorePlanItemArg;
-use codex_protocol::plan_tool::StepStatus as CorePlanStepStatus;
 use codex_protocol::protocol::CodexErrorInfo as CoreCodexErrorInfo;
 use codex_protocol::protocol::CreditsSnapshot as CoreCreditsSnapshot;
 use codex_protocol::protocol::RateLimitSnapshot as CoreRateLimitSnapshot;
@@ -132,12 +130,6 @@ v2_enum_from_core!(
     }
 );
 
-v2_enum_from_core!(
-    pub enum ReviewDelivery from codex_protocol::protocol::ReviewDelivery {
-        Inline, Detached
-    }
-);
-
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
@@ -632,26 +624,6 @@ pub struct FeedbackUploadResponse {
     pub thread_id: String,
 }
 
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct CommandExecParams {
-    pub command: Vec<String>,
-    #[ts(type = "number | null")]
-    pub timeout_ms: Option<i64>,
-    pub cwd: Option<PathBuf>,
-    pub sandbox_policy: Option<SandboxPolicy>,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct CommandExecResponse {
-    pub exit_code: i32,
-    pub stdout: String,
-    pub stderr: String,
-}
-
 // === Threads, Turns, and Items ===
 // Thread APIs
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Default, JsonSchema, TS)]
@@ -786,7 +758,6 @@ pub struct Thread {
     /// Model provider used for this thread (for example, 'openai').
     pub model_provider: String,
     /// Unix timestamp (in seconds) when the thread was created.
-    #[ts(type = "number")]
     pub created_at: i64,
     /// [UNSTABLE] Path to the thread on disk.
     pub path: PathBuf,
@@ -877,9 +848,8 @@ pub struct Turn {
     /// For all other responses and notifications returning a Turn,
     /// the items field will be an empty list.
     pub items: Vec<ThreadItem>,
+    #[serde(flatten)]
     pub status: TurnStatus,
-    /// Only populated when the Turn's status is failed.
-    pub error: Option<TurnError>,
 }
 
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS, Error)]
@@ -901,12 +871,12 @@ pub struct ErrorNotification {
 }
 
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
+#[serde(tag = "status", rename_all = "camelCase")]
+#[ts(tag = "status", export_to = "v2/")]
 pub enum TurnStatus {
     Completed,
     Interrupted,
-    Failed,
+    Failed { error: TurnError },
     InProgress,
 }
 
@@ -938,22 +908,9 @@ pub struct ReviewStartParams {
     pub thread_id: String,
     pub target: ReviewTarget,
 
-    /// Where to run the review: inline (default) on the current thread or
-    /// detached on a new thread (returned in `reviewThreadId`).
+    /// When true, also append the final review message to the original thread.
     #[serde(default)]
-    pub delivery: Option<ReviewDelivery>,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct ReviewStartResponse {
-    pub turn: Turn,
-    /// Identifies the thread where the review runs.
-    ///
-    /// For inline reviews, this is the original thread id.
-    /// For detached reviews, this is the id of the new review thread.
-    pub review_thread_id: String,
+    pub append_to_original_thread: bool,
 }
 
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
@@ -1075,7 +1032,6 @@ pub enum ThreadItem {
         /// The command's exit code.
         exit_code: Option<i32>,
         /// The duration of the command execution in milliseconds.
-        #[ts(type = "number | null")]
         duration_ms: Option<i64>,
     },
     #[serde(rename_all = "camelCase")]
@@ -1107,10 +1063,7 @@ pub enum ThreadItem {
     ImageView { id: String, path: String },
     #[serde(rename_all = "camelCase")]
     #[ts(rename_all = "camelCase")]
-    EnteredReviewMode { id: String, review: String },
-    #[serde(rename_all = "camelCase")]
-    #[ts(rename_all = "camelCase")]
-    ExitedReviewMode { id: String, review: String },
+    CodeReview { id: String, review: String },
 }
 
 impl From<CoreTurnItem> for ThreadItem {
@@ -1255,56 +1208,10 @@ pub struct TurnCompletedNotification {
 /// Notification that the turn-level unified diff has changed.
 /// Contains the latest aggregated diff across all file changes in the turn.
 pub struct TurnDiffUpdatedNotification {
-    pub thread_id: String,
     pub turn_id: String,
     pub diff: String,
 }
 
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct TurnPlanUpdatedNotification {
-    pub turn_id: String,
-    pub explanation: Option<String>,
-    pub plan: Vec<TurnPlanStep>,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct TurnPlanStep {
-    pub step: String,
-    pub status: TurnPlanStepStatus,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, Copy, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub enum TurnPlanStepStatus {
-    Pending,
-    InProgress,
-    Completed,
-}
-
-impl From<CorePlanItemArg> for TurnPlanStep {
-    fn from(value: CorePlanItemArg) -> Self {
-        Self {
-            step: value.step,
-            status: value.status.into(),
-        }
-    }
-}
-
-impl From<CorePlanStepStatus> for TurnPlanStepStatus {
-    fn from(value: CorePlanStepStatus) -> Self {
-        match value {
-            CorePlanStepStatus::Pending => Self::Pending,
-            CorePlanStepStatus::InProgress => Self::InProgress,
-            CorePlanStepStatus::Completed => Self::Completed,
-        }
-    }
-}
-
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
@@ -1328,8 +1235,6 @@ pub struct ItemCompletedNotification {
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
 pub struct AgentMessageDeltaNotification {
-    pub thread_id: String,
-    pub turn_id: String,
     pub item_id: String,
     pub delta: String,
 }
@@ -1338,11 +1243,8 @@ pub struct AgentMessageDeltaNotification {
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
 pub struct ReasoningSummaryTextDeltaNotification {
-    pub thread_id: String,
-    pub turn_id: String,
     pub item_id: String,
     pub delta: String,
-    #[ts(type = "number")]
     pub summary_index: i64,
 }
 
@@ -1350,10 +1252,7 @@ pub struct ReasoningSummaryTextDeltaNotification {
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
 pub struct ReasoningSummaryPartAddedNotification {
-    pub thread_id: String,
-    pub turn_id: String,
     pub item_id: String,
-    #[ts(type = "number")]
     pub summary_index: i64,
 }
 
@@ -1361,11 +1260,8 @@ pub struct ReasoningSummaryPartAddedNotification {
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
 pub struct ReasoningTextDeltaNotification {
-    pub thread_id: String,
-    pub turn_id: String,
     pub item_id: String,
     pub delta: String,
-    #[ts(type = "number")]
     pub content_index: i64,
 }
 
@@ -1373,18 +1269,6 @@ pub struct ReasoningTextDeltaNotification {
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
 pub struct CommandExecutionOutputDeltaNotification {
-    pub thread_id: String,
-    pub turn_id: String,
-    pub item_id: String,
-    pub delta: String,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct FileChangeOutputDeltaNotification {
-    pub thread_id: String,
-    pub turn_id: String,
     pub item_id: String,
     pub delta: String,
 }
@@ -1393,8 +1277,6 @@ pub struct FileChangeOutputDeltaNotification {
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
 pub struct McpToolCallProgressNotification {
-    pub thread_id: String,
-    pub turn_id: String,
     pub item_id: String,
     pub message: String,
 }
@@ -1500,9 +1382,7 @@ impl From<CoreRateLimitSnapshot> for RateLimitSnapshot {
 #[ts(export_to = "v2/")]
 pub struct RateLimitWindow {
     pub used_percent: i32,
-    #[ts(type = "number | null")]
     pub window_duration_mins: Option<i64>,
-    #[ts(type = "number | null")]
     pub resets_at: Option<i64>,
 }
 

codex-rs/app-server-test-client/src/main.rs

@@ -563,9 +563,7 @@ impl CodexClient {
                 ServerNotification::TurnCompleted(payload) => {
                     if payload.turn.id == turn_id {
                         println!("\n< turn/completed notification: {:?}", payload.turn.status);
-                        if payload.turn.status == TurnStatus::Failed
-                            && let Some(error) = payload.turn.error
-                        {
+                        if let TurnStatus::Failed { error } = &payload.turn.status {
                             println!("[turn error] {}", error.message);
                         }
                         break;

codex-rs/app-server/README.md

@@ -1,6 +1,6 @@
 # codex-app-server
 
-`codex app-server` is the interface Codex uses to power rich interfaces such as the [Codex VS Code extension](https://marketplace.visualstudio.com/items?itemName=openai.chatgpt).
+`codex app-server` is the interface Codex uses to power rich interfaces such as the [Codex VS Code extension](https://marketplace.visualstudio.com/items?itemName=openai.chatgpt). The message schema is currently unstable, but those who wish to build experimental UIs on top of Codex may find it valuable.
 
 ## Table of Contents
 - [Protocol](#protocol)
@@ -65,8 +65,7 @@ The JSON-RPC API exposes dedicated methods for managing Codex conversations. Thr
 - `thread/archive` — move a thread’s rollout file into the archived directory; returns `{}` on success.
 - `turn/start` — add user input to a thread and begin Codex generation; responds with the initial `turn` object and streams `turn/started`, `item/*`, and `turn/completed` notifications.
 - `turn/interrupt` — request cancellation of an in-flight turn by `(thread_id, turn_id)`; success is an empty `{}` response and the turn finishes with `status: "interrupted"`.
-- `review/start` — kick off Codex’s automated reviewer for a thread; responds like `turn/start` and emits `item/started`/`item/completed` notifications with `enteredReviewMode` and `exitedReviewMode` items, plus a final assistant `agentMessage` containing the review.
-- `command/exec` — run a single command under the server sandbox without starting a thread/turn (handy for utilities and validation).
+- `review/start` — kick off Codex’s automated reviewer for a thread; responds like `turn/start` and emits a `item/completed` notification with a `codeReview` item when results are ready.
 
 ### 1) Start or resume a thread
 
@@ -191,75 +190,49 @@ Use `review/start` to run Codex’s reviewer on the currently checked-out projec
 - `{"type":"baseBranch","branch":"main"}` — diff against the provided branch’s upstream (see prompt for the exact `git merge-base`/`git diff` instructions Codex will run).
 - `{"type":"commit","sha":"abc1234","title":"Optional subject"}` — review a specific commit.
 - `{"type":"custom","instructions":"Free-form reviewer instructions"}` — fallback prompt equivalent to the legacy manual review request.
-- `delivery` (`"inline"` or `"detached"`, default `"inline"`) — where the review runs:
-  - `"inline"`: run the review as a new turn on the existing thread. The response’s `reviewThreadId` equals the original `threadId`, and no new `thread/started` notification is emitted.
-  - `"detached"`: fork a new review thread from the parent conversation and run the review there. The response’s `reviewThreadId` is the id of this new review thread, and the server emits a `thread/started` notification for it before streaming review items.
+- `appendToOriginalThread` (bool, default `false`) — when `true`, Codex also records a final assistant-style message with the review summary in the original thread. When `false`, only the `codeReview` item is emitted for the review run and no extra message is added to the original thread.
 
 Example request/response:
 
 ```json
 { "method": "review/start", "id": 40, "params": {
     "threadId": "thr_123",
-    "delivery": "inline",
+    "appendToOriginalThread": true,
     "target": { "type": "commit", "sha": "1234567deadbeef", "title": "Polish tui colors" }
 } }
-{ "id": 40, "result": {
-    "turn": {
-        "id": "turn_900",
-        "status": "inProgress",
-        "items": [
-            { "type": "userMessage", "id": "turn_900", "content": [ { "type": "text", "text": "Review commit 1234567: Polish tui colors" } ] }
-        ],
-        "error": null
-    },
-    "reviewThreadId": "thr_123"
-} }
+{ "id": 40, "result": { "turn": {
+    "id": "turn_900",
+    "status": "inProgress",
+    "items": [
+        { "type": "userMessage", "id": "turn_900", "content": [ { "type": "text", "text": "Review commit 1234567: Polish tui colors" } ] }
+    ],
+    "error": null
+} } }
 ```
 
-For a detached review, use `"delivery": "detached"`. The response is the same shape, but `reviewThreadId` will be the id of the new review thread (different from the original `threadId`). The server also emits a `thread/started` notification for that new thread before streaming the review turn.
-
 Codex streams the usual `turn/started` notification followed by an `item/started`
-with an `enteredReviewMode` item so clients can show progress:
+with the same `codeReview` item id so clients can show progress:
 
 ```json
 { "method": "item/started", "params": { "item": {
-    "type": "enteredReviewMode",
+    "type": "codeReview",
     "id": "turn_900",
     "review": "current changes"
 } } }
 ```
 
-When the reviewer finishes, the server emits `item/started` and `item/completed`
-containing an `exitedReviewMode` item with the final review text:
+When the reviewer finishes, the server emits `item/completed` containing the same
+`codeReview` item with the final review text:
 
 ```json
 { "method": "item/completed", "params": { "item": {
-    "type": "exitedReviewMode",
+    "type": "codeReview",
     "id": "turn_900",
     "review": "Looks solid overall...\n\n- Prefer Stylize helpers — app.rs:10-20\n  ..."
 } } }
 ```
 
-The `review` string is plain text that already bundles the overall explanation plus a bullet list for each structured finding (matching `ThreadItem::ExitedReviewMode` in the generated schema). Use this notification to render the reviewer output in your client.
-
-### 7) One-off command execution
-
-Run a standalone command (argv vector) in the server’s sandbox without creating a thread or turn:
-
-```json
-{ "method": "command/exec", "id": 32, "params": {
-    "command": ["ls", "-la"],
-    "cwd": "/Users/me/project",                    // optional; defaults to server cwd
-    "sandboxPolicy": { "type": "workspaceWrite" }, // optional; defaults to user config
-    "timeoutMs": 10000                             // optional; ms timeout; defaults to server timeout
-} }
-{ "id": 32, "result": { "exitCode": 0, "stdout": "...", "stderr": "" } }
-```
-
-Notes:
-- Empty `command` arrays are rejected.
-- `sandboxPolicy` accepts the same shape used by `turn/start` (e.g., `dangerFullAccess`, `readOnly`, `workspaceWrite` with flags).
-- When omitted, `timeoutMs` falls back to the server default.
+The `review` string is plain text that already bundles the overall explanation plus a bullet list for each structured finding (matching `ThreadItem::CodeReview` in the generated schema). Use this notification to render the reviewer output in your client.
 
 ## Events (work-in-progress)
 
@@ -271,7 +244,6 @@ The app-server streams JSON-RPC notifications while a turn is running. Each turn
 
 - `turn/started` — `{ turn }` with the turn id, empty `items`, and `status: "inProgress"`.
 - `turn/completed` — `{ turn }` where `turn.status` is `completed`, `interrupted`, or `failed`; failures carry `{ error: { message, codexErrorInfo? } }`.
-- `turn/plan/updated` — `{ turnId, explanation?, plan }` whenever the agent shares or changes its plan; each `plan` entry is `{ step, status }` with `status` in `pending`, `inProgress`, or `completed`.
 
 Today both notifications carry an empty `items` array even when item events were streamed; rely on `item/*` notifications for the canonical item list until this is fixed.
 

codex-rs/app-server/src/bespoke_event_handling.rs

@@ -18,7 +18,6 @@ use codex_app_server_protocol::ContextCompactedNotification;
 use codex_app_server_protocol::ErrorNotification;
 use codex_app_server_protocol::ExecCommandApprovalParams;
 use codex_app_server_protocol::ExecCommandApprovalResponse;
-use codex_app_server_protocol::FileChangeOutputDeltaNotification;
 use codex_app_server_protocol::FileChangeRequestApprovalParams;
 use codex_app_server_protocol::FileChangeRequestApprovalResponse;
 use codex_app_server_protocol::FileUpdateChange;
@@ -44,8 +43,6 @@ use codex_app_server_protocol::TurnCompletedNotification;
 use codex_app_server_protocol::TurnDiffUpdatedNotification;
 use codex_app_server_protocol::TurnError;
 use codex_app_server_protocol::TurnInterruptResponse;
-use codex_app_server_protocol::TurnPlanStep;
-use codex_app_server_protocol::TurnPlanUpdatedNotification;
 use codex_app_server_protocol::TurnStatus;
 use codex_core::CodexConversation;
 use codex_core::parse_command::shlex_join;
@@ -62,9 +59,7 @@ use codex_core::protocol::ReviewDecision;
 use codex_core::protocol::TokenCountEvent;
 use codex_core::protocol::TurnDiffEvent;
 use codex_core::review_format::format_review_findings_block;
-use codex_core::review_prompts;
 use codex_protocol::ConversationId;
-use codex_protocol::plan_tool::UpdatePlanArgs;
 use codex_protocol::protocol::ReviewOutputEvent;
 use std::collections::HashMap;
 use std::convert::TryFrom;
@@ -179,7 +174,6 @@ pub(crate) async fn apply_bespoke_event_handling(
             cwd,
             reason,
             risk,
-            allow_prefix: _allow_prefix,
             parsed_cmd,
         }) => match api_version {
             ApiVersion::V1 => {
@@ -263,8 +257,6 @@ pub(crate) async fn apply_bespoke_event_handling(
         }
         EventMsg::AgentMessageContentDelta(event) => {
             let notification = AgentMessageDeltaNotification {
-                thread_id: conversation_id.to_string(),
-                turn_id: event_turn_id.clone(),
                 item_id: event.item_id,
                 delta: event.delta,
             };
@@ -283,8 +275,6 @@ pub(crate) async fn apply_bespoke_event_handling(
         }
         EventMsg::ReasoningContentDelta(event) => {
             let notification = ReasoningSummaryTextDeltaNotification {
-                thread_id: conversation_id.to_string(),
-                turn_id: event_turn_id.clone(),
                 item_id: event.item_id,
                 delta: event.delta,
                 summary_index: event.summary_index,
@@ -297,8 +287,6 @@ pub(crate) async fn apply_bespoke_event_handling(
         }
         EventMsg::ReasoningRawContentDelta(event) => {
             let notification = ReasoningTextDeltaNotification {
-                thread_id: conversation_id.to_string(),
-                turn_id: event_turn_id.clone(),
                 item_id: event.item_id,
                 delta: event.delta,
                 content_index: event.content_index,
@@ -309,8 +297,6 @@ pub(crate) async fn apply_bespoke_event_handling(
         }
         EventMsg::AgentReasoningSectionBreak(event) => {
             let notification = ReasoningSummaryPartAddedNotification {
-                thread_id: conversation_id.to_string(),
-                turn_id: event_turn_id.clone(),
                 item_id: event.item_id,
                 summary_index: event.summary_index,
             };
@@ -353,51 +339,17 @@ pub(crate) async fn apply_bespoke_event_handling(
                 }))
                 .await;
         }
-        EventMsg::ViewImageToolCall(view_image_event) => {
-            let item = ThreadItem::ImageView {
-                id: view_image_event.call_id.clone(),
-                path: view_image_event.path.to_string_lossy().into_owned(),
-            };
-            let started = ItemStartedNotification {
-                thread_id: conversation_id.to_string(),
-                turn_id: event_turn_id.clone(),
-                item: item.clone(),
-            };
-            outgoing
-                .send_server_notification(ServerNotification::ItemStarted(started))
-                .await;
-            let completed = ItemCompletedNotification {
-                thread_id: conversation_id.to_string(),
-                turn_id: event_turn_id.clone(),
-                item,
-            };
-            outgoing
-                .send_server_notification(ServerNotification::ItemCompleted(completed))
-                .await;
-        }
         EventMsg::EnteredReviewMode(review_request) => {
-            let review = review_request
-                .user_facing_hint
-                .unwrap_or_else(|| review_prompts::user_facing_hint(&review_request.target));
-            let item = ThreadItem::EnteredReviewMode {
-                id: event_turn_id.clone(),
-                review,
-            };
-            let started = ItemStartedNotification {
+            let notification = ItemStartedNotification {
                 thread_id: conversation_id.to_string(),
                 turn_id: event_turn_id.clone(),
-                item: item.clone(),
+                item: ThreadItem::CodeReview {
+                    id: event_turn_id.clone(),
+                    review: review_request.user_facing_hint,
+                },
             };
             outgoing
-                .send_server_notification(ServerNotification::ItemStarted(started))
-                .await;
-            let completed = ItemCompletedNotification {
-                thread_id: conversation_id.to_string(),
-                turn_id: event_turn_id.clone(),
-                item,
-            };
-            outgoing
-                .send_server_notification(ServerNotification::ItemCompleted(completed))
+                .send_server_notification(ServerNotification::ItemStarted(notification))
                 .await;
         }
         EventMsg::ItemStarted(item_started_event) => {
@@ -423,29 +375,21 @@ pub(crate) async fn apply_bespoke_event_handling(
                 .await;
         }
         EventMsg::ExitedReviewMode(review_event) => {
-            let review = match review_event.review_output {
+            let review_text = match review_event.review_output {
                 Some(output) => render_review_output_text(&output),
                 None => REVIEW_FALLBACK_MESSAGE.to_string(),
             };
-            let item = ThreadItem::ExitedReviewMode {
-                id: event_turn_id.clone(),
-                review,
-            };
-            let started = ItemStartedNotification {
+            let review_item_id = event_turn_id.clone();
+            let notification = ItemCompletedNotification {
                 thread_id: conversation_id.to_string(),
                 turn_id: event_turn_id.clone(),
-                item: item.clone(),
+                item: ThreadItem::CodeReview {
+                    id: review_item_id,
+                    review: review_text,
+                },
             };
             outgoing
-                .send_server_notification(ServerNotification::ItemStarted(started))
-                .await;
-            let completed = ItemCompletedNotification {
-                thread_id: conversation_id.to_string(),
-                turn_id: event_turn_id.clone(),
-                item,
-            };
-            outgoing
-                .send_server_notification(ServerNotification::ItemCompleted(completed))
+                .send_server_notification(ServerNotification::ItemCompleted(notification))
                 .await;
         }
         EventMsg::PatchApplyBegin(patch_begin_event) => {
@@ -528,44 +472,15 @@ pub(crate) async fn apply_bespoke_event_handling(
                 .await;
         }
         EventMsg::ExecCommandOutputDelta(exec_command_output_delta_event) => {
-            let item_id = exec_command_output_delta_event.call_id.clone();
-            let delta = String::from_utf8_lossy(&exec_command_output_delta_event.chunk).to_string();
-            // The underlying EventMsg::ExecCommandOutputDelta is used for shell, unified_exec,
-            // and apply_patch tool calls. We represent apply_patch with the FileChange item, and
-            // everything else with the CommandExecution item.
-            //
-            // We need to detect which item type it is so we can emit the right notification.
-            // We already have state tracking FileChange items on item/started, so let's use that.
-            let is_file_change = {
-                let map = turn_summary_store.lock().await;
-                map.get(&conversation_id)
-                    .is_some_and(|summary| summary.file_change_started.contains(&item_id))
+            let notification = CommandExecutionOutputDeltaNotification {
+                item_id: exec_command_output_delta_event.call_id.clone(),
+                delta: String::from_utf8_lossy(&exec_command_output_delta_event.chunk).to_string(),
             };
-            if is_file_change {
-                let notification = FileChangeOutputDeltaNotification {
-                    thread_id: conversation_id.to_string(),
-                    turn_id: event_turn_id.clone(),
-                    item_id,
-                    delta,
-                };
-                outgoing
-                    .send_server_notification(ServerNotification::FileChangeOutputDelta(
-                        notification,
-                    ))
-                    .await;
-            } else {
-                let notification = CommandExecutionOutputDeltaNotification {
-                    thread_id: conversation_id.to_string(),
-                    turn_id: event_turn_id.clone(),
-                    item_id,
-                    delta,
-                };
-                outgoing
-                    .send_server_notification(ServerNotification::CommandExecutionOutputDelta(
-                        notification,
-                    ))
-                    .await;
-            }
+            outgoing
+                .send_server_notification(ServerNotification::CommandExecutionOutputDelta(
+                    notification,
+                ))
+                .await;
         }
         EventMsg::ExecCommandEnd(exec_command_end_event) => {
             let ExecCommandEndEvent {
@@ -652,7 +567,6 @@ pub(crate) async fn apply_bespoke_event_handling(
         }
         EventMsg::TurnDiff(turn_diff_event) => {
             handle_turn_diff(
-                conversation_id,
                 &event_turn_id,
                 turn_diff_event,
                 api_version,
@@ -660,22 +574,12 @@ pub(crate) async fn apply_bespoke_event_handling(
             )
             .await;
         }
-        EventMsg::PlanUpdate(plan_update_event) => {
-            handle_turn_plan_update(
-                &event_turn_id,
-                plan_update_event,
-                api_version,
-                outgoing.as_ref(),
-            )
-            .await;
-        }
 
         _ => {}
     }
 }
 
 async fn handle_turn_diff(
-    conversation_id: ConversationId,
     event_turn_id: &str,
     turn_diff_event: TurnDiffEvent,
     api_version: ApiVersion,
@@ -683,7 +587,6 @@ async fn handle_turn_diff(
 ) {
     if let ApiVersion::V2 = api_version {
         let notification = TurnDiffUpdatedNotification {
-            thread_id: conversation_id.to_string(),
             turn_id: event_turn_id.to_string(),
             diff: turn_diff_event.unified_diff,
         };
@@ -693,33 +596,10 @@ async fn handle_turn_diff(
     }
 }
 
-async fn handle_turn_plan_update(
-    event_turn_id: &str,
-    plan_update_event: UpdatePlanArgs,
-    api_version: ApiVersion,
-    outgoing: &OutgoingMessageSender,
-) {
-    if let ApiVersion::V2 = api_version {
-        let notification = TurnPlanUpdatedNotification {
-            turn_id: event_turn_id.to_string(),
-            explanation: plan_update_event.explanation,
-            plan: plan_update_event
-                .plan
-                .into_iter()
-                .map(TurnPlanStep::from)
-                .collect(),
-        };
-        outgoing
-            .send_server_notification(ServerNotification::TurnPlanUpdated(notification))
-            .await;
-    }
-}
-
 async fn emit_turn_completed_with_status(
     conversation_id: ConversationId,
     event_turn_id: String,
     status: TurnStatus,
-    error: Option<TurnError>,
     outgoing: &OutgoingMessageSender,
 ) {
     let notification = TurnCompletedNotification {
@@ -727,7 +607,6 @@ async fn emit_turn_completed_with_status(
         turn: Turn {
             id: event_turn_id,
             items: vec![],
-            error,
             status,
         },
     };
@@ -816,12 +695,13 @@ async fn handle_turn_complete(
 ) {
     let turn_summary = find_and_remove_turn_summary(conversation_id, turn_summary_store).await;
 
-    let (status, error) = match turn_summary.last_error {
-        Some(error) => (TurnStatus::Failed, Some(error)),
-        None => (TurnStatus::Completed, None),
+    let status = if let Some(error) = turn_summary.last_error {
+        TurnStatus::Failed { error }
+    } else {
+        TurnStatus::Completed
     };
 
-    emit_turn_completed_with_status(conversation_id, event_turn_id, status, error, outgoing).await;
+    emit_turn_completed_with_status(conversation_id, event_turn_id, status, outgoing).await;
 }
 
 async fn handle_turn_interrupted(
@@ -836,7 +716,6 @@ async fn handle_turn_interrupted(
         conversation_id,
         event_turn_id,
         TurnStatus::Interrupted,
-        None,
         outgoing,
     )
     .await;
@@ -1236,15 +1115,12 @@ mod tests {
     use anyhow::Result;
     use anyhow::anyhow;
     use anyhow::bail;
-    use codex_app_server_protocol::TurnPlanStepStatus;
     use codex_core::protocol::CreditsSnapshot;
     use codex_core::protocol::McpInvocation;
     use codex_core::protocol::RateLimitSnapshot;
     use codex_core::protocol::RateLimitWindow;
     use codex_core::protocol::TokenUsage;
     use codex_core::protocol::TokenUsageInfo;
-    use codex_protocol::plan_tool::PlanItemArg;
-    use codex_protocol::plan_tool::StepStatus;
     use mcp_types::CallToolResult;
     use mcp_types::ContentBlock;
     use mcp_types::TextContent;
@@ -1309,7 +1185,6 @@ mod tests {
             OutgoingMessage::AppServerNotification(ServerNotification::TurnCompleted(n)) => {
                 assert_eq!(n.turn.id, event_turn_id);
                 assert_eq!(n.turn.status, TurnStatus::Completed);
-                assert_eq!(n.turn.error, None);
             }
             other => bail!("unexpected message: {other:?}"),
         }
@@ -1350,7 +1225,6 @@ mod tests {
             OutgoingMessage::AppServerNotification(ServerNotification::TurnCompleted(n)) => {
                 assert_eq!(n.turn.id, event_turn_id);
                 assert_eq!(n.turn.status, TurnStatus::Interrupted);
-                assert_eq!(n.turn.error, None);
             }
             other => bail!("unexpected message: {other:?}"),
         }
@@ -1390,13 +1264,14 @@ mod tests {
         match msg {
             OutgoingMessage::AppServerNotification(ServerNotification::TurnCompleted(n)) => {
                 assert_eq!(n.turn.id, event_turn_id);
-                assert_eq!(n.turn.status, TurnStatus::Failed);
                 assert_eq!(
-                    n.turn.error,
-                    Some(TurnError {
-                        message: "bad".to_string(),
-                        codex_error_info: Some(V2CodexErrorInfo::Other),
-                    })
+                    n.turn.status,
+                    TurnStatus::Failed {
+                        error: TurnError {
+                            message: "bad".to_string(),
+                            codex_error_info: Some(V2CodexErrorInfo::Other),
+                        }
+                    }
                 );
             }
             other => bail!("unexpected message: {other:?}"),
@@ -1405,46 +1280,6 @@ mod tests {
         Ok(())
     }
 
-    #[tokio::test]
-    async fn test_handle_turn_plan_update_emits_notification_for_v2() -> Result<()> {
-        let (tx, mut rx) = mpsc::channel(CHANNEL_CAPACITY);
-        let outgoing = OutgoingMessageSender::new(tx);
-        let update = UpdatePlanArgs {
-            explanation: Some("need plan".to_string()),
-            plan: vec![
-                PlanItemArg {
-                    step: "first".to_string(),
-                    status: StepStatus::Pending,
-                },
-                PlanItemArg {
-                    step: "second".to_string(),
-                    status: StepStatus::Completed,
-                },
-            ],
-        };
-
-        handle_turn_plan_update("turn-123", update, ApiVersion::V2, &outgoing).await;
-
-        let msg = rx
-            .recv()
-            .await
-            .ok_or_else(|| anyhow!("should send one notification"))?;
-        match msg {
-            OutgoingMessage::AppServerNotification(ServerNotification::TurnPlanUpdated(n)) => {
-                assert_eq!(n.turn_id, "turn-123");
-                assert_eq!(n.explanation.as_deref(), Some("need plan"));
-                assert_eq!(n.plan.len(), 2);
-                assert_eq!(n.plan[0].step, "first");
-                assert_eq!(n.plan[0].status, TurnPlanStepStatus::Pending);
-                assert_eq!(n.plan[1].step, "second");
-                assert_eq!(n.plan[1].status, TurnPlanStepStatus::Completed);
-            }
-            other => bail!("unexpected message: {other:?}"),
-        }
-        assert!(rx.try_recv().is_err(), "no extra messages expected");
-        Ok(())
-    }
-
     #[tokio::test]
     async fn test_handle_token_count_event_emits_usage_and_rate_limits() -> Result<()> {
         let conversation_id = ConversationId::new();
@@ -1657,13 +1492,14 @@ mod tests {
         match msg {
             OutgoingMessage::AppServerNotification(ServerNotification::TurnCompleted(n)) => {
                 assert_eq!(n.turn.id, a_turn1);
-                assert_eq!(n.turn.status, TurnStatus::Failed);
                 assert_eq!(
-                    n.turn.error,
-                    Some(TurnError {
-                        message: "a1".to_string(),
-                        codex_error_info: Some(V2CodexErrorInfo::BadRequest),
-                    })
+                    n.turn.status,
+                    TurnStatus::Failed {
+                        error: TurnError {
+                            message: "a1".to_string(),
+                            codex_error_info: Some(V2CodexErrorInfo::BadRequest),
+                        }
+                    }
                 );
             }
             other => bail!("unexpected message: {other:?}"),
@@ -1677,13 +1513,14 @@ mod tests {
         match msg {
             OutgoingMessage::AppServerNotification(ServerNotification::TurnCompleted(n)) => {
                 assert_eq!(n.turn.id, b_turn1);
-                assert_eq!(n.turn.status, TurnStatus::Failed);
                 assert_eq!(
-                    n.turn.error,
-                    Some(TurnError {
-                        message: "b1".to_string(),
-                        codex_error_info: None,
-                    })
+                    n.turn.status,
+                    TurnStatus::Failed {
+                        error: TurnError {
+                            message: "b1".to_string(),
+                            codex_error_info: None,
+                        }
+                    }
                 );
             }
             other => bail!("unexpected message: {other:?}"),
@@ -1698,7 +1535,6 @@ mod tests {
             OutgoingMessage::AppServerNotification(ServerNotification::TurnCompleted(n)) => {
                 assert_eq!(n.turn.id, a_turn2);
                 assert_eq!(n.turn.status, TurnStatus::Completed);
-                assert_eq!(n.turn.error, None);
             }
             other => bail!("unexpected message: {other:?}"),
         }
@@ -1843,10 +1679,8 @@ mod tests {
         let (tx, mut rx) = mpsc::channel(CHANNEL_CAPACITY);
         let outgoing = OutgoingMessageSender::new(tx);
         let unified_diff = "--- a\n+++ b\n".to_string();
-        let conversation_id = ConversationId::new();
 
         handle_turn_diff(
-            conversation_id,
             "turn-1",
             TurnDiffEvent {
                 unified_diff: unified_diff.clone(),
@@ -1864,7 +1698,6 @@ mod tests {
             OutgoingMessage::AppServerNotification(ServerNotification::TurnDiffUpdated(
                 notification,
             )) => {
-                assert_eq!(notification.thread_id, conversation_id.to_string());
                 assert_eq!(notification.turn_id, "turn-1");
                 assert_eq!(notification.diff, unified_diff);
             }
@@ -1878,10 +1711,8 @@ mod tests {
     async fn test_handle_turn_diff_is_noop_for_v1() -> Result<()> {
         let (tx, mut rx) = mpsc::channel(CHANNEL_CAPACITY);
         let outgoing = OutgoingMessageSender::new(tx);
-        let conversation_id = ConversationId::new();
 
         handle_turn_diff(
-            conversation_id,
             "turn-1",
             TurnDiffEvent {
                 unified_diff: "diff".to_string(),

codex-rs/app-server/src/codex_message_processor.rs

@@ -21,9 +21,9 @@ use codex_app_server_protocol::CancelLoginAccountParams;
 use codex_app_server_protocol::CancelLoginAccountResponse;
 use codex_app_server_protocol::CancelLoginChatGptResponse;
 use codex_app_server_protocol::ClientRequest;
-use codex_app_server_protocol::CommandExecParams;
 use codex_app_server_protocol::ConversationGitInfo;
 use codex_app_server_protocol::ConversationSummary;
+use codex_app_server_protocol::ExecOneOffCommandParams;
 use codex_app_server_protocol::ExecOneOffCommandResponse;
 use codex_app_server_protocol::FeedbackUploadParams;
 use codex_app_server_protocol::FeedbackUploadResponse;
@@ -61,10 +61,8 @@ use codex_app_server_protocol::RemoveConversationSubscriptionResponse;
 use codex_app_server_protocol::RequestId;
 use codex_app_server_protocol::ResumeConversationParams;
 use codex_app_server_protocol::ResumeConversationResponse;
-use codex_app_server_protocol::ReviewDelivery as ApiReviewDelivery;
 use codex_app_server_protocol::ReviewStartParams;
-use codex_app_server_protocol::ReviewStartResponse;
-use codex_app_server_protocol::ReviewTarget as ApiReviewTarget;
+use codex_app_server_protocol::ReviewTarget;
 use codex_app_server_protocol::SandboxMode;
 use codex_app_server_protocol::SendUserMessageParams;
 use codex_app_server_protocol::SendUserMessageResponse;
@@ -122,9 +120,7 @@ use codex_core::git_info::git_diff_to_remote;
 use codex_core::parse_cursor;
 use codex_core::protocol::EventMsg;
 use codex_core::protocol::Op;
-use codex_core::protocol::ReviewDelivery as CoreReviewDelivery;
 use codex_core::protocol::ReviewRequest;
-use codex_core::protocol::ReviewTarget as CoreReviewTarget;
 use codex_core::protocol::SessionConfiguredEvent;
 use codex_core::read_head_for_summary;
 use codex_feedback::CodexFeedback;
@@ -256,7 +252,8 @@ impl CodexMessageProcessor {
     }
 
     fn review_request_from_target(
-        target: ApiReviewTarget,
+        target: ReviewTarget,
+        append_to_original_thread: bool,
     ) -> Result<(ReviewRequest, String), JSONRPCErrorError> {
         fn invalid_request(message: String) -> JSONRPCErrorError {
             JSONRPCErrorError {
@@ -266,52 +263,77 @@ impl CodexMessageProcessor {
             }
         }
 
-        let cleaned_target = match target {
-            ApiReviewTarget::UncommittedChanges => ApiReviewTarget::UncommittedChanges,
-            ApiReviewTarget::BaseBranch { branch } => {
+        match target {
+            // TODO(jif) those messages will be extracted in a follow-up PR.
+            ReviewTarget::UncommittedChanges => Ok((
+                ReviewRequest {
+                    prompt: "Review the current code changes (staged, unstaged, and untracked files) and provide prioritized findings.".to_string(),
+                    user_facing_hint: "current changes".to_string(),
+                    append_to_original_thread,
+                },
+                "Review uncommitted changes".to_string(),
+            )),
+            ReviewTarget::BaseBranch { branch } => {
                 let branch = branch.trim().to_string();
                 if branch.is_empty() {
                     return Err(invalid_request("branch must not be empty".to_string()));
                 }
-                ApiReviewTarget::BaseBranch { branch }
+                let prompt = format!("Review the code changes against the base branch '{branch}'. Start by finding the merge diff between the current branch and {branch}'s upstream e.g. (`git merge-base HEAD \"$(git rev-parse --abbrev-ref \"{branch}@{{upstream}}\")\"`), then run `git diff` against that SHA to see what changes we would merge into the {branch} branch. Provide prioritized, actionable findings.");
+                let hint = format!("changes against '{branch}'");
+                let display = format!("Review changes against base branch '{branch}'");
+                Ok((
+                    ReviewRequest {
+                        prompt,
+                        user_facing_hint: hint,
+                        append_to_original_thread,
+                    },
+                    display,
+                ))
             }
-            ApiReviewTarget::Commit { sha, title } => {
+            ReviewTarget::Commit { sha, title } => {
                 let sha = sha.trim().to_string();
                 if sha.is_empty() {
                     return Err(invalid_request("sha must not be empty".to_string()));
                 }
-                let title = title
+                let brief_title = title
                     .map(|t| t.trim().to_string())
                     .filter(|t| !t.is_empty());
-                ApiReviewTarget::Commit { sha, title }
+                let prompt = if let Some(title) = brief_title.clone() {
+                    format!("Review the code changes introduced by commit {sha} (\"{title}\"). Provide prioritized, actionable findings.")
+                } else {
+                    format!("Review the code changes introduced by commit {sha}. Provide prioritized, actionable findings.")
+                };
+                let short_sha = sha.chars().take(7).collect::<String>();
+                let hint = format!("commit {short_sha}");
+                let display = if let Some(title) = brief_title {
+                    format!("Review commit {short_sha}: {title}")
+                } else {
+                    format!("Review commit {short_sha}")
+                };
+                Ok((
+                    ReviewRequest {
+                        prompt,
+                        user_facing_hint: hint,
+                        append_to_original_thread,
+                    },
+                    display,
+                ))
             }
-            ApiReviewTarget::Custom { instructions } => {
+            ReviewTarget::Custom { instructions } => {
                 let trimmed = instructions.trim().to_string();
                 if trimmed.is_empty() {
-                    return Err(invalid_request(
-                        "instructions must not be empty".to_string(),
-                    ));
-                }
-                ApiReviewTarget::Custom {
-                    instructions: trimmed,
+                    return Err(invalid_request("instructions must not be empty".to_string()));
                 }
+                Ok((
+                    ReviewRequest {
+                        prompt: trimmed.clone(),
+                        user_facing_hint: trimmed.clone(),
+                        append_to_original_thread,
+                    },
+                    trimmed,
+                ))
             }
-        };
-
-        let core_target = match cleaned_target {
-            ApiReviewTarget::UncommittedChanges => CoreReviewTarget::UncommittedChanges,
-            ApiReviewTarget::BaseBranch { branch } => CoreReviewTarget::BaseBranch { branch },
-            ApiReviewTarget::Commit { sha, title } => CoreReviewTarget::Commit { sha, title },
-            ApiReviewTarget::Custom { instructions } => CoreReviewTarget::Custom { instructions },
-        };
-
-        let hint = codex_core::review_prompts::user_facing_hint(&core_target);
-        let review_request = ReviewRequest {
-            target: core_target,
-            user_facing_hint: Some(hint.clone()),
-        };
-
-        Ok((review_request, hint))
+        }
     }
 
     pub async fn process_request(&mut self, request: ClientRequest) {
@@ -447,11 +469,8 @@ impl CodexMessageProcessor {
             ClientRequest::FuzzyFileSearch { request_id, params } => {
                 self.fuzzy_file_search(request_id, params).await;
             }
-            ClientRequest::OneOffCommandExec { request_id, params } => {
-                self.exec_one_off_command(request_id, params).await;
-            }
             ClientRequest::ExecOneOffCommand { request_id, params } => {
-                self.exec_one_off_command(request_id, params.into()).await;
+                self.exec_one_off_command(request_id, params).await;
             }
             ClientRequest::ConfigRead { .. }
             | ClientRequest::ConfigValueWrite { .. }
@@ -1137,7 +1156,7 @@ impl CodexMessageProcessor {
         }
     }
 
-    async fn exec_one_off_command(&self, request_id: RequestId, params: CommandExecParams) {
+    async fn exec_one_off_command(&self, request_id: RequestId, params: ExecOneOffCommandParams) {
         tracing::debug!("ExecOneOffCommand params: {params:?}");
 
         if params.command.is_empty() {
@@ -1152,9 +1171,7 @@ impl CodexMessageProcessor {
 
         let cwd = params.cwd.unwrap_or_else(|| self.config.cwd.clone());
         let env = create_env(&self.config.shell_environment_policy);
-        let timeout_ms = params
-            .timeout_ms
-            .and_then(|timeout_ms| u64::try_from(timeout_ms).ok());
+        let timeout_ms = params.timeout_ms;
         let exec_params = ExecParams {
             command: params.command,
             cwd,
@@ -1167,7 +1184,6 @@ impl CodexMessageProcessor {
 
         let effective_policy = params
             .sandbox_policy
-            .map(|policy| policy.to_core())
             .unwrap_or_else(|| self.config.sandbox_policy.clone());
 
         let codex_linux_sandbox_exe = self.config.codex_linux_sandbox_exe.clone();
@@ -2455,7 +2471,6 @@ impl CodexMessageProcessor {
                 let turn = Turn {
                     id: turn_id.clone(),
                     items: vec![],
-                    error: None,
                     status: TurnStatus::InProgress,
                 };
 
@@ -2482,221 +2497,60 @@ impl CodexMessageProcessor {
         }
     }
 
-    fn build_review_turn(turn_id: String, display_text: &str) -> Turn {
-        let items = if display_text.is_empty() {
-            Vec::new()
-        } else {
-            vec![ThreadItem::UserMessage {
-                id: turn_id.clone(),
-                content: vec![V2UserInput::Text {
-                    text: display_text.to_string(),
-                }],
-            }]
-        };
-
-        Turn {
-            id: turn_id,
-            items,
-            error: None,
-            status: TurnStatus::InProgress,
-        }
-    }
-
-    async fn emit_review_started(
-        &self,
-        request_id: &RequestId,
-        turn: Turn,
-        parent_thread_id: String,
-        review_thread_id: String,
-    ) {
-        let response = ReviewStartResponse {
-            turn: turn.clone(),
-            review_thread_id,
-        };
-        self.outgoing
-            .send_response(request_id.clone(), response)
-            .await;
-
-        let notif = TurnStartedNotification {
-            thread_id: parent_thread_id,
-            turn,
-        };
-        self.outgoing
-            .send_server_notification(ServerNotification::TurnStarted(notif))
-            .await;
-    }
-
-    async fn start_inline_review(
-        &self,
-        request_id: &RequestId,
-        parent_conversation: Arc<CodexConversation>,
-        review_request: ReviewRequest,
-        display_text: &str,
-        parent_thread_id: String,
-    ) -> std::result::Result<(), JSONRPCErrorError> {
-        let turn_id = parent_conversation
-            .submit(Op::Review { review_request })
-            .await;
-
-        match turn_id {
-            Ok(turn_id) => {
-                let turn = Self::build_review_turn(turn_id, display_text);
-                self.emit_review_started(
-                    request_id,
-                    turn,
-                    parent_thread_id.clone(),
-                    parent_thread_id,
-                )
-                .await;
-                Ok(())
-            }
-            Err(err) => Err(JSONRPCErrorError {
-                code: INTERNAL_ERROR_CODE,
-                message: format!("failed to start review: {err}"),
-                data: None,
-            }),
-        }
-    }
-
-    async fn start_detached_review(
-        &mut self,
-        request_id: &RequestId,
-        parent_conversation_id: ConversationId,
-        review_request: ReviewRequest,
-        display_text: &str,
-    ) -> std::result::Result<(), JSONRPCErrorError> {
-        let rollout_path = find_conversation_path_by_id_str(
-            &self.config.codex_home,
-            &parent_conversation_id.to_string(),
-        )
-        .await
-        .map_err(|err| JSONRPCErrorError {
-            code: INTERNAL_ERROR_CODE,
-            message: format!("failed to locate conversation id {parent_conversation_id}: {err}"),
-            data: None,
-        })?
-        .ok_or_else(|| JSONRPCErrorError {
-            code: INVALID_REQUEST_ERROR_CODE,
-            message: format!("no rollout found for conversation id {parent_conversation_id}"),
-            data: None,
-        })?;
-
-        let mut config = self.config.as_ref().clone();
-        config.model = self.config.review_model.clone();
-
-        let NewConversation {
-            conversation_id,
-            conversation,
-            session_configured,
-            ..
-        } = self
-            .conversation_manager
-            .fork_conversation(usize::MAX, config, rollout_path)
-            .await
-            .map_err(|err| JSONRPCErrorError {
-                code: INTERNAL_ERROR_CODE,
-                message: format!("error creating detached review conversation: {err}"),
-                data: None,
-            })?;
-
-        if let Err(err) = self
-            .attach_conversation_listener(conversation_id, false, ApiVersion::V2)
-            .await
-        {
-            tracing::warn!(
-                "failed to attach listener for review conversation {}: {}",
-                conversation_id,
-                err.message
-            );
-        }
-
-        let rollout_path = conversation.rollout_path();
-        let fallback_provider = self.config.model_provider_id.as_str();
-        match read_summary_from_rollout(rollout_path.as_path(), fallback_provider).await {
-            Ok(summary) => {
-                let thread = summary_to_thread(summary);
-                let notif = ThreadStartedNotification { thread };
-                self.outgoing
-                    .send_server_notification(ServerNotification::ThreadStarted(notif))
-                    .await;
-            }
-            Err(err) => {
-                tracing::warn!(
-                    "failed to load summary for review conversation {}: {}",
-                    session_configured.session_id,
-                    err
-                );
-            }
-        }
-
-        let turn_id = conversation
-            .submit(Op::Review { review_request })
-            .await
-            .map_err(|err| JSONRPCErrorError {
-                code: INTERNAL_ERROR_CODE,
-                message: format!("failed to start detached review turn: {err}"),
-                data: None,
-            })?;
-
-        let turn = Self::build_review_turn(turn_id, display_text);
-        let review_thread_id = conversation_id.to_string();
-        self.emit_review_started(request_id, turn, review_thread_id.clone(), review_thread_id)
-            .await;
-
-        Ok(())
-    }
-
-    async fn review_start(&mut self, request_id: RequestId, params: ReviewStartParams) {
+    async fn review_start(&self, request_id: RequestId, params: ReviewStartParams) {
         let ReviewStartParams {
             thread_id,
             target,
-            delivery,
+            append_to_original_thread,
         } = params;
-        let (parent_conversation_id, parent_conversation) =
-            match self.conversation_from_thread_id(&thread_id).await {
-                Ok(v) => v,
-                Err(error) => {
-                    self.outgoing.send_error(request_id, error).await;
-                    return;
-                }
-            };
-
-        let (review_request, display_text) = match Self::review_request_from_target(target) {
-            Ok(value) => value,
-            Err(err) => {
-                self.outgoing.send_error(request_id, err).await;
+        let (_, conversation) = match self.conversation_from_thread_id(&thread_id).await {
+            Ok(v) => v,
+            Err(error) => {
+                self.outgoing.send_error(request_id, error).await;
                 return;
             }
         };
 
-        let delivery = delivery.unwrap_or(ApiReviewDelivery::Inline).to_core();
-        match delivery {
-            CoreReviewDelivery::Inline => {
-                if let Err(err) = self
-                    .start_inline_review(
-                        &request_id,
-                        parent_conversation,
-                        review_request,
-                        display_text.as_str(),
-                        thread_id.clone(),
-                    )
-                    .await
-                {
+        let (review_request, display_text) =
+            match Self::review_request_from_target(target, append_to_original_thread) {
+                Ok(value) => value,
+                Err(err) => {
                     self.outgoing.send_error(request_id, err).await;
+                    return;
                 }
+            };
+
+        let turn_id = conversation.submit(Op::Review { review_request }).await;
+
+        match turn_id {
+            Ok(turn_id) => {
+                let mut items = Vec::new();
+                if !display_text.is_empty() {
+                    items.push(ThreadItem::UserMessage {
+                        id: turn_id.clone(),
+                        content: vec![V2UserInput::Text { text: display_text }],
+                    });
+                }
+                let turn = Turn {
+                    id: turn_id.clone(),
+                    items,
+                    status: TurnStatus::InProgress,
+                };
+                let response = TurnStartResponse { turn: turn.clone() };
+                self.outgoing.send_response(request_id, response).await;
+
+                let notif = TurnStartedNotification { thread_id, turn };
+                self.outgoing
+                    .send_server_notification(ServerNotification::TurnStarted(notif))
+                    .await;
             }
-            CoreReviewDelivery::Detached => {
-                if let Err(err) = self
-                    .start_detached_review(
-                        &request_id,
-                        parent_conversation_id,
-                        review_request,
-                        display_text.as_str(),
-                    )
-                    .await
-                {
-                    self.outgoing.send_error(request_id, err).await;
-                }
+            Err(err) => {
+                let error = JSONRPCErrorError {
+                    code: INTERNAL_ERROR_CODE,
+                    message: format!("failed to start review: {err}"),
+                    data: None,
+                };
+                self.outgoing.send_error(request_id, error).await;
             }
         }
     }

codex-rs/app-server/tests/suite/v2/review.rs

@@ -9,13 +9,12 @@ use codex_app_server_protocol::JSONRPCError;
 use codex_app_server_protocol::JSONRPCNotification;
 use codex_app_server_protocol::JSONRPCResponse;
 use codex_app_server_protocol::RequestId;
-use codex_app_server_protocol::ReviewDelivery;
 use codex_app_server_protocol::ReviewStartParams;
-use codex_app_server_protocol::ReviewStartResponse;
 use codex_app_server_protocol::ReviewTarget;
 use codex_app_server_protocol::ThreadItem;
 use codex_app_server_protocol::ThreadStartParams;
 use codex_app_server_protocol::ThreadStartResponse;
+use codex_app_server_protocol::TurnStartResponse;
 use codex_app_server_protocol::TurnStatus;
 use serde_json::json;
 use tempfile::TempDir;
@@ -60,7 +59,7 @@ async fn review_start_runs_review_turn_and_emits_code_review_item() -> Result<()
     let review_req = mcp
         .send_review_start_request(ReviewStartParams {
             thread_id: thread_id.clone(),
-            delivery: Some(ReviewDelivery::Inline),
+            append_to_original_thread: true,
             target: ReviewTarget::Commit {
                 sha: "1234567deadbeef".to_string(),
                 title: Some("Tidy UI colors".to_string()),
@@ -72,43 +71,43 @@ async fn review_start_runs_review_turn_and_emits_code_review_item() -> Result<()
         mcp.read_stream_until_response_message(RequestId::Integer(review_req)),
     )
     .await??;
-    let ReviewStartResponse {
-        turn,
-        review_thread_id,
-    } = to_response::<ReviewStartResponse>(review_resp)?;
-    assert_eq!(review_thread_id, thread_id.clone());
+    let TurnStartResponse { turn } = to_response::<TurnStartResponse>(review_resp)?;
     let turn_id = turn.id.clone();
     assert_eq!(turn.status, TurnStatus::InProgress);
-
-    // Confirm we see the EnteredReviewMode marker on the main thread.
-    let mut saw_entered_review_mode = false;
-    for _ in 0..10 {
-        let item_started: JSONRPCNotification = timeout(
-            DEFAULT_READ_TIMEOUT,
-            mcp.read_stream_until_notification_message("item/started"),
-        )
-        .await??;
-        let started: ItemStartedNotification =
-            serde_json::from_value(item_started.params.expect("params must be present"))?;
-        match started.item {
-            ThreadItem::EnteredReviewMode { id, review } => {
-                assert_eq!(id, turn_id);
-                assert_eq!(review, "commit 1234567: Tidy UI colors");
-                saw_entered_review_mode = true;
-                break;
-            }
-            _ => continue,
+    assert_eq!(turn.items.len(), 1);
+    match &turn.items[0] {
+        ThreadItem::UserMessage { content, .. } => {
+            assert_eq!(content.len(), 1);
+            assert!(matches!(
+                &content[0],
+                codex_app_server_protocol::UserInput::Text { .. }
+            ));
         }
+        other => panic!("expected user message, got {other:?}"),
+    }
+
+    let _started: JSONRPCNotification = timeout(
+        DEFAULT_READ_TIMEOUT,
+        mcp.read_stream_until_notification_message("turn/started"),
+    )
+    .await??;
+    let item_started: JSONRPCNotification = timeout(
+        DEFAULT_READ_TIMEOUT,
+        mcp.read_stream_until_notification_message("item/started"),
+    )
+    .await??;
+    let started: ItemStartedNotification =
+        serde_json::from_value(item_started.params.expect("params must be present"))?;
+    match started.item {
+        ThreadItem::CodeReview { id, review } => {
+            assert_eq!(id, turn_id);
+            assert_eq!(review, "commit 1234567");
+        }
+        other => panic!("expected code review item, got {other:?}"),
     }
-    assert!(
-        saw_entered_review_mode,
-        "did not observe enteredReviewMode item"
-    );
 
-    // Confirm we see the ExitedReviewMode marker (with review text)
-    // on the same turn. Ignore any other items the stream surfaces.
     let mut review_body: Option<String> = None;
-    for _ in 0..10 {
+    for _ in 0..5 {
         let review_notif: JSONRPCNotification = timeout(
             DEFAULT_READ_TIMEOUT,
             mcp.read_stream_until_notification_message("item/completed"),
@@ -117,12 +116,13 @@ async fn review_start_runs_review_turn_and_emits_code_review_item() -> Result<()
         let completed: ItemCompletedNotification =
             serde_json::from_value(review_notif.params.expect("params must be present"))?;
         match completed.item {
-            ThreadItem::ExitedReviewMode { id, review } => {
+            ThreadItem::CodeReview { id, review } => {
                 assert_eq!(id, turn_id);
                 review_body = Some(review);
                 break;
             }
-            _ => continue,
+            ThreadItem::UserMessage { .. } => continue,
+            other => panic!("unexpected item/completed payload: {other:?}"),
         }
     }
 
@@ -146,7 +146,7 @@ async fn review_start_rejects_empty_base_branch() -> Result<()> {
     let request_id = mcp
         .send_review_start_request(ReviewStartParams {
             thread_id,
-            delivery: Some(ReviewDelivery::Inline),
+            append_to_original_thread: true,
             target: ReviewTarget::BaseBranch {
                 branch: "   ".to_string(),
             },
@@ -167,56 +167,6 @@ async fn review_start_rejects_empty_base_branch() -> Result<()> {
     Ok(())
 }
 
-#[tokio::test]
-async fn review_start_with_detached_delivery_returns_new_thread_id() -> Result<()> {
-    let review_payload = json!({
-        "findings": [],
-        "overall_correctness": "ok",
-        "overall_explanation": "detached review",
-        "overall_confidence_score": 0.5
-    })
-    .to_string();
-    let responses = vec![create_final_assistant_message_sse_response(
-        &review_payload,
-    )?];
-    let server = create_mock_chat_completions_server_unchecked(responses).await;
-
-    let codex_home = TempDir::new()?;
-    create_config_toml(codex_home.path(), &server.uri())?;
-
-    let mut mcp = McpProcess::new(codex_home.path()).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
-
-    let thread_id = start_default_thread(&mut mcp).await?;
-
-    let review_req = mcp
-        .send_review_start_request(ReviewStartParams {
-            thread_id: thread_id.clone(),
-            delivery: Some(ReviewDelivery::Detached),
-            target: ReviewTarget::Custom {
-                instructions: "detached review".to_string(),
-            },
-        })
-        .await?;
-    let review_resp: JSONRPCResponse = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_response_message(RequestId::Integer(review_req)),
-    )
-    .await??;
-    let ReviewStartResponse {
-        turn,
-        review_thread_id,
-    } = to_response::<ReviewStartResponse>(review_resp)?;
-
-    assert_eq!(turn.status, TurnStatus::InProgress);
-    assert_ne!(
-        review_thread_id, thread_id,
-        "detached review should run on a different thread"
-    );
-
-    Ok(())
-}
-
 #[tokio::test]
 async fn review_start_rejects_empty_commit_sha() -> Result<()> {
     let server = create_mock_chat_completions_server_unchecked(vec![]).await;
@@ -230,7 +180,7 @@ async fn review_start_rejects_empty_commit_sha() -> Result<()> {
     let request_id = mcp
         .send_review_start_request(ReviewStartParams {
             thread_id,
-            delivery: Some(ReviewDelivery::Inline),
+            append_to_original_thread: true,
             target: ReviewTarget::Commit {
                 sha: "\t".to_string(),
                 title: None,
@@ -265,7 +215,7 @@ async fn review_start_rejects_empty_custom_instructions() -> Result<()> {
     let request_id = mcp
         .send_review_start_request(ReviewStartParams {
             thread_id,
-            delivery: Some(ReviewDelivery::Inline),
+            append_to_original_thread: true,
             target: ReviewTarget::Custom {
                 instructions: "\n\n".to_string(),
             },

codex-rs/app-server/tests/suite/v2/turn_start.rs

@@ -11,7 +11,6 @@ use app_test_support::to_response;
 use codex_app_server_protocol::ApprovalDecision;
 use codex_app_server_protocol::CommandExecutionRequestApprovalResponse;
 use codex_app_server_protocol::CommandExecutionStatus;
-use codex_app_server_protocol::FileChangeOutputDeltaNotification;
 use codex_app_server_protocol::FileChangeRequestApprovalResponse;
 use codex_app_server_protocol::ItemCompletedNotification;
 use codex_app_server_protocol::ItemStartedNotification;
@@ -726,26 +725,6 @@ async fn turn_start_file_change_approval_v2() -> Result<()> {
     )
     .await?;
 
-    let output_delta_notif = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_notification_message("item/fileChange/outputDelta"),
-    )
-    .await??;
-    let output_delta: FileChangeOutputDeltaNotification = serde_json::from_value(
-        output_delta_notif
-            .params
-            .clone()
-            .expect("item/fileChange/outputDelta params"),
-    )?;
-    assert_eq!(output_delta.thread_id, thread.id);
-    assert_eq!(output_delta.turn_id, turn.id);
-    assert_eq!(output_delta.item_id, "patch-call");
-    assert!(
-        !output_delta.delta.is_empty(),
-        "expected delta to be non-empty, got: {}",
-        output_delta.delta
-    );
-
     let completed_file_change = timeout(DEFAULT_READ_TIMEOUT, async {
         loop {
             let completed_notif = mcp

codex-rs/cli/src/main.rs

@@ -18,8 +18,6 @@ use codex_cli::login::run_logout;
 use codex_cloud_tasks::Cli as CloudTasksCli;
 use codex_common::CliConfigOverrides;
 use codex_exec::Cli as ExecCli;
-use codex_exec::Command as ExecCommand;
-use codex_exec::ReviewArgs;
 use codex_execpolicy::ExecPolicyCheckCommand;
 use codex_responses_api_proxy::Args as ResponsesApiProxyArgs;
 use codex_tui::AppExitInfo;
@@ -74,9 +72,6 @@ enum Subcommand {
     #[clap(visible_alias = "e")]
     Exec(ExecCli),
 
-    /// Run a code review non-interactively.
-    Review(ReviewArgs),
-
     /// Manage login.
     Login(LoginCommand),
 
@@ -454,15 +449,6 @@ async fn cli_main(codex_linux_sandbox_exe: Option<PathBuf>) -> anyhow::Result<()
             );
             codex_exec::run_main(exec_cli, codex_linux_sandbox_exe).await?;
         }
-        Some(Subcommand::Review(review_args)) => {
-            let mut exec_cli = ExecCli::try_parse_from(["codex", "exec"])?;
-            exec_cli.command = Some(ExecCommand::Review(review_args));
-            prepend_config_flags(
-                &mut exec_cli.config_overrides,
-                root_config_overrides.clone(),
-            );
-            codex_exec::run_main(exec_cli, codex_linux_sandbox_exe).await?;
-        }
         Some(Subcommand::McpServer) => {
             codex_mcp_server::run_main(codex_linux_sandbox_exe, root_config_overrides).await?;
         }

codex-rs/cli/tests/execpolicy.rs

@@ -40,15 +40,17 @@ prefix_rule(
     assert_eq!(
         result,
         json!({
-            "decision": "forbidden",
-            "matchedRules": [
-                {
-                    "prefixRuleMatch": {
-                        "matchedPrefix": ["git", "push"],
-                        "decision": "forbidden"
+            "match": {
+                "decision": "forbidden",
+                "matchedRules": [
+                    {
+                        "prefixRuleMatch": {
+                            "matchedPrefix": ["git", "push"],
+                            "decision": "forbidden"
+                        }
                     }
-                }
-            ]
+                ]
+            }
         })
     );
 

codex-rs/client.md

@@ -0,0 +1,206 @@
+# Client Extraction Plan
+
+## Goals
+- Split the HTTP transport/client code out of `codex-core` into a reusable crate that is agnostic of Codex/OpenAI business logic and API schemas.
+- Create a separate API library crate that houses typed requests/responses for well-known APIs (Responses, Chat Completions, Compact) and plugs into the transport crate via minimal traits.
+- Preserve current behaviour (auth headers, retries, SSE handling, rate-limit parsing, compaction, fixtures) while making the APIs symmetric and avoiding code duplication.
+- Keep existing consumers (`codex-core`, tests, and tools) stable by providing a small compatibility layer during the transition.
+
+## Snapshot of Today
+- `core/src/client.rs (ModelClient)` owns config/auth/session state, chooses wire API, builds payloads, drives retries, parses SSE, compaction, and rate-limit headers.
+- `core/src/chat_completions.rs` implements the Chat Completions call + SSE parser + aggregation helper.
+- `core/src/client_common.rs` holds `Prompt`, tool specs, shared request structs (`ResponsesApiRequest`, `TextControls`), and `ResponseEvent`/`ResponseStream`.
+- `core/src/default_client.rs` wraps `reqwest` with Codex UA/originator defaults.
+- `core/src/model_provider_info.rs` models providers (base URL, headers, env keys, retry/timeout tuning) and builds `CodexRequestBuilder`s.
+    - Current retry logic is co-located with API handling; streaming SSE parsing is duplicated across Responses/Chat.
+
+## Target Crates (with interfaces)
+
+- `codex-client` (generic transport)
+  - Owns the generic HTTP machinery: a `CodexHttpClient`/`CodexRequestBuilder`-style wrapper, retry/backoff hooks, streaming connector (SSE framing + idle timeout), header injection, and optional telemetry callbacks.
+  - Does **not** know about OpenAI/Codex-specific paths, headers, or error codes; it only exposes HTTP-level concepts (status, headers, bodies, connection errors).
+  - Minimal surface:
+    ```rust
+    pub trait HttpTransport {
+        fn execute(&self, req: Request) -> Result<Response, TransportError>;
+        fn stream(&self, req: Request) -> Result<ByteStream, TransportError>;
+    }
+
+    pub struct Request {
+        pub method: Method,
+        pub url: String,
+        pub headers: HeaderMap,
+        pub body: Option<serde_json::Value>,
+        pub timeout: Option<Duration>,
+    }
+    ```
+  - Generic client traits (request/response/chunk are abstract over the transport):
+    ```rust
+    #[async_trait::async_trait]
+    pub trait UnaryClient<Req, Resp> {
+        async fn run(&self, req: Req) -> Result<Resp, TransportError>;
+    }
+
+    #[async_trait::async_trait]
+    pub trait StreamClient<Req, Chunk> {
+        async fn run(&self, req: Req) -> Result<ResponseStream<Chunk>, TransportError>;
+    }
+
+    pub struct RetryPolicy {
+        pub max_attempts: u64,
+        pub base_delay: Duration,
+        pub retry_on: RetryOn, // e.g., transport errors + 429/5xx
+    }
+    ```
+    - `RetryOn` lives in `codex-client` and captures HTTP status classes and transport failures that qualify for retry.
+    - Implementations in `codex-api` plug in their own request types, parsers, and retry policies while reusing the transport’s backoff and error types.
+    - Planned runtime helper:
+      ```rust
+      pub async fn run_with_retry<T, F, Fut>(
+          policy: RetryPolicy,
+          make_req: impl Fn() -> Request,
+          op: F,
+      ) -> Result<T, TransportError>
+      where
+          F: Fn(Request) -> Fut,
+          Fut: Future<Output = Result<T, TransportError>>,
+      {
+          for attempt in 0..=policy.max_attempts {
+              let req = make_req();
+              match op(req).await {
+                  Ok(resp) => return Ok(resp),
+                  Err(err) if policy.retry_on.should_retry(&err, attempt) => {
+                      tokio::time::sleep(backoff(policy.base_delay, attempt + 1)).await;
+                  }
+                  Err(err) => return Err(err),
+              }
+          }
+          Err(TransportError::RetryLimit)
+      }
+      ```
+      - Unary clients wrap `transport.execute` with this helper and then deserialize.
+      - Stream clients wrap the **initial** `transport.stream` call with this helper. Mid-stream disconnects are surfaced as `StreamError`s; automatic resume/reconnect can be added later on top of this primitive if we introduce cursor support.
+  - Common helpers: `retry::backoff(attempt)`, `errors::{TransportError, StreamError}`.
+  - Streaming utility (SSE framing only):
+    ```rust
+    pub fn sse_stream<S>(
+        bytes: S,
+        idle_timeout: Duration,
+        tx: mpsc::Sender<Result<String, StreamError>>,
+        telemetry: Option<Box<dyn Telemetry>>,
+    )
+    where
+        S: Stream<Item = Result<Bytes, TransportError>> + Unpin + Send + 'static;
+    ```
+    - `sse_stream` is responsible for timeouts, connection-level errors, and emitting raw `data:` chunks as UTF-8 strings; parsing those strings into structured events is done in `codex-api`.
+
+- `codex-api` (OpenAI/Codex API library)
+  - Owns typed models for Responses/Chat/Compact plus shared helpers (`Prompt`, tool specs, text controls, `ResponsesApiRequest`, etc.).
+  - Knows about OpenAI/Codex semantics:
+    - URL shapes (`/v1/responses`, `/v1/chat/completions`, `/responses/compact`).
+    - Provider configuration (`WireApi`, base URLs, query params, per-provider retry knobs).
+    - Rate-limit headers (`x-codex-*`) and their mapping into `RateLimitSnapshot` / `CreditsSnapshot`.
+    - Error body formats (`{ error: { type, code, message, plan_type, resets_at } }`) and how they become API errors (context window exceeded, quota/usage limit, etc.).
+    - SSE event names (`response.output_item.done`, `response.completed`, `response.failed`, etc.) and their mapping into high-level events.
+  - Provides a provider abstraction (conceptually similar to `ModelProviderInfo`):
+    ```rust
+    pub struct Provider {
+        pub name: String,
+        pub base_url: String,
+        pub wire: WireApi, // Responses | Chat
+        pub headers: HeaderMap,
+        pub retry: RetryConfig,
+        pub stream_idle_timeout: Duration,
+    }
+
+    pub trait AuthProvider {
+        /// Returns a bearer token to use for this request (if any).
+        /// Implementations are expected to be cheap and to surface already-refreshed tokens;
+        /// higher layers (`codex-core`) remain responsible for token refresh flows.
+        fn bearer_token(&self) -> Option<String>;
+
+        /// Optional ChatGPT account id header for Chat mode.
+        fn account_id(&self) -> Option<String>;
+    }
+    ```
+  - Ready-made clients built on `HttpTransport`:
+    ```rust
+    pub struct ResponsesClient<T: HttpTransport, A: AuthProvider> { /* ... */ }
+    impl<T, A> ResponsesClient<T, A> {
+        pub async fn stream(&self, prompt: &Prompt) -> ApiResult<ResponseStream<ApiEvent>>;
+        pub async fn compact(&self, prompt: &Prompt) -> ApiResult<Vec<ResponseItem>>;
+    }
+
+    pub struct ChatClient<T: HttpTransport, A: AuthProvider> { /* ... */ }
+    impl<T, A> ChatClient<T, A> {
+        pub async fn stream(&self, prompt: &Prompt) -> ApiResult<ResponseStream<ApiEvent>>;
+    }
+
+    pub struct CompactClient<T: HttpTransport, A: AuthProvider> { /* ... */ }
+    impl<T, A> CompactClient<T, A> {
+        pub async fn compact(&self, prompt: &Prompt) -> ApiResult<Vec<ResponseItem>>;
+    }
+    ```
+  - Streaming events unified across wire APIs (this can closely mirror `ResponseEvent` today, and we may type-alias one to the other during migration):
+    ```rust
+    pub enum ApiEvent {
+        Created,
+        OutputItemAdded(ResponseItem),
+        OutputItemDone(ResponseItem),
+        OutputTextDelta(String),
+        ReasoningContentDelta { delta: String, content_index: i64 },
+        ReasoningSummaryDelta { delta: String, summary_index: i64 },
+        RateLimits(RateLimitSnapshot),
+        Completed { response_id: String, token_usage: Option<TokenUsage> },
+    }
+    ```
+  - Error layering:
+    - `codex-client`: defines `TransportError` / `StreamError` (status codes, IO, timeouts).
+    - `codex-api`: defines `ApiError` that wraps `TransportError` plus API-specific errors parsed from bodies and headers.
+    - `codex-core`: maps `ApiError` into existing `CodexErr` variants so downstream callers remain unchanged.
+  - Aggregation strategies (today’s `AggregateStreamExt`) live here as adapters (`Aggregated`, `Streaming`) that transform `ResponseStream<ApiEvent>` into the higher-level views used by `codex-core`.
+
+## Implementation Steps
+
+1. **Create crates**: add `codex-client` and `codex-api` (names keep the `codex-` prefix). Stub lib files with feature flags/tests wired into the workspace; wire them into `Cargo.toml`.
+2. **Extract API-level SSE + rate limits into `codex-api`**:
+   - Move the Responses SSE parser (`process_sse`), rate-limit parsing, and related tests from `core/src/client.rs` into `codex-api`, keeping the behavior identical.
+   - Introduce `ApiEvent` (initially equivalent to `ResponseEvent`) and `ApiError`, and adjust the parser to emit those.
+   - Provide test-only helpers for fixture streams (replacement for `CODEX_RS_SSE_FIXTURE`) in `codex-api`.
+3. **Lift transport layer into `codex-client`**:
+   - Move `CodexHttpClient`/`CodexRequestBuilder`, UA/originator plumbing, and backoff helpers from `core/src/default_client.rs` into `codex-client` (or a thin wrapper on top of it).
+   - Introduce `HttpTransport`, `Request`, `RetryPolicy`, `RetryOn`, and `run_with_retry` as described above.
+   - Keep sandbox/no-proxy toggles behind injected configuration so `codex-client` stays generic and does not depend on Codex-specific env vars.
+4. **Model provider abstraction in `codex-api`**:
+   - Relocate `ModelProviderInfo` (base URL, env/header resolution, retry knobs, wire API enum) into `codex-api`, expressed in terms of `Provider` and `AuthProvider`.
+   - Ensure provider logic handles:
+     - URL building for Responses/Chat/Compact (including Azure special cases).
+     - Static and env-based headers.
+     - Per-provider retry and idle-timeout settings that map cleanly into `RetryPolicy`/`RetryOn`.
+5. **API crate wiring**:
+   - Move `Prompt`, tool specs, `ResponsesApiRequest`, `TextControls`, and `ResponseEvent/ResponseStream` into `codex-api` under modules (`common`, `responses`, `chat`, `compact`), keeping public types stable or re-exported through `codex-core` as needed.
+   - Rebuild Responses and Chat clients on top of `HttpTransport` + `StreamClient`, reusing shared retry + SSE helpers; keep aggregation adapters as reusable strategies instead of `ModelClient`-local logic.
+   - Implement Compact on top of `UnaryClient` and the unary `execute` path with JSON deserialization, sharing the same retry policy.
+   - Keep request builders symmetric: each client prepares a `Request<serde_json::Value>`, attaches headers/auth via `AuthProvider`, and plugs in its parser (streaming clients) or deserializer (unary) while sharing retry/backoff configuration derived from `Provider`.
+6. **Core integration layer**:
+   - Replace `core::ModelClient` internals with thin adapters that construct `codex-api` clients using `Config`, `AuthManager`, and `OtelEventManager`.
+   - Keep the public `ModelClient` API and `ResponseEvent`/`ResponseStream` types stable by re-exporting `codex-api` types or providing type aliases.
+   - Preserve existing auth flows (including ChatGPT token refresh) inside `codex-core` or a thin adapter, using `AuthProvider` to surface bearer tokens to `codex-api` and handling 401/refresh semantics at this layer.
+7. **Tests/migration**:
+   - Move unit tests for SSE parsing, retry/backoff decisions, and provider/header behavior into the new crates; keep integration tests in `core` using the compatibility layer.
+   - Update fixtures to be consumed via test-only adapters in `codex-api`.
+   - Run targeted `just fmt`, `just fix -p` for the touched crates, and scoped `cargo test -p codex-client`, `-p codex-api`, and existing `codex-core` suites.
+
+## Design Decisions
+
+- **UA construction**
+  - `codex-client` exposes an optional UA suffix/provider hook (tiny feature) and remains unaware of the CLI; `codex-core` / the CLI compute the full UA (including `terminal::user_agent()`) and pass the suffix or builder down.
+- **Config vs provider**
+  - Most configuration stays in `codex-core`. `codex-api::Provider` only contains what is strictly required for HTTP (base URLs, query params, retry/timeout knobs, wire API), while higher-level knobs (reasoning defaults, verbosity flags, etc.) remain core concerns.
+- **Auth flow ownership**
+  - Auth flows (including ChatGPT token refresh) remain in `codex-core`. `AuthProvider` simply exposes already-fresh tokens/account IDs; 401 handling and refresh retries stay in the existing auth layer.
+- **Error enums**
+  - `codex-client` continues to define `TransportError` / `StreamError`. `codex-api` defines an `ApiError` (deriving `thiserror::Error`) that wraps `TransportError` and API-specific failures, and `codex-core` maps `ApiError` into existing `CodexErr` variants for callers.
+- **Streaming reconnection semantics**
+  - For now, mid-stream SSE failures are surfaced as errors and only the initial connection is retried via `run_with_retry`. We will revisit mid-stream reconnect/resume once the underlying APIs support cursor/idempotent event semantics.
+

codex-rs/codex-client/Cargo.toml

@@ -1,22 +1,21 @@
 [package]
-edition.workspace = true
-license.workspace = true
 name = "codex-client"
 version.workspace = true
+edition.workspace = true
+license.workspace = true
 
 [dependencies]
 async-trait = { workspace = true }
 bytes = { workspace = true }
-eventsource-stream = { workspace = true }
 futures = { workspace = true }
 http = { workspace = true }
-rand = { workspace = true }
 reqwest = { workspace = true, features = ["json", "stream"] }
 serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true }
 thiserror = { workspace = true }
 tokio = { workspace = true, features = ["macros", "rt", "time", "sync"] }
-tracing = { workspace = true }
+rand = { workspace = true }
+eventsource-stream = { workspace = true }
 
 [lints]
 workspace = true

codex-rs/codex-client/src/transport.rs

@@ -8,9 +8,6 @@ use futures::stream::BoxStream;
 use http::HeaderMap;
 use http::Method;
 use http::StatusCode;
-use tracing::Level;
-use tracing::enabled;
-use tracing::trace;
 
 pub type ByteStream = BoxStream<'static, Result<Bytes, TransportError>>;
 
@@ -86,15 +83,6 @@ impl HttpTransport for ReqwestTransport {
     }
 
     async fn stream(&self, req: Request) -> Result<StreamResponse, TransportError> {
-        if enabled!(Level::TRACE) {
-            trace!(
-                "{} to {}: {}",
-                req.method,
-                req.url,
-                req.body.as_ref().unwrap_or_default()
-            );
-        }
-
         let builder = self.build(req)?;
         let resp = builder.send().await.map_err(Self::map_error)?;
         let status = resp.status();

codex-rs/core/Cargo.toml

@@ -1,8 +1,8 @@
 [package]
-name = "codex-core"
-version.workspace = true
 edition.workspace = true
 license.workspace = true
+name = "codex-core"
+version.workspace = true
 
 [lib]
 doctest = false
@@ -18,12 +18,13 @@ askama = { workspace = true }
 async-channel = { workspace = true }
 async-trait = { workspace = true }
 base64 = { workspace = true }
-chrono = { workspace = true, features = ["serde"] }
 chardetng = { workspace = true }
+chrono = { workspace = true, features = ["serde"] }
+codex-api = { workspace = true }
 codex-app-server-protocol = { workspace = true }
 codex-apply-patch = { workspace = true }
 codex-async-utils = { workspace = true }
-codex-api = { workspace = true }
+codex-client = { workspace = true }
 codex-execpolicy = { workspace = true }
 codex-file-search = { workspace = true }
 codex-git = { workspace = true }
@@ -37,8 +38,8 @@ codex-utils-string = { workspace = true }
 codex-windows-sandbox = { package = "codex-windows-sandbox", path = "../windows-sandbox-rs" }
 dirs = { workspace = true }
 dunce = { workspace = true }
-env-flags = { workspace = true }
 encoding_rs = { workspace = true }
+env-flags = { workspace = true }
 eventsource-stream = { workspace = true }
 futures = { workspace = true }
 http = { workspace = true }
@@ -46,21 +47,19 @@ indexmap = { workspace = true }
 keyring = { workspace = true, features = ["crypto-rust"] }
 libc = { workspace = true }
 mcp-types = { workspace = true }
+once_cell = { workspace = true }
 os_info = { workspace = true }
 rand = { workspace = true }
+regex = { workspace = true }
 regex-lite = { workspace = true }
 reqwest = { workspace = true, features = ["json", "stream"] }
 serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true }
-serde_yaml = { workspace = true }
 sha1 = { workspace = true }
 sha2 = { workspace = true }
 shlex = { workspace = true }
 similar = { workspace = true }
 strum_macros = { workspace = true }
-url = { workspace = true }
-once_cell = { workspace = true }
-regex = { workspace = true }
 tempfile = { workspace = true }
 test-case = "3.3.1"
 test-log = { workspace = true }
@@ -84,6 +83,7 @@ toml_edit = { workspace = true }
 tracing = { workspace = true, features = ["log"] }
 tree-sitter = { workspace = true }
 tree-sitter-bash = { workspace = true }
+url = { workspace = true }
 uuid = { workspace = true, features = ["serde", "v4", "v5"] }
 which = { workspace = true }
 wildmatch = { workspace = true }
@@ -93,9 +93,9 @@ deterministic_process_ids = []
 
 
 [target.'cfg(target_os = "linux")'.dependencies]
+keyring = { workspace = true, features = ["linux-native-async-persistent"] }
 landlock = { workspace = true }
 seccompiler = { workspace = true }
-keyring = { workspace = true, features = ["linux-native-async-persistent"] }
 
 [target.'cfg(target_os = "macos")'.dependencies]
 core-foundation = "0.9"

codex-rs/core/src/apply_patch.rs

@@ -70,9 +70,7 @@ pub(crate) async fn apply_patch(
                 )
                 .await;
             match rx_approve.await.unwrap_or_default() {
-                ReviewDecision::Approved
-                | ReviewDecision::ApprovedAllowPrefix { .. }
-                | ReviewDecision::ApprovedForSession => {
+                ReviewDecision::Approved | ReviewDecision::ApprovedForSession => {
                     InternalApplyPatchInvocation::DelegateToExec(ApplyPatchExec {
                         action,
                         user_explicitly_approved_this_action: true,

codex-rs/core/src/codex.rs

@@ -71,7 +71,6 @@ use crate::error::CodexErr;
 use crate::error::Result as CodexResult;
 #[cfg(test)]
 use crate::exec::StreamOutput;
-use crate::exec_policy::ExecPolicyUpdateError;
 use crate::mcp::auth::compute_auth_statuses;
 use crate::mcp_connection_manager::McpConnectionManager;
 use crate::model_family::find_family_for_model;
@@ -103,11 +102,12 @@ use crate::protocol::TurnDiffEvent;
 use crate::protocol::WarningEvent;
 use crate::rollout::RolloutRecorder;
 use crate::rollout::RolloutRecorderParams;
-use crate::rollout::map_session_init_error;
 use crate::shell;
 use crate::state::ActiveTurn;
 use crate::state::SessionServices;
 use crate::state::SessionState;
+use crate::status::ComponentHealth;
+use crate::status::maybe_codex_status_warning;
 use crate::tasks::GhostSnapshotTask;
 use crate::tasks::ReviewTask;
 use crate::tasks::SessionTask;
@@ -208,7 +208,7 @@ impl Codex {
         .await
         .map_err(|e| {
             error!("Failed to create session: {e:#}");
-            map_session_init_error(&e, &config.codex_home)
+            CodexErr::InternalAgentDied
         })?;
         let conversation_id = session.conversation_id;
 
@@ -289,7 +289,7 @@ pub(crate) struct TurnContext {
     pub(crate) final_output_json_schema: Option<Value>,
     pub(crate) codex_linux_sandbox_exe: Option<PathBuf>,
     pub(crate) tool_call_gate: Arc<ReadinessFlag>,
-    pub(crate) exec_policy: Arc<RwLock<ExecPolicy>>,
+    pub(crate) exec_policy: Arc<ExecPolicy>,
     pub(crate) truncation_policy: TruncationPolicy,
 }
 
@@ -347,7 +347,7 @@ pub(crate) struct SessionConfiguration {
     /// Set of feature flags for this session
     features: Features,
     /// Execpolicy policy, applied only when enabled by feature flag.
-    exec_policy: Arc<RwLock<ExecPolicy>>,
+    exec_policy: Arc<ExecPolicy>,
 
     // TODO(pakrym): Remove config from here
     original_config_do_not_use: Arc<Config>,
@@ -453,6 +453,16 @@ impl Session {
         }
     }
 
+    pub(crate) async fn replace_codex_backend_status(
+        &self,
+        status: ComponentHealth,
+    ) -> Option<ComponentHealth> {
+        let mut guard = self.services.codex_backend_status.lock().await;
+        let previous = *guard;
+        *guard = Some(status);
+        previous
+    }
+
     async fn new(
         session_configuration: SessionConfiguration,
         config: Arc<Config>,
@@ -510,7 +520,7 @@ impl Session {
 
         let rollout_recorder = rollout_recorder.map_err(|e| {
             error!("failed to initialize rollout recorder: {e:#}");
-            anyhow::Error::from(e)
+            anyhow::anyhow!("failed to initialize rollout recorder: {e:#}")
         })?;
         let rollout_path = rollout_recorder.rollout_path.clone();
 
@@ -569,6 +579,7 @@ impl Session {
             auth_manager: Arc::clone(&auth_manager),
             otel_event_manager,
             tool_approvals: Mutex::new(ApprovalStore::default()),
+            codex_backend_status: Mutex::new(None),
         };
 
         let sess = Arc::new(Session {
@@ -862,44 +873,11 @@ impl Session {
         .await
     }
 
-    pub(crate) async fn persist_command_allow_prefix(
-        &self,
-        prefix: &[String],
-    ) -> Result<(), ExecPolicyUpdateError> {
-        let (features, codex_home, current_policy) = {
-            let state = self.state.lock().await;
-            (
-                state.session_configuration.features.clone(),
-                state
-                    .session_configuration
-                    .original_config_do_not_use
-                    .codex_home
-                    .clone(),
-                state.session_configuration.exec_policy.clone(),
-            )
-        };
-
-        if !features.enabled(Feature::ExecPolicy) {
-            error!("attempted to append execpolicy rule while execpolicy feature is disabled");
-            return Err(ExecPolicyUpdateError::FeatureDisabled);
-        }
-
-        crate::exec_policy::append_allow_prefix_rule_and_update(
-            &codex_home,
-            &current_policy,
-            prefix,
-        )
-        .await?;
-
-        Ok(())
-    }
-
     /// Emit an exec approval request event and await the user's decision.
     ///
     /// The request is keyed by `sub_id`/`call_id` so matching responses are delivered
     /// to the correct in-flight turn. If the task is aborted, this returns the
     /// default `ReviewDecision` (`Denied`).
-    #[allow(clippy::too_many_arguments)]
     pub async fn request_command_approval(
         &self,
         turn_context: &TurnContext,
@@ -908,7 +886,6 @@ impl Session {
         cwd: PathBuf,
         reason: Option<String>,
         risk: Option<SandboxCommandAssessment>,
-        allow_prefix: Option<Vec<String>>,
     ) -> ReviewDecision {
         let sub_id = turn_context.sub_id.clone();
         // Add the tx_approve callback to the map before sending the request.
@@ -936,7 +913,6 @@ impl Session {
             cwd,
             reason,
             risk,
-            allow_prefix,
             parsed_cmd,
         });
         self.send_event(turn_context, event).await;
@@ -1012,7 +988,6 @@ impl Session {
             .read()
             .await
             .resolve_elicitation(server_name, id, response)
-            .await
     }
 
     /// Records input items: always append to conversation history and
@@ -1072,22 +1047,6 @@ impl Session {
         state.record_items(items.iter(), turn_context.truncation_policy);
     }
 
-    pub(crate) async fn record_model_warning(&self, message: impl Into<String>, ctx: &TurnContext) {
-        if !self.enabled(Feature::ModelWarnings).await {
-            return;
-        }
-
-        let item = ResponseItem::Message {
-            id: None,
-            role: "user".to_string(),
-            content: vec![ContentItem::InputText {
-                text: format!("Warning: {}", message.into()),
-            }],
-        };
-
-        self.record_conversation_items(ctx, &[item]).await;
-    }
-
     pub(crate) async fn replace_history(&self, items: Vec<ResponseItem>) {
         let mut state = self.state.lock().await;
         state.replace_history(items);
@@ -1111,15 +1070,6 @@ impl Session {
             .enabled(feature)
     }
 
-    pub(crate) async fn features(&self) -> Features {
-        self.state
-            .lock()
-            .await
-            .session_configuration
-            .features
-            .clone()
-    }
-
     async fn send_raw_response_items(&self, turn_context: &TurnContext, items: &[ResponseItem]) {
         for item in items {
             self.send_event(
@@ -1252,17 +1202,22 @@ impl Session {
         }
     }
 
-    pub(crate) async fn record_response_item_and_emit_turn_item(
+    /// Record a user input item to conversation history and also persist a
+    /// corresponding UserMessage EventMsg to rollout.
+    async fn record_input_and_rollout_usermsg(
         &self,
         turn_context: &TurnContext,
-        response_item: ResponseItem,
+        response_input: &ResponseInputItem,
     ) {
-        // Add to conversation history and persist response item to rollout.
+        let response_item: ResponseItem = response_input.clone().into();
+        // Add to conversation history and persist response item to rollout
         self.record_conversation_items(turn_context, std::slice::from_ref(&response_item))
             .await;
 
-        // Derive a turn item and emit lifecycle events if applicable.
-        if let Some(item) = parse_turn_item(&response_item) {
+        // Derive user message events and persist only UserMessage to rollout
+        let turn_item = parse_turn_item(&response_item);
+
+        if let Some(item @ TurnItem::UserMessage(_)) = turn_item {
             self.emit_turn_item_started(turn_context, &item).await;
             self.emit_turn_item_completed(turn_context, item).await;
         }
@@ -1538,7 +1493,6 @@ mod handlers {
     use crate::codex::spawn_review_thread;
     use crate::config::Config;
     use crate::mcp::auth::compute_auth_statuses;
-    use crate::review_prompts::resolve_review_request;
     use crate::tasks::CompactTask;
     use crate::tasks::RegularTask;
     use crate::tasks::UndoTask;
@@ -1553,7 +1507,6 @@ mod handlers {
     use codex_protocol::protocol::ReviewDecision;
     use codex_protocol::protocol::ReviewRequest;
     use codex_protocol::protocol::TurnAbortReason;
-    use codex_protocol::protocol::WarningEvent;
 
     use codex_protocol::user_input::UserInput;
     use codex_rmcp_client::ElicitationAction;
@@ -1668,21 +1621,7 @@ mod handlers {
         }
     }
 
-    /// Propagate a user's exec approval decision to the session
-    /// Also optionally whitelists command in execpolicy
     pub async fn exec_approval(sess: &Arc<Session>, id: String, decision: ReviewDecision) {
-        if let ReviewDecision::ApprovedAllowPrefix { allow_prefix } = &decision
-            && let Err(err) = sess.persist_command_allow_prefix(allow_prefix).await
-        {
-            let message = format!("Failed to update execpolicy allow list: {err}");
-            tracing::warn!("{message}");
-            let warning = EventMsg::Warning(WarningEvent { message });
-            sess.send_event_raw(Event {
-                id: id.clone(),
-                msg: warning,
-            })
-            .await;
-        }
         match decision {
             ReviewDecision::Abort => {
                 sess.interrupt_task().await;
@@ -1862,28 +1801,14 @@ mod handlers {
         let turn_context = sess
             .new_turn_with_sub_id(sub_id.clone(), SessionSettingsUpdate::default())
             .await;
-        match resolve_review_request(review_request, config.cwd.as_path()) {
-            Ok(resolved) => {
-                spawn_review_thread(
-                    Arc::clone(sess),
-                    Arc::clone(config),
-                    turn_context.clone(),
-                    sub_id,
-                    resolved,
-                )
-                .await;
-            }
-            Err(err) => {
-                let event = Event {
-                    id: sub_id,
-                    msg: EventMsg::Error(ErrorEvent {
-                        message: err.to_string(),
-                        codex_error_info: Some(CodexErrorInfo::Other),
-                    }),
-                };
-                sess.send_event(&turn_context, event.msg).await;
-            }
-        }
+        spawn_review_thread(
+            Arc::clone(sess),
+            Arc::clone(config),
+            turn_context.clone(),
+            sub_id,
+            review_request,
+        )
+        .await;
     }
 }
 
@@ -1893,7 +1818,7 @@ async fn spawn_review_thread(
     config: Arc<Config>,
     parent_turn_context: Arc<TurnContext>,
     sub_id: String,
-    resolved: crate::review_prompts::ResolvedReviewRequest,
+    review_request: ReviewRequest,
 ) {
     let model = config.review_model.clone();
     let review_model_family = find_family_for_model(&model)
@@ -1909,7 +1834,7 @@ async fn spawn_review_thread(
     });
 
     let base_instructions = REVIEW_PROMPT.to_string();
-    let review_prompt = resolved.prompt.clone();
+    let review_prompt = review_request.prompt.clone();
     let provider = parent_turn_context.client.get_provider();
     let auth_manager = parent_turn_context.client.get_auth_manager();
     let model_family = review_model_family.clone();
@@ -1968,13 +1893,14 @@ async fn spawn_review_thread(
         text: review_prompt,
     }];
     let tc = Arc::new(review_turn_context);
-    sess.spawn_task(tc.clone(), input, ReviewTask::new()).await;
+    sess.spawn_task(
+        tc.clone(),
+        input,
+        ReviewTask::new(review_request.append_to_original_thread),
+    )
+    .await;
 
     // Announce entering review mode so UIs can switch modes.
-    let review_request = ReviewRequest {
-        target: resolved.target,
-        user_facing_hint: Some(resolved.user_facing_hint),
-    };
     sess.send_event(&tc, EventMsg::EnteredReviewMode(review_request))
         .await;
 }
@@ -2008,8 +1934,7 @@ pub(crate) async fn run_task(
     sess.send_event(&turn_context, event).await;
 
     let initial_input_for_turn: ResponseInputItem = ResponseInputItem::from(input);
-    let response_item: ResponseItem = initial_input_for_turn.clone().into();
-    sess.record_response_item_and_emit_turn_item(turn_context.as_ref(), response_item)
+    sess.record_input_and_rollout_usermsg(turn_context.as_ref(), &initial_input_for_turn)
         .await;
 
     sess.maybe_start_ghost_snapshot(Arc::clone(&turn_context), cancellation_token.child_token())
@@ -2268,6 +2193,19 @@ async fn try_run_turn(
     });
 
     sess.persist_rollout_items(&[rollout_item]).await;
+    let sess_clone = Arc::clone(&sess);
+    let turn_context_clone = Arc::clone(&turn_context);
+    tokio::spawn(async move {
+        if let Some(message) = maybe_codex_status_warning(sess_clone.as_ref()).await {
+            sess_clone
+                .send_event(
+                    &turn_context_clone,
+                    EventMsg::Warning(WarningEvent { message }),
+                )
+                .await;
+        }
+    });
+
     let mut stream = turn_context
         .client
         .clone()
@@ -2541,10 +2479,7 @@ mod tests {
     use crate::tools::format_exec_output_str;
 
     use crate::protocol::CompactedItem;
-    use crate::protocol::CreditsSnapshot;
     use crate::protocol::InitialHistory;
-    use crate::protocol::RateLimitSnapshot;
-    use crate::protocol::RateLimitWindow;
     use crate::protocol::ResumedHistory;
     use crate::state::TaskKind;
     use crate::tasks::SessionTask;
@@ -2614,75 +2549,6 @@ mod tests {
         assert_eq!(expected, actual);
     }
 
-    #[test]
-    fn set_rate_limits_retains_previous_credits() {
-        let codex_home = tempfile::tempdir().expect("create temp dir");
-        let config = Config::load_from_base_config_with_overrides(
-            ConfigToml::default(),
-            ConfigOverrides::default(),
-            codex_home.path().to_path_buf(),
-        )
-        .expect("load default test config");
-        let config = Arc::new(config);
-        let session_configuration = SessionConfiguration {
-            provider: config.model_provider.clone(),
-            model: config.model.clone(),
-            model_reasoning_effort: config.model_reasoning_effort,
-            model_reasoning_summary: config.model_reasoning_summary,
-            developer_instructions: config.developer_instructions.clone(),
-            user_instructions: config.user_instructions.clone(),
-            base_instructions: config.base_instructions.clone(),
-            compact_prompt: config.compact_prompt.clone(),
-            approval_policy: config.approval_policy,
-            sandbox_policy: config.sandbox_policy.clone(),
-            cwd: config.cwd.clone(),
-            original_config_do_not_use: Arc::clone(&config),
-            features: Features::default(),
-            exec_policy: Arc::new(RwLock::new(ExecPolicy::empty())),
-            session_source: SessionSource::Exec,
-        };
-
-        let mut state = SessionState::new(session_configuration);
-        let initial = RateLimitSnapshot {
-            primary: Some(RateLimitWindow {
-                used_percent: 10.0,
-                window_minutes: Some(15),
-                resets_at: Some(1_700),
-            }),
-            secondary: None,
-            credits: Some(CreditsSnapshot {
-                has_credits: true,
-                unlimited: false,
-                balance: Some("10.00".to_string()),
-            }),
-        };
-        state.set_rate_limits(initial.clone());
-
-        let update = RateLimitSnapshot {
-            primary: Some(RateLimitWindow {
-                used_percent: 40.0,
-                window_minutes: Some(30),
-                resets_at: Some(1_800),
-            }),
-            secondary: Some(RateLimitWindow {
-                used_percent: 5.0,
-                window_minutes: Some(60),
-                resets_at: Some(1_900),
-            }),
-            credits: None,
-        };
-        state.set_rate_limits(update.clone());
-
-        assert_eq!(
-            state.latest_rate_limits,
-            Some(RateLimitSnapshot {
-                primary: update.primary.clone(),
-                secondary: update.secondary,
-                credits: initial.credits,
-            })
-        );
-    }
-
     #[test]
     fn prefers_structured_content_when_present() {
         let ctr = CallToolResult {
@@ -2837,7 +2703,7 @@ mod tests {
             cwd: config.cwd.clone(),
             original_config_do_not_use: Arc::clone(&config),
             features: Features::default(),
-            exec_policy: Arc::new(RwLock::new(ExecPolicy::empty())),
+            exec_policy: Arc::new(ExecPolicy::empty()),
             session_source: SessionSource::Exec,
         };
 
@@ -2854,6 +2720,7 @@ mod tests {
             auth_manager: Arc::clone(&auth_manager),
             otel_event_manager: otel_event_manager.clone(),
             tool_approvals: Mutex::new(ApprovalStore::default()),
+            codex_backend_status: Mutex::new(None),
         };
 
         let turn_context = Session::make_turn_context(
@@ -2915,7 +2782,7 @@ mod tests {
             cwd: config.cwd.clone(),
             original_config_do_not_use: Arc::clone(&config),
             features: Features::default(),
-            exec_policy: Arc::new(RwLock::new(ExecPolicy::empty())),
+            exec_policy: Arc::new(ExecPolicy::empty()),
             session_source: SessionSource::Exec,
         };
 
@@ -2932,6 +2799,7 @@ mod tests {
             auth_manager: Arc::clone(&auth_manager),
             otel_event_manager: otel_event_manager.clone(),
             tool_approvals: Mutex::new(ApprovalStore::default()),
+            codex_backend_status: Mutex::new(None),
         };
 
         let turn_context = Arc::new(Session::make_turn_context(
@@ -2955,40 +2823,6 @@ mod tests {
         (session, turn_context, rx_event)
     }
 
-    #[tokio::test]
-    async fn record_model_warning_appends_user_message() {
-        let (session, turn_context) = make_session_and_context();
-
-        session
-            .state
-            .lock()
-            .await
-            .session_configuration
-            .features
-            .enable(Feature::ModelWarnings);
-
-        session
-            .record_model_warning("too many unified exec sessions", &turn_context)
-            .await;
-
-        let mut history = session.clone_history().await;
-        let history_items = history.get_history();
-        let last = history_items.last().expect("warning recorded");
-
-        match last {
-            ResponseItem::Message { role, content, .. } => {
-                assert_eq!(role, "user");
-                assert_eq!(
-                    content,
-                    &vec![ContentItem::InputText {
-                        text: "Warning: too many unified exec sessions".to_string(),
-                    }]
-                );
-            }
-            other => panic!("expected user message, got {other:?}"),
-        }
-    }
-
     #[derive(Clone, Copy)]
     struct NeverEndingTask {
         kind: TaskKind,
@@ -3080,7 +2914,7 @@ mod tests {
         let input = vec![UserInput::Text {
             text: "start review".to_string(),
         }];
-        sess.spawn_task(Arc::clone(&tc), input, ReviewTask::new())
+        sess.spawn_task(Arc::clone(&tc), input, ReviewTask::new(true))
             .await;
 
         sess.abort_all_tasks(TurnAbortReason::Interrupted).await;
@@ -3108,8 +2942,6 @@ mod tests {
                 .expect("event");
             match evt.msg {
                 EventMsg::RawResponseItem(_) => continue,
-                EventMsg::ItemStarted(_) | EventMsg::ItemCompleted(_) => continue,
-                EventMsg::AgentMessage(_) => continue,
                 EventMsg::TurnAborted(e) => {
                     assert_eq!(TurnAbortReason::Interrupted, e.reason);
                     break;
@@ -3119,7 +2951,23 @@ mod tests {
         }
 
         let history = sess.clone_history().await.get_history();
-        let _ = history;
+        let found = history.iter().any(|item| match item {
+            ResponseItem::Message { role, content, .. } if role == "user" => {
+                content.iter().any(|ci| match ci {
+                    ContentItem::InputText { text } => {
+                        text.contains("<user_action>")
+                            && text.contains("review")
+                            && text.contains("interrupted")
+                    }
+                    _ => false,
+                })
+            }
+            _ => false,
+        });
+        assert!(
+            found,
+            "synthetic review interruption not recorded in history"
+        );
     }
 
     #[tokio::test]

codex-rs/core/src/codex_delegate.rs

@@ -275,7 +275,6 @@ async fn handle_exec_approval(
         event.cwd,
         event.reason,
         event.risk,
-        event.allow_prefix,
     );
     let decision = await_approval_with_cancel(
         approval_fut,

codex-rs/core/src/config/mod.rs

@@ -34,7 +34,6 @@ use crate::project_doc::DEFAULT_PROJECT_DOC_FILENAME;
 use crate::project_doc::LOCAL_PROJECT_DOC_FILENAME;
 use crate::protocol::AskForApproval;
 use crate::protocol::SandboxPolicy;
-use crate::util::resolve_path;
 use codex_app_server_protocol::Tools;
 use codex_app_server_protocol::UserSavedConfig;
 use codex_protocol::config_types::ForcedLoginMethod;
@@ -1017,8 +1016,15 @@ impl Config {
         let additional_writable_roots: Vec<PathBuf> = additional_writable_roots
             .into_iter()
             .map(|path| {
-                let absolute = resolve_path(&resolved_cwd, &path);
-                canonicalize(&absolute).unwrap_or(absolute)
+                let absolute = if path.is_absolute() {
+                    path
+                } else {
+                    resolved_cwd.join(path)
+                };
+                match canonicalize(&absolute) {
+                    Ok(canonical) => canonical,
+                    Err(_) => absolute,
+                }
             })
             .collect();
         let active_project = cfg
@@ -1293,7 +1299,11 @@ impl Config {
             return Ok(None);
         };
 
-        let full_path = resolve_path(cwd, p);
+        let full_path = if p.is_relative() {
+            cwd.join(p)
+        } else {
+            p.to_path_buf()
+        };
 
         let contents = std::fs::read_to_string(&full_path).map_err(|e| {
             std::io::Error::new(

codex-rs/core/src/config/types.rs

@@ -256,8 +256,8 @@ pub struct History {
     /// If true, history entries will not be written to disk.
     pub persistence: HistoryPersistence,
 
-    /// If set, the maximum size of the history file in bytes. The oldest entries
-    /// are dropped once the file exceeds this limit.
+    /// If set, the maximum size of the history file in bytes.
+    /// TODO(mbolin): Not currently honored.
     pub max_bytes: Option<usize>,
 }
 

codex-rs/core/src/exec_policy.rs

@@ -4,19 +4,14 @@ use std::path::PathBuf;
 use std::sync::Arc;
 
 use crate::command_safety::is_dangerous_command::requires_initial_appoval;
-use codex_execpolicy::AmendError;
 use codex_execpolicy::Decision;
-use codex_execpolicy::Error as ExecPolicyRuleError;
 use codex_execpolicy::Evaluation;
 use codex_execpolicy::Policy;
 use codex_execpolicy::PolicyParser;
-use codex_execpolicy::RuleMatch;
-use codex_execpolicy::blocking_append_allow_prefix_rule;
 use codex_protocol::protocol::AskForApproval;
 use codex_protocol::protocol::SandboxPolicy;
 use thiserror::Error;
 use tokio::fs;
-use tokio::sync::RwLock;
 
 use crate::bash::parse_shell_lc_plain_commands;
 use crate::features::Feature;
@@ -25,12 +20,9 @@ use crate::sandboxing::SandboxPermissions;
 use crate::tools::sandboxing::ApprovalRequirement;
 
 const FORBIDDEN_REASON: &str = "execpolicy forbids this command";
-const PROMPT_CONFLICT_REASON: &str =
-    "execpolicy requires approval for this command, but AskForApproval is set to Never";
 const PROMPT_REASON: &str = "execpolicy requires approval for this command";
 const POLICY_DIR_NAME: &str = "policy";
 const POLICY_EXTENSION: &str = "codexpolicy";
-const DEFAULT_POLICY_FILE: &str = "default.codexpolicy";
 
 #[derive(Debug, Error)]
 pub enum ExecPolicyError {
@@ -53,27 +45,12 @@ pub enum ExecPolicyError {
     },
 }
 
-#[derive(Debug, Error)]
-pub enum ExecPolicyUpdateError {
-    #[error("failed to update execpolicy file {path}: {source}")]
-    AppendRule { path: PathBuf, source: AmendError },
-
-    #[error("failed to update in-memory execpolicy: {source}")]
-    AddRule {
-        #[from]
-        source: ExecPolicyRuleError,
-    },
-
-    #[error("cannot append execpolicy rule because execpolicy feature is disabled")]
-    FeatureDisabled,
-}
-
 pub(crate) async fn exec_policy_for(
     features: &Features,
     codex_home: &Path,
-) -> Result<Arc<RwLock<Policy>>, ExecPolicyError> {
+) -> Result<Arc<Policy>, ExecPolicyError> {
     if !features.enabled(Feature::ExecPolicy) {
-        return Ok(Arc::new(RwLock::new(Policy::empty())));
+        return Ok(Arc::new(Policy::empty()));
     }
 
     let policy_dir = codex_home.join(POLICY_DIR_NAME);
@@ -97,7 +74,7 @@ pub(crate) async fn exec_policy_for(
             })?;
     }
 
-    let policy = Arc::new(RwLock::new(parser.build()));
+    let policy = Arc::new(parser.build());
     tracing::debug!(
         "loaded execpolicy from {} files in {}",
         policy_paths.len(),
@@ -107,116 +84,60 @@ pub(crate) async fn exec_policy_for(
     Ok(policy)
 }
 
-pub(crate) fn default_policy_path(codex_home: &Path) -> PathBuf {
-    codex_home.join(POLICY_DIR_NAME).join(DEFAULT_POLICY_FILE)
-}
+fn evaluate_with_policy(
+    policy: &Policy,
+    command: &[String],
+    approval_policy: AskForApproval,
+) -> Option<ApprovalRequirement> {
+    let commands = parse_shell_lc_plain_commands(command).unwrap_or_else(|| vec![command.to_vec()]);
+    let evaluation = policy.check_multiple(commands.iter());
 
-pub(crate) async fn append_allow_prefix_rule_and_update(
-    codex_home: &Path,
-    current_policy: &Arc<RwLock<Policy>>,
-    prefix: &[String],
-) -> Result<(), ExecPolicyUpdateError> {
-    let policy_path = default_policy_path(codex_home);
-    blocking_append_allow_prefix_rule(&policy_path, prefix).map_err(|source| {
-        ExecPolicyUpdateError::AppendRule {
-            path: policy_path,
-            source,
-        }
-    })?;
-
-    current_policy
-        .write()
-        .await
-        .add_prefix_rule(prefix, Decision::Allow)?;
-
-    Ok(())
-}
-
-/// Return an allow-prefix option when a command needs approval and execpolicy did not drive the decision
-fn allow_prefix_if_applicable(evaluation: &Evaluation, features: &Features) -> Option<Vec<String>> {
-    if !features.enabled(Feature::ExecPolicy) {
-        return None;
-    }
-
-    if evaluation.decision != Decision::Prompt {
-        return None;
-    }
-
-    let mut first_prompt_from_heuristics: Option<Vec<String>> = None;
-    for rule_match in &evaluation.matched_rules {
-        match rule_match {
-            RuleMatch::HeuristicsRuleMatch { command, decision } => {
-                if *decision == Decision::Prompt && first_prompt_from_heuristics.is_none() {
-                    first_prompt_from_heuristics = Some(command.clone());
+    match evaluation {
+        Evaluation::Match { decision, .. } => match decision {
+            Decision::Forbidden => Some(ApprovalRequirement::Forbidden {
+                reason: FORBIDDEN_REASON.to_string(),
+            }),
+            Decision::Prompt => {
+                let reason = PROMPT_REASON.to_string();
+                if matches!(approval_policy, AskForApproval::Never) {
+                    Some(ApprovalRequirement::Forbidden { reason })
+                } else {
+                    Some(ApprovalRequirement::NeedsApproval {
+                        reason: Some(reason),
+                    })
                 }
             }
-            _ if rule_match.decision() == Decision::Prompt => {
-                return None;
-            }
-            _ => {}
-        }
+            Decision::Allow => Some(ApprovalRequirement::Skip {
+                bypass_sandbox: true,
+            }),
+        },
+        Evaluation::NoMatch { .. } => None,
     }
-
-    first_prompt_from_heuristics
 }
 
-pub(crate) async fn create_approval_requirement_for_command(
-    exec_policy: &Arc<RwLock<Policy>>,
-    features: &Features,
+pub(crate) fn create_approval_requirement_for_command(
+    policy: &Policy,
     command: &[String],
     approval_policy: AskForApproval,
     sandbox_policy: &SandboxPolicy,
     sandbox_permissions: SandboxPermissions,
 ) -> ApprovalRequirement {
-    let commands = parse_shell_lc_plain_commands(command).unwrap_or_else(|| vec![command.to_vec()]);
-    let heuristics_fallback = |cmd: &[String]| {
-        if requires_initial_appoval(approval_policy, sandbox_policy, cmd, sandbox_permissions) {
-            Decision::Prompt
-        } else {
-            Decision::Allow
-        }
-    };
-    let policy = exec_policy.read().await;
-    let evaluation = policy.check_multiple(commands.iter(), &heuristics_fallback);
-    let has_policy_allow = evaluation.matched_rules.iter().any(|rule_match| {
-        !matches!(rule_match, RuleMatch::HeuristicsRuleMatch { .. })
-            && rule_match.decision() == Decision::Allow
-    });
-
-    match evaluation.decision {
-        Decision::Forbidden => ApprovalRequirement::Forbidden {
-            reason: FORBIDDEN_REASON.to_string(),
-        },
-        Decision::Prompt => {
-            let prompt_reason = derive_prompt_reason(&evaluation);
-            if matches!(approval_policy, AskForApproval::Never) {
-                ApprovalRequirement::Forbidden {
-                    reason: PROMPT_CONFLICT_REASON.to_string(),
-                }
-            } else {
-                ApprovalRequirement::NeedsApproval {
-                    reason: prompt_reason,
-                    allow_prefix: allow_prefix_if_applicable(&evaluation, features),
-                }
-            }
-        }
-        Decision::Allow => ApprovalRequirement::Skip {
-            bypass_sandbox: has_policy_allow,
-        },
+    if let Some(requirement) = evaluate_with_policy(policy, command, approval_policy) {
+        return requirement;
     }
-}
 
-/// Only return PROMPT_REASON when an execpolicy rule drove the prompt decision
-fn derive_prompt_reason(evaluation: &Evaluation) -> Option<String> {
-    evaluation.matched_rules.iter().find_map(|rule_match| {
-        if !matches!(rule_match, RuleMatch::HeuristicsRuleMatch { .. })
-            && rule_match.decision() == Decision::Prompt
-        {
-            Some(PROMPT_REASON.to_string())
-        } else {
-            None
+    if requires_initial_appoval(
+        approval_policy,
+        sandbox_policy,
+        command,
+        sandbox_permissions,
+    ) {
+        ApprovalRequirement::NeedsApproval { reason: None }
+    } else {
+        ApprovalRequirement::Skip {
+            bypass_sandbox: false,
         }
-    })
+    }
 }
 
 async fn collect_policy_files(dir: &Path) -> Result<Vec<PathBuf>, ExecPolicyError> {
@@ -274,7 +195,6 @@ mod tests {
     use codex_protocol::protocol::SandboxPolicy;
     use pretty_assertions::assert_eq;
     use std::fs;
-    use std::sync::Arc;
     use tempfile::tempdir;
 
     #[tokio::test]
@@ -288,19 +208,10 @@ mod tests {
             .expect("policy result");
 
         let commands = [vec!["rm".to_string()]];
-        assert_eq!(
-            Evaluation {
-                decision: Decision::Allow,
-                matched_rules: vec![RuleMatch::HeuristicsRuleMatch {
-                    command: vec!["rm".to_string()],
-                    decision: Decision::Allow
-                }],
-            },
-            policy
-                .read()
-                .await
-                .check_multiple(commands.iter(), &|_| Decision::Allow)
-        );
+        assert!(matches!(
+            policy.check_multiple(commands.iter()),
+            Evaluation::NoMatch { .. }
+        ));
         assert!(!temp_dir.path().join(POLICY_DIR_NAME).exists());
     }
 
@@ -331,19 +242,10 @@ mod tests {
             .await
             .expect("policy result");
         let command = [vec!["rm".to_string()]];
-        assert_eq!(
-            Evaluation {
-                decision: Decision::Forbidden,
-                matched_rules: vec![RuleMatch::PrefixRuleMatch {
-                    matched_prefix: vec!["rm".to_string()],
-                    decision: Decision::Forbidden
-                }],
-            },
-            policy
-                .read()
-                .await
-                .check_multiple(command.iter(), &|_| Decision::Allow)
-        );
+        assert!(matches!(
+            policy.check_multiple(command.iter()),
+            Evaluation::Match { .. }
+        ));
     }
 
     #[tokio::test]
@@ -359,23 +261,14 @@ mod tests {
             .await
             .expect("policy result");
         let command = [vec!["ls".to_string()]];
-        assert_eq!(
-            Evaluation {
-                decision: Decision::Allow,
-                matched_rules: vec![RuleMatch::HeuristicsRuleMatch {
-                    command: vec!["ls".to_string()],
-                    decision: Decision::Allow
-                }],
-            },
-            policy
-                .read()
-                .await
-                .check_multiple(command.iter(), &|_| Decision::Allow)
-        );
+        assert!(matches!(
+            policy.check_multiple(command.iter()),
+            Evaluation::NoMatch { .. }
+        ));
     }
 
-    #[tokio::test]
-    async fn evaluates_bash_lc_inner_commands() {
+    #[test]
+    fn evaluates_bash_lc_inner_commands() {
         let policy_src = r#"
 prefix_rule(pattern=["rm"], decision="forbidden")
 "#;
@@ -383,7 +276,7 @@ prefix_rule(pattern=["rm"], decision="forbidden")
         parser
             .parse("test.codexpolicy", policy_src)
             .expect("parse policy");
-        let policy = Arc::new(RwLock::new(parser.build()));
+        let policy = parser.build();
 
         let forbidden_script = vec![
             "bash".to_string(),
@@ -391,15 +284,9 @@ prefix_rule(pattern=["rm"], decision="forbidden")
             "rm -rf /tmp".to_string(),
         ];
 
-        let requirement = create_approval_requirement_for_command(
-            &policy,
-            &Features::with_defaults(),
-            &forbidden_script,
-            AskForApproval::OnRequest,
-            &SandboxPolicy::DangerFullAccess,
-            SandboxPermissions::UseDefault,
-        )
-        .await;
+        let requirement =
+            evaluate_with_policy(&policy, &forbidden_script, AskForApproval::OnRequest)
+                .expect("expected match for forbidden command");
 
         assert_eq!(
             requirement,
@@ -409,299 +296,74 @@ prefix_rule(pattern=["rm"], decision="forbidden")
         );
     }
 
-    #[tokio::test]
-    async fn approval_requirement_prefers_execpolicy_match() {
+    #[test]
+    fn approval_requirement_prefers_execpolicy_match() {
         let policy_src = r#"prefix_rule(pattern=["rm"], decision="prompt")"#;
         let mut parser = PolicyParser::new();
         parser
             .parse("test.codexpolicy", policy_src)
             .expect("parse policy");
-        let policy = Arc::new(RwLock::new(parser.build()));
+        let policy = parser.build();
         let command = vec!["rm".to_string()];
 
         let requirement = create_approval_requirement_for_command(
             &policy,
-            &Features::with_defaults(),
             &command,
             AskForApproval::OnRequest,
             &SandboxPolicy::DangerFullAccess,
             SandboxPermissions::UseDefault,
-        )
-        .await;
+        );
 
         assert_eq!(
             requirement,
             ApprovalRequirement::NeedsApproval {
-                reason: Some(PROMPT_REASON.to_string()),
-                allow_prefix: None,
+                reason: Some(PROMPT_REASON.to_string())
             }
         );
     }
 
-    #[tokio::test]
-    async fn approval_requirement_respects_approval_policy() {
+    #[test]
+    fn approval_requirement_respects_approval_policy() {
         let policy_src = r#"prefix_rule(pattern=["rm"], decision="prompt")"#;
         let mut parser = PolicyParser::new();
         parser
             .parse("test.codexpolicy", policy_src)
             .expect("parse policy");
-        let policy = Arc::new(RwLock::new(parser.build()));
+        let policy = parser.build();
         let command = vec!["rm".to_string()];
 
         let requirement = create_approval_requirement_for_command(
             &policy,
-            &Features::with_defaults(),
             &command,
             AskForApproval::Never,
             &SandboxPolicy::DangerFullAccess,
             SandboxPermissions::UseDefault,
-        )
-        .await;
+        );
 
         assert_eq!(
             requirement,
             ApprovalRequirement::Forbidden {
-                reason: PROMPT_CONFLICT_REASON.to_string()
+                reason: PROMPT_REASON.to_string()
             }
         );
     }
 
-    #[tokio::test]
-    async fn approval_requirement_falls_back_to_heuristics() {
+    #[test]
+    fn approval_requirement_falls_back_to_heuristics() {
         let command = vec!["python".to_string()];
 
-        let empty_policy = Arc::new(RwLock::new(Policy::empty()));
+        let empty_policy = Policy::empty();
         let requirement = create_approval_requirement_for_command(
             &empty_policy,
-            &Features::with_defaults(),
             &command,
             AskForApproval::UnlessTrusted,
             &SandboxPolicy::ReadOnly,
             SandboxPermissions::UseDefault,
-        )
-        .await;
+        );
 
         assert_eq!(
             requirement,
-            ApprovalRequirement::NeedsApproval {
-                reason: None,
-                allow_prefix: Some(command)
-            }
-        );
-    }
-
-    #[tokio::test]
-    async fn heuristics_apply_when_other_commands_match_policy() {
-        let policy_src = r#"prefix_rule(pattern=["apple"], decision="allow")"#;
-        let mut parser = PolicyParser::new();
-        parser
-            .parse("test.codexpolicy", policy_src)
-            .expect("parse policy");
-        let policy = Arc::new(RwLock::new(parser.build()));
-        let command = vec![
-            "bash".to_string(),
-            "-lc".to_string(),
-            "apple | orange".to_string(),
-        ];
-
-        assert_eq!(
-            create_approval_requirement_for_command(
-                &policy,
-                &Features::with_defaults(),
-                &command,
-                AskForApproval::UnlessTrusted,
-                &SandboxPolicy::DangerFullAccess,
-                SandboxPermissions::UseDefault,
-            )
-            .await,
-            ApprovalRequirement::NeedsApproval {
-                reason: None,
-                allow_prefix: Some(vec!["orange".to_string()])
-            }
-        );
-    }
-
-    #[tokio::test]
-    async fn append_allow_prefix_rule_updates_policy_and_file() {
-        let codex_home = tempdir().expect("create temp dir");
-        let current_policy = Arc::new(RwLock::new(Policy::empty()));
-        let prefix = vec!["echo".to_string(), "hello".to_string()];
-
-        append_allow_prefix_rule_and_update(codex_home.path(), &current_policy, &prefix)
-            .await
-            .expect("update policy");
-
-        let evaluation = current_policy.read().await.check(
-            &["echo".to_string(), "hello".to_string(), "world".to_string()],
-            &|_| Decision::Allow,
-        );
-        assert!(matches!(
-            evaluation,
-            Evaluation {
-                decision: Decision::Allow,
-                ..
-            }
-        ));
-
-        let contents = fs::read_to_string(default_policy_path(codex_home.path()))
-            .expect("policy file should have been created");
-        assert_eq!(
-            contents,
-            r#"prefix_rule(pattern=["echo", "hello"], decision="allow")
-"#
-        );
-    }
-
-    #[tokio::test]
-    async fn append_allow_prefix_rule_rejects_empty_prefix() {
-        let codex_home = tempdir().expect("create temp dir");
-        let current_policy = Arc::new(RwLock::new(Policy::empty()));
-
-        let result =
-            append_allow_prefix_rule_and_update(codex_home.path(), &current_policy, &[]).await;
-
-        assert!(matches!(
-            result,
-            Err(ExecPolicyUpdateError::AppendRule {
-                source: AmendError::EmptyPrefix,
-                ..
-            })
-        ));
-    }
-
-    #[tokio::test]
-    async fn allow_prefix_is_present_for_single_command_without_policy_match() {
-        let command = vec!["python".to_string()];
-
-        let empty_policy = Arc::new(RwLock::new(Policy::empty()));
-        let requirement = create_approval_requirement_for_command(
-            &empty_policy,
-            &Features::with_defaults(),
-            &command,
-            AskForApproval::UnlessTrusted,
-            &SandboxPolicy::ReadOnly,
-            SandboxPermissions::UseDefault,
-        )
-        .await;
-
-        assert_eq!(
-            requirement,
-            ApprovalRequirement::NeedsApproval {
-                reason: None,
-                allow_prefix: Some(command)
-            }
-        );
-    }
-
-    #[tokio::test]
-    async fn allow_prefix_is_disabled_when_execpolicy_feature_disabled() {
-        let command = vec!["python".to_string()];
-
-        let mut features = Features::with_defaults();
-        features.disable(Feature::ExecPolicy);
-
-        let requirement = create_approval_requirement_for_command(
-            &Arc::new(RwLock::new(Policy::empty())),
-            &features,
-            &command,
-            AskForApproval::UnlessTrusted,
-            &SandboxPolicy::ReadOnly,
-            SandboxPermissions::UseDefault,
-        )
-        .await;
-
-        assert_eq!(
-            requirement,
-            ApprovalRequirement::NeedsApproval {
-                reason: None,
-                allow_prefix: None,
-            }
-        );
-    }
-
-    #[tokio::test]
-    async fn allow_prefix_is_omitted_when_policy_prompts() {
-        let policy_src = r#"prefix_rule(pattern=["rm"], decision="prompt")"#;
-        let mut parser = PolicyParser::new();
-        parser
-            .parse("test.codexpolicy", policy_src)
-            .expect("parse policy");
-        let policy = Arc::new(RwLock::new(parser.build()));
-        let command = vec!["rm".to_string()];
-
-        let requirement = create_approval_requirement_for_command(
-            &policy,
-            &Features::with_defaults(),
-            &command,
-            AskForApproval::OnRequest,
-            &SandboxPolicy::DangerFullAccess,
-            SandboxPermissions::UseDefault,
-        )
-        .await;
-
-        assert_eq!(
-            requirement,
-            ApprovalRequirement::NeedsApproval {
-                reason: Some(PROMPT_REASON.to_string()),
-                allow_prefix: None,
-            }
-        );
-    }
-
-    #[tokio::test]
-    async fn allow_prefix_is_omitted_for_multi_command_scripts() {
-        let command = vec![
-            "bash".to_string(),
-            "-lc".to_string(),
-            "python && echo ok".to_string(),
-        ];
-        let requirement = create_approval_requirement_for_command(
-            &Arc::new(RwLock::new(Policy::empty())),
-            &Features::with_defaults(),
-            &command,
-            AskForApproval::UnlessTrusted,
-            &SandboxPolicy::ReadOnly,
-            SandboxPermissions::UseDefault,
-        )
-        .await;
-
-        assert_eq!(
-            requirement,
-            ApprovalRequirement::NeedsApproval {
-                reason: None,
-                allow_prefix: Some(vec!["python".to_string()]),
-            }
-        );
-    }
-
-    #[tokio::test]
-    async fn allow_prefix_uses_first_no_match_in_multi_command_scripts() {
-        let policy_src = r#"prefix_rule(pattern=["python"], decision="allow")"#;
-        let mut parser = PolicyParser::new();
-        parser
-            .parse("test.codexpolicy", policy_src)
-            .expect("parse policy");
-        let policy = Arc::new(RwLock::new(parser.build()));
-
-        let command = vec![
-            "bash".to_string(),
-            "-lc".to_string(),
-            "python && echo ok".to_string(),
-        ];
-
-        assert_eq!(
-            create_approval_requirement_for_command(
-                &policy,
-                &Features::with_defaults(),
-                &command,
-                AskForApproval::UnlessTrusted,
-                &SandboxPolicy::ReadOnly,
-                SandboxPermissions::UseDefault,
-            )
-            .await,
-            ApprovalRequirement::Skip {
-                bypass_sandbox: true
-            }
+            ApprovalRequirement::NeedsApproval { reason: None }
         );
     }
 }

codex-rs/core/src/features.rs

@@ -51,10 +51,6 @@ pub enum Feature {
     ShellTool,
     /// Allow model to call multiple tools in parallel (only for models supporting it).
     ParallelToolCalls,
-    /// Experimental skills injection (CLI flag-driven).
-    Skills,
-    /// Send warnings to the model to correct it on the tool usage.
-    ModelWarnings,
 }
 
 impl Feature {
@@ -269,12 +265,6 @@ pub const FEATURES: &[FeatureSpec] = &[
         stage: Stage::Stable,
         default_enabled: true,
     },
-    FeatureSpec {
-        id: Feature::ShellTool,
-        key: "shell_tool",
-        stage: Stage::Stable,
-        default_enabled: true,
-    },
     // Unstable features.
     FeatureSpec {
         id: Feature::UnifiedExec,
@@ -331,15 +321,9 @@ pub const FEATURES: &[FeatureSpec] = &[
         default_enabled: false,
     },
     FeatureSpec {
-        id: Feature::ModelWarnings,
-        key: "warnings",
-        stage: Stage::Experimental,
-        default_enabled: false,
-    },
-    FeatureSpec {
-        id: Feature::Skills,
-        key: "skills",
-        stage: Stage::Experimental,
-        default_enabled: false,
+        id: Feature::ShellTool,
+        key: "shell_tool",
+        stage: Stage::Stable,
+        default_enabled: true,
     },
 ];

codex-rs/core/src/git_info.rs

@@ -2,7 +2,6 @@ use std::collections::HashSet;
 use std::path::Path;
 use std::path::PathBuf;
 
-use crate::util::resolve_path;
 use codex_app_server_protocol::GitSha;
 use codex_protocol::protocol::GitInfo;
 use futures::future::join_all;
@@ -132,15 +131,11 @@ pub async fn recent_commits(cwd: &Path, limit: usize) -> Vec<CommitLogEntry> {
     }
 
     let fmt = "%H%x1f%ct%x1f%s"; // <sha> <US> <commit_time> <US> <subject>
-    let limit_arg = (limit > 0).then(|| limit.to_string());
-    let mut args: Vec<String> = vec!["log".to_string()];
-    if let Some(n) = &limit_arg {
-        args.push("-n".to_string());
-        args.push(n.clone());
-    }
-    args.push(format!("--pretty=format:{fmt}"));
-    let arg_refs: Vec<&str> = args.iter().map(String::as_str).collect();
-    let Some(log_out) = run_git_command_with_timeout(&arg_refs, cwd).await else {
+    let n = limit.max(1).to_string();
+    let Some(log_out) =
+        run_git_command_with_timeout(&["log", "-n", &n, &format!("--pretty=format:{fmt}")], cwd)
+            .await
+    else {
         return Vec::new();
     };
     if !log_out.status.success() {
@@ -549,7 +544,11 @@ pub fn resolve_root_git_project_for_trust(cwd: &Path) -> Option<PathBuf> {
         .trim()
         .to_string();
 
-    let git_dir_path_raw = resolve_path(base, &PathBuf::from(&git_dir_s));
+    let git_dir_path_raw = if Path::new(&git_dir_s).is_absolute() {
+        PathBuf::from(&git_dir_s)
+    } else {
+        base.join(&git_dir_s)
+    };
 
     // Normalize to handle macOS /var vs /private/var and resolve ".." segments.
     let git_dir_path = std::fs::canonicalize(&git_dir_path_raw).unwrap_or(git_dir_path_raw);

codex-rs/core/src/lib.rs

@@ -42,6 +42,7 @@ pub mod parse_command;
 pub mod powershell;
 mod response_processing;
 pub mod sandboxing;
+pub mod status;
 mod text_encoding;
 pub mod token_data;
 mod truncate;
@@ -58,7 +59,6 @@ pub use model_provider_info::create_oss_provider_with_base_url;
 mod conversation_manager;
 mod event_mapping;
 pub mod review_format;
-pub mod review_prompts;
 pub use codex_protocol::protocol::InitialHistory;
 pub use conversation_manager::ConversationManager;
 pub use conversation_manager::NewConversation;
@@ -73,7 +73,6 @@ mod rollout;
 pub(crate) mod safety;
 pub mod seatbelt;
 pub mod shell;
-pub mod skills;
 pub mod spawn;
 pub mod terminal;
 mod tools;

codex-rs/core/src/mcp_connection_manager.rs

@@ -12,6 +12,7 @@ use std::env;
 use std::ffi::OsString;
 use std::path::PathBuf;
 use std::sync::Arc;
+use std::sync::Mutex;
 use std::time::Duration;
 
 use crate::mcp::auth::McpAuthStatusEntry;
@@ -54,7 +55,6 @@ use serde::Serialize;
 use serde_json::json;
 use sha1::Digest;
 use sha1::Sha1;
-use tokio::sync::Mutex;
 use tokio::sync::oneshot;
 use tokio::task::JoinSet;
 use tokio_util::sync::CancellationToken;
@@ -128,7 +128,7 @@ struct ElicitationRequestManager {
 }
 
 impl ElicitationRequestManager {
-    async fn resolve(
+    fn resolve(
         &self,
         server_name: String,
         id: RequestId,
@@ -136,7 +136,7 @@ impl ElicitationRequestManager {
     ) -> Result<()> {
         self.requests
             .lock()
-            .await
+            .map_err(|e| anyhow!("failed to lock elicitation requests: {e:?}"))?
             .remove(&(server_name, id))
             .ok_or_else(|| anyhow!("elicitation request not found"))?
             .send(response)
@@ -151,8 +151,7 @@ impl ElicitationRequestManager {
             let server_name = server_name.clone();
             async move {
                 let (tx, rx) = oneshot::channel();
-                {
-                    let mut lock = elicitation_requests.lock().await;
+                if let Ok(mut lock) = elicitation_requests.lock() {
                     lock.insert((server_name.clone(), id.clone()), tx);
                 }
                 let _ = tx_event
@@ -366,15 +365,13 @@ impl McpConnectionManager {
             .context("failed to get client")
     }
 
-    pub async fn resolve_elicitation(
+    pub fn resolve_elicitation(
         &self,
         server_name: String,
         id: RequestId,
         response: ElicitationResponse,
     ) -> Result<()> {
-        self.elicitation_requests
-            .resolve(server_name, id, response)
-            .await
+        self.elicitation_requests.resolve(server_name, id, response)
     }
 
     /// Returns a single map that contains all tools. Each key is the

codex-rs/core/src/message_history.rs

@@ -16,14 +16,8 @@
 
 use std::fs::File;
 use std::fs::OpenOptions;
-use std::io::BufRead;
-use std::io::BufReader;
-use std::io::Read;
 use std::io::Result;
-use std::io::Seek;
-use std::io::SeekFrom;
 use std::io::Write;
-use std::path::Path;
 use std::path::PathBuf;
 
 use serde::Deserialize;
@@ -45,13 +39,10 @@ use std::os::unix::fs::PermissionsExt;
 /// Filename that stores the message history inside `~/.codex`.
 const HISTORY_FILENAME: &str = "history.jsonl";
 
-/// When history exceeds the hard cap, trim it down to this fraction of `max_bytes`.
-const HISTORY_SOFT_CAP_RATIO: f64 = 0.8;
-
 const MAX_RETRIES: usize = 10;
 const RETRY_SLEEP: Duration = Duration::from_millis(100);
 
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq)]
+#[derive(Serialize, Deserialize, Debug, Clone)]
 pub struct HistoryEntry {
     pub session_id: String,
     pub ts: u64,
@@ -106,12 +97,11 @@ pub(crate) async fn append_entry(
         .map_err(|e| std::io::Error::other(format!("failed to serialise history entry: {e}")))?;
     line.push('\n');
 
-    // Open the history file for read/write access (append-only on Unix).
+    // Open in append-only mode.
     let mut options = OpenOptions::new();
-    options.read(true).write(true).create(true);
+    options.append(true).read(true).create(true);
     #[cfg(unix)]
     {
-        options.append(true);
         options.mode(0o600);
     }
 
@@ -120,8 +110,6 @@ pub(crate) async fn append_entry(
     // Ensure permissions.
     ensure_owner_only_permissions(&history_file).await?;
 
-    let history_max_bytes = config.history.max_bytes;
-
     // Perform a blocking write under an advisory write lock using std::fs.
     tokio::task::spawn_blocking(move || -> Result<()> {
         // Retry a few times to avoid indefinite blocking when contended.
@@ -129,12 +117,8 @@ pub(crate) async fn append_entry(
             match history_file.try_lock() {
                 Ok(()) => {
                     // While holding the exclusive lock, write the full line.
-                    // We do not open the file with `append(true)` on Windows, so ensure the
-                    // cursor is positioned at the end before writing.
-                    history_file.seek(SeekFrom::End(0))?;
                     history_file.write_all(line.as_bytes())?;
                     history_file.flush()?;
-                    enforce_history_limit(&mut history_file, history_max_bytes)?;
                     return Ok(());
                 }
                 Err(std::fs::TryLockError::WouldBlock) => {
@@ -154,144 +138,27 @@ pub(crate) async fn append_entry(
     Ok(())
 }
 
-/// Trim the history file to honor `max_bytes`, dropping the oldest lines while holding
-/// the write lock so the newest entry is always retained. When the file exceeds the
-/// hard cap, it rewrites the remaining tail to a soft cap to avoid trimming again
-/// immediately on the next write.
-fn enforce_history_limit(file: &mut File, max_bytes: Option<usize>) -> Result<()> {
-    let Some(max_bytes) = max_bytes else {
-        return Ok(());
-    };
-
-    if max_bytes == 0 {
-        return Ok(());
-    }
-
-    let max_bytes = match u64::try_from(max_bytes) {
-        Ok(value) => value,
-        Err(_) => return Ok(()),
-    };
-
-    let mut current_len = file.metadata()?.len();
-
-    if current_len <= max_bytes {
-        return Ok(());
-    }
-
-    let mut reader_file = file.try_clone()?;
-    reader_file.seek(SeekFrom::Start(0))?;
-
-    let mut buf_reader = BufReader::new(reader_file);
-    let mut line_lengths = Vec::new();
-    let mut line_buf = String::new();
-
-    loop {
-        line_buf.clear();
-
-        let bytes = buf_reader.read_line(&mut line_buf)?;
-
-        if bytes == 0 {
-            break;
-        }
-
-        line_lengths.push(bytes as u64);
-    }
-
-    if line_lengths.is_empty() {
-        return Ok(());
-    }
-
-    let last_index = line_lengths.len() - 1;
-    let trim_target = trim_target_bytes(max_bytes, line_lengths[last_index]);
-
-    let mut drop_bytes = 0u64;
-    let mut idx = 0usize;
-
-    while current_len > trim_target && idx < last_index {
-        current_len = current_len.saturating_sub(line_lengths[idx]);
-        drop_bytes += line_lengths[idx];
-        idx += 1;
-    }
-
-    if drop_bytes == 0 {
-        return Ok(());
-    }
-
-    let mut reader = buf_reader.into_inner();
-    reader.seek(SeekFrom::Start(drop_bytes))?;
-
-    let capacity = usize::try_from(current_len).unwrap_or(0);
-    let mut tail = Vec::with_capacity(capacity);
-
-    reader.read_to_end(&mut tail)?;
-
-    file.set_len(0)?;
-    file.seek(SeekFrom::Start(0))?;
-    file.write_all(&tail)?;
-    file.flush()?;
-
-    Ok(())
-}
-
-fn trim_target_bytes(max_bytes: u64, newest_entry_len: u64) -> u64 {
-    let soft_cap_bytes = ((max_bytes as f64) * HISTORY_SOFT_CAP_RATIO)
-        .floor()
-        .clamp(1.0, max_bytes as f64) as u64;
-
-    soft_cap_bytes.max(newest_entry_len)
-}
-
 /// Asynchronously fetch the history file's *identifier* (inode on Unix) and
 /// the current number of entries by counting newline characters.
 pub(crate) async fn history_metadata(config: &Config) -> (u64, usize) {
     let path = history_filepath(config);
-    history_metadata_for_file(&path).await
-}
 
-/// Given a `log_id` (on Unix this is the file's inode number,
-/// on Windows this is the file's creation time) and a zero-based
-/// `offset`, return the corresponding `HistoryEntry` if the identifier matches
-/// the current history file **and** the requested offset exists. Any I/O or
-/// parsing errors are logged and result in `None`.
-///
-/// Note this function is not async because it uses a sync advisory file
-/// locking API.
-pub(crate) fn lookup(log_id: u64, offset: usize, config: &Config) -> Option<HistoryEntry> {
-    let path = history_filepath(config);
-    lookup_history_entry(&path, log_id, offset)
-}
-
-/// On Unix systems, ensure the file permissions are `0o600` (rw-------). If the
-/// permissions cannot be changed the error is propagated to the caller.
-#[cfg(unix)]
-async fn ensure_owner_only_permissions(file: &File) -> Result<()> {
-    let metadata = file.metadata()?;
-    let current_mode = metadata.permissions().mode() & 0o777;
-    if current_mode != 0o600 {
-        let mut perms = metadata.permissions();
-        perms.set_mode(0o600);
-        let perms_clone = perms.clone();
-        let file_clone = file.try_clone()?;
-        tokio::task::spawn_blocking(move || file_clone.set_permissions(perms_clone)).await??;
-    }
-    Ok(())
-}
-
-#[cfg(windows)]
-// On Windows, simply succeed.
-async fn ensure_owner_only_permissions(_file: &File) -> Result<()> {
-    Ok(())
-}
-
-async fn history_metadata_for_file(path: &Path) -> (u64, usize) {
-    let log_id = match fs::metadata(path).await {
-        Ok(metadata) => history_log_id(&metadata).unwrap_or(0),
-        Err(e) if e.kind() == std::io::ErrorKind::NotFound => return (0, 0),
-        Err(_) => return (0, 0),
+    #[cfg(unix)]
+    let log_id = {
+        use std::os::unix::fs::MetadataExt;
+        // Obtain metadata (async) to get the identifier.
+        let meta = match fs::metadata(&path).await {
+            Ok(m) => m,
+            Err(e) if e.kind() == std::io::ErrorKind::NotFound => return (0, 0),
+            Err(_) => return (0, 0),
+        };
+        meta.ino()
     };
+    #[cfg(not(unix))]
+    let log_id = 0u64;
 
     // Open the file.
-    let mut file = match fs::File::open(path).await {
+    let mut file = match fs::File::open(&path).await {
         Ok(f) => f,
         Err(_) => return (log_id, 0),
     };
@@ -312,11 +179,21 @@ async fn history_metadata_for_file(path: &Path) -> (u64, usize) {
     (log_id, count)
 }
 
-fn lookup_history_entry(path: &Path, log_id: u64, offset: usize) -> Option<HistoryEntry> {
+/// Given a `log_id` (on Unix this is the file's inode number) and a zero-based
+/// `offset`, return the corresponding `HistoryEntry` if the identifier matches
+/// the current history file **and** the requested offset exists. Any I/O or
+/// parsing errors are logged and result in `None`.
+///
+/// Note this function is not async because it uses a sync advisory file
+/// locking API.
+#[cfg(unix)]
+pub(crate) fn lookup(log_id: u64, offset: usize, config: &Config) -> Option<HistoryEntry> {
     use std::io::BufRead;
     use std::io::BufReader;
+    use std::os::unix::fs::MetadataExt;
 
-    let file: File = match OpenOptions::new().read(true).open(path) {
+    let path = history_filepath(config);
+    let file: File = match OpenOptions::new().read(true).open(&path) {
         Ok(f) => f,
         Err(e) => {
             tracing::warn!(error = %e, "failed to open history file");
@@ -332,9 +209,7 @@ fn lookup_history_entry(path: &Path, log_id: u64, offset: usize) -> Option<Histo
         }
     };
 
-    let current_log_id = history_log_id(&metadata)?;
-
-    if log_id != 0 && current_log_id != log_id {
+    if metadata.ino() != log_id {
         return None;
     }
 
@@ -381,238 +256,31 @@ fn lookup_history_entry(path: &Path, log_id: u64, offset: usize) -> Option<Histo
     None
 }
 
-#[cfg(unix)]
-fn history_log_id(metadata: &std::fs::Metadata) -> Option<u64> {
-    use std::os::unix::fs::MetadataExt;
-    Some(metadata.ino())
-}
-
-#[cfg(windows)]
-fn history_log_id(metadata: &std::fs::Metadata) -> Option<u64> {
-    use std::os::windows::fs::MetadataExt;
-    Some(metadata.creation_time())
-}
-
-#[cfg(not(any(unix, windows)))]
-fn history_log_id(_metadata: &std::fs::Metadata) -> Option<u64> {
+/// Fallback stub for non-Unix systems: currently always returns `None`.
+#[cfg(not(unix))]
+pub(crate) fn lookup(log_id: u64, offset: usize, config: &Config) -> Option<HistoryEntry> {
+    let _ = (log_id, offset, config);
     None
 }
 
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use crate::config::Config;
-    use crate::config::ConfigOverrides;
-    use crate::config::ConfigToml;
-    use codex_protocol::ConversationId;
-    use pretty_assertions::assert_eq;
-    use std::fs::File;
-    use std::io::Write;
-    use tempfile::TempDir;
-
-    #[tokio::test]
-    async fn lookup_reads_history_entries() {
-        let temp_dir = TempDir::new().expect("create temp dir");
-        let history_path = temp_dir.path().join(HISTORY_FILENAME);
-
-        let entries = vec![
-            HistoryEntry {
-                session_id: "first-session".to_string(),
-                ts: 1,
-                text: "first".to_string(),
-            },
-            HistoryEntry {
-                session_id: "second-session".to_string(),
-                ts: 2,
-                text: "second".to_string(),
-            },
-        ];
-
-        let mut file = File::create(&history_path).expect("create history file");
-        for entry in &entries {
-            writeln!(
-                file,
-                "{}",
-                serde_json::to_string(entry).expect("serialize history entry")
-            )
-            .expect("write history entry");
-        }
-
-        let (log_id, count) = history_metadata_for_file(&history_path).await;
-        assert_eq!(count, entries.len());
-
-        let second_entry =
-            lookup_history_entry(&history_path, log_id, 1).expect("fetch second history entry");
-        assert_eq!(second_entry, entries[1]);
-    }
-
-    #[tokio::test]
-    async fn lookup_uses_stable_log_id_after_appends() {
-        let temp_dir = TempDir::new().expect("create temp dir");
-        let history_path = temp_dir.path().join(HISTORY_FILENAME);
-
-        let initial = HistoryEntry {
-            session_id: "first-session".to_string(),
-            ts: 1,
-            text: "first".to_string(),
-        };
-        let appended = HistoryEntry {
-            session_id: "second-session".to_string(),
-            ts: 2,
-            text: "second".to_string(),
-        };
-
-        let mut file = File::create(&history_path).expect("create history file");
-        writeln!(
-            file,
-            "{}",
-            serde_json::to_string(&initial).expect("serialize initial entry")
-        )
-        .expect("write initial entry");
-
-        let (log_id, count) = history_metadata_for_file(&history_path).await;
-        assert_eq!(count, 1);
-
-        let mut append = std::fs::OpenOptions::new()
-            .append(true)
-            .open(&history_path)
-            .expect("open history file for append");
-        writeln!(
-            append,
-            "{}",
-            serde_json::to_string(&appended).expect("serialize appended entry")
-        )
-        .expect("append history entry");
-
-        let fetched =
-            lookup_history_entry(&history_path, log_id, 1).expect("lookup appended history entry");
-        assert_eq!(fetched, appended);
-    }
-
-    #[tokio::test]
-    async fn append_entry_trims_history_when_beyond_max_bytes() {
-        let codex_home = TempDir::new().expect("create temp dir");
-
-        let mut config = Config::load_from_base_config_with_overrides(
-            ConfigToml::default(),
-            ConfigOverrides::default(),
-            codex_home.path().to_path_buf(),
-        )
-        .expect("load config");
-
-        let conversation_id = ConversationId::new();
-
-        let entry_one = "a".repeat(200);
-        let entry_two = "b".repeat(200);
-
-        let history_path = codex_home.path().join("history.jsonl");
-
-        append_entry(&entry_one, &conversation_id, &config)
-            .await
-            .expect("write first entry");
-
-        let first_len = std::fs::metadata(&history_path).expect("metadata").len();
-        let limit_bytes = first_len + 10;
-
-        config.history.max_bytes =
-            Some(usize::try_from(limit_bytes).expect("limit should fit into usize"));
-
-        append_entry(&entry_two, &conversation_id, &config)
-            .await
-            .expect("write second entry");
-
-        let contents = std::fs::read_to_string(&history_path).expect("read history");
-
-        let entries = contents
-            .lines()
-            .map(|line| serde_json::from_str::<HistoryEntry>(line).expect("parse entry"))
-            .collect::<Vec<HistoryEntry>>();
-
-        assert_eq!(
-            entries.len(),
-            1,
-            "only one entry left because entry_one should be evicted"
-        );
-        assert_eq!(entries[0].text, entry_two);
-        assert!(std::fs::metadata(&history_path).expect("metadata").len() <= limit_bytes);
-    }
-
-    #[tokio::test]
-    async fn append_entry_trims_history_to_soft_cap() {
-        let codex_home = TempDir::new().expect("create temp dir");
-
-        let mut config = Config::load_from_base_config_with_overrides(
-            ConfigToml::default(),
-            ConfigOverrides::default(),
-            codex_home.path().to_path_buf(),
-        )
-        .expect("load config");
-
-        let conversation_id = ConversationId::new();
-
-        let short_entry = "a".repeat(200);
-        let long_entry = "b".repeat(400);
-
-        let history_path = codex_home.path().join("history.jsonl");
-
-        append_entry(&short_entry, &conversation_id, &config)
-            .await
-            .expect("write first entry");
-
-        let short_entry_len = std::fs::metadata(&history_path).expect("metadata").len();
-
-        append_entry(&long_entry, &conversation_id, &config)
-            .await
-            .expect("write second entry");
-
-        let two_entry_len = std::fs::metadata(&history_path).expect("metadata").len();
-
-        let long_entry_len = two_entry_len
-            .checked_sub(short_entry_len)
-            .expect("second entry length should be larger than first entry length");
-
-        config.history.max_bytes = Some(
-            usize::try_from((2 * long_entry_len) + (short_entry_len / 2))
-                .expect("max bytes should fit into usize"),
-        );
-
-        append_entry(&long_entry, &conversation_id, &config)
-            .await
-            .expect("write third entry");
-
-        let contents = std::fs::read_to_string(&history_path).expect("read history");
-
-        let entries = contents
-            .lines()
-            .map(|line| serde_json::from_str::<HistoryEntry>(line).expect("parse entry"))
-            .collect::<Vec<HistoryEntry>>();
-
-        assert_eq!(entries.len(), 1);
-        assert_eq!(entries[0].text, long_entry);
-
-        let pruned_len = std::fs::metadata(&history_path).expect("metadata").len() as u64;
-        let max_bytes = config
-            .history
-            .max_bytes
-            .expect("max bytes should be configured") as u64;
-
-        assert!(pruned_len <= max_bytes);
-
-        let soft_cap_bytes = ((max_bytes as f64) * HISTORY_SOFT_CAP_RATIO)
-            .floor()
-            .clamp(1.0, max_bytes as f64) as u64;
-        let len_without_first = 2 * long_entry_len;
-
-        assert!(
-            len_without_first <= max_bytes,
-            "dropping only the first entry would satisfy the hard cap"
-        );
-        assert!(
-            len_without_first > soft_cap_bytes,
-            "soft cap should require more aggressive trimming than the hard cap"
-        );
-
-        assert_eq!(pruned_len, long_entry_len);
-        assert!(pruned_len <= soft_cap_bytes.max(long_entry_len));
+/// On Unix systems ensure the file permissions are `0o600` (rw-------). If the
+/// permissions cannot be changed the error is propagated to the caller.
+#[cfg(unix)]
+async fn ensure_owner_only_permissions(file: &File) -> Result<()> {
+    let metadata = file.metadata()?;
+    let current_mode = metadata.permissions().mode() & 0o777;
+    if current_mode != 0o600 {
+        let mut perms = metadata.permissions();
+        perms.set_mode(0o600);
+        let perms_clone = perms.clone();
+        let file_clone = file.try_clone()?;
+        tokio::task::spawn_blocking(move || file_clone.set_permissions(perms_clone)).await??;
     }
+    Ok(())
+}
+
+#[cfg(not(unix))]
+async fn ensure_owner_only_permissions(_file: &File) -> Result<()> {
+    // For now, on non-Unix, simply succeed.
+    Ok(())
 }

codex-rs/core/src/openai_model_info.rs

@@ -76,8 +76,6 @@ pub(crate) fn get_model_info(model_family: &ModelFamily) -> Option<ModelInfo> {
 
         _ if slug.starts_with("codex-") => Some(ModelInfo::new(CONTEXT_WINDOW_272K)),
 
-        _ if slug.starts_with("exp-") => Some(ModelInfo::new(CONTEXT_WINDOW_272K)),
-
         _ => None,
     }
 }

codex-rs/core/src/project_doc.rs

@@ -14,9 +14,6 @@
 //! 3.  We do **not** walk past the Git root.
 
 use crate::config::Config;
-use crate::features::Feature;
-use crate::skills::load_skills;
-use crate::skills::render_skills_section;
 use dunce::canonicalize as normalize_path;
 use std::path::PathBuf;
 use tokio::io::AsyncReadExt;
@@ -34,47 +31,18 @@ const PROJECT_DOC_SEPARATOR: &str = "\n\n--- project-doc ---\n\n";
 /// Combines `Config::instructions` and `AGENTS.md` (if present) into a single
 /// string of instructions.
 pub(crate) async fn get_user_instructions(config: &Config) -> Option<String> {
-    let skills_section = if config.features.enabled(Feature::Skills) {
-        let skills_outcome = load_skills(config);
-        for err in &skills_outcome.errors {
-            error!(
-                "failed to load skill {}: {}",
-                err.path.display(),
-                err.message
-            );
-        }
-        render_skills_section(&skills_outcome.skills)
-    } else {
-        None
-    };
-
-    let project_docs = match read_project_docs(config).await {
-        Ok(docs) => docs,
+    match read_project_docs(config).await {
+        Ok(Some(project_doc)) => match &config.user_instructions {
+            Some(original_instructions) => Some(format!(
+                "{original_instructions}{PROJECT_DOC_SEPARATOR}{project_doc}"
+            )),
+            None => Some(project_doc),
+        },
+        Ok(None) => config.user_instructions.clone(),
         Err(e) => {
             error!("error trying to find project doc: {e:#}");
-            return config.user_instructions.clone();
+            config.user_instructions.clone()
         }
-    };
-
-    let combined_project_docs = merge_project_docs_with_skills(project_docs, skills_section);
-
-    let mut parts: Vec<String> = Vec::new();
-
-    if let Some(instructions) = config.user_instructions.clone() {
-        parts.push(instructions);
-    }
-
-    if let Some(project_doc) = combined_project_docs {
-        if !parts.is_empty() {
-            parts.push(PROJECT_DOC_SEPARATOR.to_string());
-        }
-        parts.push(project_doc);
-    }
-
-    if parts.is_empty() {
-        None
-    } else {
-        Some(parts.concat())
     }
 }
 
@@ -227,25 +195,12 @@ fn candidate_filenames<'a>(config: &'a Config) -> Vec<&'a str> {
     names
 }
 
-fn merge_project_docs_with_skills(
-    project_doc: Option<String>,
-    skills_section: Option<String>,
-) -> Option<String> {
-    match (project_doc, skills_section) {
-        (Some(doc), Some(skills)) => Some(format!("{doc}\n\n{skills}")),
-        (Some(doc), None) => Some(doc),
-        (None, Some(skills)) => Some(skills),
-        (None, None) => None,
-    }
-}
-
 #[cfg(test)]
 mod tests {
     use super::*;
     use crate::config::ConfigOverrides;
     use crate::config::ConfigToml;
     use std::fs;
-    use std::path::PathBuf;
     use tempfile::TempDir;
 
     /// Helper that returns a `Config` pointing at `root` and using `limit` as
@@ -264,7 +219,6 @@ mod tests {
 
         config.cwd = root.path().to_path_buf();
         config.project_doc_max_bytes = limit;
-        config.features.enable(Feature::Skills);
 
         config.user_instructions = instructions.map(ToOwned::to_owned);
         config
@@ -493,58 +447,4 @@ mod tests {
                 .eq(DEFAULT_PROJECT_DOC_FILENAME)
         );
     }
-
-    #[tokio::test]
-    async fn skills_are_appended_to_project_doc() {
-        let tmp = tempfile::tempdir().expect("tempdir");
-        fs::write(tmp.path().join("AGENTS.md"), "base doc").unwrap();
-
-        let cfg = make_config(&tmp, 4096, None);
-        create_skill(
-            cfg.codex_home.clone(),
-            "pdf-processing",
-            "extract from pdfs",
-        );
-
-        let res = get_user_instructions(&cfg)
-            .await
-            .expect("instructions expected");
-        let expected_path = dunce::canonicalize(
-            cfg.codex_home
-                .join("skills/pdf-processing/SKILL.md")
-                .as_path(),
-        )
-        .unwrap_or_else(|_| cfg.codex_home.join("skills/pdf-processing/SKILL.md"));
-        let expected_path_str = expected_path.to_string_lossy().replace('\\', "/");
-        let expected = format!(
-            "base doc\n\n## Skills\nThese skills are discovered at startup from ~/.codex/skills; each entry shows name, description, and file path so you can open the source for full instructions. Content is not inlined to keep context lean.\n- pdf-processing: extract from pdfs (file: {expected_path_str})"
-        );
-        assert_eq!(res, expected);
-    }
-
-    #[tokio::test]
-    async fn skills_render_without_project_doc() {
-        let tmp = tempfile::tempdir().expect("tempdir");
-        let cfg = make_config(&tmp, 4096, None);
-        create_skill(cfg.codex_home.clone(), "linting", "run clippy");
-
-        let res = get_user_instructions(&cfg)
-            .await
-            .expect("instructions expected");
-        let expected_path =
-            dunce::canonicalize(cfg.codex_home.join("skills/linting/SKILL.md").as_path())
-                .unwrap_or_else(|_| cfg.codex_home.join("skills/linting/SKILL.md"));
-        let expected_path_str = expected_path.to_string_lossy().replace('\\', "/");
-        let expected = format!(
-            "## Skills\nThese skills are discovered at startup from ~/.codex/skills; each entry shows name, description, and file path so you can open the source for full instructions. Content is not inlined to keep context lean.\n- linting: run clippy (file: {expected_path_str})"
-        );
-        assert_eq!(res, expected);
-    }
-
-    fn create_skill(codex_home: PathBuf, name: &str, description: &str) {
-        let skill_dir = codex_home.join(format!("skills/{name}"));
-        fs::create_dir_all(&skill_dir).unwrap();
-        let content = format!("---\nname: {name}\ndescription: {description}\n---\n\n# Body\n");
-        fs::write(skill_dir.join("SKILL.md"), content).unwrap();
-    }
 }

codex-rs/core/src/review_format.rs

@@ -1,5 +1,4 @@
 use crate::protocol::ReviewFinding;
-use crate::protocol::ReviewOutputEvent;
 
 // Note: We keep this module UI-agnostic. It returns plain strings that
 // higher layers (e.g., TUI) may style as needed.
@@ -11,8 +10,6 @@ fn format_location(item: &ReviewFinding) -> String {
     format!("{path}:{start}-{end}")
 }
 
-const REVIEW_FALLBACK_MESSAGE: &str = "Reviewer failed to output a response.";
-
 /// Format a full review findings block as plain text lines.
 ///
 /// - When `selection` is `Some`, each item line includes a checkbox marker:
@@ -56,27 +53,3 @@ pub fn format_review_findings_block(
 
     lines.join("\n")
 }
-
-/// Render a human-readable review summary suitable for a user-facing message.
-///
-/// Returns either the explanation, the formatted findings block, or both
-/// separated by a blank line. If neither is present, emits a fallback message.
-pub fn render_review_output_text(output: &ReviewOutputEvent) -> String {
-    let mut sections = Vec::new();
-    let explanation = output.overall_explanation.trim();
-    if !explanation.is_empty() {
-        sections.push(explanation.to_string());
-    }
-    if !output.findings.is_empty() {
-        let findings = format_review_findings_block(&output.findings, None);
-        let trimmed = findings.trim();
-        if !trimmed.is_empty() {
-            sections.push(trimmed.to_string());
-        }
-    }
-    if sections.is_empty() {
-        REVIEW_FALLBACK_MESSAGE.to_string()
-    } else {
-        sections.join("\n\n")
-    }
-}

codex-rs/core/src/review_prompts.rs

@@ -1,93 +0,0 @@
-use codex_git::merge_base_with_head;
-use codex_protocol::protocol::ReviewRequest;
-use codex_protocol::protocol::ReviewTarget;
-use std::path::Path;
-
-#[derive(Clone, Debug, PartialEq)]
-pub struct ResolvedReviewRequest {
-    pub target: ReviewTarget,
-    pub prompt: String,
-    pub user_facing_hint: String,
-}
-
-const UNCOMMITTED_PROMPT: &str = "Review the current code changes (staged, unstaged, and untracked files) and provide prioritized findings.";
-
-const BASE_BRANCH_PROMPT_BACKUP: &str = "Review the code changes against the base branch '{branch}'. Start by finding the merge diff between the current branch and {branch}'s upstream e.g. (`git merge-base HEAD \"$(git rev-parse --abbrev-ref \"{branch}@{upstream}\")\"`), then run `git diff` against that SHA to see what changes we would merge into the {branch} branch. Provide prioritized, actionable findings.";
-const BASE_BRANCH_PROMPT: &str = "Review the code changes against the base branch '{baseBranch}'. The merge base commit for this comparison is {mergeBaseSha}. Run `git diff {mergeBaseSha}` to inspect the changes relative to {baseBranch}. Provide prioritized, actionable findings.";
-
-const COMMIT_PROMPT_WITH_TITLE: &str = "Review the code changes introduced by commit {sha} (\"{title}\"). Provide prioritized, actionable findings.";
-const COMMIT_PROMPT: &str =
-    "Review the code changes introduced by commit {sha}. Provide prioritized, actionable findings.";
-
-pub fn resolve_review_request(
-    request: ReviewRequest,
-    cwd: &Path,
-) -> anyhow::Result<ResolvedReviewRequest> {
-    let target = request.target;
-    let prompt = review_prompt(&target, cwd)?;
-    let user_facing_hint = request
-        .user_facing_hint
-        .unwrap_or_else(|| user_facing_hint(&target));
-
-    Ok(ResolvedReviewRequest {
-        target,
-        prompt,
-        user_facing_hint,
-    })
-}
-
-pub fn review_prompt(target: &ReviewTarget, cwd: &Path) -> anyhow::Result<String> {
-    match target {
-        ReviewTarget::UncommittedChanges => Ok(UNCOMMITTED_PROMPT.to_string()),
-        ReviewTarget::BaseBranch { branch } => {
-            if let Some(commit) = merge_base_with_head(cwd, branch)? {
-                Ok(BASE_BRANCH_PROMPT
-                    .replace("{baseBranch}", branch)
-                    .replace("{mergeBaseSha}", &commit))
-            } else {
-                Ok(BASE_BRANCH_PROMPT_BACKUP.replace("{branch}", branch))
-            }
-        }
-        ReviewTarget::Commit { sha, title } => {
-            if let Some(title) = title {
-                Ok(COMMIT_PROMPT_WITH_TITLE
-                    .replace("{sha}", sha)
-                    .replace("{title}", title))
-            } else {
-                Ok(COMMIT_PROMPT.replace("{sha}", sha))
-            }
-        }
-        ReviewTarget::Custom { instructions } => {
-            let prompt = instructions.trim();
-            if prompt.is_empty() {
-                anyhow::bail!("Review prompt cannot be empty");
-            }
-            Ok(prompt.to_string())
-        }
-    }
-}
-
-pub fn user_facing_hint(target: &ReviewTarget) -> String {
-    match target {
-        ReviewTarget::UncommittedChanges => "current changes".to_string(),
-        ReviewTarget::BaseBranch { branch } => format!("changes against '{branch}'"),
-        ReviewTarget::Commit { sha, title } => {
-            let short_sha: String = sha.chars().take(7).collect();
-            if let Some(title) = title {
-                format!("commit {short_sha}: {title}")
-            } else {
-                format!("commit {short_sha}")
-            }
-        }
-        ReviewTarget::Custom { instructions } => instructions.trim().to_string(),
-    }
-}
-
-impl From<ResolvedReviewRequest> for ReviewRequest {
-    fn from(resolved: ResolvedReviewRequest) -> Self {
-        ReviewRequest {
-            target: resolved.target,
-            user_facing_hint: Some(resolved.user_facing_hint),
-        }
-    }
-}

codex-rs/core/src/rollout/error.rs

@@ -1,49 +0,0 @@
-use std::io::ErrorKind;
-use std::path::Path;
-
-use crate::error::CodexErr;
-use crate::rollout::SESSIONS_SUBDIR;
-
-pub(crate) fn map_session_init_error(err: &anyhow::Error, codex_home: &Path) -> CodexErr {
-    if let Some(mapped) = err
-        .chain()
-        .filter_map(|cause| cause.downcast_ref::<std::io::Error>())
-        .find_map(|io_err| map_rollout_io_error(io_err, codex_home))
-    {
-        return mapped;
-    }
-
-    CodexErr::Fatal(format!("Failed to initialize session: {err:#}"))
-}
-
-fn map_rollout_io_error(io_err: &std::io::Error, codex_home: &Path) -> Option<CodexErr> {
-    let sessions_dir = codex_home.join(SESSIONS_SUBDIR);
-    let hint = match io_err.kind() {
-        ErrorKind::PermissionDenied => format!(
-            "Codex cannot access session files at {} (permission denied). If sessions were created using sudo, fix ownership: sudo chown -R $(whoami) {}",
-            sessions_dir.display(),
-            codex_home.display()
-        ),
-        ErrorKind::NotFound => format!(
-            "Session storage missing at {}. Create the directory or choose a different Codex home.",
-            sessions_dir.display()
-        ),
-        ErrorKind::AlreadyExists => format!(
-            "Session storage path {} is blocked by an existing file. Remove or rename it so Codex can create sessions.",
-            sessions_dir.display()
-        ),
-        ErrorKind::InvalidData | ErrorKind::InvalidInput => format!(
-            "Session data under {} looks corrupt or unreadable. Clearing the sessions directory may help (this will remove saved conversations).",
-            sessions_dir.display()
-        ),
-        ErrorKind::IsADirectory | ErrorKind::NotADirectory => format!(
-            "Session storage path {} has an unexpected type. Ensure it is a directory Codex can use for session files.",
-            sessions_dir.display()
-        ),
-        _ => return None,
-    };
-
-    Some(CodexErr::Fatal(format!(
-        "{hint} (underlying error: {io_err})"
-    )))
-}

codex-rs/core/src/rollout/list.rs

@@ -9,7 +9,6 @@ use std::sync::atomic::AtomicBool;
 use time::OffsetDateTime;
 use time::PrimitiveDateTime;
 use time::format_description::FormatItem;
-use time::format_description::well_known::Rfc3339;
 use time::macros::format_description;
 use uuid::Uuid;
 
@@ -40,15 +39,18 @@ pub struct ConversationItem {
     pub path: PathBuf,
     /// First up to `HEAD_RECORD_LIMIT` JSONL records parsed as JSON (includes meta line).
     pub head: Vec<serde_json::Value>,
+    /// Last up to `TAIL_RECORD_LIMIT` JSONL response records parsed as JSON.
+    pub tail: Vec<serde_json::Value>,
     /// RFC3339 timestamp string for when the session was created, if available.
     pub created_at: Option<String>,
-    /// RFC3339 timestamp string for the most recent update (from file mtime).
+    /// RFC3339 timestamp string for the most recent response in the tail, if available.
     pub updated_at: Option<String>,
 }
 
 #[derive(Default)]
 struct HeadTailSummary {
     head: Vec<serde_json::Value>,
+    tail: Vec<serde_json::Value>,
     saw_session_meta: bool,
     saw_user_event: bool,
     source: Option<SessionSource>,
@@ -60,6 +62,7 @@ struct HeadTailSummary {
 /// Hard cap to bound worst‑case work per request.
 const MAX_SCAN_FILES: usize = 10000;
 const HEAD_RECORD_LIMIT: usize = 10;
+const TAIL_RECORD_LIMIT: usize = 10;
 
 /// Pagination cursor identifying a file by timestamp and UUID.
 #[derive(Debug, Clone, PartialEq, Eq)]
@@ -138,6 +141,13 @@ pub(crate) async fn get_conversations(
     Ok(result)
 }
 
+/// Load the full contents of a single conversation session file at `path`.
+/// Returns the entire file contents as a String.
+#[allow(dead_code)]
+pub(crate) async fn get_conversation(path: &Path) -> io::Result<String> {
+    tokio::fs::read_to_string(path).await
+}
+
 /// Load conversation file paths from disk using directory traversal.
 ///
 /// Directory layout: `~/.codex/sessions/YYYY/MM/DD/rollout-YYYY-MM-DDThh-mm-ss-<uuid>.jsonl`
@@ -202,8 +212,9 @@ async fn traverse_directories_for_paths(
                         more_matches_available = true;
                         break 'outer;
                     }
-                    // Read head and detect message events; stop once meta + user are found.
-                    let summary = read_head_summary(&path, HEAD_RECORD_LIMIT)
+                    // Read head and simultaneously detect message events within the same
+                    // first N JSONL records to avoid a second file read.
+                    let summary = read_head_and_tail(&path, HEAD_RECORD_LIMIT, TAIL_RECORD_LIMIT)
                         .await
                         .unwrap_or_default();
                     if !allowed_sources.is_empty()
@@ -222,19 +233,16 @@ async fn traverse_directories_for_paths(
                     if summary.saw_session_meta && summary.saw_user_event {
                         let HeadTailSummary {
                             head,
+                            tail,
                             created_at,
                             mut updated_at,
                             ..
                         } = summary;
-                        if updated_at.is_none() {
-                            updated_at = file_modified_rfc3339(&path)
-                                .await
-                                .unwrap_or(None)
-                                .or_else(|| created_at.clone());
-                        }
+                        updated_at = updated_at.or_else(|| created_at.clone());
                         items.push(ConversationItem {
                             path,
                             head,
+                            tail,
                             created_at,
                             updated_at,
                         });
@@ -376,7 +384,11 @@ impl<'a> ProviderMatcher<'a> {
     }
 }
 
-async fn read_head_summary(path: &Path, head_limit: usize) -> io::Result<HeadTailSummary> {
+async fn read_head_and_tail(
+    path: &Path,
+    head_limit: usize,
+    tail_limit: usize,
+) -> io::Result<HeadTailSummary> {
     use tokio::io::AsyncBufReadExt;
 
     let file = tokio::fs::File::open(path).await?;
@@ -429,30 +441,107 @@ async fn read_head_summary(path: &Path, head_limit: usize) -> io::Result<HeadTai
                 }
             }
         }
-
-        if summary.saw_session_meta && summary.saw_user_event {
-            break;
-        }
     }
 
+    if tail_limit != 0 {
+        let (tail, updated_at) = read_tail_records(path, tail_limit).await?;
+        summary.tail = tail;
+        summary.updated_at = updated_at;
+    }
     Ok(summary)
 }
 
 /// Read up to `HEAD_RECORD_LIMIT` records from the start of the rollout file at `path`.
 /// This should be enough to produce a summary including the session meta line.
 pub async fn read_head_for_summary(path: &Path) -> io::Result<Vec<serde_json::Value>> {
-    let summary = read_head_summary(path, HEAD_RECORD_LIMIT).await?;
+    let summary = read_head_and_tail(path, HEAD_RECORD_LIMIT, 0).await?;
     Ok(summary.head)
 }
 
-async fn file_modified_rfc3339(path: &Path) -> io::Result<Option<String>> {
-    let meta = tokio::fs::metadata(path).await?;
-    let modified = meta.modified().ok();
-    let Some(modified) = modified else {
-        return Ok(None);
-    };
-    let dt = OffsetDateTime::from(modified);
-    Ok(dt.format(&Rfc3339).ok())
+async fn read_tail_records(
+    path: &Path,
+    max_records: usize,
+) -> io::Result<(Vec<serde_json::Value>, Option<String>)> {
+    use std::io::SeekFrom;
+    use tokio::io::AsyncReadExt;
+    use tokio::io::AsyncSeekExt;
+
+    if max_records == 0 {
+        return Ok((Vec::new(), None));
+    }
+
+    const CHUNK_SIZE: usize = 8192;
+
+    let mut file = tokio::fs::File::open(path).await?;
+    let mut pos = file.seek(SeekFrom::End(0)).await?;
+    if pos == 0 {
+        return Ok((Vec::new(), None));
+    }
+
+    let mut buffer: Vec<u8> = Vec::new();
+    let mut latest_timestamp: Option<String> = None;
+
+    loop {
+        let slice_start = match (pos > 0, buffer.iter().position(|&b| b == b'\n')) {
+            (true, Some(idx)) => idx + 1,
+            _ => 0,
+        };
+        let (tail, newest_ts) = collect_last_response_values(&buffer[slice_start..], max_records);
+        if latest_timestamp.is_none() {
+            latest_timestamp = newest_ts.clone();
+        }
+        if tail.len() >= max_records || pos == 0 {
+            return Ok((tail, latest_timestamp.or(newest_ts)));
+        }
+
+        let read_size = CHUNK_SIZE.min(pos as usize);
+        if read_size == 0 {
+            return Ok((tail, latest_timestamp.or(newest_ts)));
+        }
+        pos -= read_size as u64;
+        file.seek(SeekFrom::Start(pos)).await?;
+        let mut chunk = vec![0; read_size];
+        file.read_exact(&mut chunk).await?;
+        chunk.extend_from_slice(&buffer);
+        buffer = chunk;
+    }
+}
+
+fn collect_last_response_values(
+    buffer: &[u8],
+    max_records: usize,
+) -> (Vec<serde_json::Value>, Option<String>) {
+    use std::borrow::Cow;
+
+    if buffer.is_empty() || max_records == 0 {
+        return (Vec::new(), None);
+    }
+
+    let text: Cow<'_, str> = String::from_utf8_lossy(buffer);
+    let mut collected_rev: Vec<serde_json::Value> = Vec::new();
+    let mut latest_timestamp: Option<String> = None;
+    for line in text.lines().rev() {
+        let trimmed = line.trim();
+        if trimmed.is_empty() {
+            continue;
+        }
+        let parsed: serde_json::Result<RolloutLine> = serde_json::from_str(trimmed);
+        let Ok(rollout_line) = parsed else { continue };
+        let RolloutLine { timestamp, item } = rollout_line;
+        if let RolloutItem::ResponseItem(item) = item
+            && let Ok(val) = serde_json::to_value(&item)
+        {
+            if latest_timestamp.is_none() {
+                latest_timestamp = Some(timestamp.clone());
+            }
+            collected_rev.push(val);
+            if collected_rev.len() == max_records {
+                break;
+            }
+        }
+    }
+    collected_rev.reverse();
+    (collected_rev, latest_timestamp)
 }
 
 /// Locate a recorded conversation rollout file by its UUID string using the existing

codex-rs/core/src/rollout/mod.rs

@@ -7,13 +7,11 @@ pub const ARCHIVED_SESSIONS_SUBDIR: &str = "archived_sessions";
 pub const INTERACTIVE_SESSION_SOURCES: &[SessionSource] =
     &[SessionSource::Cli, SessionSource::VSCode];
 
-pub(crate) mod error;
 pub mod list;
 pub(crate) mod policy;
 pub mod recorder;
 
 pub use codex_protocol::protocol::SessionMeta;
-pub(crate) use error::map_session_init_error;
 pub use list::find_conversation_path_by_id_str;
 pub use recorder::RolloutRecorder;
 pub use recorder::RolloutRecorderParams;

codex-rs/core/src/rollout/tests.rs

@@ -16,11 +16,13 @@ use crate::rollout::INTERACTIVE_SESSION_SOURCES;
 use crate::rollout::list::ConversationItem;
 use crate::rollout::list::ConversationsPage;
 use crate::rollout::list::Cursor;
+use crate::rollout::list::get_conversation;
 use crate::rollout::list::get_conversations;
 use anyhow::Result;
 use codex_protocol::ConversationId;
 use codex_protocol::models::ContentItem;
 use codex_protocol::models::ResponseItem;
+use codex_protocol::protocol::CompactedItem;
 use codex_protocol::protocol::EventMsg;
 use codex_protocol::protocol::RolloutItem;
 use codex_protocol::protocol::RolloutLine;
@@ -224,28 +226,28 @@ async fn test_list_conversations_latest_first() {
         "model_provider": "test-provider",
     })];
 
-    let updated_times: Vec<Option<String>> =
-        page.items.iter().map(|i| i.updated_at.clone()).collect();
-
     let expected = ConversationsPage {
         items: vec![
             ConversationItem {
                 path: p1,
                 head: head_3,
+                tail: Vec::new(),
                 created_at: Some("2025-01-03T12-00-00".into()),
-                updated_at: updated_times.first().cloned().flatten(),
+                updated_at: Some("2025-01-03T12-00-00".into()),
             },
             ConversationItem {
                 path: p2,
                 head: head_2,
+                tail: Vec::new(),
                 created_at: Some("2025-01-02T12-00-00".into()),
-                updated_at: updated_times.get(1).cloned().flatten(),
+                updated_at: Some("2025-01-02T12-00-00".into()),
             },
             ConversationItem {
                 path: p3,
                 head: head_1,
+                tail: Vec::new(),
                 created_at: Some("2025-01-01T12-00-00".into()),
-                updated_at: updated_times.get(2).cloned().flatten(),
+                updated_at: Some("2025-01-01T12-00-00".into()),
             },
         ],
         next_cursor: None,
@@ -353,8 +355,6 @@ async fn test_pagination_cursor() {
         "source": "vscode",
         "model_provider": "test-provider",
     })];
-    let updated_page1: Vec<Option<String>> =
-        page1.items.iter().map(|i| i.updated_at.clone()).collect();
     let expected_cursor1: Cursor =
         serde_json::from_str(&format!("\"2025-03-04T09-00-00|{u4}\"")).unwrap();
     let expected_page1 = ConversationsPage {
@@ -362,14 +362,16 @@ async fn test_pagination_cursor() {
             ConversationItem {
                 path: p5,
                 head: head_5,
+                tail: Vec::new(),
                 created_at: Some("2025-03-05T09-00-00".into()),
-                updated_at: updated_page1.first().cloned().flatten(),
+                updated_at: Some("2025-03-05T09-00-00".into()),
             },
             ConversationItem {
                 path: p4,
                 head: head_4,
+                tail: Vec::new(),
                 created_at: Some("2025-03-04T09-00-00".into()),
-                updated_at: updated_page1.get(1).cloned().flatten(),
+                updated_at: Some("2025-03-04T09-00-00".into()),
             },
         ],
         next_cursor: Some(expected_cursor1.clone()),
@@ -420,8 +422,6 @@ async fn test_pagination_cursor() {
         "source": "vscode",
         "model_provider": "test-provider",
     })];
-    let updated_page2: Vec<Option<String>> =
-        page2.items.iter().map(|i| i.updated_at.clone()).collect();
     let expected_cursor2: Cursor =
         serde_json::from_str(&format!("\"2025-03-02T09-00-00|{u2}\"")).unwrap();
     let expected_page2 = ConversationsPage {
@@ -429,14 +429,16 @@ async fn test_pagination_cursor() {
             ConversationItem {
                 path: p3,
                 head: head_3,
+                tail: Vec::new(),
                 created_at: Some("2025-03-03T09-00-00".into()),
-                updated_at: updated_page2.first().cloned().flatten(),
+                updated_at: Some("2025-03-03T09-00-00".into()),
             },
             ConversationItem {
                 path: p2,
                 head: head_2,
+                tail: Vec::new(),
                 created_at: Some("2025-03-02T09-00-00".into()),
-                updated_at: updated_page2.get(1).cloned().flatten(),
+                updated_at: Some("2025-03-02T09-00-00".into()),
             },
         ],
         next_cursor: Some(expected_cursor2.clone()),
@@ -471,14 +473,13 @@ async fn test_pagination_cursor() {
         "source": "vscode",
         "model_provider": "test-provider",
     })];
-    let updated_page3: Vec<Option<String>> =
-        page3.items.iter().map(|i| i.updated_at.clone()).collect();
     let expected_page3 = ConversationsPage {
         items: vec![ConversationItem {
             path: p1,
             head: head_1,
+            tail: Vec::new(),
             created_at: Some("2025-03-01T09-00-00".into()),
-            updated_at: updated_page3.first().cloned().flatten(),
+            updated_at: Some("2025-03-01T09-00-00".into()),
         }],
         next_cursor: None,
         num_scanned_files: 5, // scanned 05, 04 (anchor), 03, 02 (anchor), 01
@@ -509,7 +510,7 @@ async fn test_get_conversation_contents() {
     .unwrap();
     let path = &page.items[0].path;
 
-    let content = tokio::fs::read_to_string(path).await.unwrap();
+    let content = get_conversation(path).await.unwrap();
 
     // Page equality (single item)
     let expected_path = home
@@ -532,8 +533,9 @@ async fn test_get_conversation_contents() {
         items: vec![ConversationItem {
             path: expected_path,
             head: expected_head,
+            tail: Vec::new(),
             created_at: Some(ts.into()),
-            updated_at: page.items[0].updated_at.clone(),
+            updated_at: Some(ts.into()),
         }],
         next_cursor: None,
         num_scanned_files: 1,
@@ -568,7 +570,7 @@ async fn test_get_conversation_contents() {
 }
 
 #[tokio::test]
-async fn test_updated_at_uses_file_mtime() -> Result<()> {
+async fn test_tail_includes_last_response_items() -> Result<()> {
     let temp = TempDir::new().unwrap();
     let home = temp.path();
 
@@ -634,16 +636,229 @@ async fn test_updated_at_uses_file_mtime() -> Result<()> {
     )
     .await?;
     let item = page.items.first().expect("conversation item");
+    let tail_len = item.tail.len();
+    assert_eq!(tail_len, 10usize.min(total_messages));
+
+    let expected: Vec<serde_json::Value> = (total_messages - tail_len..total_messages)
+        .map(|idx| {
+            serde_json::json!({
+                "type": "message",
+                "role": "assistant",
+                "content": [
+                    {
+                        "type": "output_text",
+                        "text": format!("reply-{idx}"),
+                    }
+                ],
+            })
+        })
+        .collect();
+
+    assert_eq!(item.tail, expected);
     assert_eq!(item.created_at.as_deref(), Some(ts));
-    let updated = item
-        .updated_at
-        .as_deref()
-        .and_then(|s| chrono::DateTime::parse_from_rfc3339(s).ok())
-        .map(|dt| dt.with_timezone(&chrono::Utc))
-        .expect("updated_at set from file mtime");
-    let now = chrono::Utc::now();
-    let age = now - updated;
-    assert!(age.num_seconds().abs() < 30);
+    let expected_updated = format!("{ts}-{last:02}", last = total_messages - 1);
+    assert_eq!(item.updated_at.as_deref(), Some(expected_updated.as_str()));
+
+    Ok(())
+}
+
+#[tokio::test]
+async fn test_tail_handles_short_sessions() -> Result<()> {
+    let temp = TempDir::new().unwrap();
+    let home = temp.path();
+
+    let ts = "2025-06-02T08-30-00";
+    let uuid = Uuid::from_u128(7);
+    let day_dir = home.join("sessions").join("2025").join("06").join("02");
+    fs::create_dir_all(&day_dir)?;
+    let file_path = day_dir.join(format!("rollout-{ts}-{uuid}.jsonl"));
+    let mut file = File::create(&file_path)?;
+
+    let conversation_id = ConversationId::from_string(&uuid.to_string())?;
+    let meta_line = RolloutLine {
+        timestamp: ts.to_string(),
+        item: RolloutItem::SessionMeta(SessionMetaLine {
+            meta: SessionMeta {
+                id: conversation_id,
+                timestamp: ts.to_string(),
+                instructions: None,
+                cwd: ".".into(),
+                originator: "test_originator".into(),
+                cli_version: "test_version".into(),
+                source: SessionSource::VSCode,
+                model_provider: Some("test-provider".into()),
+            },
+            git: None,
+        }),
+    };
+    writeln!(file, "{}", serde_json::to_string(&meta_line)?)?;
+
+    let user_event_line = RolloutLine {
+        timestamp: ts.to_string(),
+        item: RolloutItem::EventMsg(EventMsg::UserMessage(UserMessageEvent {
+            message: "hi".into(),
+            images: None,
+        })),
+    };
+    writeln!(file, "{}", serde_json::to_string(&user_event_line)?)?;
+
+    for idx in 0..3 {
+        let response_line = RolloutLine {
+            timestamp: format!("{ts}-{idx:02}"),
+            item: RolloutItem::ResponseItem(ResponseItem::Message {
+                id: None,
+                role: "assistant".into(),
+                content: vec![ContentItem::OutputText {
+                    text: format!("short-{idx}"),
+                }],
+            }),
+        };
+        writeln!(file, "{}", serde_json::to_string(&response_line)?)?;
+    }
+    drop(file);
+
+    let provider_filter = provider_vec(&[TEST_PROVIDER]);
+    let page = get_conversations(
+        home,
+        1,
+        None,
+        INTERACTIVE_SESSION_SOURCES,
+        Some(provider_filter.as_slice()),
+        TEST_PROVIDER,
+    )
+    .await?;
+    let tail = &page.items.first().expect("conversation item").tail;
+
+    assert_eq!(tail.len(), 3);
+
+    let expected: Vec<serde_json::Value> = (0..3)
+        .map(|idx| {
+            serde_json::json!({
+                "type": "message",
+                "role": "assistant",
+                "content": [
+                    {
+                        "type": "output_text",
+                        "text": format!("short-{idx}"),
+                    }
+                ],
+            })
+        })
+        .collect();
+
+    assert_eq!(tail, &expected);
+    let expected_updated = format!("{ts}-{last:02}", last = 2);
+    assert_eq!(
+        page.items[0].updated_at.as_deref(),
+        Some(expected_updated.as_str())
+    );
+
+    Ok(())
+}
+
+#[tokio::test]
+async fn test_tail_skips_trailing_non_responses() -> Result<()> {
+    let temp = TempDir::new().unwrap();
+    let home = temp.path();
+
+    let ts = "2025-06-03T10-00-00";
+    let uuid = Uuid::from_u128(11);
+    let day_dir = home.join("sessions").join("2025").join("06").join("03");
+    fs::create_dir_all(&day_dir)?;
+    let file_path = day_dir.join(format!("rollout-{ts}-{uuid}.jsonl"));
+    let mut file = File::create(&file_path)?;
+
+    let conversation_id = ConversationId::from_string(&uuid.to_string())?;
+    let meta_line = RolloutLine {
+        timestamp: ts.to_string(),
+        item: RolloutItem::SessionMeta(SessionMetaLine {
+            meta: SessionMeta {
+                id: conversation_id,
+                timestamp: ts.to_string(),
+                instructions: None,
+                cwd: ".".into(),
+                originator: "test_originator".into(),
+                cli_version: "test_version".into(),
+                source: SessionSource::VSCode,
+                model_provider: Some("test-provider".into()),
+            },
+            git: None,
+        }),
+    };
+    writeln!(file, "{}", serde_json::to_string(&meta_line)?)?;
+
+    let user_event_line = RolloutLine {
+        timestamp: ts.to_string(),
+        item: RolloutItem::EventMsg(EventMsg::UserMessage(UserMessageEvent {
+            message: "hello".into(),
+            images: None,
+        })),
+    };
+    writeln!(file, "{}", serde_json::to_string(&user_event_line)?)?;
+
+    for idx in 0..4 {
+        let response_line = RolloutLine {
+            timestamp: format!("{ts}-{idx:02}"),
+            item: RolloutItem::ResponseItem(ResponseItem::Message {
+                id: None,
+                role: "assistant".into(),
+                content: vec![ContentItem::OutputText {
+                    text: format!("response-{idx}"),
+                }],
+            }),
+        };
+        writeln!(file, "{}", serde_json::to_string(&response_line)?)?;
+    }
+
+    let compacted_line = RolloutLine {
+        timestamp: format!("{ts}-compacted"),
+        item: RolloutItem::Compacted(CompactedItem {
+            message: "compacted".into(),
+            replacement_history: None,
+        }),
+    };
+    writeln!(file, "{}", serde_json::to_string(&compacted_line)?)?;
+
+    let shutdown_event = RolloutLine {
+        timestamp: format!("{ts}-shutdown"),
+        item: RolloutItem::EventMsg(EventMsg::ShutdownComplete),
+    };
+    writeln!(file, "{}", serde_json::to_string(&shutdown_event)?)?;
+    drop(file);
+
+    let provider_filter = provider_vec(&[TEST_PROVIDER]);
+    let page = get_conversations(
+        home,
+        1,
+        None,
+        INTERACTIVE_SESSION_SOURCES,
+        Some(provider_filter.as_slice()),
+        TEST_PROVIDER,
+    )
+    .await?;
+    let tail = &page.items.first().expect("conversation item").tail;
+
+    let expected: Vec<serde_json::Value> = (0..4)
+        .map(|idx| {
+            serde_json::json!({
+                "type": "message",
+                "role": "assistant",
+                "content": [
+                    {
+                        "type": "output_text",
+                        "text": format!("response-{idx}"),
+                    }
+                ],
+            })
+        })
+        .collect();
+
+    assert_eq!(tail, &expected);
+    let expected_updated = format!("{ts}-{last:02}", last = 3);
+    assert_eq!(
+        page.items[0].updated_at.as_deref(),
+        Some(expected_updated.as_str())
+    );
 
     Ok(())
 }
@@ -698,22 +913,22 @@ async fn test_stable_ordering_same_second_pagination() {
             "model_provider": "test-provider",
         })]
     };
-    let updated_page1: Vec<Option<String>> =
-        page1.items.iter().map(|i| i.updated_at.clone()).collect();
     let expected_cursor1: Cursor = serde_json::from_str(&format!("\"{ts}|{u2}\"")).unwrap();
     let expected_page1 = ConversationsPage {
         items: vec![
             ConversationItem {
                 path: p3,
                 head: head(u3),
+                tail: Vec::new(),
                 created_at: Some(ts.to_string()),
-                updated_at: updated_page1.first().cloned().flatten(),
+                updated_at: Some(ts.to_string()),
             },
             ConversationItem {
                 path: p2,
                 head: head(u2),
+                tail: Vec::new(),
                 created_at: Some(ts.to_string()),
-                updated_at: updated_page1.get(1).cloned().flatten(),
+                updated_at: Some(ts.to_string()),
             },
         ],
         next_cursor: Some(expected_cursor1.clone()),
@@ -738,14 +953,13 @@ async fn test_stable_ordering_same_second_pagination() {
         .join("07")
         .join("01")
         .join(format!("rollout-2025-07-01T00-00-00-{u1}.jsonl"));
-    let updated_page2: Vec<Option<String>> =
-        page2.items.iter().map(|i| i.updated_at.clone()).collect();
     let expected_page2 = ConversationsPage {
         items: vec![ConversationItem {
             path: p1,
             head: head(u1),
+            tail: Vec::new(),
             created_at: Some(ts.to_string()),
-            updated_at: updated_page2.first().cloned().flatten(),
+            updated_at: Some(ts.to_string()),
         }],
         next_cursor: None,
         num_scanned_files: 3, // scanned u3, u2 (anchor), u1

codex-rs/core/src/safety.rs

@@ -6,7 +6,6 @@ use codex_apply_patch::ApplyPatchAction;
 use codex_apply_patch::ApplyPatchFileChange;
 
 use crate::exec::SandboxType;
-use crate::util::resolve_path;
 
 use crate::protocol::AskForApproval;
 use crate::protocol::SandboxPolicy;
@@ -151,7 +150,11 @@ fn is_write_patch_constrained_to_writable_paths(
     // and roots are converted to absolute, normalized forms before the
     // prefix check.
     let is_path_writable = |p: &PathBuf| {
-        let abs = resolve_path(cwd, p);
+        let abs = if p.is_absolute() {
+            p.clone()
+        } else {
+            cwd.join(p)
+        };
         let abs = match normalize(&abs) {
             Some(v) => v,
             None => return false,

codex-rs/core/src/sandboxing/assessment.rs

@@ -14,7 +14,6 @@ use crate::protocol::SandboxPolicy;
 use askama::Template;
 use codex_otel::otel_event_manager::OtelEventManager;
 use codex_protocol::ConversationId;
-use codex_protocol::config_types::ReasoningEffort as ReasoningEffortConfig;
 use codex_protocol::models::ContentItem;
 use codex_protocol::models::ResponseItem;
 use codex_protocol::protocol::SandboxCommandAssessment;
@@ -24,8 +23,7 @@ use serde_json::json;
 use tokio::time::timeout;
 use tracing::warn;
 
-const SANDBOX_ASSESSMENT_TIMEOUT: Duration = Duration::from_secs(15);
-const SANDBOX_ASSESSMENT_REASONING_EFFORT: ReasoningEffortConfig = ReasoningEffortConfig::Medium;
+const SANDBOX_ASSESSMENT_TIMEOUT: Duration = Duration::from_secs(5);
 
 #[derive(Template)]
 #[template(path = "sandboxing/assessment_prompt.md", escape = "none")]
@@ -132,7 +130,7 @@ pub(crate) async fn assess_command(
         Some(auth_manager),
         child_otel,
         provider,
-        Some(SANDBOX_ASSESSMENT_REASONING_EFFORT),
+        config.model_reasoning_effort,
         config.model_reasoning_summary,
         conversation_id,
         session_source,

codex-rs/core/src/skills/loader.rs

@@ -1,291 +0,0 @@
-use crate::config::Config;
-use crate::skills::model::SkillError;
-use crate::skills::model::SkillLoadOutcome;
-use crate::skills::model::SkillMetadata;
-use dunce::canonicalize as normalize_path;
-use serde::Deserialize;
-use std::collections::VecDeque;
-use std::error::Error;
-use std::fmt;
-use std::fs;
-use std::path::Path;
-use std::path::PathBuf;
-use tracing::error;
-
-#[derive(Debug, Deserialize)]
-struct SkillFrontmatter {
-    name: String,
-    description: String,
-}
-
-const SKILLS_FILENAME: &str = "SKILL.md";
-const SKILLS_DIR_NAME: &str = "skills";
-const MAX_NAME_LEN: usize = 100;
-const MAX_DESCRIPTION_LEN: usize = 500;
-
-#[derive(Debug)]
-enum SkillParseError {
-    Read(std::io::Error),
-    MissingFrontmatter,
-    InvalidYaml(serde_yaml::Error),
-    MissingField(&'static str),
-    InvalidField { field: &'static str, reason: String },
-}
-
-impl fmt::Display for SkillParseError {
-    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        match self {
-            SkillParseError::Read(e) => write!(f, "failed to read file: {e}"),
-            SkillParseError::MissingFrontmatter => {
-                write!(f, "missing YAML frontmatter delimited by ---")
-            }
-            SkillParseError::InvalidYaml(e) => write!(f, "invalid YAML: {e}"),
-            SkillParseError::MissingField(field) => write!(f, "missing field `{field}`"),
-            SkillParseError::InvalidField { field, reason } => {
-                write!(f, "invalid {field}: {reason}")
-            }
-        }
-    }
-}
-
-impl Error for SkillParseError {}
-
-pub fn load_skills(config: &Config) -> SkillLoadOutcome {
-    let mut outcome = SkillLoadOutcome::default();
-    let roots = skill_roots(config);
-    for root in roots {
-        discover_skills_under_root(&root, &mut outcome);
-    }
-
-    outcome
-        .skills
-        .sort_by(|a, b| a.name.cmp(&b.name).then_with(|| a.path.cmp(&b.path)));
-
-    outcome
-}
-
-fn skill_roots(config: &Config) -> Vec<PathBuf> {
-    vec![config.codex_home.join(SKILLS_DIR_NAME)]
-}
-
-fn discover_skills_under_root(root: &Path, outcome: &mut SkillLoadOutcome) {
-    let Ok(root) = normalize_path(root) else {
-        return;
-    };
-
-    if !root.is_dir() {
-        return;
-    }
-
-    let mut queue: VecDeque<PathBuf> = VecDeque::from([root]);
-    while let Some(dir) = queue.pop_front() {
-        let entries = match fs::read_dir(&dir) {
-            Ok(entries) => entries,
-            Err(e) => {
-                error!("failed to read skills dir {}: {e:#}", dir.display());
-                continue;
-            }
-        };
-
-        for entry in entries.flatten() {
-            let path = entry.path();
-            let file_name = match path.file_name().and_then(|f| f.to_str()) {
-                Some(name) => name,
-                None => continue,
-            };
-
-            if file_name.starts_with('.') {
-                continue;
-            }
-
-            let Ok(file_type) = entry.file_type() else {
-                continue;
-            };
-
-            if file_type.is_symlink() {
-                continue;
-            }
-
-            if file_type.is_dir() {
-                queue.push_back(path);
-                continue;
-            }
-
-            if file_type.is_file() && file_name == SKILLS_FILENAME {
-                match parse_skill_file(&path) {
-                    Ok(skill) => outcome.skills.push(skill),
-                    Err(err) => outcome.errors.push(SkillError {
-                        path,
-                        message: err.to_string(),
-                    }),
-                }
-            }
-        }
-    }
-}
-
-fn parse_skill_file(path: &Path) -> Result<SkillMetadata, SkillParseError> {
-    let contents = fs::read_to_string(path).map_err(SkillParseError::Read)?;
-
-    let frontmatter = extract_frontmatter(&contents).ok_or(SkillParseError::MissingFrontmatter)?;
-
-    let parsed: SkillFrontmatter =
-        serde_yaml::from_str(&frontmatter).map_err(SkillParseError::InvalidYaml)?;
-
-    let name = sanitize_single_line(&parsed.name);
-    let description = sanitize_single_line(&parsed.description);
-
-    validate_field(&name, MAX_NAME_LEN, "name")?;
-    validate_field(&description, MAX_DESCRIPTION_LEN, "description")?;
-
-    let resolved_path = normalize_path(path).unwrap_or_else(|_| path.to_path_buf());
-
-    Ok(SkillMetadata {
-        name,
-        description,
-        path: resolved_path,
-    })
-}
-
-fn sanitize_single_line(raw: &str) -> String {
-    raw.split_whitespace().collect::<Vec<_>>().join(" ")
-}
-
-fn validate_field(
-    value: &str,
-    max_len: usize,
-    field_name: &'static str,
-) -> Result<(), SkillParseError> {
-    if value.is_empty() {
-        return Err(SkillParseError::MissingField(field_name));
-    }
-    if value.len() > max_len {
-        return Err(SkillParseError::InvalidField {
-            field: field_name,
-            reason: format!("exceeds maximum length of {max_len} characters"),
-        });
-    }
-    Ok(())
-}
-
-fn extract_frontmatter(contents: &str) -> Option<String> {
-    let mut lines = contents.lines();
-    if !matches!(lines.next(), Some(line) if line.trim() == "---") {
-        return None;
-    }
-
-    let mut frontmatter_lines: Vec<&str> = Vec::new();
-    let mut found_closing = false;
-    for line in lines.by_ref() {
-        if line.trim() == "---" {
-            found_closing = true;
-            break;
-        }
-        frontmatter_lines.push(line);
-    }
-
-    if frontmatter_lines.is_empty() || !found_closing {
-        return None;
-    }
-
-    Some(frontmatter_lines.join("\n"))
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use crate::config::ConfigOverrides;
-    use crate::config::ConfigToml;
-    use tempfile::TempDir;
-
-    fn make_config(codex_home: &TempDir) -> Config {
-        let mut config = Config::load_from_base_config_with_overrides(
-            ConfigToml::default(),
-            ConfigOverrides::default(),
-            codex_home.path().to_path_buf(),
-        )
-        .expect("defaults for test should always succeed");
-
-        config.cwd = codex_home.path().to_path_buf();
-        config
-    }
-
-    fn write_skill(codex_home: &TempDir, dir: &str, name: &str, description: &str) -> PathBuf {
-        let skill_dir = codex_home.path().join(format!("skills/{dir}"));
-        fs::create_dir_all(&skill_dir).unwrap();
-        let indented_description = description.replace('\n', "\n  ");
-        let content = format!(
-            "---\nname: {name}\ndescription: |-\n  {indented_description}\n---\n\n# Body\n"
-        );
-        let path = skill_dir.join(SKILLS_FILENAME);
-        fs::write(&path, content).unwrap();
-        path
-    }
-
-    #[test]
-    fn loads_valid_skill() {
-        let codex_home = tempfile::tempdir().expect("tempdir");
-        write_skill(&codex_home, "demo", "demo-skill", "does things\ncarefully");
-        let cfg = make_config(&codex_home);
-
-        let outcome = load_skills(&cfg);
-        assert!(
-            outcome.errors.is_empty(),
-            "unexpected errors: {:?}",
-            outcome.errors
-        );
-        assert_eq!(outcome.skills.len(), 1);
-        let skill = &outcome.skills[0];
-        assert_eq!(skill.name, "demo-skill");
-        assert_eq!(skill.description, "does things carefully");
-        let path_str = skill.path.to_string_lossy().replace('\\', "/");
-        assert!(
-            path_str.ends_with("skills/demo/SKILL.md"),
-            "unexpected path {path_str}"
-        );
-    }
-
-    #[test]
-    fn skips_hidden_and_invalid() {
-        let codex_home = tempfile::tempdir().expect("tempdir");
-        let hidden_dir = codex_home.path().join("skills/.hidden");
-        fs::create_dir_all(&hidden_dir).unwrap();
-        fs::write(
-            hidden_dir.join(SKILLS_FILENAME),
-            "---\nname: hidden\ndescription: hidden\n---\n",
-        )
-        .unwrap();
-
-        // Invalid because missing closing frontmatter.
-        let invalid_dir = codex_home.path().join("skills/invalid");
-        fs::create_dir_all(&invalid_dir).unwrap();
-        fs::write(invalid_dir.join(SKILLS_FILENAME), "---\nname: bad").unwrap();
-
-        let cfg = make_config(&codex_home);
-        let outcome = load_skills(&cfg);
-        assert_eq!(outcome.skills.len(), 0);
-        assert_eq!(outcome.errors.len(), 1);
-        assert!(
-            outcome.errors[0]
-                .message
-                .contains("missing YAML frontmatter"),
-            "expected frontmatter error"
-        );
-    }
-
-    #[test]
-    fn enforces_length_limits() {
-        let codex_home = tempfile::tempdir().expect("tempdir");
-        let long_desc = "a".repeat(MAX_DESCRIPTION_LEN + 1);
-        write_skill(&codex_home, "too-long", "toolong", &long_desc);
-        let cfg = make_config(&codex_home);
-
-        let outcome = load_skills(&cfg);
-        assert_eq!(outcome.skills.len(), 0);
-        assert_eq!(outcome.errors.len(), 1);
-        assert!(
-            outcome.errors[0].message.contains("invalid description"),
-            "expected length error"
-        );
-    }
-}

codex-rs/core/src/skills/mod.rs

@@ -1,9 +0,0 @@
-pub mod loader;
-pub mod model;
-pub mod render;
-
-pub use loader::load_skills;
-pub use model::SkillError;
-pub use model::SkillLoadOutcome;
-pub use model::SkillMetadata;
-pub use render::render_skills_section;

codex-rs/core/src/skills/model.rs

@@ -1,20 +0,0 @@
-use std::path::PathBuf;
-
-#[derive(Debug, Clone, PartialEq, Eq)]
-pub struct SkillMetadata {
-    pub name: String,
-    pub description: String,
-    pub path: PathBuf,
-}
-
-#[derive(Debug, Clone, PartialEq, Eq)]
-pub struct SkillError {
-    pub path: PathBuf,
-    pub message: String,
-}
-
-#[derive(Debug, Clone, Default)]
-pub struct SkillLoadOutcome {
-    pub skills: Vec<SkillMetadata>,
-    pub errors: Vec<SkillError>,
-}

codex-rs/core/src/skills/render.rs

@@ -1,21 +0,0 @@
-use crate::skills::model::SkillMetadata;
-
-pub fn render_skills_section(skills: &[SkillMetadata]) -> Option<String> {
-    if skills.is_empty() {
-        return None;
-    }
-
-    let mut lines: Vec<String> = Vec::new();
-    lines.push("## Skills".to_string());
-    lines.push("These skills are discovered at startup from ~/.codex/skills; each entry shows name, description, and file path so you can open the source for full instructions. Content is not inlined to keep context lean.".to_string());
-
-    for skill in skills {
-        let path_str = skill.path.to_string_lossy().replace('\\', "/");
-        lines.push(format!(
-            "- {}: {} (file: {})",
-            skill.name, skill.description, path_str
-        ));
-    }
-
-    Some(lines.join("\n"))
-}

codex-rs/core/src/state/service.rs

@@ -3,6 +3,7 @@ use std::sync::Arc;
 use crate::AuthManager;
 use crate::RolloutRecorder;
 use crate::mcp_connection_manager::McpConnectionManager;
+use crate::status::ComponentHealth;
 use crate::tools::sandboxing::ApprovalStore;
 use crate::unified_exec::UnifiedExecSessionManager;
 use crate::user_notification::UserNotifier;
@@ -22,4 +23,5 @@ pub(crate) struct SessionServices {
     pub(crate) auth_manager: Arc<AuthManager>,
     pub(crate) otel_event_manager: OtelEventManager,
     pub(crate) tool_approvals: Mutex<ApprovalStore>,
+    pub(crate) codex_backend_status: Mutex<Option<ComponentHealth>>,
 }

codex-rs/core/src/state/session.rs

@@ -62,10 +62,7 @@ impl SessionState {
     }
 
     pub(crate) fn set_rate_limits(&mut self, snapshot: RateLimitSnapshot) {
-        self.latest_rate_limits = Some(merge_rate_limit_credits(
-            self.latest_rate_limits.as_ref(),
-            snapshot,
-        ));
+        self.latest_rate_limits = Some(snapshot);
     }
 
     pub(crate) fn token_info_and_rate_limits(
@@ -82,14 +79,3 @@ impl SessionState {
         self.history.get_total_token_usage()
     }
 }
-
-// Sometimes new snapshots don't include credits
-fn merge_rate_limit_credits(
-    previous: Option<&RateLimitSnapshot>,
-    mut snapshot: RateLimitSnapshot,
-) -> RateLimitSnapshot {
-    if snapshot.credits.is_none() {
-        snapshot.credits = previous.and_then(|prior| prior.credits.clone());
-    }
-    snapshot
-}

codex-rs/core/src/status.rs

@@ -0,0 +1,257 @@
+use std::sync::OnceLock;
+use std::time::Duration;
+
+use crate::codex::Session;
+use anyhow::Context;
+use anyhow::Result;
+use anyhow::anyhow;
+use anyhow::bail;
+use codex_client::HttpTransport;
+use codex_client::Request;
+use codex_client::ReqwestTransport;
+use codex_client::RetryOn;
+use codex_client::RetryPolicy;
+use codex_client::run_with_retry;
+use http::header::CONTENT_TYPE;
+use reqwest::Method;
+use serde::Deserialize;
+use serde::Serialize;
+use strum_macros::Display;
+
+const STATUS_WIDGET_URL: &str = "https://status.openai.com/proxy/status.openai.com";
+const CODEX_COMPONENT_NAME: &str = "Codex";
+
+static TEST_STATUS_WIDGET_URL: OnceLock<String> = OnceLock::new();
+
+#[derive(Debug, Clone, Display, Copy, PartialEq, Eq, Serialize, Deserialize)]
+#[serde(rename_all = "snake_case")]
+pub(crate) enum ComponentHealth {
+    #[strum(to_string = "operational")]
+    Operational,
+    #[strum(to_string = "degraded performance")]
+    DegradedPerformance,
+    #[strum(to_string = "partial outage")]
+    PartialOutage,
+    #[strum(to_string = "major outage")]
+    MajorOutage,
+    #[strum(to_string = "under maintenance")]
+    UnderMaintenance,
+    #[serde(other)]
+    #[strum(to_string = "unknown")]
+    Unknown,
+}
+
+impl ComponentHealth {
+    fn operational() -> Self {
+        Self::Operational
+    }
+
+    pub(crate) fn is_operational(self) -> bool {
+        self == Self::Operational
+    }
+}
+
+pub(crate) async fn maybe_codex_status_warning(session: &Session) -> Option<String> {
+    let Ok(status) = fetch_codex_health().await else {
+        return None;
+    };
+
+    let previous = session.replace_codex_backend_status(status).await;
+    if status.is_operational() || previous == Some(status) {
+        return None;
+    }
+
+    Some(format!(
+        "Codex is experiencing a {status}. If a response stalls, try again later. You can follow incident updates at status.openai.com."
+    ))
+}
+
+async fn fetch_codex_health() -> Result<ComponentHealth> {
+    let status_widget_url = status_widget_url();
+
+    let client = reqwest::Client::builder()
+        .connect_timeout(Duration::from_millis(200))
+        .timeout(Duration::from_millis(300))
+        .build()
+        .context("building HTTP client")?;
+
+    let transport = ReqwestTransport::new(client);
+    let policy = RetryPolicy {
+        max_attempts: 0,
+        base_delay: Duration::from_millis(100),
+        retry_on: RetryOn {
+            retry_429: true,
+            retry_5xx: true,
+            retry_transport: true,
+        },
+    };
+
+    let response = run_with_retry(
+        policy,
+        || Request::new(Method::GET, status_widget_url.clone()),
+        |req, _attempt| {
+            let transport = transport.clone();
+            async move { transport.execute(req).await }
+        },
+    )
+    .await
+    .context("requesting status widget")?;
+
+    let content_type = response
+        .headers
+        .get(CONTENT_TYPE)
+        .and_then(|value| value.to_str().ok())
+        .unwrap_or_default()
+        .to_ascii_lowercase();
+
+    if !content_type.contains("json") {
+        let snippet = String::from_utf8_lossy(&response.body)
+            .chars()
+            .take(200)
+            .collect::<String>();
+
+        bail!(
+            "Expected JSON from {status_widget_url}: Content-Type={content_type}. Body starts with: {snippet:?}"
+        );
+    }
+
+    let payload: StatusPayload =
+        serde_json::from_slice(&response.body).context("parsing status widget JSON")?;
+
+    derive_component_health(&payload, CODEX_COMPONENT_NAME)
+}
+
+#[derive(Debug, Clone, Deserialize, Default)]
+struct StatusPayload {
+    #[serde(default)]
+    summary: Summary,
+}
+
+#[derive(Debug, Clone, Deserialize, Default)]
+struct Summary {
+    #[serde(default)]
+    components: Vec<Component>,
+    #[serde(default)]
+    affected_components: Vec<AffectedComponent>,
+}
+
+#[derive(Debug, Clone, Deserialize)]
+struct Component {
+    id: String,
+    name: String,
+}
+
+#[derive(Debug, Clone, Deserialize)]
+struct AffectedComponent {
+    component_id: String,
+    #[serde(default = "ComponentHealth::operational")]
+    status: ComponentHealth,
+}
+
+fn derive_component_health(
+    payload: &StatusPayload,
+    component_name: &str,
+) -> Result<ComponentHealth> {
+    let component = payload
+        .summary
+        .components
+        .iter()
+        .find(|component| component.name == component_name)
+        .ok_or_else(|| anyhow!("Component {component_name:?} not found in status summary"))?;
+
+    let status = payload
+        .summary
+        .affected_components
+        .iter()
+        .find(|affected| affected.component_id == component.id)
+        .map(|affected| affected.status)
+        .unwrap_or(ComponentHealth::Operational);
+
+    Ok(status)
+}
+
+fn status_widget_url() -> String {
+    TEST_STATUS_WIDGET_URL
+        .get()
+        .cloned()
+        .unwrap_or_else(|| STATUS_WIDGET_URL.to_string())
+}
+
+#[doc(hidden)]
+#[cfg_attr(not(test), allow(dead_code))]
+pub fn set_test_status_widget_url(url: impl Into<String>) {
+    let _ = TEST_STATUS_WIDGET_URL.set(url.into());
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use pretty_assertions::assert_eq;
+    use serde_json::json;
+
+    #[test]
+    fn uses_affected_component_status() {
+        let payload = serde_json::from_value::<StatusPayload>(json!({
+            "summary": {
+                "id": "sum-1",
+                "name": "OpenAI",
+                "components": [
+                    {"id": "cmp-1", "name": "Codex", "status_page_id": "page-1"}
+                ],
+                "affected_components": [
+                    {"component_id": "cmp-1", "status": "major_outage"}
+                ]
+            }
+        }))
+        .expect("valid payload");
+
+        let status = derive_component_health(&payload, "Codex").expect("codex component exists");
+
+        assert_eq!(status, ComponentHealth::MajorOutage);
+        assert!(!status.is_operational());
+    }
+
+    #[test]
+    fn unknown_status_is_preserved_as_unknown() {
+        let payload = serde_json::from_value::<StatusPayload>(json!({
+            "summary": {
+                "id": "sum-1",
+                "name": "OpenAI",
+                "components": [
+                    {"id": "cmp-1", "name": "Codex", "status_page_id": "page-1"}
+                ],
+                "affected_components": [
+                    {"component_id": "cmp-1", "status": "custom_status"}
+                ]
+            }
+        }))
+        .expect("valid payload");
+
+        let status = derive_component_health(&payload, "Codex").expect("codex component exists");
+
+        assert_eq!(status, ComponentHealth::Unknown);
+        assert!(!status.is_operational());
+    }
+
+    #[test]
+    fn missing_component_returns_error() {
+        let payload = serde_json::from_value::<StatusPayload>(json!({
+            "summary": {
+                "id": "sum-1",
+                "name": "OpenAI",
+                "components": [],
+                "affected_components": []
+            }
+        }))
+        .expect("valid payload");
+
+        let error =
+            derive_component_health(&payload, "Codex").expect_err("missing component should error");
+
+        assert!(
+            error
+                .to_string()
+                .contains("Component \"Codex\" not found in status summary")
+        );
+    }
+}

codex-rs/core/src/tasks/review.rs

@@ -17,7 +17,6 @@ use crate::codex::Session;
 use crate::codex::TurnContext;
 use crate::codex_delegate::run_codex_conversation_one_shot;
 use crate::review_format::format_review_findings_block;
-use crate::review_format::render_review_output_text;
 use crate::state::TaskKind;
 use codex_protocol::user_input::UserInput;
 
@@ -25,11 +24,15 @@ use super::SessionTask;
 use super::SessionTaskContext;
 
 #[derive(Clone, Copy)]
-pub(crate) struct ReviewTask;
+pub(crate) struct ReviewTask {
+    append_to_original_thread: bool,
+}
 
 impl ReviewTask {
-    pub(crate) fn new() -> Self {
-        Self
+    pub(crate) fn new(append_to_original_thread: bool) -> Self {
+        Self {
+            append_to_original_thread,
+        }
     }
 }
 
@@ -59,13 +62,25 @@ impl SessionTask for ReviewTask {
             None => None,
         };
         if !cancellation_token.is_cancelled() {
-            exit_review_mode(session.clone_session(), output.clone(), ctx.clone()).await;
+            exit_review_mode(
+                session.clone_session(),
+                output.clone(),
+                ctx.clone(),
+                self.append_to_original_thread,
+            )
+            .await;
         }
         None
     }
 
     async fn abort(&self, session: Arc<SessionTaskContext>, ctx: Arc<TurnContext>) {
-        exit_review_mode(session.clone_session(), None, ctx).await;
+        exit_review_mode(
+            session.clone_session(),
+            None,
+            ctx,
+            self.append_to_original_thread,
+        )
+        .await;
     }
 }
 
@@ -182,57 +197,39 @@ pub(crate) async fn exit_review_mode(
     session: Arc<Session>,
     review_output: Option<ReviewOutputEvent>,
     ctx: Arc<TurnContext>,
+    append_to_original_thread: bool,
 ) {
-    const REVIEW_USER_MESSAGE_ID: &str = "review:rollout:user";
-    const REVIEW_ASSISTANT_MESSAGE_ID: &str = "review:rollout:assistant";
-    let (user_message, assistant_message) = if let Some(out) = review_output.clone() {
-        let mut findings_str = String::new();
-        let text = out.overall_explanation.trim();
-        if !text.is_empty() {
-            findings_str.push_str(text);
-        }
-        if !out.findings.is_empty() {
-            let block = format_review_findings_block(&out.findings, None);
-            findings_str.push_str(&format!("\n{block}"));
-        }
-        let rendered =
-            crate::client_common::REVIEW_EXIT_SUCCESS_TMPL.replace("{results}", &findings_str);
-        let assistant_message = render_review_output_text(&out);
-        (rendered, assistant_message)
-    } else {
-        let rendered = crate::client_common::REVIEW_EXIT_INTERRUPTED_TMPL.to_string();
-        let assistant_message =
-            "Review was interrupted. Please re-run /review and wait for it to complete."
-                .to_string();
-        (rendered, assistant_message)
-    };
+    if append_to_original_thread {
+        let user_message = if let Some(out) = review_output.clone() {
+            let mut findings_str = String::new();
+            let text = out.overall_explanation.trim();
+            if !text.is_empty() {
+                findings_str.push_str(text);
+            }
+            if !out.findings.is_empty() {
+                let block = format_review_findings_block(&out.findings, None);
+                findings_str.push_str(&format!("\n{block}"));
+            }
+            crate::client_common::REVIEW_EXIT_SUCCESS_TMPL.replace("{results}", &findings_str)
+        } else {
+            crate::client_common::REVIEW_EXIT_INTERRUPTED_TMPL.to_string()
+        };
 
-    session
-        .record_conversation_items(
-            &ctx,
-            &[ResponseItem::Message {
-                id: Some(REVIEW_USER_MESSAGE_ID.to_string()),
-                role: "user".to_string(),
-                content: vec![ContentItem::InputText { text: user_message }],
-            }],
-        )
-        .await;
+        session
+            .record_conversation_items(
+                &ctx,
+                &[ResponseItem::Message {
+                    id: None,
+                    role: "user".to_string(),
+                    content: vec![ContentItem::InputText { text: user_message }],
+                }],
+            )
+            .await;
+    }
     session
         .send_event(
             ctx.as_ref(),
             EventMsg::ExitedReviewMode(ExitedReviewModeEvent { review_output }),
         )
         .await;
-    session
-        .record_response_item_and_emit_turn_item(
-            ctx.as_ref(),
-            ResponseItem::Message {
-                id: Some(REVIEW_ASSISTANT_MESSAGE_ID.to_string()),
-                role: "assistant".to_string(),
-                content: vec![ContentItem::OutputText {
-                    text: assistant_message,
-                }],
-            },
-        )
-        .await;
 }

codex-rs/core/src/tools/handlers/apply_patch.rs

@@ -1,5 +1,4 @@
 use std::collections::BTreeMap;
-use std::path::Path;
 
 use crate::apply_patch;
 use crate::apply_patch::InternalApplyPatchInvocation;
@@ -8,10 +7,7 @@ use crate::client_common::tools::FreeformTool;
 use crate::client_common::tools::FreeformToolFormat;
 use crate::client_common::tools::ResponsesApiTool;
 use crate::client_common::tools::ToolSpec;
-use crate::codex::Session;
-use crate::codex::TurnContext;
 use crate::function_tool::FunctionCallError;
-use crate::tools::context::SharedTurnDiffTracker;
 use crate::tools::context::ToolInvocation;
 use crate::tools::context::ToolOutput;
 use crate::tools::context::ToolPayload;
@@ -168,80 +164,6 @@ pub enum ApplyPatchToolType {
     Function,
 }
 
-#[allow(clippy::too_many_arguments)]
-pub(crate) async fn intercept_apply_patch(
-    command: &[String],
-    cwd: &Path,
-    timeout_ms: Option<u64>,
-    session: &Session,
-    turn: &TurnContext,
-    tracker: Option<&SharedTurnDiffTracker>,
-    call_id: &str,
-    tool_name: &str,
-) -> Result<Option<ToolOutput>, FunctionCallError> {
-    match codex_apply_patch::maybe_parse_apply_patch_verified(command, cwd) {
-        codex_apply_patch::MaybeApplyPatchVerified::Body(changes) => {
-            match apply_patch::apply_patch(session, turn, call_id, changes).await {
-                InternalApplyPatchInvocation::Output(item) => {
-                    let content = item?;
-                    Ok(Some(ToolOutput::Function {
-                        content,
-                        content_items: None,
-                        success: Some(true),
-                    }))
-                }
-                InternalApplyPatchInvocation::DelegateToExec(apply) => {
-                    let emitter = ToolEmitter::apply_patch(
-                        convert_apply_patch_to_protocol(&apply.action),
-                        !apply.user_explicitly_approved_this_action,
-                    );
-                    let event_ctx =
-                        ToolEventCtx::new(session, turn, call_id, tracker.as_ref().copied());
-                    emitter.begin(event_ctx).await;
-
-                    let req = ApplyPatchRequest {
-                        patch: apply.action.patch.clone(),
-                        cwd: apply.action.cwd.clone(),
-                        timeout_ms,
-                        user_explicitly_approved: apply.user_explicitly_approved_this_action,
-                        codex_exe: turn.codex_linux_sandbox_exe.clone(),
-                    };
-
-                    let mut orchestrator = ToolOrchestrator::new();
-                    let mut runtime = ApplyPatchRuntime::new();
-                    let tool_ctx = ToolCtx {
-                        session,
-                        turn,
-                        call_id: call_id.to_string(),
-                        tool_name: tool_name.to_string(),
-                    };
-                    let out = orchestrator
-                        .run(&mut runtime, &req, &tool_ctx, turn, turn.approval_policy)
-                        .await;
-                    let event_ctx =
-                        ToolEventCtx::new(session, turn, call_id, tracker.as_ref().copied());
-                    let content = emitter.finish(event_ctx, out).await?;
-                    Ok(Some(ToolOutput::Function {
-                        content,
-                        content_items: None,
-                        success: Some(true),
-                    }))
-                }
-            }
-        }
-        codex_apply_patch::MaybeApplyPatchVerified::CorrectnessError(parse_error) => {
-            Err(FunctionCallError::RespondToModel(format!(
-                "apply_patch verification failed: {parse_error}"
-            )))
-        }
-        codex_apply_patch::MaybeApplyPatchVerified::ShellParseError(error) => {
-            tracing::trace!("Failed to parse apply_patch input, {error:?}");
-            Ok(None)
-        }
-        codex_apply_patch::MaybeApplyPatchVerified::NotApplyPatch => Ok(None),
-    }
-}
-
 /// Returns a custom tool that can be used to edit files. Well-suited for GPT-5 models
 /// https://platform.openai.com/docs/guides/function-calling#custom-tools
 pub(crate) fn create_apply_patch_freeform_tool() -> ToolSpec {

codex-rs/core/src/tools/handlers/shell.rs

@@ -3,6 +3,9 @@ use codex_protocol::models::ShellCommandToolCallParams;
 use codex_protocol::models::ShellToolCallParams;
 use std::sync::Arc;
 
+use crate::apply_patch;
+use crate::apply_patch::InternalApplyPatchInvocation;
+use crate::apply_patch::convert_apply_patch_to_protocol;
 use crate::codex::TurnContext;
 use crate::exec::ExecParams;
 use crate::exec_env::create_env;
@@ -16,10 +19,11 @@ use crate::tools::context::ToolOutput;
 use crate::tools::context::ToolPayload;
 use crate::tools::events::ToolEmitter;
 use crate::tools::events::ToolEventCtx;
-use crate::tools::handlers::apply_patch::intercept_apply_patch;
 use crate::tools::orchestrator::ToolOrchestrator;
 use crate::tools::registry::ToolHandler;
 use crate::tools::registry::ToolKind;
+use crate::tools::runtimes::apply_patch::ApplyPatchRequest;
+use crate::tools::runtimes::apply_patch::ApplyPatchRuntime;
 use crate::tools::runtimes::shell::ShellRequest;
 use crate::tools::runtimes::shell::ShellRuntime;
 use crate::tools::sandboxing::ToolCtx;
@@ -206,19 +210,81 @@ impl ShellHandler {
         }
 
         // Intercept apply_patch if present.
-        if let Some(output) = intercept_apply_patch(
+        match codex_apply_patch::maybe_parse_apply_patch_verified(
             &exec_params.command,
             &exec_params.cwd,
-            exec_params.expiration.timeout_ms(),
-            session.as_ref(),
-            turn.as_ref(),
-            Some(&tracker),
-            &call_id,
-            tool_name,
-        )
-        .await?
-        {
-            return Ok(output);
+        ) {
+            codex_apply_patch::MaybeApplyPatchVerified::Body(changes) => {
+                match apply_patch::apply_patch(session.as_ref(), turn.as_ref(), &call_id, changes)
+                    .await
+                {
+                    InternalApplyPatchInvocation::Output(item) => {
+                        // Programmatic apply_patch path; return its result.
+                        let content = item?;
+                        return Ok(ToolOutput::Function {
+                            content,
+                            content_items: None,
+                            success: Some(true),
+                        });
+                    }
+                    InternalApplyPatchInvocation::DelegateToExec(apply) => {
+                        let emitter = ToolEmitter::apply_patch(
+                            convert_apply_patch_to_protocol(&apply.action),
+                            !apply.user_explicitly_approved_this_action,
+                        );
+                        let event_ctx = ToolEventCtx::new(
+                            session.as_ref(),
+                            turn.as_ref(),
+                            &call_id,
+                            Some(&tracker),
+                        );
+                        emitter.begin(event_ctx).await;
+
+                        let req = ApplyPatchRequest {
+                            patch: apply.action.patch.clone(),
+                            cwd: apply.action.cwd.clone(),
+                            timeout_ms: exec_params.expiration.timeout_ms(),
+                            user_explicitly_approved: apply.user_explicitly_approved_this_action,
+                            codex_exe: turn.codex_linux_sandbox_exe.clone(),
+                        };
+                        let mut orchestrator = ToolOrchestrator::new();
+                        let mut runtime = ApplyPatchRuntime::new();
+                        let tool_ctx = ToolCtx {
+                            session: session.as_ref(),
+                            turn: turn.as_ref(),
+                            call_id: call_id.clone(),
+                            tool_name: tool_name.to_string(),
+                        };
+                        let out = orchestrator
+                            .run(&mut runtime, &req, &tool_ctx, &turn, turn.approval_policy)
+                            .await;
+                        let event_ctx = ToolEventCtx::new(
+                            session.as_ref(),
+                            turn.as_ref(),
+                            &call_id,
+                            Some(&tracker),
+                        );
+                        let content = emitter.finish(event_ctx, out).await?;
+                        return Ok(ToolOutput::Function {
+                            content,
+                            content_items: None,
+                            success: Some(true),
+                        });
+                    }
+                }
+            }
+            codex_apply_patch::MaybeApplyPatchVerified::CorrectnessError(parse_error) => {
+                return Err(FunctionCallError::RespondToModel(format!(
+                    "apply_patch verification failed: {parse_error}"
+                )));
+            }
+            codex_apply_patch::MaybeApplyPatchVerified::ShellParseError(error) => {
+                tracing::trace!("Failed to parse shell command, {error:?}");
+                // Fall through to regular shell execution.
+            }
+            codex_apply_patch::MaybeApplyPatchVerified::NotApplyPatch => {
+                // Fall through to regular shell execution.
+            }
         }
 
         let source = ExecCommandSource::Agent;
@@ -231,16 +297,6 @@ impl ShellHandler {
         let event_ctx = ToolEventCtx::new(session.as_ref(), turn.as_ref(), &call_id, None);
         emitter.begin(event_ctx).await;
 
-        let features = session.features().await;
-        let approval_requirement = create_approval_requirement_for_command(
-            &turn.exec_policy,
-            &features,
-            &exec_params.command,
-            turn.approval_policy,
-            &turn.sandbox_policy,
-            SandboxPermissions::from(exec_params.with_escalated_permissions.unwrap_or(false)),
-        )
-        .await;
         let req = ShellRequest {
             command: exec_params.command.clone(),
             cwd: exec_params.cwd.clone(),
@@ -248,7 +304,13 @@ impl ShellHandler {
             env: exec_params.env.clone(),
             with_escalated_permissions: exec_params.with_escalated_permissions,
             justification: exec_params.justification.clone(),
-            approval_requirement,
+            approval_requirement: create_approval_requirement_for_command(
+                &turn.exec_policy,
+                &exec_params.command,
+                turn.approval_policy,
+                &turn.sandbox_policy,
+                SandboxPermissions::from(exec_params.with_escalated_permissions.unwrap_or(false)),
+            ),
         };
         let mut orchestrator = ToolOrchestrator::new();
         let mut runtime = ShellRuntime::new();

codex-rs/core/src/tools/handlers/unified_exec.rs

@@ -13,7 +13,6 @@ use crate::tools::context::ToolPayload;
 use crate::tools::events::ToolEmitter;
 use crate::tools::events::ToolEventCtx;
 use crate::tools::events::ToolEventStage;
-use crate::tools::handlers::apply_patch::intercept_apply_patch;
 use crate::tools::registry::ToolHandler;
 use crate::tools::registry::ToolKind;
 use crate::unified_exec::ExecCommandRequest;
@@ -104,7 +103,6 @@ impl ToolHandler for UnifiedExecHandler {
         let ToolInvocation {
             session,
             turn,
-            tracker,
             call_id,
             tool_name,
             payload,
@@ -155,26 +153,12 @@ impl ToolHandler for UnifiedExecHandler {
                     )));
                 }
 
-                let workdir = workdir.filter(|value| !value.is_empty());
-
-                let workdir = workdir.map(|dir| context.turn.resolve_path(Some(dir)));
+                let workdir = workdir
+                    .as_deref()
+                    .filter(|value| !value.is_empty())
+                    .map(PathBuf::from);
                 let cwd = workdir.clone().unwrap_or_else(|| context.turn.cwd.clone());
 
-                if let Some(output) = intercept_apply_patch(
-                    &command,
-                    &cwd,
-                    Some(yield_time_ms),
-                    context.session.as_ref(),
-                    context.turn.as_ref(),
-                    Some(&tracker),
-                    &context.call_id,
-                    tool_name.as_str(),
-                )
-                .await?
-                {
-                    return Ok(output);
-                }
-
                 let event_ctx = ToolEventCtx::new(
                     context.session.as_ref(),
                     context.turn.as_ref(),

codex-rs/core/src/tools/orchestrator.rs

@@ -59,12 +59,12 @@ impl ToolOrchestrator {
         });
         match requirement {
             ApprovalRequirement::Skip { .. } => {
-                otel.tool_decision(otel_tn, otel_ci, &ReviewDecision::Approved, otel_cfg);
+                otel.tool_decision(otel_tn, otel_ci, ReviewDecision::Approved, otel_cfg);
             }
             ApprovalRequirement::Forbidden { reason } => {
                 return Err(ToolError::Rejected(reason));
             }
-            ApprovalRequirement::NeedsApproval { reason, .. } => {
+            ApprovalRequirement::NeedsApproval { reason } => {
                 let mut risk = None;
 
                 if let Some(metadata) = req.sandbox_retry_data() {
@@ -88,15 +88,13 @@ impl ToolOrchestrator {
                 };
                 let decision = tool.start_approval_async(req, approval_ctx).await;
 
-                otel.tool_decision(otel_tn, otel_ci, &decision, otel_user.clone());
+                otel.tool_decision(otel_tn, otel_ci, decision, otel_user.clone());
 
                 match decision {
                     ReviewDecision::Denied | ReviewDecision::Abort => {
                         return Err(ToolError::Rejected("rejected by user".to_string()));
                     }
-                    ReviewDecision::Approved
-                    | ReviewDecision::ApprovedAllowPrefix { .. }
-                    | ReviewDecision::ApprovedForSession => {}
+                    ReviewDecision::Approved | ReviewDecision::ApprovedForSession => {}
                 }
                 already_approved = true;
             }
@@ -171,15 +169,13 @@ impl ToolOrchestrator {
                     };
 
                     let decision = tool.start_approval_async(req, approval_ctx).await;
-                    otel.tool_decision(otel_tn, otel_ci, &decision, otel_user);
+                    otel.tool_decision(otel_tn, otel_ci, decision, otel_user);
 
                     match decision {
                         ReviewDecision::Denied | ReviewDecision::Abort => {
                             return Err(ToolError::Rejected("rejected by user".to_string()));
                         }
-                        ReviewDecision::Approved
-                        | ReviewDecision::ApprovedAllowPrefix { .. }
-                        | ReviewDecision::ApprovedForSession => {}
+                        ReviewDecision::Approved | ReviewDecision::ApprovedForSession => {}
                     }
                 }
 

codex-rs/core/src/tools/runtimes/apply_patch.rs

@@ -127,7 +127,6 @@ impl Approvable<ApplyPatchRequest> for ApplyPatchRuntime {
                             cwd,
                             Some(reason),
                             risk,
-                            None,
                         )
                         .await
                 } else if user_explicitly_approved {

codex-rs/core/src/tools/runtimes/shell.rs

@@ -107,15 +107,7 @@ impl Approvable<ShellRequest> for ShellRuntime {
         Box::pin(async move {
             with_cached_approval(&session.services, key, move || async move {
                 session
-                    .request_command_approval(
-                        turn,
-                        call_id,
-                        command,
-                        cwd,
-                        reason,
-                        risk,
-                        req.approval_requirement.allow_prefix().cloned(),
-                    )
+                    .request_command_approval(turn, call_id, command, cwd, reason, risk)
                     .await
             })
             .await

codex-rs/core/src/tools/runtimes/unified_exec.rs

@@ -125,15 +125,7 @@ impl Approvable<UnifiedExecRequest> for UnifiedExecRuntime<'_> {
         Box::pin(async move {
             with_cached_approval(&session.services, key, || async move {
                 session
-                    .request_command_approval(
-                        turn,
-                        call_id,
-                        command,
-                        cwd,
-                        reason,
-                        risk,
-                        req.approval_requirement.allow_prefix().cloned(),
-                    )
+                    .request_command_approval(turn, call_id, command, cwd, reason, risk)
                     .await
             })
             .await

codex-rs/core/src/tools/sandboxing.rs

@@ -96,27 +96,11 @@ pub(crate) enum ApprovalRequirement {
         bypass_sandbox: bool,
     },
     /// Approval required for this tool call
-    NeedsApproval {
-        reason: Option<String>,
-        /// Prefix that can be whitelisted via execpolicy to skip future approvals for similar commands
-        allow_prefix: Option<Vec<String>>,
-    },
+    NeedsApproval { reason: Option<String> },
     /// Execution forbidden for this tool call
     Forbidden { reason: String },
 }
 
-impl ApprovalRequirement {
-    pub fn allow_prefix(&self) -> Option<&Vec<String>> {
-        match self {
-            Self::NeedsApproval {
-                allow_prefix: Some(prefix),
-                ..
-            } => Some(prefix),
-            _ => None,
-        }
-    }
-}
-
 /// - Never, OnFailure: do not ask
 /// - OnRequest: ask unless sandbox policy is DangerFullAccess
 /// - UnlessTrusted: always ask
@@ -131,10 +115,7 @@ pub(crate) fn default_approval_requirement(
     };
 
     if needs_approval {
-        ApprovalRequirement::NeedsApproval {
-            reason: None,
-            allow_prefix: None,
-        }
+        ApprovalRequirement::NeedsApproval { reason: None }
     } else {
         ApprovalRequirement::Skip {
             bypass_sandbox: false,

codex-rs/core/src/unified_exec/mod.rs

@@ -48,9 +48,6 @@ pub(crate) const UNIFIED_EXEC_OUTPUT_MAX_BYTES: usize = 1024 * 1024; // 1 MiB
 pub(crate) const UNIFIED_EXEC_OUTPUT_MAX_TOKENS: usize = UNIFIED_EXEC_OUTPUT_MAX_BYTES / 4;
 pub(crate) const MAX_UNIFIED_EXEC_SESSIONS: usize = 64;
 
-// Send a warning message to the models when it reaches this number of sessions.
-pub(crate) const WARNING_UNIFIED_EXEC_SESSIONS: usize = 60;
-
 pub(crate) struct UnifiedExecContext {
     pub session: Arc<Session>,
     pub turn: Arc<TurnContext>,
@@ -101,26 +98,8 @@ pub(crate) struct UnifiedExecResponse {
 
 #[derive(Default)]
 pub(crate) struct UnifiedExecSessionManager {
-    session_store: Mutex<SessionStore>,
-}
-
-// Required for mutex sharing.
-#[derive(Default)]
-pub(crate) struct SessionStore {
-    sessions: HashMap<String, SessionEntry>,
-    reserved_sessions_id: HashSet<String>,
-}
-
-impl SessionStore {
-    fn remove(&mut self, session_id: &str) -> Option<SessionEntry> {
-        self.reserved_sessions_id.remove(session_id);
-        self.sessions.remove(session_id)
-    }
-
-    pub(crate) fn clear(&mut self) {
-        self.reserved_sessions_id.clear();
-        self.sessions.clear();
-    }
+    sessions: Mutex<HashMap<String, SessionEntry>>,
+    used_session_ids: Mutex<HashSet<String>>,
 }
 
 struct SessionEntry {
@@ -405,10 +384,9 @@ mod tests {
             session
                 .services
                 .unified_exec_manager
-                .session_store
+                .sessions
                 .lock()
                 .await
-                .sessions
                 .is_empty()
         );
 
@@ -447,10 +425,9 @@ mod tests {
             session
                 .services
                 .unified_exec_manager
-                .session_store
+                .sessions
                 .lock()
                 .await
-                .sessions
                 .is_empty()
         );
 

codex-rs/core/src/unified_exec/session_manager.rs

@@ -36,12 +36,10 @@ use crate::truncate::formatted_truncate_text;
 use super::ExecCommandRequest;
 use super::MAX_UNIFIED_EXEC_SESSIONS;
 use super::SessionEntry;
-use super::SessionStore;
 use super::UnifiedExecContext;
 use super::UnifiedExecError;
 use super::UnifiedExecResponse;
 use super::UnifiedExecSessionManager;
-use super::WARNING_UNIFIED_EXEC_SESSIONS;
 use super::WriteStdinRequest;
 use super::clamp_yield_time;
 use super::generate_chunk_id;
@@ -83,7 +81,7 @@ struct PreparedSessionHandles {
 impl UnifiedExecSessionManager {
     pub(crate) async fn allocate_process_id(&self) -> String {
         loop {
-            let mut store = self.session_store.lock().await;
+            let mut store = self.used_session_ids.lock().await;
 
             let process_id = if !cfg!(test) && !cfg!(feature = "deterministic_process_ids") {
                 // production mode → random
@@ -91,7 +89,6 @@ impl UnifiedExecSessionManager {
             } else {
                 // test or deterministic mode
                 let next = store
-                    .reserved_sessions_id
                     .iter()
                     .filter_map(|s| s.parse::<i32>().ok())
                     .max()
@@ -101,11 +98,11 @@ impl UnifiedExecSessionManager {
                 next.to_string()
             };
 
-            if store.reserved_sessions_id.contains(&process_id) {
+            if store.contains(&process_id) {
                 continue;
             }
 
-            store.reserved_sessions_id.insert(process_id.clone());
+            store.insert(process_id.clone());
             return process_id;
         }
     }
@@ -334,8 +331,8 @@ impl UnifiedExecSessionManager {
     }
 
     async fn refresh_session_state(&self, process_id: &str) -> SessionStatus {
-        let mut store = self.session_store.lock().await;
-        let Some(entry) = store.sessions.get(process_id) else {
+        let mut sessions = self.sessions.lock().await;
+        let Some(entry) = sessions.get(process_id) else {
             return SessionStatus::Unknown;
         };
 
@@ -343,7 +340,7 @@ impl UnifiedExecSessionManager {
         let process_id = entry.process_id.clone();
 
         if entry.session.has_exited() {
-            let Some(entry) = store.remove(&process_id) else {
+            let Some(entry) = sessions.remove(&process_id) else {
                 return SessionStatus::Unknown;
             };
             SessionStatus::Exited {
@@ -363,14 +360,12 @@ impl UnifiedExecSessionManager {
         &self,
         process_id: &str,
     ) -> Result<PreparedSessionHandles, UnifiedExecError> {
-        let mut store = self.session_store.lock().await;
-        let entry =
-            store
-                .sessions
-                .get_mut(process_id)
-                .ok_or(UnifiedExecError::UnknownSessionId {
-                    process_id: process_id.to_string(),
-                })?;
+        let mut sessions = self.sessions.lock().await;
+        let entry = sessions
+            .get_mut(process_id)
+            .ok_or(UnifiedExecError::UnknownSessionId {
+                process_id: process_id.to_string(),
+            })?;
         entry.last_used = Instant::now();
         let OutputHandles {
             output_buffer,
@@ -422,22 +417,9 @@ impl UnifiedExecSessionManager {
             started_at,
             last_used: started_at,
         };
-        let number_sessions = {
-            let mut store = self.session_store.lock().await;
-            Self::prune_sessions_if_needed(&mut store);
-            store.sessions.insert(process_id, entry);
-            store.sessions.len()
-        };
-
-        if number_sessions >= WARNING_UNIFIED_EXEC_SESSIONS {
-            context
-                .session
-                .record_model_warning(
-                    format!("The maximum number of unified exec sessions you can keep open is {WARNING_UNIFIED_EXEC_SESSIONS} and you currently have {number_sessions} sessions open. Reuse older sessions or close them to prevent automatic pruning of old session"),
-                    &context.turn
-                )
-                .await;
-        };
+        let mut sessions = self.sessions.lock().await;
+        Self::prune_sessions_if_needed(&mut sessions);
+        sessions.insert(process_id, entry);
     }
 
     async fn emit_exec_end_from_entry(
@@ -552,25 +534,21 @@ impl UnifiedExecSessionManager {
         context: &UnifiedExecContext,
     ) -> Result<UnifiedExecSession, UnifiedExecError> {
         let env = apply_unified_exec_env(create_env(&context.turn.shell_environment_policy));
-        let features = context.session.features().await;
         let mut orchestrator = ToolOrchestrator::new();
         let mut runtime = UnifiedExecRuntime::new(self);
-        let approval_requirement = create_approval_requirement_for_command(
-            &context.turn.exec_policy,
-            &features,
-            command,
-            context.turn.approval_policy,
-            &context.turn.sandbox_policy,
-            SandboxPermissions::from(with_escalated_permissions.unwrap_or(false)),
-        )
-        .await;
         let req = UnifiedExecToolRequest::new(
             command.to_vec(),
             cwd,
             env,
             with_escalated_permissions,
             justification,
-            approval_requirement,
+            create_approval_requirement_for_command(
+                &context.turn.exec_policy,
+                command,
+                context.turn.approval_policy,
+                &context.turn.sandbox_policy,
+                SandboxPermissions::from(with_escalated_permissions.unwrap_or(false)),
+            ),
         );
         let tool_ctx = ToolCtx {
             session: context.session.as_ref(),
@@ -651,23 +629,19 @@ impl UnifiedExecSessionManager {
         collected
     }
 
-    fn prune_sessions_if_needed(store: &mut SessionStore) -> bool {
-        if store.sessions.len() < MAX_UNIFIED_EXEC_SESSIONS {
-            return false;
+    fn prune_sessions_if_needed(sessions: &mut HashMap<String, SessionEntry>) {
+        if sessions.len() < MAX_UNIFIED_EXEC_SESSIONS {
+            return;
         }
 
-        let meta: Vec<(String, Instant, bool)> = store
-            .sessions
+        let meta: Vec<(String, Instant, bool)> = sessions
             .iter()
             .map(|(id, entry)| (id.clone(), entry.last_used, entry.session.has_exited()))
             .collect();
 
         if let Some(session_id) = Self::session_id_to_prune_from_meta(&meta) {
-            store.remove(&session_id);
-            return true;
+            sessions.remove(&session_id);
         }
-
-        false
     }
 
     // Centralized pruning policy so we can easily swap strategies later.
@@ -700,7 +674,7 @@ impl UnifiedExecSessionManager {
     }
 
     pub(crate) async fn terminate_all_sessions(&self) {
-        let mut sessions = self.session_store.lock().await;
+        let mut sessions = self.sessions.lock().await;
         sessions.clear();
     }
 }

codex-rs/core/src/util.rs

@@ -1,5 +1,3 @@
-use std::path::Path;
-use std::path::PathBuf;
 use std::time::Duration;
 
 use rand::Rng;
@@ -39,14 +37,6 @@ pub(crate) fn try_parse_error_message(text: &str) -> String {
     text.to_string()
 }
 
-pub fn resolve_path(base: &Path, path: &PathBuf) -> PathBuf {
-    if path.is_absolute() {
-        path.clone()
-    } else {
-        base.join(path)
-    }
-}
-
 #[cfg(test)]
 mod tests {
     use super::*;

codex-rs/core/tests/common/responses.rs

@@ -1,5 +1,6 @@
 use std::sync::Arc;
 use std::sync::Mutex;
+use std::time::Duration;
 
 use anyhow::Result;
 use base64::Engine;
@@ -431,9 +432,6 @@ pub fn ev_apply_patch_call(
         ApplyPatchModelOutput::ShellViaHeredoc => {
             ev_apply_patch_shell_call_via_heredoc(call_id, patch)
         }
-        ApplyPatchModelOutput::ShellCommandViaHeredoc => {
-            ev_apply_patch_shell_command_call_via_heredoc(call_id, patch)
-        }
     }
 }
 
@@ -495,13 +493,6 @@ pub fn ev_apply_patch_shell_call_via_heredoc(call_id: &str, patch: &str) -> Valu
     ev_function_call(call_id, "shell", &arguments)
 }
 
-pub fn ev_apply_patch_shell_command_call_via_heredoc(call_id: &str, patch: &str) -> Value {
-    let args = serde_json::json!({ "command": format!("apply_patch <<'EOF'\n{patch}\nEOF\n") });
-    let arguments = serde_json::to_string(&args).expect("serialize apply_patch arguments");
-
-    ev_function_call(call_id, "shell_command", &arguments)
-}
-
 pub fn sse_failed(id: &str, code: &str, message: &str) -> String {
     sse(vec![serde_json::json!({
         "type": "response.failed",
@@ -556,6 +547,19 @@ pub async fn mount_sse_once(server: &MockServer, body: String) -> ResponseMock {
     response_mock
 }
 
+pub async fn mount_sse_once_with_delay(
+    server: &MockServer,
+    body: String,
+    delay: Duration,
+) -> ResponseMock {
+    let (mock, response_mock) = base_mock();
+    mock.respond_with(sse_response(body).set_delay(delay))
+        .up_to_n_times(1)
+        .mount(server)
+        .await;
+    response_mock
+}
+
 pub async fn mount_compact_json_once_match<M>(
     server: &MockServer,
     matcher: M,

codex-rs/core/tests/common/test_codex.rs

@@ -36,7 +36,6 @@ pub enum ApplyPatchModelOutput {
     Function,
     Shell,
     ShellViaHeredoc,
-    ShellCommandViaHeredoc,
 }
 
 /// A collection of different ways the model can output an apply_patch call
@@ -313,10 +312,7 @@ impl TestCodexHarness {
             ApplyPatchModelOutput::Freeform => self.custom_tool_call_output(call_id).await,
             ApplyPatchModelOutput::Function
             | ApplyPatchModelOutput::Shell
-            | ApplyPatchModelOutput::ShellViaHeredoc
-            | ApplyPatchModelOutput::ShellCommandViaHeredoc => {
-                self.function_call_stdout(call_id).await
-            }
+            | ApplyPatchModelOutput::ShellViaHeredoc => self.function_call_stdout(call_id).await,
         }
     }
 }

codex-rs/core/tests/suite/apply_patch_cli.rs

@@ -2,7 +2,6 @@
 
 use anyhow::Result;
 use core_test_support::responses::ev_apply_patch_call;
-use core_test_support::responses::ev_shell_command_call;
 use core_test_support::test_codex::ApplyPatchModelOutput;
 use pretty_assertions::assert_eq;
 use std::fs;
@@ -128,7 +127,6 @@ D delete.txt
 #[test_case(ApplyPatchModelOutput::Function)]
 #[test_case(ApplyPatchModelOutput::Shell)]
 #[test_case(ApplyPatchModelOutput::ShellViaHeredoc)]
-#[test_case(ApplyPatchModelOutput::ShellCommandViaHeredoc)]
 async fn apply_patch_cli_multiple_chunks(model_output: ApplyPatchModelOutput) -> Result<()> {
     skip_if_no_network!(Ok(()));
 
@@ -155,7 +153,6 @@ async fn apply_patch_cli_multiple_chunks(model_output: ApplyPatchModelOutput) ->
 #[test_case(ApplyPatchModelOutput::Function)]
 #[test_case(ApplyPatchModelOutput::Shell)]
 #[test_case(ApplyPatchModelOutput::ShellViaHeredoc)]
-#[test_case(ApplyPatchModelOutput::ShellCommandViaHeredoc)]
 async fn apply_patch_cli_moves_file_to_new_directory(
     model_output: ApplyPatchModelOutput,
 ) -> Result<()> {
@@ -184,7 +181,6 @@ async fn apply_patch_cli_moves_file_to_new_directory(
 #[test_case(ApplyPatchModelOutput::Function)]
 #[test_case(ApplyPatchModelOutput::Shell)]
 #[test_case(ApplyPatchModelOutput::ShellViaHeredoc)]
-#[test_case(ApplyPatchModelOutput::ShellCommandViaHeredoc)]
 async fn apply_patch_cli_updates_file_appends_trailing_newline(
     model_output: ApplyPatchModelOutput,
 ) -> Result<()> {
@@ -212,7 +208,6 @@ async fn apply_patch_cli_updates_file_appends_trailing_newline(
 #[test_case(ApplyPatchModelOutput::Function)]
 #[test_case(ApplyPatchModelOutput::Shell)]
 #[test_case(ApplyPatchModelOutput::ShellViaHeredoc)]
-#[test_case(ApplyPatchModelOutput::ShellCommandViaHeredoc)]
 async fn apply_patch_cli_insert_only_hunk_modifies_file(
     model_output: ApplyPatchModelOutput,
 ) -> Result<()> {
@@ -238,7 +233,6 @@ async fn apply_patch_cli_insert_only_hunk_modifies_file(
 #[test_case(ApplyPatchModelOutput::Function)]
 #[test_case(ApplyPatchModelOutput::Shell)]
 #[test_case(ApplyPatchModelOutput::ShellViaHeredoc)]
-#[test_case(ApplyPatchModelOutput::ShellCommandViaHeredoc)]
 async fn apply_patch_cli_move_overwrites_existing_destination(
     model_output: ApplyPatchModelOutput,
 ) -> Result<()> {
@@ -269,7 +263,6 @@ async fn apply_patch_cli_move_overwrites_existing_destination(
 #[test_case(ApplyPatchModelOutput::Function)]
 #[test_case(ApplyPatchModelOutput::Shell)]
 #[test_case(ApplyPatchModelOutput::ShellViaHeredoc)]
-#[test_case(ApplyPatchModelOutput::ShellCommandViaHeredoc)]
 async fn apply_patch_cli_move_without_content_change_has_no_turn_diff(
     model_output: ApplyPatchModelOutput,
 ) -> Result<()> {
@@ -327,7 +320,6 @@ async fn apply_patch_cli_move_without_content_change_has_no_turn_diff(
 #[test_case(ApplyPatchModelOutput::Function)]
 #[test_case(ApplyPatchModelOutput::Shell)]
 #[test_case(ApplyPatchModelOutput::ShellViaHeredoc)]
-#[test_case(ApplyPatchModelOutput::ShellCommandViaHeredoc)]
 async fn apply_patch_cli_add_overwrites_existing_file(
     model_output: ApplyPatchModelOutput,
 ) -> Result<()> {
@@ -353,7 +345,6 @@ async fn apply_patch_cli_add_overwrites_existing_file(
 #[test_case(ApplyPatchModelOutput::Function)]
 #[test_case(ApplyPatchModelOutput::Shell)]
 #[test_case(ApplyPatchModelOutput::ShellViaHeredoc)]
-#[test_case(ApplyPatchModelOutput::ShellCommandViaHeredoc)]
 async fn apply_patch_cli_rejects_invalid_hunk_header(
     model_output: ApplyPatchModelOutput,
 ) -> Result<()> {
@@ -385,7 +376,6 @@ async fn apply_patch_cli_rejects_invalid_hunk_header(
 #[test_case(ApplyPatchModelOutput::Function)]
 #[test_case(ApplyPatchModelOutput::Shell)]
 #[test_case(ApplyPatchModelOutput::ShellViaHeredoc)]
-#[test_case(ApplyPatchModelOutput::ShellCommandViaHeredoc)]
 async fn apply_patch_cli_reports_missing_context(
     model_output: ApplyPatchModelOutput,
 ) -> Result<()> {
@@ -419,7 +409,6 @@ async fn apply_patch_cli_reports_missing_context(
 #[test_case(ApplyPatchModelOutput::Function)]
 #[test_case(ApplyPatchModelOutput::Shell)]
 #[test_case(ApplyPatchModelOutput::ShellViaHeredoc)]
-#[test_case(ApplyPatchModelOutput::ShellCommandViaHeredoc)]
 async fn apply_patch_cli_reports_missing_target_file(
     model_output: ApplyPatchModelOutput,
 ) -> Result<()> {
@@ -455,7 +444,6 @@ async fn apply_patch_cli_reports_missing_target_file(
 #[test_case(ApplyPatchModelOutput::Function)]
 #[test_case(ApplyPatchModelOutput::Shell)]
 #[test_case(ApplyPatchModelOutput::ShellViaHeredoc)]
-#[test_case(ApplyPatchModelOutput::ShellCommandViaHeredoc)]
 async fn apply_patch_cli_delete_missing_file_reports_error(
     model_output: ApplyPatchModelOutput,
 ) -> Result<()> {
@@ -492,7 +480,6 @@ async fn apply_patch_cli_delete_missing_file_reports_error(
 #[test_case(ApplyPatchModelOutput::Function)]
 #[test_case(ApplyPatchModelOutput::Shell)]
 #[test_case(ApplyPatchModelOutput::ShellViaHeredoc)]
-#[test_case(ApplyPatchModelOutput::ShellCommandViaHeredoc)]
 async fn apply_patch_cli_rejects_empty_patch(model_output: ApplyPatchModelOutput) -> Result<()> {
     skip_if_no_network!(Ok(()));
 
@@ -517,7 +504,6 @@ async fn apply_patch_cli_rejects_empty_patch(model_output: ApplyPatchModelOutput
 #[test_case(ApplyPatchModelOutput::Function)]
 #[test_case(ApplyPatchModelOutput::Shell)]
 #[test_case(ApplyPatchModelOutput::ShellViaHeredoc)]
-#[test_case(ApplyPatchModelOutput::ShellCommandViaHeredoc)]
 async fn apply_patch_cli_delete_directory_reports_verification_error(
     model_output: ApplyPatchModelOutput,
 ) -> Result<()> {
@@ -544,7 +530,6 @@ async fn apply_patch_cli_delete_directory_reports_verification_error(
 #[test_case(ApplyPatchModelOutput::Function)]
 #[test_case(ApplyPatchModelOutput::Shell)]
 #[test_case(ApplyPatchModelOutput::ShellViaHeredoc)]
-#[test_case(ApplyPatchModelOutput::ShellCommandViaHeredoc)]
 async fn apply_patch_cli_rejects_path_traversal_outside_workspace(
     model_output: ApplyPatchModelOutput,
 ) -> Result<()> {
@@ -597,7 +582,6 @@ async fn apply_patch_cli_rejects_path_traversal_outside_workspace(
 #[test_case(ApplyPatchModelOutput::Function)]
 #[test_case(ApplyPatchModelOutput::Shell)]
 #[test_case(ApplyPatchModelOutput::ShellViaHeredoc)]
-#[test_case(ApplyPatchModelOutput::ShellCommandViaHeredoc)]
 async fn apply_patch_cli_rejects_move_path_traversal_outside_workspace(
     model_output: ApplyPatchModelOutput,
 ) -> Result<()> {
@@ -651,7 +635,6 @@ async fn apply_patch_cli_rejects_move_path_traversal_outside_workspace(
 #[test_case(ApplyPatchModelOutput::Function)]
 #[test_case(ApplyPatchModelOutput::Shell)]
 #[test_case(ApplyPatchModelOutput::ShellViaHeredoc)]
-#[test_case(ApplyPatchModelOutput::ShellCommandViaHeredoc)]
 async fn apply_patch_cli_verification_failure_has_no_side_effects(
     model_output: ApplyPatchModelOutput,
 ) -> Result<()> {
@@ -694,10 +677,11 @@ async fn apply_patch_shell_command_heredoc_with_cd_updates_relative_workdir() ->
 
     let script = "cd sub && apply_patch <<'EOF'\n*** Begin Patch\n*** Update File: in_sub.txt\n@@\n-before\n+after\n*** End Patch\nEOF\n";
     let call_id = "shell-heredoc-cd";
+    let args = json!({ "command": script, "timeout_ms": 5_000 });
     let bodies = vec![
         sse(vec![
             ev_response_created("resp-1"),
-            ev_shell_command_call(call_id, script),
+            ev_function_call(call_id, "shell_command", &serde_json::to_string(&args)?),
             ev_completed("resp-1"),
         ]),
         sse(vec![
@@ -718,86 +702,6 @@ async fn apply_patch_shell_command_heredoc_with_cd_updates_relative_workdir() ->
     Ok(())
 }
 
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn apply_patch_shell_command_heredoc_with_cd_emits_turn_diff() -> Result<()> {
-    skip_if_no_network!(Ok(()));
-
-    let harness = apply_patch_harness_with(|builder| builder.with_model("gpt-5.1")).await?;
-    let test = harness.test();
-    let codex = test.codex.clone();
-    let cwd = test.cwd.clone();
-
-    // Prepare a file inside a subdir; update it via cd && apply_patch heredoc form.
-    let sub = test.workspace_path("sub");
-    fs::create_dir_all(&sub)?;
-    let target = sub.join("in_sub.txt");
-    fs::write(&target, "before\n")?;
-
-    let script = "cd sub && apply_patch <<'EOF'\n*** Begin Patch\n*** Update File: in_sub.txt\n@@\n-before\n+after\n*** End Patch\nEOF\n";
-    let call_id = "shell-heredoc-cd";
-    let args = json!({ "command": script, "timeout_ms": 5_000 });
-    let bodies = vec![
-        sse(vec![
-            ev_response_created("resp-1"),
-            ev_function_call(call_id, "shell_command", &serde_json::to_string(&args)?),
-            ev_completed("resp-1"),
-        ]),
-        sse(vec![
-            ev_assistant_message("msg-1", "ok"),
-            ev_completed("resp-2"),
-        ]),
-    ];
-    mount_sse_sequence(harness.server(), bodies).await;
-
-    let model = test.session_configured.model.clone();
-    codex
-        .submit(Op::UserTurn {
-            items: vec![UserInput::Text {
-                text: "apply via shell heredoc with cd".into(),
-            }],
-            final_output_json_schema: None,
-            cwd: cwd.path().to_path_buf(),
-            approval_policy: AskForApproval::Never,
-            sandbox_policy: SandboxPolicy::DangerFullAccess,
-            model,
-            effort: None,
-            summary: ReasoningSummary::Auto,
-        })
-        .await?;
-
-    let mut saw_turn_diff = None;
-    let mut saw_patch_begin = false;
-    let mut patch_end_success = None;
-    wait_for_event(&codex, |event| match event {
-        EventMsg::PatchApplyBegin(begin) => {
-            saw_patch_begin = true;
-            assert_eq!(begin.call_id, call_id);
-            false
-        }
-        EventMsg::PatchApplyEnd(end) => {
-            assert_eq!(end.call_id, call_id);
-            patch_end_success = Some(end.success);
-            false
-        }
-        EventMsg::TurnDiff(ev) => {
-            saw_turn_diff = Some(ev.unified_diff.clone());
-            false
-        }
-        EventMsg::TaskComplete(_) => true,
-        _ => false,
-    })
-    .await;
-
-    assert!(saw_patch_begin, "expected PatchApplyBegin event");
-    let patch_end_success =
-        patch_end_success.expect("expected PatchApplyEnd event to capture success flag");
-    assert!(patch_end_success);
-
-    let diff = saw_turn_diff.expect("expected TurnDiff event");
-    assert!(diff.contains("diff --git"), "diff header missing: {diff:?}");
-    Ok(())
-}
-
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn apply_patch_shell_command_failure_propagates_error_and_skips_diff() -> Result<()> {
     skip_if_no_network!(Ok(()));
@@ -872,11 +776,7 @@ async fn apply_patch_shell_command_failure_propagates_error_and_skips_diff() ->
 }
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-#[test_case(ApplyPatchModelOutput::ShellViaHeredoc)]
-#[test_case(ApplyPatchModelOutput::ShellCommandViaHeredoc)]
-async fn apply_patch_function_accepts_lenient_heredoc_wrapped_patch(
-    model_output: ApplyPatchModelOutput,
-) -> Result<()> {
+async fn apply_patch_function_accepts_lenient_heredoc_wrapped_patch() -> Result<()> {
     skip_if_no_network!(Ok(()));
 
     let harness = apply_patch_harness().await?;
@@ -884,8 +784,16 @@ async fn apply_patch_function_accepts_lenient_heredoc_wrapped_patch(
     let file_name = "lenient.txt";
     let patch_inner =
         format!("*** Begin Patch\n*** Add File: {file_name}\n+lenient\n*** End Patch\n");
+    let wrapped = format!("<<'EOF'\n{patch_inner}EOF\n");
     let call_id = "apply-lenient";
-    mount_apply_patch(&harness, call_id, patch_inner.as_str(), "ok", model_output).await;
+    mount_apply_patch(
+        &harness,
+        call_id,
+        wrapped.as_str(),
+        "ok",
+        ApplyPatchModelOutput::Function,
+    )
+    .await;
 
     harness.submit("apply lenient heredoc patch").await?;
 
@@ -899,7 +807,6 @@ async fn apply_patch_function_accepts_lenient_heredoc_wrapped_patch(
 #[test_case(ApplyPatchModelOutput::Function)]
 #[test_case(ApplyPatchModelOutput::Shell)]
 #[test_case(ApplyPatchModelOutput::ShellViaHeredoc)]
-#[test_case(ApplyPatchModelOutput::ShellCommandViaHeredoc)]
 async fn apply_patch_cli_end_of_file_anchor(model_output: ApplyPatchModelOutput) -> Result<()> {
     skip_if_no_network!(Ok(()));
 
@@ -922,7 +829,6 @@ async fn apply_patch_cli_end_of_file_anchor(model_output: ApplyPatchModelOutput)
 #[test_case(ApplyPatchModelOutput::Function)]
 #[test_case(ApplyPatchModelOutput::Shell)]
 #[test_case(ApplyPatchModelOutput::ShellViaHeredoc)]
-#[test_case(ApplyPatchModelOutput::ShellCommandViaHeredoc)]
 async fn apply_patch_cli_missing_second_chunk_context_rejected(
     model_output: ApplyPatchModelOutput,
 ) -> Result<()> {
@@ -957,7 +863,6 @@ async fn apply_patch_cli_missing_second_chunk_context_rejected(
 #[test_case(ApplyPatchModelOutput::Function)]
 #[test_case(ApplyPatchModelOutput::Shell)]
 #[test_case(ApplyPatchModelOutput::ShellViaHeredoc)]
-#[test_case(ApplyPatchModelOutput::ShellCommandViaHeredoc)]
 async fn apply_patch_emits_turn_diff_event_with_unified_diff(
     model_output: ApplyPatchModelOutput,
 ) -> Result<()> {
@@ -1013,7 +918,6 @@ async fn apply_patch_emits_turn_diff_event_with_unified_diff(
 #[test_case(ApplyPatchModelOutput::Function)]
 #[test_case(ApplyPatchModelOutput::Shell)]
 #[test_case(ApplyPatchModelOutput::ShellViaHeredoc)]
-#[test_case(ApplyPatchModelOutput::ShellCommandViaHeredoc)]
 async fn apply_patch_turn_diff_for_rename_with_content_change(
     model_output: ApplyPatchModelOutput,
 ) -> Result<()> {
@@ -1228,7 +1132,6 @@ async fn apply_patch_aggregates_diff_preserves_success_after_failure() -> Result
 #[test_case(ApplyPatchModelOutput::Function)]
 #[test_case(ApplyPatchModelOutput::Shell)]
 #[test_case(ApplyPatchModelOutput::ShellViaHeredoc)]
-#[test_case(ApplyPatchModelOutput::ShellCommandViaHeredoc)]
 async fn apply_patch_change_context_disambiguates_target(
     model_output: ApplyPatchModelOutput,
 ) -> Result<()> {

codex-rs/core/tests/suite/approvals.rs

@@ -1523,7 +1523,7 @@ async fn run_scenario(scenario: &ScenarioSpec) -> Result<()> {
             test.codex
                 .submit(Op::ExecApproval {
                     id: "0".into(),
-                    decision: decision.clone(),
+                    decision: *decision,
                 })
                 .await?;
             wait_for_completion(&test).await;
@@ -1544,7 +1544,7 @@ async fn run_scenario(scenario: &ScenarioSpec) -> Result<()> {
             test.codex
                 .submit(Op::PatchApproval {
                     id: "0".into(),
-                    decision: decision.clone(),
+                    decision: *decision,
                 })
                 .await?;
             wait_for_completion(&test).await;
@@ -1557,138 +1557,3 @@ async fn run_scenario(scenario: &ScenarioSpec) -> Result<()> {
 
     Ok(())
 }
-
-#[tokio::test(flavor = "current_thread")]
-async fn approving_allow_prefix_persists_policy_and_skips_future_prompts() -> Result<()> {
-    let server = start_mock_server().await;
-    let approval_policy = AskForApproval::UnlessTrusted;
-    let sandbox_policy = SandboxPolicy::DangerFullAccess;
-    let sandbox_policy_for_config = sandbox_policy.clone();
-    let mut builder = test_codex().with_config(move |config| {
-        config.approval_policy = approval_policy;
-        config.sandbox_policy = sandbox_policy_for_config;
-    });
-    let test = builder.build(&server).await?;
-
-    let call_id_first = "allow-prefix-first";
-    let (first_event, expected_command) = ActionKind::RunCommand {
-        command: "printf allow-prefix-ok",
-    }
-    .prepare(&test, &server, call_id_first, false)
-    .await?;
-    let expected_command =
-        expected_command.expect("allow prefix scenario should produce a shell command");
-    let expected_allow_prefix = expected_command
-        .split_whitespace()
-        .map(ToString::to_string)
-        .collect::<Vec<_>>();
-
-    let _ = mount_sse_once(
-        &server,
-        sse(vec![
-            ev_response_created("resp-allow-prefix-1"),
-            first_event,
-            ev_completed("resp-allow-prefix-1"),
-        ]),
-    )
-    .await;
-    let first_results = mount_sse_once(
-        &server,
-        sse(vec![
-            ev_assistant_message("msg-allow-prefix-1", "done"),
-            ev_completed("resp-allow-prefix-2"),
-        ]),
-    )
-    .await;
-
-    submit_turn(
-        &test,
-        "allow-prefix-first",
-        approval_policy,
-        sandbox_policy.clone(),
-    )
-    .await?;
-
-    let approval = expect_exec_approval(&test, expected_command.as_str()).await;
-    assert_eq!(approval.allow_prefix, Some(expected_allow_prefix.clone()));
-
-    test.codex
-        .submit(Op::ExecApproval {
-            id: "0".into(),
-            decision: ReviewDecision::ApprovedAllowPrefix {
-                allow_prefix: expected_allow_prefix.clone(),
-            },
-        })
-        .await?;
-    wait_for_completion(&test).await;
-
-    let policy_path = test.home.path().join("policy").join("default.codexpolicy");
-    let policy_contents = fs::read_to_string(&policy_path)?;
-    assert!(
-        policy_contents
-            .contains(r#"prefix_rule(pattern=["printf", "allow-prefix-ok"], decision="allow")"#),
-        "unexpected policy contents: {policy_contents}"
-    );
-
-    let first_output = parse_result(
-        &first_results
-            .single_request()
-            .function_call_output(call_id_first),
-    );
-    assert_eq!(first_output.exit_code.unwrap_or(0), 0);
-    assert!(
-        first_output.stdout.contains("allow-prefix-ok"),
-        "unexpected stdout: {}",
-        first_output.stdout
-    );
-
-    let call_id_second = "allow-prefix-second";
-    let (second_event, second_command) = ActionKind::RunCommand {
-        command: "printf allow-prefix-ok",
-    }
-    .prepare(&test, &server, call_id_second, false)
-    .await?;
-    assert_eq!(second_command.as_deref(), Some(expected_command.as_str()));
-
-    let _ = mount_sse_once(
-        &server,
-        sse(vec![
-            ev_response_created("resp-allow-prefix-3"),
-            second_event,
-            ev_completed("resp-allow-prefix-3"),
-        ]),
-    )
-    .await;
-    let second_results = mount_sse_once(
-        &server,
-        sse(vec![
-            ev_assistant_message("msg-allow-prefix-2", "done"),
-            ev_completed("resp-allow-prefix-4"),
-        ]),
-    )
-    .await;
-
-    submit_turn(
-        &test,
-        "allow-prefix-second",
-        approval_policy,
-        sandbox_policy.clone(),
-    )
-    .await?;
-
-    wait_for_completion_without_approval(&test).await;
-
-    let second_output = parse_result(
-        &second_results
-            .single_request()
-            .function_call_output(call_id_second),
-    );
-    assert_eq!(second_output.exit_code.unwrap_or(0), 0);
-    assert!(
-        second_output.stdout.contains("allow-prefix-ok"),
-        "unexpected stdout: {}",
-        second_output.stdout
-    );
-
-    Ok(())
-}

codex-rs/core/tests/suite/client.rs

@@ -15,7 +15,6 @@ use codex_core::WireApi;
 use codex_core::auth::AuthCredentialsStoreMode;
 use codex_core::built_in_model_providers;
 use codex_core::error::CodexErr;
-use codex_core::features::Feature;
 use codex_core::model_family::find_family_for_model;
 use codex_core::protocol::EventMsg;
 use codex_core::protocol::Op;
@@ -35,7 +34,6 @@ use core_test_support::skip_if_no_network;
 use core_test_support::test_codex::TestCodex;
 use core_test_support::test_codex::test_codex;
 use core_test_support::wait_for_event;
-use dunce::canonicalize as normalize_path;
 use futures::StreamExt;
 use serde_json::json;
 use std::io::Write;
@@ -622,74 +620,6 @@ async fn includes_user_instructions_message_in_request() {
     assert_message_ends_with(&request_body["input"][1], "</environment_context>");
 }
 
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn skills_append_to_instructions_when_feature_enabled() {
-    skip_if_no_network!();
-    let server = MockServer::start().await;
-
-    let resp_mock = responses::mount_sse_once(&server, sse_completed("resp1")).await;
-
-    let model_provider = ModelProviderInfo {
-        base_url: Some(format!("{}/v1", server.uri())),
-        ..built_in_model_providers()["openai"].clone()
-    };
-
-    let codex_home = TempDir::new().unwrap();
-    let skill_dir = codex_home.path().join("skills/demo");
-    std::fs::create_dir_all(&skill_dir).expect("create skill dir");
-    std::fs::write(
-        skill_dir.join("SKILL.md"),
-        "---\nname: demo\ndescription: build charts\n---\n\n# body\n",
-    )
-    .expect("write skill");
-
-    let mut config = load_default_config_for_test(&codex_home);
-    config.model_provider = model_provider;
-    config.features.enable(Feature::Skills);
-    config.cwd = codex_home.path().to_path_buf();
-
-    let conversation_manager =
-        ConversationManager::with_auth(CodexAuth::from_api_key("Test API Key"));
-    let codex = conversation_manager
-        .new_conversation(config)
-        .await
-        .expect("create new conversation")
-        .conversation;
-
-    codex
-        .submit(Op::UserInput {
-            items: vec![UserInput::Text {
-                text: "hello".into(),
-            }],
-        })
-        .await
-        .unwrap();
-
-    wait_for_event(&codex, |ev| matches!(ev, EventMsg::TaskComplete(_))).await;
-
-    let request = resp_mock.single_request();
-    let request_body = request.body_json();
-
-    assert_message_role(&request_body["input"][0], "user");
-    let instructions_text = request_body["input"][0]["content"][0]["text"]
-        .as_str()
-        .expect("instructions text");
-    assert!(
-        instructions_text.contains("## Skills"),
-        "expected skills section present"
-    );
-    assert!(
-        instructions_text.contains("demo: build charts"),
-        "expected skill summary"
-    );
-    let expected_path = normalize_path(skill_dir.join("SKILL.md")).unwrap();
-    let expected_path_str = expected_path.to_string_lossy().replace('\\', "/");
-    assert!(
-        instructions_text.contains(&expected_path_str),
-        "expected path {expected_path_str} in instructions"
-    );
-}
-
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn includes_configured_effort_in_request() -> anyhow::Result<()> {
     skip_if_no_network!(Ok(()));

codex-rs/core/tests/suite/codex_delegate.rs

@@ -3,7 +3,6 @@ use codex_core::protocol::EventMsg;
 use codex_core::protocol::Op;
 use codex_core::protocol::ReviewDecision;
 use codex_core::protocol::ReviewRequest;
-use codex_core::protocol::ReviewTarget;
 use codex_core::protocol::SandboxPolicy;
 use core_test_support::responses::ev_apply_patch_function_call;
 use core_test_support::responses::ev_assistant_message;
@@ -69,10 +68,9 @@ async fn codex_delegate_forwards_exec_approval_and_proceeds_on_approval() {
     test.codex
         .submit(Op::Review {
             review_request: ReviewRequest {
-                target: ReviewTarget::Custom {
-                    instructions: "Please review".to_string(),
-                },
-                user_facing_hint: None,
+                prompt: "Please review".to_string(),
+                user_facing_hint: "review".to_string(),
+                append_to_original_thread: true,
             },
         })
         .await
@@ -146,10 +144,9 @@ async fn codex_delegate_forwards_patch_approval_and_proceeds_on_decision() {
     test.codex
         .submit(Op::Review {
             review_request: ReviewRequest {
-                target: ReviewTarget::Custom {
-                    instructions: "Please review".to_string(),
-                },
-                user_facing_hint: None,
+                prompt: "Please review".to_string(),
+                user_facing_hint: "review".to_string(),
+                append_to_original_thread: true,
             },
         })
         .await
@@ -202,10 +199,9 @@ async fn codex_delegate_ignores_legacy_deltas() {
     test.codex
         .submit(Op::Review {
             review_request: ReviewRequest {
-                target: ReviewTarget::Custom {
-                    instructions: "Please review".to_string(),
-                },
-                user_facing_hint: None,
+                prompt: "Please review".to_string(),
+                user_facing_hint: "review".to_string(),
+                append_to_original_thread: true,
             },
         })
         .await

codex-rs/core/tests/suite/idle_warning.rs

@@ -0,0 +1,197 @@
+#![allow(clippy::unwrap_used, clippy::expect_used)]
+
+use std::sync::Arc;
+use std::sync::atomic::AtomicUsize;
+use std::sync::atomic::Ordering;
+use std::time::Duration;
+
+use codex_core::protocol::EventMsg;
+use codex_core::protocol::Op;
+use codex_core::protocol::WarningEvent;
+use codex_core::status::set_test_status_widget_url;
+use codex_protocol::user_input::UserInput;
+use core_test_support::responses::ev_assistant_message;
+use core_test_support::responses::ev_completed;
+use core_test_support::responses::ev_response_created;
+use core_test_support::responses::mount_sse_once_with_delay;
+use core_test_support::responses::sse;
+use core_test_support::responses::start_mock_server;
+use core_test_support::test_codex::test_codex;
+use core_test_support::wait_for_event;
+use pretty_assertions::assert_eq;
+use wiremock::Mock;
+use wiremock::Request;
+use wiremock::Respond;
+use wiremock::ResponseTemplate;
+use wiremock::matchers::method;
+use wiremock::matchers::path;
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn emits_warning_when_status_is_degraded_at_turn_start() {
+    let status_server = start_mock_server().await;
+    let status_path = "/proxy/status.openai.com";
+
+    Mock::given(method("GET"))
+        .and(path(status_path))
+        .respond_with(status_payload("major_outage"))
+        .mount(&status_server)
+        .await;
+
+    set_test_status_widget_url(format!("{}{}", status_server.uri(), status_path));
+    let responses_server = start_mock_server().await;
+    let stalled_response = sse(vec![
+        ev_response_created("resp-1"),
+        ev_assistant_message("msg-1", "finally"),
+        ev_completed("resp-1"),
+    ]);
+
+    let _responses_mock = mount_sse_once_with_delay(
+        &responses_server,
+        stalled_response,
+        Duration::from_millis(10),
+    )
+    .await;
+
+    let test_codex = test_codex().build(&responses_server).await.unwrap();
+    let codex = test_codex.codex;
+
+    codex
+        .submit(Op::UserInput {
+            items: vec![UserInput::Text { text: "hi".into() }],
+        })
+        .await
+        .unwrap();
+
+    let warning = wait_for_event(&codex, |event| matches!(event, EventMsg::Warning(_))).await;
+    let EventMsg::Warning(WarningEvent { message }) = warning else {
+        panic!("expected warning event");
+    };
+    assert_eq!(
+        message,
+        "Codex is experiencing a major outage. If a response stalls, try again later. You can follow incident updates at status.openai.com.",
+        "unexpected warning message"
+    );
+
+    wait_for_event(&codex, |event| matches!(event, EventMsg::TaskComplete(_))).await;
+}
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn warns_once_per_status_change_only_when_unhealthy() {
+    let status_server = start_mock_server().await;
+    let status_path = "/proxy/status.openai.com";
+
+    let responder = SequenceResponder::new(vec!["major_outage", "partial_outage"]);
+
+    Mock::given(method("GET"))
+        .and(path(status_path))
+        .respond_with(responder)
+        .mount(&status_server)
+        .await;
+
+    set_test_status_widget_url(format!("{}{}", status_server.uri(), status_path));
+    let responses_server = start_mock_server().await;
+    let stalled_response = sse(vec![
+        ev_response_created("resp-1"),
+        ev_assistant_message("msg-1", "finally"),
+        ev_completed("resp-1"),
+    ]);
+
+    let _responses_mock = mount_sse_once_with_delay(
+        &responses_server,
+        stalled_response,
+        Duration::from_millis(300),
+    )
+    .await;
+
+    let test_codex = test_codex().build(&responses_server).await.unwrap();
+    let codex = test_codex.codex;
+
+    codex
+        .submit(Op::UserInput {
+            items: vec![UserInput::Text { text: "hi".into() }],
+        })
+        .await
+        .unwrap();
+
+    let first_warning = wait_for_event(&codex, |event| matches!(event, EventMsg::Warning(_))).await;
+    let EventMsg::Warning(WarningEvent { message }) = first_warning else {
+        panic!("expected warning event");
+    };
+    assert_eq!(
+        message,
+        "Codex is experiencing a major outage. If a response stalls, try again later. You can follow incident updates at status.openai.com.",
+    );
+    wait_for_event(&codex, |event| matches!(event, EventMsg::TaskComplete(_))).await;
+
+    codex
+        .submit(Op::UserInput {
+            items: vec![UserInput::Text {
+                text: "second".into(),
+            }],
+        })
+        .await
+        .unwrap();
+
+    let mut saw_warning = false;
+    let mut saw_complete = false;
+    while !(saw_warning && saw_complete) {
+        let event = codex.next_event().await.expect("event");
+        match event.msg {
+            EventMsg::Warning(WarningEvent { message }) => {
+                assert_eq!(
+                    message,
+                    "Codex is experiencing a partial outage. If a response stalls, try again later. You can follow incident updates at status.openai.com.",
+                );
+                saw_warning = true;
+            }
+            EventMsg::TaskComplete(_) => {
+                saw_complete = true;
+            }
+            _ => {}
+        }
+    }
+}
+
+fn status_payload(status: &str) -> ResponseTemplate {
+    ResponseTemplate::new(200)
+        .insert_header("content-type", "application/json")
+        .set_body_json(serde_json::json!({
+            "summary": {
+                "components": [
+                    {"id": "cmp-1", "name": "Codex", "status_page_id": "page-1"}
+                ],
+                "affected_components": [
+                    {"component_id": "cmp-1", "status": status}
+                ]
+            }
+        }))
+}
+
+#[derive(Clone)]
+struct SequenceResponder {
+    statuses: Vec<&'static str>,
+    calls: Arc<AtomicUsize>,
+}
+
+impl SequenceResponder {
+    fn new(statuses: Vec<&'static str>) -> Self {
+        Self {
+            statuses,
+            calls: Arc::new(AtomicUsize::new(0)),
+        }
+    }
+}
+
+impl Respond for SequenceResponder {
+    fn respond(&self, _request: &Request) -> ResponseTemplate {
+        let call = self.calls.fetch_add(1, Ordering::SeqCst);
+        let idx = usize::try_from(call).unwrap_or(0);
+        let status = self
+            .statuses
+            .get(idx)
+            .copied()
+            .or_else(|| self.statuses.last().copied())
+            .unwrap_or("operational");
+        status_payload(status)
+    }
+}

codex-rs/core/tests/suite/mod.rs

@@ -31,6 +31,7 @@ mod exec;
 mod exec_policy;
 mod fork_conversation;
 mod grep_files;
+mod idle_warning;
 mod items;
 mod json_result;
 mod list_dir;

codex-rs/core/tests/suite/review.rs

@@ -16,10 +16,8 @@ use codex_core::protocol::ReviewFinding;
 use codex_core::protocol::ReviewLineRange;
 use codex_core::protocol::ReviewOutputEvent;
 use codex_core::protocol::ReviewRequest;
-use codex_core::protocol::ReviewTarget;
 use codex_core::protocol::RolloutItem;
 use codex_core::protocol::RolloutLine;
-use codex_core::review_format::render_review_output_text;
 use codex_protocol::user_input::UserInput;
 use core_test_support::load_default_config_for_test;
 use core_test_support::load_sse_fixture_with_id_from_str;
@@ -82,10 +80,9 @@ async fn review_op_emits_lifecycle_and_review_output() {
     codex
         .submit(Op::Review {
             review_request: ReviewRequest {
-                target: ReviewTarget::Custom {
-                    instructions: "Please review my changes".to_string(),
-                },
-                user_facing_hint: None,
+                prompt: "Please review my changes".to_string(),
+                user_facing_hint: "my changes".to_string(),
+                append_to_original_thread: true,
             },
         })
         .await
@@ -127,36 +124,22 @@ async fn review_op_emits_lifecycle_and_review_output() {
 
     let mut saw_header = false;
     let mut saw_finding_line = false;
-    let expected_assistant_text = render_review_output_text(&expected);
-    let mut saw_assistant_plain = false;
-    let mut saw_assistant_xml = false;
     for line in text.lines() {
         if line.trim().is_empty() {
             continue;
         }
         let v: serde_json::Value = serde_json::from_str(line).expect("jsonl line");
         let rl: RolloutLine = serde_json::from_value(v).expect("rollout line");
-        if let RolloutItem::ResponseItem(ResponseItem::Message { role, content, .. }) = rl.item {
-            if role == "user" {
-                for c in content {
-                    if let ContentItem::InputText { text } = c {
-                        if text.contains("full review output from reviewer model") {
-                            saw_header = true;
-                        }
-                        if text.contains("- Prefer Stylize helpers — /tmp/file.rs:10-20") {
-                            saw_finding_line = true;
-                        }
+        if let RolloutItem::ResponseItem(ResponseItem::Message { role, content, .. }) = rl.item
+            && role == "user"
+        {
+            for c in content {
+                if let ContentItem::InputText { text } = c {
+                    if text.contains("full review output from reviewer model") {
+                        saw_header = true;
                     }
-                }
-            } else if role == "assistant" {
-                for c in content {
-                    if let ContentItem::OutputText { text } = c {
-                        if text.contains("<user_action>") {
-                            saw_assistant_xml = true;
-                        }
-                        if text == expected_assistant_text {
-                            saw_assistant_plain = true;
-                        }
+                    if text.contains("- Prefer Stylize helpers — /tmp/file.rs:10-20") {
+                        saw_finding_line = true;
                     }
                 }
             }
@@ -167,14 +150,6 @@ async fn review_op_emits_lifecycle_and_review_output() {
         saw_finding_line,
         "formatted finding line missing from rollout"
     );
-    assert!(
-        saw_assistant_plain,
-        "assistant review output missing from rollout"
-    );
-    assert!(
-        !saw_assistant_xml,
-        "assistant review output contains user_action markup"
-    );
 
     server.verify().await;
 }
@@ -202,10 +177,9 @@ async fn review_op_with_plain_text_emits_review_fallback() {
     codex
         .submit(Op::Review {
             review_request: ReviewRequest {
-                target: ReviewTarget::Custom {
-                    instructions: "Plain text review".to_string(),
-                },
-                user_facing_hint: None,
+                prompt: "Plain text review".to_string(),
+                user_facing_hint: "plain text review".to_string(),
+                append_to_original_thread: true,
             },
         })
         .await
@@ -262,10 +236,9 @@ async fn review_filters_agent_message_related_events() {
     codex
         .submit(Op::Review {
             review_request: ReviewRequest {
-                target: ReviewTarget::Custom {
-                    instructions: "Filter streaming events".to_string(),
-                },
-                user_facing_hint: None,
+                prompt: "Filter streaming events".to_string(),
+                user_facing_hint: "Filter streaming events".to_string(),
+                append_to_original_thread: true,
             },
         })
         .await
@@ -274,7 +247,7 @@ async fn review_filters_agent_message_related_events() {
     let mut saw_entered = false;
     let mut saw_exited = false;
 
-    // Drain until TaskComplete; assert streaming-related events never surface.
+    // Drain until TaskComplete; assert filtered events never surface.
     wait_for_event(&codex, |event| match event {
         EventMsg::TaskComplete(_) => true,
         EventMsg::EnteredReviewMode(_) => {
@@ -292,6 +265,12 @@ async fn review_filters_agent_message_related_events() {
         EventMsg::AgentMessageDelta(_) => {
             panic!("unexpected AgentMessageDelta surfaced during review")
         }
+        EventMsg::ItemCompleted(ev) => match &ev.item {
+            codex_protocol::items::TurnItem::AgentMessage(_) => {
+                panic!("unexpected ItemCompleted for TurnItem::AgentMessage surfaced during review")
+            }
+            _ => false,
+        },
         _ => false,
     })
     .await;
@@ -300,9 +279,8 @@ async fn review_filters_agent_message_related_events() {
     server.verify().await;
 }
 
-/// When the model returns structured JSON in a review, ensure only a single
-/// non-streaming AgentMessage is emitted; the UI consumes the structured
-/// result via ExitedReviewMode plus a final assistant message.
+/// When the model returns structured JSON in a review, ensure no AgentMessage
+/// is emitted; the UI consumes the structured result via ExitedReviewMode.
 // Windows CI only: bump to 4 workers to prevent SSE/event starvation and test timeouts.
 #[cfg_attr(windows, tokio::test(flavor = "multi_thread", worker_threads = 4))]
 #[cfg_attr(not(windows), tokio::test(flavor = "multi_thread", worker_threads = 2))]
@@ -343,25 +321,21 @@ async fn review_does_not_emit_agent_message_on_structured_output() {
     codex
         .submit(Op::Review {
             review_request: ReviewRequest {
-                target: ReviewTarget::Custom {
-                    instructions: "check structured".to_string(),
-                },
-                user_facing_hint: None,
+                prompt: "check structured".to_string(),
+                user_facing_hint: "check structured".to_string(),
+                append_to_original_thread: true,
             },
         })
         .await
         .unwrap();
 
-    // Drain events until TaskComplete; ensure we only see a final
-    // AgentMessage (no streaming assistant messages).
+    // Drain events until TaskComplete; ensure none are AgentMessage.
     let mut saw_entered = false;
     let mut saw_exited = false;
-    let mut agent_messages = 0;
     wait_for_event(&codex, |event| match event {
         EventMsg::TaskComplete(_) => true,
         EventMsg::AgentMessage(_) => {
-            agent_messages += 1;
-            false
+            panic!("unexpected AgentMessage during review with structured output")
         }
         EventMsg::EnteredReviewMode(_) => {
             saw_entered = true;
@@ -374,7 +348,6 @@ async fn review_does_not_emit_agent_message_on_structured_output() {
         _ => false,
     })
     .await;
-    assert_eq!(1, agent_messages, "expected exactly one AgentMessage event");
     assert!(saw_entered && saw_exited, "missing review lifecycle events");
 
     server.verify().await;
@@ -402,10 +375,9 @@ async fn review_uses_custom_review_model_from_config() {
     codex
         .submit(Op::Review {
             review_request: ReviewRequest {
-                target: ReviewTarget::Custom {
-                    instructions: "use custom model".to_string(),
-                },
-                user_facing_hint: None,
+                prompt: "use custom model".to_string(),
+                user_facing_hint: "use custom model".to_string(),
+                append_to_original_thread: true,
             },
         })
         .await
@@ -521,10 +493,9 @@ async fn review_input_isolated_from_parent_history() {
     codex
         .submit(Op::Review {
             review_request: ReviewRequest {
-                target: ReviewTarget::Custom {
-                    instructions: review_prompt.clone(),
-                },
-                user_facing_hint: None,
+                prompt: review_prompt.clone(),
+                user_facing_hint: review_prompt.clone(),
+                append_to_original_thread: true,
             },
         })
         .await
@@ -612,10 +583,11 @@ async fn review_input_isolated_from_parent_history() {
     server.verify().await;
 }
 
-/// After a review thread finishes, its conversation should be visible in the
-/// parent session so later turns can reference the results.
+/// After a review thread finishes, its conversation should not leak into the
+/// parent session. A subsequent parent turn must not include any review
+/// messages in its request `input`.
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn review_history_surfaces_in_parent_session() {
+async fn review_history_does_not_leak_into_parent_session() {
     skip_if_no_network!();
 
     // Respond to both the review request and the subsequent parent request.
@@ -634,10 +606,9 @@ async fn review_history_surfaces_in_parent_session() {
     codex
         .submit(Op::Review {
             review_request: ReviewRequest {
-                target: ReviewTarget::Custom {
-                    instructions: "Start a review".to_string(),
-                },
-                user_facing_hint: None,
+                prompt: "Start a review".to_string(),
+                user_facing_hint: "Start a review".to_string(),
+                append_to_original_thread: true,
             },
         })
         .await
@@ -680,26 +651,20 @@ async fn review_history_surfaces_in_parent_session() {
     let last_text = last["content"][0]["text"].as_str().unwrap();
     assert_eq!(last_text, followup);
 
-    // Ensure review-thread content is present for downstream turns.
-    let contains_review_rollout_user = input.iter().any(|msg| {
-        msg["content"][0]["text"]
-            .as_str()
-            .unwrap_or_default()
-            .contains("User initiated a review task.")
-    });
+    // Ensure no review-thread content leaked into the parent request
+    let contains_review_prompt = input
+        .iter()
+        .any(|msg| msg["content"][0]["text"].as_str().unwrap_or_default() == "Start a review");
     let contains_review_assistant = input.iter().any(|msg| {
-        msg["content"][0]["text"]
-            .as_str()
-            .unwrap_or_default()
-            .contains("review assistant output")
+        msg["content"][0]["text"].as_str().unwrap_or_default() == "review assistant output"
     });
     assert!(
-        contains_review_rollout_user,
-        "review rollout user message missing from parent turn input"
+        !contains_review_prompt,
+        "review prompt leaked into parent turn input"
     );
     assert!(
-        contains_review_assistant,
-        "review assistant output missing from parent turn input"
+        !contains_review_assistant,
+        "review assistant output leaked into parent turn input"
     );
 
     server.verify().await;

codex-rs/core/tests/suite/unified_exec.rs

@@ -1,7 +1,5 @@
 #![cfg(not(target_os = "windows"))]
 use std::collections::HashMap;
-use std::ffi::OsStr;
-use std::fs;
 use std::sync::OnceLock;
 
 use anyhow::Context;
@@ -25,7 +23,6 @@ use core_test_support::responses::start_mock_server;
 use core_test_support::skip_if_no_network;
 use core_test_support::skip_if_sandbox;
 use core_test_support::test_codex::TestCodex;
-use core_test_support::test_codex::TestCodexHarness;
 use core_test_support::test_codex::test_codex;
 use core_test_support::wait_for_event;
 use core_test_support::wait_for_event_match;
@@ -151,130 +148,6 @@ fn collect_tool_outputs(bodies: &[Value]) -> Result<HashMap<String, ParsedUnifie
     Ok(outputs)
 }
 
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn unified_exec_intercepts_apply_patch_exec_command() -> Result<()> {
-    skip_if_no_network!(Ok(()));
-    skip_if_sandbox!(Ok(()));
-
-    let builder = test_codex().with_config(|config| {
-        config.include_apply_patch_tool = true;
-        config.use_experimental_unified_exec_tool = true;
-        config.features.enable(Feature::UnifiedExec);
-    });
-    let harness = TestCodexHarness::with_builder(builder).await?;
-
-    let patch =
-        "*** Begin Patch\n*** Add File: uexec_apply.txt\n+hello from unified exec\n*** End Patch";
-    let command = format!("apply_patch <<'EOF'\n{patch}\nEOF\n");
-    let call_id = "uexec-apply-patch";
-    let args = json!({
-        "cmd": command,
-        "yield_time_ms": 250,
-    });
-
-    let responses = vec![
-        sse(vec![
-            ev_response_created("resp-1"),
-            ev_function_call(call_id, "exec_command", &serde_json::to_string(&args)?),
-            ev_completed("resp-1"),
-        ]),
-        sse(vec![
-            ev_response_created("resp-2"),
-            ev_assistant_message("msg-1", "done"),
-            ev_completed("resp-2"),
-        ]),
-    ];
-    mount_sse_sequence(harness.server(), responses).await;
-
-    let test = harness.test();
-    let codex = test.codex.clone();
-    let cwd = test.cwd_path().to_path_buf();
-    let session_model = test.session_configured.model.clone();
-
-    codex
-        .submit(Op::UserTurn {
-            items: vec![UserInput::Text {
-                text: "apply patch via unified exec".into(),
-            }],
-            final_output_json_schema: None,
-            cwd,
-            approval_policy: AskForApproval::Never,
-            sandbox_policy: SandboxPolicy::DangerFullAccess,
-            model: session_model,
-            effort: None,
-            summary: ReasoningSummary::Auto,
-        })
-        .await?;
-
-    let mut saw_patch_begin = false;
-    let mut patch_end = None;
-    let mut saw_exec_begin = false;
-    let mut saw_exec_end = false;
-    wait_for_event(&codex, |event| match event {
-        EventMsg::PatchApplyBegin(begin) if begin.call_id == call_id => {
-            saw_patch_begin = true;
-            assert!(
-                begin
-                    .changes
-                    .keys()
-                    .any(|path| path.file_name() == Some(OsStr::new("uexec_apply.txt"))),
-                "expected apply_patch changes to target uexec_apply.txt",
-            );
-            false
-        }
-        EventMsg::PatchApplyEnd(end) if end.call_id == call_id => {
-            patch_end = Some(end.clone());
-            false
-        }
-        EventMsg::ExecCommandBegin(event) if event.call_id == call_id => {
-            saw_exec_begin = true;
-            false
-        }
-        EventMsg::ExecCommandEnd(event) if event.call_id == call_id => {
-            saw_exec_end = true;
-            false
-        }
-        EventMsg::TaskComplete(_) => true,
-        _ => false,
-    })
-    .await;
-
-    assert!(
-        saw_patch_begin,
-        "expected apply_patch to emit PatchApplyBegin"
-    );
-    let patch_end = patch_end.expect("expected apply_patch to emit PatchApplyEnd");
-    assert!(
-        patch_end.success,
-        "expected apply_patch to finish successfully: stdout={:?} stderr={:?}",
-        patch_end.stdout, patch_end.stderr,
-    );
-    assert!(
-        !saw_exec_begin,
-        "apply_patch should be intercepted before exec_command begin"
-    );
-    assert!(
-        !saw_exec_end,
-        "apply_patch should not emit exec_command end events"
-    );
-
-    let output = harness.function_call_stdout(call_id).await;
-    assert!(
-        output.contains("Success. Updated the following files:"),
-        "expected apply_patch output, got: {output:?}"
-    );
-    assert!(
-        output.contains("A uexec_apply.txt"),
-        "expected apply_patch file summary, got: {output:?}"
-    );
-    assert_eq!(
-        fs::read_to_string(harness.path("uexec_apply.txt"))?,
-        "hello from unified exec\n"
-    );
-
-    Ok(())
-}
-
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn unified_exec_emits_exec_command_begin_event() -> Result<()> {
     skip_if_no_network!(Ok(()));
@@ -351,82 +224,6 @@ async fn unified_exec_emits_exec_command_begin_event() -> Result<()> {
     Ok(())
 }
 
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn unified_exec_resolves_relative_workdir() -> Result<()> {
-    skip_if_no_network!(Ok(()));
-    skip_if_sandbox!(Ok(()));
-
-    let server = start_mock_server().await;
-
-    let mut builder = test_codex().with_model("gpt-5").with_config(|config| {
-        config.use_experimental_unified_exec_tool = true;
-        config.features.enable(Feature::UnifiedExec);
-    });
-    let TestCodex {
-        codex,
-        cwd,
-        session_configured,
-        ..
-    } = builder.build(&server).await?;
-
-    let workdir_rel = std::path::PathBuf::from("uexec_relative_workdir");
-    std::fs::create_dir_all(cwd.path().join(&workdir_rel))?;
-
-    let call_id = "uexec-workdir-relative";
-    let args = json!({
-        "cmd": "pwd",
-        "yield_time_ms": 250,
-        "workdir": workdir_rel.to_string_lossy().to_string(),
-    });
-
-    let responses = vec![
-        sse(vec![
-            ev_response_created("resp-1"),
-            ev_function_call(call_id, "exec_command", &serde_json::to_string(&args)?),
-            ev_completed("resp-1"),
-        ]),
-        sse(vec![
-            ev_response_created("resp-2"),
-            ev_assistant_message("msg-1", "finished"),
-            ev_completed("resp-2"),
-        ]),
-    ];
-    mount_sse_sequence(&server, responses).await;
-
-    let session_model = session_configured.model.clone();
-
-    codex
-        .submit(Op::UserTurn {
-            items: vec![UserInput::Text {
-                text: "run relative workdir test".into(),
-            }],
-            final_output_json_schema: None,
-            cwd: cwd.path().to_path_buf(),
-            approval_policy: AskForApproval::Never,
-            sandbox_policy: SandboxPolicy::DangerFullAccess,
-            model: session_model,
-            effort: None,
-            summary: ReasoningSummary::Auto,
-        })
-        .await?;
-
-    let begin_event = wait_for_event_match(&codex, |msg| match msg {
-        EventMsg::ExecCommandBegin(event) if event.call_id == call_id => Some(event.clone()),
-        _ => None,
-    })
-    .await;
-
-    assert_eq!(
-        begin_event.cwd,
-        cwd.path().join(workdir_rel),
-        "exec_command cwd should resolve relative workdir against turn cwd",
-    );
-
-    wait_for_event(&codex, |event| matches!(event, EventMsg::TaskComplete(_))).await;
-
-    Ok(())
-}
-
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 #[ignore = "flaky"]
 async fn unified_exec_respects_workdir_override() -> Result<()> {

codex-rs/default.nix

@@ -22,7 +22,6 @@ rustPlatform.buildRustPackage (_: {
   cargoLock.outputHashes = {
     "ratatui-0.29.0" = "sha256-HBvT5c8GsiCxMffNjJGLmHnvG77A6cqEL+1ARurBXho=";
     "crossterm-0.28.1" = "sha256-6qCtfSMuXACKFb9ATID39XyFDIEMFDmbx6SSmNe+728=";
-    "rmcp-0.9.0" = "sha256-0iPrpf0Ha/facO3p5e0hUKHBqGp/iS+C+OdS+pRKMOU=";
   };
 
   meta = with lib; {

codex-rs/exec-server/src/posix.rs

@@ -78,7 +78,6 @@ mod stopwatch;
 const CODEX_EXECVE_WRAPPER_EXE_NAME: &str = "codex-execve-wrapper";
 
 #[derive(Parser)]
-#[clap(version)]
 struct McpServerCli {
     /// Executable to delegate execve(2) calls to in Bash.
     #[arg(long = "execve")]

codex-rs/exec/src/cli.rs

@@ -91,9 +91,6 @@ pub struct Cli {
 pub enum Command {
     /// Resume a previous session by id or pick the most recent with --last.
     Resume(ResumeArgs),
-
-    /// Run a code review against the current repository.
-    Review(ReviewArgs),
 }
 
 #[derive(Parser, Debug)]
@@ -112,41 +109,6 @@ pub struct ResumeArgs {
     pub prompt: Option<String>,
 }
 
-#[derive(Parser, Debug)]
-pub struct ReviewArgs {
-    /// Review staged, unstaged, and untracked changes.
-    #[arg(
-        long = "uncommitted",
-        default_value_t = false,
-        conflicts_with_all = ["base", "commit", "prompt"]
-    )]
-    pub uncommitted: bool,
-
-    /// Review changes against the given base branch.
-    #[arg(
-        long = "base",
-        value_name = "BRANCH",
-        conflicts_with_all = ["uncommitted", "commit", "prompt"]
-    )]
-    pub base: Option<String>,
-
-    /// Review the changes introduced by a commit.
-    #[arg(
-        long = "commit",
-        value_name = "SHA",
-        conflicts_with_all = ["uncommitted", "base", "prompt"]
-    )]
-    pub commit: Option<String>,
-
-    /// Optional commit title to display in the review summary.
-    #[arg(long = "title", value_name = "TITLE", requires = "commit")]
-    pub commit_title: Option<String>,
-
-    /// Custom review instructions. If `-` is used, read from stdin.
-    #[arg(value_name = "PROMPT", value_hint = clap::ValueHint::Other)]
-    pub prompt: Option<String>,
-}
-
 #[derive(Debug, Clone, Copy, Default, PartialEq, Eq, ValueEnum)]
 #[value(rename_all = "kebab-case")]
 pub enum Color {

codex-rs/exec/src/lib.rs

@@ -11,8 +11,6 @@ pub mod event_processor_with_jsonl_output;
 pub mod exec_events;
 
 pub use cli::Cli;
-pub use cli::Command;
-pub use cli::ReviewArgs;
 use codex_common::oss::ensure_oss_provider_ready;
 use codex_common::oss::get_default_model_for_oss_provider;
 use codex_core::AuthManager;
@@ -31,8 +29,6 @@ use codex_core::protocol::AskForApproval;
 use codex_core::protocol::Event;
 use codex_core::protocol::EventMsg;
 use codex_core::protocol::Op;
-use codex_core::protocol::ReviewRequest;
-use codex_core::protocol::ReviewTarget;
 use codex_core::protocol::SessionSource;
 use codex_protocol::approvals::ElicitationAction;
 use codex_protocol::config_types::SandboxMode;
@@ -57,16 +53,6 @@ use crate::event_processor::EventProcessor;
 use codex_core::default_client::set_default_originator;
 use codex_core::find_conversation_path_by_id_str;
 
-enum InitialOperation {
-    UserTurn {
-        items: Vec<UserInput>,
-        output_schema: Option<Value>,
-    },
-    Review {
-        review_request: ReviewRequest,
-    },
-}
-
 pub async fn run_main(cli: Cli, codex_linux_sandbox_exe: Option<PathBuf>) -> anyhow::Result<()> {
     if let Err(err) = set_default_originator("codex_exec".to_string()) {
         tracing::warn!(?err, "Failed to set codex exec originator override {err:?}");
@@ -93,6 +79,64 @@ pub async fn run_main(cli: Cli, codex_linux_sandbox_exe: Option<PathBuf>) -> any
         config_overrides,
     } = cli;
 
+    // Determine the prompt source (parent or subcommand) and read from stdin if needed.
+    let prompt_arg = match &command {
+        // Allow prompt before the subcommand by falling back to the parent-level prompt
+        // when the Resume subcommand did not provide its own prompt.
+        Some(ExecCommand::Resume(args)) => {
+            let resume_prompt = args
+                .prompt
+                .clone()
+                // When using `resume --last <PROMPT>`, clap still parses the first positional
+                // as `session_id`. Reinterpret it as the prompt so the flag works with JSON mode.
+                .or_else(|| {
+                    if args.last {
+                        args.session_id.clone()
+                    } else {
+                        None
+                    }
+                });
+            resume_prompt.or(prompt)
+        }
+        None => prompt,
+    };
+
+    let prompt = match prompt_arg {
+        Some(p) if p != "-" => p,
+        // Either `-` was passed or no positional arg.
+        maybe_dash => {
+            // When no arg (None) **and** stdin is a TTY, bail out early – unless the
+            // user explicitly forced reading via `-`.
+            let force_stdin = matches!(maybe_dash.as_deref(), Some("-"));
+
+            if std::io::stdin().is_terminal() && !force_stdin {
+                eprintln!(
+                    "No prompt provided. Either specify one as an argument or pipe the prompt into stdin."
+                );
+                std::process::exit(1);
+            }
+
+            // Ensure the user knows we are waiting on stdin, as they may
+            // have gotten into this state by mistake. If so, and they are not
+            // writing to stdin, Codex will hang indefinitely, so this should
+            // help them debug in that case.
+            if !force_stdin {
+                eprintln!("Reading prompt from stdin...");
+            }
+            let mut buffer = String::new();
+            if let Err(e) = std::io::stdin().read_to_string(&mut buffer) {
+                eprintln!("Failed to read prompt from stdin: {e}");
+                std::process::exit(1);
+            } else if buffer.trim().is_empty() {
+                eprintln!("No prompt provided via stdin.");
+                std::process::exit(1);
+            }
+            buffer
+        }
+    };
+
+    let output_schema = load_output_schema(output_schema_path);
+
     let (stdout_with_ansi, stderr_with_ansi) = match color {
         cli::Color::Always => (true, true),
         cli::Color::Never => (false, false),
@@ -285,8 +329,8 @@ pub async fn run_main(cli: Cli, codex_linux_sandbox_exe: Option<PathBuf>) -> any
         conversation_id: _,
         conversation,
         session_configured,
-    } = if let Some(ExecCommand::Resume(args)) = command.as_ref() {
-        let resume_path = resolve_resume_path(&config, args).await?;
+    } = if let Some(ExecCommand::Resume(args)) = command {
+        let resume_path = resolve_resume_path(&config, &args).await?;
 
         if let Some(path) = resume_path {
             conversation_manager
@@ -302,64 +346,9 @@ pub async fn run_main(cli: Cli, codex_linux_sandbox_exe: Option<PathBuf>) -> any
             .new_conversation(config.clone())
             .await?
     };
-    let (initial_operation, prompt_summary) = match (command, prompt, images) {
-        (Some(ExecCommand::Review(review_cli)), _, _) => {
-            let review_request = build_review_request(review_cli)?;
-            let summary = codex_core::review_prompts::user_facing_hint(&review_request.target);
-            (InitialOperation::Review { review_request }, summary)
-        }
-        (Some(ExecCommand::Resume(args)), root_prompt, imgs) => {
-            let prompt_arg = args
-                .prompt
-                .clone()
-                .or_else(|| {
-                    if args.last {
-                        args.session_id.clone()
-                    } else {
-                        None
-                    }
-                })
-                .or(root_prompt);
-            let prompt_text = resolve_prompt(prompt_arg);
-            let mut items: Vec<UserInput> = imgs
-                .into_iter()
-                .map(|path| UserInput::LocalImage { path })
-                .collect();
-            items.push(UserInput::Text {
-                text: prompt_text.clone(),
-            });
-            let output_schema = load_output_schema(output_schema_path.clone());
-            (
-                InitialOperation::UserTurn {
-                    items,
-                    output_schema,
-                },
-                prompt_text,
-            )
-        }
-        (None, root_prompt, imgs) => {
-            let prompt_text = resolve_prompt(root_prompt);
-            let mut items: Vec<UserInput> = imgs
-                .into_iter()
-                .map(|path| UserInput::LocalImage { path })
-                .collect();
-            items.push(UserInput::Text {
-                text: prompt_text.clone(),
-            });
-            let output_schema = load_output_schema(output_schema_path);
-            (
-                InitialOperation::UserTurn {
-                    items,
-                    output_schema,
-                },
-                prompt_text,
-            )
-        }
-    };
-
-    // Print the effective configuration and initial request so users can see what Codex
+    // Print the effective configuration and prompt so users can see what Codex
     // is using.
-    event_processor.print_config_summary(&config, &prompt_summary, &session_configured);
+    event_processor.print_config_summary(&config, &prompt, &session_configured);
 
     info!("Codex initialized with event: {session_configured:?}");
 
@@ -402,32 +391,25 @@ pub async fn run_main(cli: Cli, codex_linux_sandbox_exe: Option<PathBuf>) -> any
         });
     }
 
-    match initial_operation {
-        InitialOperation::UserTurn {
+    // Package images and prompt into a single user input turn.
+    let mut items: Vec<UserInput> = images
+        .into_iter()
+        .map(|path| UserInput::LocalImage { path })
+        .collect();
+    items.push(UserInput::Text { text: prompt });
+    let initial_prompt_task_id = conversation
+        .submit(Op::UserTurn {
             items,
-            output_schema,
-        } => {
-            let task_id = conversation
-                .submit(Op::UserTurn {
-                    items,
-                    cwd: default_cwd,
-                    approval_policy: default_approval_policy,
-                    sandbox_policy: default_sandbox_policy,
-                    model: default_model,
-                    effort: default_effort,
-                    summary: default_summary,
-                    final_output_json_schema: output_schema,
-                })
-                .await?;
-            info!("Sent prompt with event ID: {task_id}");
-            task_id
-        }
-        InitialOperation::Review { review_request } => {
-            let task_id = conversation.submit(Op::Review { review_request }).await?;
-            info!("Sent review request with event ID: {task_id}");
-            task_id
-        }
-    };
+            cwd: default_cwd,
+            approval_policy: default_approval_policy,
+            sandbox_policy: default_sandbox_policy,
+            model: default_model,
+            effort: default_effort,
+            summary: default_summary,
+            final_output_json_schema: output_schema,
+        })
+        .await?;
+    info!("Sent prompt with event ID: {initial_prompt_task_id}");
 
     // Run the loop until the task is complete.
     // Track whether a fatal error was reported by the server so we can
@@ -521,130 +503,3 @@ fn load_output_schema(path: Option<PathBuf>) -> Option<Value> {
         }
     }
 }
-
-fn resolve_prompt(prompt_arg: Option<String>) -> String {
-    match prompt_arg {
-        Some(p) if p != "-" => p,
-        maybe_dash => {
-            let force_stdin = matches!(maybe_dash.as_deref(), Some("-"));
-
-            if std::io::stdin().is_terminal() && !force_stdin {
-                eprintln!(
-                    "No prompt provided. Either specify one as an argument or pipe the prompt into stdin."
-                );
-                std::process::exit(1);
-            }
-
-            if !force_stdin {
-                eprintln!("Reading prompt from stdin...");
-            }
-            let mut buffer = String::new();
-            if let Err(e) = std::io::stdin().read_to_string(&mut buffer) {
-                eprintln!("Failed to read prompt from stdin: {e}");
-                std::process::exit(1);
-            } else if buffer.trim().is_empty() {
-                eprintln!("No prompt provided via stdin.");
-                std::process::exit(1);
-            }
-            buffer
-        }
-    }
-}
-
-fn build_review_request(args: ReviewArgs) -> anyhow::Result<ReviewRequest> {
-    let target = if args.uncommitted {
-        ReviewTarget::UncommittedChanges
-    } else if let Some(branch) = args.base {
-        ReviewTarget::BaseBranch { branch }
-    } else if let Some(sha) = args.commit {
-        ReviewTarget::Commit {
-            sha,
-            title: args.commit_title,
-        }
-    } else if let Some(prompt_arg) = args.prompt {
-        let prompt = resolve_prompt(Some(prompt_arg)).trim().to_string();
-        if prompt.is_empty() {
-            anyhow::bail!("Review prompt cannot be empty");
-        }
-        ReviewTarget::Custom {
-            instructions: prompt,
-        }
-    } else {
-        anyhow::bail!(
-            "Specify --uncommitted, --base, --commit, or provide custom review instructions"
-        );
-    };
-
-    Ok(ReviewRequest {
-        target,
-        user_facing_hint: None,
-    })
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use pretty_assertions::assert_eq;
-
-    #[test]
-    fn builds_uncommitted_review_request() {
-        let request = build_review_request(ReviewArgs {
-            uncommitted: true,
-            base: None,
-            commit: None,
-            commit_title: None,
-            prompt: None,
-        })
-        .expect("builds uncommitted review request");
-
-        let expected = ReviewRequest {
-            target: ReviewTarget::UncommittedChanges,
-            user_facing_hint: None,
-        };
-
-        assert_eq!(request, expected);
-    }
-
-    #[test]
-    fn builds_commit_review_request_with_title() {
-        let request = build_review_request(ReviewArgs {
-            uncommitted: false,
-            base: None,
-            commit: Some("123456789".to_string()),
-            commit_title: Some("Add review command".to_string()),
-            prompt: None,
-        })
-        .expect("builds commit review request");
-
-        let expected = ReviewRequest {
-            target: ReviewTarget::Commit {
-                sha: "123456789".to_string(),
-                title: Some("Add review command".to_string()),
-            },
-            user_facing_hint: None,
-        };
-
-        assert_eq!(request, expected);
-    }
-
-    #[test]
-    fn builds_custom_review_request_trims_prompt() {
-        let request = build_review_request(ReviewArgs {
-            uncommitted: false,
-            base: None,
-            commit: None,
-            commit_title: None,
-            prompt: Some("  custom review instructions  ".to_string()),
-        })
-        .expect("builds custom review request");
-
-        let expected = ReviewRequest {
-            target: ReviewTarget::Custom {
-                instructions: "custom review instructions".to_string(),
-            },
-            user_facing_hint: None,
-        };
-
-        assert_eq!(request, expected);
-    }
-}

codex-rs/execpolicy/Cargo.toml

@@ -28,4 +28,3 @@ thiserror = { workspace = true }
 
 [dev-dependencies]
 pretty_assertions = { workspace = true }
-tempfile = { workspace = true }

codex-rs/execpolicy/README.md

@@ -30,24 +30,32 @@ codex execpolicy check --policy path/to/policy.codexpolicy git status
 cargo run -p codex-execpolicy -- check --policy path/to/policy.codexpolicy git status
 ```
 - Example outcomes:
-  - Match: `{"matchedRules":[{...}],"decision":"allow"}`
-  - No match: `{"matchedRules":[]}`
+  - Match: `{"match": { ... "decision": "allow" ... }}`
+  - No match: `{"noMatch": {}}`
 
-## Response shape
+## Response shapes
+- Match:
 ```json
 {
-  "matchedRules": [
-    {
-      "prefixRuleMatch": {
-        "matchedPrefix": ["<token>", "..."],
-        "decision": "allow|prompt|forbidden"
+  "match": {
+    "decision": "allow|prompt|forbidden",
+    "matchedRules": [
+      {
+        "prefixRuleMatch": {
+          "matchedPrefix": ["<token>", "..."],
+          "decision": "allow|prompt|forbidden"
+        }
       }
-    }
-  ],
-  "decision": "allow|prompt|forbidden"
+    ]
+  }
 }
 ```
-- When no rules match, `matchedRules` is an empty array and `decision` is omitted.
+
+- No match:
+```json
+{"noMatch": {}}
+```
+
 - `matchedRules` lists every rule whose prefix matched the command; `matchedPrefix` is the exact prefix that matched.
 - The effective `decision` is the strictest severity across all matches (`forbidden` > `prompt` > `allow`).
 

codex-rs/execpolicy/src/amend.rs

@@ -1,226 +0,0 @@
-use std::fs::OpenOptions;
-use std::io::Read;
-use std::io::Seek;
-use std::io::SeekFrom;
-use std::io::Write;
-use std::path::Path;
-use std::path::PathBuf;
-
-use serde_json;
-use thiserror::Error;
-
-#[derive(Debug, Error)]
-pub enum AmendError {
-    #[error("prefix rule requires at least one token")]
-    EmptyPrefix,
-    #[error("policy path has no parent: {path}")]
-    MissingParent { path: PathBuf },
-    #[error("failed to create policy directory {dir}: {source}")]
-    CreatePolicyDir {
-        dir: PathBuf,
-        source: std::io::Error,
-    },
-    #[error("failed to format prefix tokens: {source}")]
-    SerializePrefix { source: serde_json::Error },
-    #[error("failed to open policy file {path}: {source}")]
-    OpenPolicyFile {
-        path: PathBuf,
-        source: std::io::Error,
-    },
-    #[error("failed to write to policy file {path}: {source}")]
-    WritePolicyFile {
-        path: PathBuf,
-        source: std::io::Error,
-    },
-    #[error("failed to lock policy file {path}: {source}")]
-    LockPolicyFile {
-        path: PathBuf,
-        source: std::io::Error,
-    },
-    #[error("failed to seek policy file {path}: {source}")]
-    SeekPolicyFile {
-        path: PathBuf,
-        source: std::io::Error,
-    },
-    #[error("failed to read policy file {path}: {source}")]
-    ReadPolicyFile {
-        path: PathBuf,
-        source: std::io::Error,
-    },
-    #[error("failed to read metadata for policy file {path}: {source}")]
-    PolicyMetadata {
-        path: PathBuf,
-        source: std::io::Error,
-    },
-}
-
-/// Note this thread uses advisory file locking and performs blocking I/O, so it should be used with
-/// [`tokio::task::spawn_blocking`] when called from an async context.
-pub fn blocking_append_allow_prefix_rule(
-    policy_path: &Path,
-    prefix: &[String],
-) -> Result<(), AmendError> {
-    if prefix.is_empty() {
-        return Err(AmendError::EmptyPrefix);
-    }
-
-    let tokens = prefix
-        .iter()
-        .map(serde_json::to_string)
-        .collect::<Result<Vec<_>, _>>()
-        .map_err(|source| AmendError::SerializePrefix { source })?;
-    let pattern = format!("[{}]", tokens.join(", "));
-    let rule = format!(r#"prefix_rule(pattern={pattern}, decision="allow")"#);
-
-    let dir = policy_path
-        .parent()
-        .ok_or_else(|| AmendError::MissingParent {
-            path: policy_path.to_path_buf(),
-        })?;
-    match std::fs::create_dir(dir) {
-        Ok(()) => {}
-        Err(ref source) if source.kind() == std::io::ErrorKind::AlreadyExists => {}
-        Err(source) => {
-            return Err(AmendError::CreatePolicyDir {
-                dir: dir.to_path_buf(),
-                source,
-            });
-        }
-    }
-    append_locked_line(policy_path, &rule)
-}
-
-fn append_locked_line(policy_path: &Path, line: &str) -> Result<(), AmendError> {
-    let mut file = OpenOptions::new()
-        .create(true)
-        .read(true)
-        .append(true)
-        .open(policy_path)
-        .map_err(|source| AmendError::OpenPolicyFile {
-            path: policy_path.to_path_buf(),
-            source,
-        })?;
-    file.lock().map_err(|source| AmendError::LockPolicyFile {
-        path: policy_path.to_path_buf(),
-        source,
-    })?;
-
-    let len = file
-        .metadata()
-        .map_err(|source| AmendError::PolicyMetadata {
-            path: policy_path.to_path_buf(),
-            source,
-        })?
-        .len();
-
-    // Ensure file ends in a newline before appending.
-    if len > 0 {
-        file.seek(SeekFrom::End(-1))
-            .map_err(|source| AmendError::SeekPolicyFile {
-                path: policy_path.to_path_buf(),
-                source,
-            })?;
-        let mut last = [0; 1];
-        file.read_exact(&mut last)
-            .map_err(|source| AmendError::ReadPolicyFile {
-                path: policy_path.to_path_buf(),
-                source,
-            })?;
-
-        if last[0] != b'\n' {
-            file.write_all(b"\n")
-                .map_err(|source| AmendError::WritePolicyFile {
-                    path: policy_path.to_path_buf(),
-                    source,
-                })?;
-        }
-    }
-
-    file.write_all(format!("{line}\n").as_bytes())
-        .map_err(|source| AmendError::WritePolicyFile {
-            path: policy_path.to_path_buf(),
-            source,
-        })?;
-
-    Ok(())
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use pretty_assertions::assert_eq;
-    use tempfile::tempdir;
-
-    #[test]
-    fn appends_rule_and_creates_directories() {
-        let tmp = tempdir().expect("create temp dir");
-        let policy_path = tmp.path().join("policy").join("default.codexpolicy");
-
-        blocking_append_allow_prefix_rule(
-            &policy_path,
-            &[String::from("echo"), String::from("Hello, world!")],
-        )
-        .expect("append rule");
-
-        let contents =
-            std::fs::read_to_string(&policy_path).expect("default.codexpolicy should exist");
-        assert_eq!(
-            contents,
-            r#"prefix_rule(pattern=["echo", "Hello, world!"], decision="allow")
-"#
-        );
-    }
-
-    #[test]
-    fn appends_rule_without_duplicate_newline() {
-        let tmp = tempdir().expect("create temp dir");
-        let policy_path = tmp.path().join("policy").join("default.codexpolicy");
-        std::fs::create_dir_all(policy_path.parent().unwrap()).expect("create policy dir");
-        std::fs::write(
-            &policy_path,
-            r#"prefix_rule(pattern=["ls"], decision="allow")
-"#,
-        )
-        .expect("write seed rule");
-
-        blocking_append_allow_prefix_rule(
-            &policy_path,
-            &[String::from("echo"), String::from("Hello, world!")],
-        )
-        .expect("append rule");
-
-        let contents = std::fs::read_to_string(&policy_path).expect("read policy");
-        assert_eq!(
-            contents,
-            r#"prefix_rule(pattern=["ls"], decision="allow")
-prefix_rule(pattern=["echo", "Hello, world!"], decision="allow")
-"#
-        );
-    }
-
-    #[test]
-    fn inserts_newline_when_missing_before_append() {
-        let tmp = tempdir().expect("create temp dir");
-        let policy_path = tmp.path().join("policy").join("default.codexpolicy");
-        std::fs::create_dir_all(policy_path.parent().unwrap()).expect("create policy dir");
-        std::fs::write(
-            &policy_path,
-            r#"prefix_rule(pattern=["ls"], decision="allow")"#,
-        )
-        .expect("write seed rule without newline");
-
-        blocking_append_allow_prefix_rule(
-            &policy_path,
-            &[String::from("echo"), String::from("Hello, world!")],
-        )
-        .expect("append rule");
-
-        let contents = std::fs::read_to_string(&policy_path).expect("read policy");
-        assert_eq!(
-            contents,
-            r#"prefix_rule(pattern=["ls"], decision="allow")
-prefix_rule(pattern=["echo", "Hello, world!"], decision="allow")
-"#
-        );
-    }
-}

codex-rs/execpolicy/src/execpolicycheck.rs

@@ -4,12 +4,10 @@ use std::path::PathBuf;
 use anyhow::Context;
 use anyhow::Result;
 use clap::Parser;
-use serde::Serialize;
 
-use crate::Decision;
+use crate::Evaluation;
 use crate::Policy;
 use crate::PolicyParser;
-use crate::RuleMatch;
 
 /// Arguments for evaluating a command against one or more execpolicy files.
 #[derive(Debug, Parser, Clone)]
@@ -36,25 +34,20 @@ impl ExecPolicyCheckCommand {
     /// Load the policies for this command, evaluate the command, and render JSON output.
     pub fn run(&self) -> Result<()> {
         let policy = load_policies(&self.policies)?;
-        let matched_rules = policy.matches_for_command(&self.command, None);
+        let evaluation = policy.check(&self.command);
 
-        let json = format_matches_json(&matched_rules, self.pretty)?;
+        let json = format_evaluation_json(&evaluation, self.pretty)?;
         println!("{json}");
 
         Ok(())
     }
 }
 
-pub fn format_matches_json(matched_rules: &[RuleMatch], pretty: bool) -> Result<String> {
-    let output = ExecPolicyCheckOutput {
-        matched_rules,
-        decision: matched_rules.iter().map(RuleMatch::decision).max(),
-    };
-
+pub fn format_evaluation_json(evaluation: &Evaluation, pretty: bool) -> Result<String> {
     if pretty {
-        serde_json::to_string_pretty(&output).map_err(Into::into)
+        serde_json::to_string_pretty(evaluation).map_err(Into::into)
     } else {
-        serde_json::to_string(&output).map_err(Into::into)
+        serde_json::to_string(evaluation).map_err(Into::into)
     }
 }
 
@@ -72,12 +65,3 @@ pub fn load_policies(policy_paths: &[PathBuf]) -> Result<Policy> {
 
     Ok(parser.build())
 }
-
-#[derive(Serialize)]
-#[serde(rename_all = "camelCase")]
-struct ExecPolicyCheckOutput<'a> {
-    #[serde(rename = "matchedRules")]
-    matched_rules: &'a [RuleMatch],
-    #[serde(skip_serializing_if = "Option::is_none")]
-    decision: Option<Decision>,
-}

codex-rs/execpolicy/src/lib.rs

@@ -1,4 +1,3 @@
-pub mod amend;
 pub mod decision;
 pub mod error;
 pub mod execpolicycheck;
@@ -6,8 +5,6 @@ pub mod parser;
 pub mod policy;
 pub mod rule;
 
-pub use amend::AmendError;
-pub use amend::blocking_append_allow_prefix_rule;
 pub use decision::Decision;
 pub use error::Error;
 pub use error::Result;

codex-rs/execpolicy/src/main.rs

@@ -1,63 +1,22 @@
-use std::fs;
-use std::path::PathBuf;
-
-use anyhow::Context;
 use anyhow::Result;
 use clap::Parser;
-use codex_execpolicy::PolicyParser;
-use codex_execpolicy::execpolicycheck::format_matches_json;
+use codex_execpolicy::ExecPolicyCheckCommand;
 
 /// CLI for evaluating exec policies
 #[derive(Parser)]
 #[command(name = "codex-execpolicy")]
 enum Cli {
     /// Evaluate a command against a policy.
-    Check {
-        #[arg(short, long = "policy", value_name = "PATH", required = true)]
-        policies: Vec<PathBuf>,
-
-        /// Pretty-print the JSON output.
-        #[arg(long)]
-        pretty: bool,
-
-        /// Command tokens to check.
-        #[arg(
-            value_name = "COMMAND",
-            required = true,
-            trailing_var_arg = true,
-            allow_hyphen_values = true
-        )]
-        command: Vec<String>,
-    },
+    Check(ExecPolicyCheckCommand),
 }
 
 fn main() -> Result<()> {
     let cli = Cli::parse();
     match cli {
-        Cli::Check {
-            policies,
-            command,
-            pretty,
-        } => cmd_check(policies, command, pretty),
+        Cli::Check(cmd) => cmd_check(cmd),
     }
 }
 
-fn cmd_check(policy_paths: Vec<PathBuf>, args: Vec<String>, pretty: bool) -> Result<()> {
-    let policy = load_policies(&policy_paths)?;
-
-    let matched_rules = policy.matches_for_command(&args, None);
-    let json = format_matches_json(&matched_rules, pretty)?;
-    println!("{json}");
-    Ok(())
-}
-
-fn load_policies(policy_paths: &[PathBuf]) -> Result<codex_execpolicy::Policy> {
-    let mut parser = PolicyParser::new();
-    for policy_path in policy_paths {
-        let policy_file_contents = fs::read_to_string(policy_path)
-            .with_context(|| format!("failed to read policy at {}", policy_path.display()))?;
-        let policy_identifier = policy_path.to_string_lossy().to_string();
-        parser.parse(&policy_identifier, &policy_file_contents)?;
-    }
-    Ok(parser.build())
+fn cmd_check(cmd: ExecPolicyCheckCommand) -> Result<()> {
+    cmd.run()
 }

codex-rs/execpolicy/src/policy.rs

@@ -1,17 +1,9 @@
 use crate::decision::Decision;
-use crate::error::Error;
-use crate::error::Result;
-use crate::rule::PatternToken;
-use crate::rule::PrefixPattern;
-use crate::rule::PrefixRule;
 use crate::rule::RuleMatch;
 use crate::rule::RuleRef;
 use multimap::MultiMap;
 use serde::Deserialize;
 use serde::Serialize;
-use std::sync::Arc;
-
-type HeuristicsFallback<'a> = Option<&'a dyn Fn(&[String]) -> Decision>;
 
 #[derive(Clone, Debug)]
 pub struct Policy {
@@ -31,105 +23,62 @@ impl Policy {
         &self.rules_by_program
     }
 
-    pub fn add_prefix_rule(&mut self, prefix: &[String], decision: Decision) -> Result<()> {
-        let (first_token, rest) = prefix
-            .split_first()
-            .ok_or_else(|| Error::InvalidPattern("prefix cannot be empty".to_string()))?;
-
-        let rule: RuleRef = Arc::new(PrefixRule {
-            pattern: PrefixPattern {
-                first: Arc::from(first_token.as_str()),
-                rest: rest
-                    .iter()
-                    .map(|token| PatternToken::Single(token.clone()))
-                    .collect::<Vec<_>>()
-                    .into(),
+    pub fn check(&self, cmd: &[String]) -> Evaluation {
+        let rules = match cmd.first() {
+            Some(first) => match self.rules_by_program.get_vec(first) {
+                Some(rules) => rules,
+                None => return Evaluation::NoMatch {},
             },
-            decision,
-        });
+            None => return Evaluation::NoMatch {},
+        };
 
-        self.rules_by_program.insert(first_token.clone(), rule);
-        Ok(())
+        let matched_rules: Vec<RuleMatch> =
+            rules.iter().filter_map(|rule| rule.matches(cmd)).collect();
+        match matched_rules.iter().map(RuleMatch::decision).max() {
+            Some(decision) => Evaluation::Match {
+                decision,
+                matched_rules,
+            },
+            None => Evaluation::NoMatch {},
+        }
     }
 
-    pub fn check<F>(&self, cmd: &[String], heuristics_fallback: &F) -> Evaluation
-    where
-        F: Fn(&[String]) -> Decision,
-    {
-        let matched_rules = self.matches_for_command(cmd, Some(heuristics_fallback));
-        Evaluation::from_matches(matched_rules)
-    }
-
-    pub fn check_multiple<Commands, F>(
-        &self,
-        commands: Commands,
-        heuristics_fallback: &F,
-    ) -> Evaluation
+    pub fn check_multiple<Commands>(&self, commands: Commands) -> Evaluation
     where
         Commands: IntoIterator,
         Commands::Item: AsRef<[String]>,
-        F: Fn(&[String]) -> Decision,
     {
         let matched_rules: Vec<RuleMatch> = commands
             .into_iter()
-            .flat_map(|command| {
-                self.matches_for_command(command.as_ref(), Some(heuristics_fallback))
+            .flat_map(|command| match self.check(command.as_ref()) {
+                Evaluation::Match { matched_rules, .. } => matched_rules,
+                Evaluation::NoMatch { .. } => Vec::new(),
             })
             .collect();
 
-        Evaluation::from_matches(matched_rules)
-    }
-
-    pub fn matches_for_command(
-        &self,
-        cmd: &[String],
-        heuristics_fallback: HeuristicsFallback<'_>,
-    ) -> Vec<RuleMatch> {
-        let mut matched_rules: Vec<RuleMatch> = match cmd.first() {
-            Some(first) => self
-                .rules_by_program
-                .get_vec(first)
-                .map(|rules| rules.iter().filter_map(|rule| rule.matches(cmd)).collect())
-                .unwrap_or_default(),
-            None => Vec::new(),
-        };
-
-        if let (true, Some(heuristics_fallback)) = (matched_rules.is_empty(), heuristics_fallback) {
-            matched_rules.push(RuleMatch::HeuristicsRuleMatch {
-                command: cmd.to_vec(),
-                decision: heuristics_fallback(cmd),
-            });
+        match matched_rules.iter().map(RuleMatch::decision).max() {
+            Some(decision) => Evaluation::Match {
+                decision,
+                matched_rules,
+            },
+            None => Evaluation::NoMatch {},
         }
-
-        matched_rules
     }
 }
 
 #[derive(Clone, Debug, Eq, PartialEq, Serialize, Deserialize)]
 #[serde(rename_all = "camelCase")]
-pub struct Evaluation {
-    pub decision: Decision,
-    #[serde(rename = "matchedRules")]
-    pub matched_rules: Vec<RuleMatch>,
+pub enum Evaluation {
+    NoMatch {},
+    Match {
+        decision: Decision,
+        #[serde(rename = "matchedRules")]
+        matched_rules: Vec<RuleMatch>,
+    },
 }
 
 impl Evaluation {
     pub fn is_match(&self) -> bool {
-        self.matched_rules
-            .iter()
-            .any(|rule_match| !matches!(rule_match, RuleMatch::HeuristicsRuleMatch { .. }))
-    }
-
-    fn from_matches(matched_rules: Vec<RuleMatch>) -> Self {
-        let decision = matched_rules
-            .iter()
-            .map(RuleMatch::decision)
-            .max()
-            .unwrap_or(Decision::Allow);
-
-        Self {
-            decision,
-            matched_rules,
-        }
+        matches!(self, Self::Match { .. })
     }
 }

codex-rs/execpolicy/src/rule.rs

@@ -64,17 +64,12 @@ pub enum RuleMatch {
         matched_prefix: Vec<String>,
         decision: Decision,
     },
-    HeuristicsRuleMatch {
-        command: Vec<String>,
-        decision: Decision,
-    },
 }
 
 impl RuleMatch {
     pub fn decision(&self) -> Decision {
         match self {
             Self::PrefixRuleMatch { decision, .. } => *decision,
-            Self::HeuristicsRuleMatch { decision, .. } => *decision,
         }
     }
 }

codex-rs/execpolicy/tests/basic.rs

@@ -1,12 +1,8 @@
 use std::any::Any;
 use std::sync::Arc;
 
-use anyhow::Context;
-use anyhow::Result;
 use codex_execpolicy::Decision;
-use codex_execpolicy::Error;
 use codex_execpolicy::Evaluation;
-use codex_execpolicy::Policy;
 use codex_execpolicy::PolicyParser;
 use codex_execpolicy::RuleMatch;
 use codex_execpolicy::RuleRef;
@@ -19,14 +15,6 @@ fn tokens(cmd: &[&str]) -> Vec<String> {
     cmd.iter().map(std::string::ToString::to_string).collect()
 }
 
-fn allow_all(_: &[String]) -> Decision {
-    Decision::Allow
-}
-
-fn prompt_all(_: &[String]) -> Decision {
-    Decision::Prompt
-}
-
 #[derive(Clone, Debug, Eq, PartialEq)]
 enum RuleSnapshot {
     Prefix(PrefixRule),
@@ -47,19 +35,21 @@ fn rule_snapshots(rules: &[RuleRef]) -> Vec<RuleSnapshot> {
 }
 
 #[test]
-fn basic_match() -> Result<()> {
+fn basic_match() {
     let policy_src = r#"
 prefix_rule(
     pattern = ["git", "status"],
 )
     "#;
     let mut parser = PolicyParser::new();
-    parser.parse("test.codexpolicy", policy_src)?;
+    parser
+        .parse("test.codexpolicy", policy_src)
+        .expect("parse policy");
     let policy = parser.build();
     let cmd = tokens(&["git", "status"]);
-    let evaluation = policy.check(&cmd, &allow_all);
+    let evaluation = policy.check(&cmd);
     assert_eq!(
-        Evaluation {
+        Evaluation::Match {
             decision: Decision::Allow,
             matched_rules: vec![RuleMatch::PrefixRuleMatch {
                 matched_prefix: tokens(&["git", "status"]),
@@ -68,54 +58,10 @@ prefix_rule(
         },
         evaluation
     );
-    Ok(())
 }
 
 #[test]
-fn add_prefix_rule_extends_policy() -> Result<()> {
-    let mut policy = Policy::empty();
-    policy.add_prefix_rule(&tokens(&["ls", "-l"]), Decision::Prompt)?;
-
-    let rules = rule_snapshots(policy.rules().get_vec("ls").context("missing ls rules")?);
-    assert_eq!(
-        vec![RuleSnapshot::Prefix(PrefixRule {
-            pattern: PrefixPattern {
-                first: Arc::from("ls"),
-                rest: vec![PatternToken::Single(String::from("-l"))].into(),
-            },
-            decision: Decision::Prompt,
-        })],
-        rules
-    );
-
-    let evaluation = policy.check(&tokens(&["ls", "-l", "/tmp"]), &allow_all);
-    assert_eq!(
-        Evaluation {
-            decision: Decision::Prompt,
-            matched_rules: vec![RuleMatch::PrefixRuleMatch {
-                matched_prefix: tokens(&["ls", "-l"]),
-                decision: Decision::Prompt,
-            }],
-        },
-        evaluation
-    );
-    Ok(())
-}
-
-#[test]
-fn add_prefix_rule_rejects_empty_prefix() -> Result<()> {
-    let mut policy = Policy::empty();
-    let result = policy.add_prefix_rule(&[], Decision::Allow);
-
-    match result.unwrap_err() {
-        Error::InvalidPattern(message) => assert_eq!(message, "prefix cannot be empty"),
-        other => panic!("expected InvalidPattern(..), got {other:?}"),
-    }
-    Ok(())
-}
-
-#[test]
-fn parses_multiple_policy_files() -> Result<()> {
+fn parses_multiple_policy_files() {
     let first_policy = r#"
 prefix_rule(
     pattern = ["git"],
@@ -129,11 +75,15 @@ prefix_rule(
 )
     "#;
     let mut parser = PolicyParser::new();
-    parser.parse("first.codexpolicy", first_policy)?;
-    parser.parse("second.codexpolicy", second_policy)?;
+    parser
+        .parse("first.codexpolicy", first_policy)
+        .expect("parse policy");
+    parser
+        .parse("second.codexpolicy", second_policy)
+        .expect("parse policy");
     let policy = parser.build();
 
-    let git_rules = rule_snapshots(policy.rules().get_vec("git").context("missing git rules")?);
+    let git_rules = rule_snapshots(policy.rules().get_vec("git").expect("git rules"));
     assert_eq!(
         vec![
             RuleSnapshot::Prefix(PrefixRule {
@@ -154,9 +104,9 @@ prefix_rule(
         git_rules
     );
 
-    let status_eval = policy.check(&tokens(&["git", "status"]), &allow_all);
+    let status_eval = policy.check(&tokens(&["git", "status"]));
     assert_eq!(
-        Evaluation {
+        Evaluation::Match {
             decision: Decision::Prompt,
             matched_rules: vec![RuleMatch::PrefixRuleMatch {
                 matched_prefix: tokens(&["git"]),
@@ -166,9 +116,9 @@ prefix_rule(
         status_eval
     );
 
-    let commit_eval = policy.check(&tokens(&["git", "commit", "-m", "hi"]), &allow_all);
+    let commit_eval = policy.check(&tokens(&["git", "commit", "-m", "hi"]));
     assert_eq!(
-        Evaluation {
+        Evaluation::Match {
             decision: Decision::Forbidden,
             matched_rules: vec![
                 RuleMatch::PrefixRuleMatch {
@@ -183,27 +133,23 @@ prefix_rule(
         },
         commit_eval
     );
-    Ok(())
 }
 
 #[test]
-fn only_first_token_alias_expands_to_multiple_rules() -> Result<()> {
+fn only_first_token_alias_expands_to_multiple_rules() {
     let policy_src = r#"
 prefix_rule(
     pattern = [["bash", "sh"], ["-c", "-l"]],
 )
     "#;
     let mut parser = PolicyParser::new();
-    parser.parse("test.codexpolicy", policy_src)?;
+    parser
+        .parse("test.codexpolicy", policy_src)
+        .expect("parse policy");
     let policy = parser.build();
 
-    let bash_rules = rule_snapshots(
-        policy
-            .rules()
-            .get_vec("bash")
-            .context("missing bash rules")?,
-    );
-    let sh_rules = rule_snapshots(policy.rules().get_vec("sh").context("missing sh rules")?);
+    let bash_rules = rule_snapshots(policy.rules().get_vec("bash").expect("bash rules"));
+    let sh_rules = rule_snapshots(policy.rules().get_vec("sh").expect("sh rules"));
     assert_eq!(
         vec![RuleSnapshot::Prefix(PrefixRule {
             pattern: PrefixPattern {
@@ -225,9 +171,9 @@ prefix_rule(
         sh_rules
     );
 
-    let bash_eval = policy.check(&tokens(&["bash", "-c", "echo", "hi"]), &allow_all);
+    let bash_eval = policy.check(&tokens(&["bash", "-c", "echo", "hi"]));
     assert_eq!(
-        Evaluation {
+        Evaluation::Match {
             decision: Decision::Allow,
             matched_rules: vec![RuleMatch::PrefixRuleMatch {
                 matched_prefix: tokens(&["bash", "-c"]),
@@ -237,9 +183,9 @@ prefix_rule(
         bash_eval
     );
 
-    let sh_eval = policy.check(&tokens(&["sh", "-l", "echo", "hi"]), &allow_all);
+    let sh_eval = policy.check(&tokens(&["sh", "-l", "echo", "hi"]));
     assert_eq!(
-        Evaluation {
+        Evaluation::Match {
             decision: Decision::Allow,
             matched_rules: vec![RuleMatch::PrefixRuleMatch {
                 matched_prefix: tokens(&["sh", "-l"]),
@@ -248,21 +194,22 @@ prefix_rule(
         },
         sh_eval
     );
-    Ok(())
 }
 
 #[test]
-fn tail_aliases_are_not_cartesian_expanded() -> Result<()> {
+fn tail_aliases_are_not_cartesian_expanded() {
     let policy_src = r#"
 prefix_rule(
     pattern = ["npm", ["i", "install"], ["--legacy-peer-deps", "--no-save"]],
 )
     "#;
     let mut parser = PolicyParser::new();
-    parser.parse("test.codexpolicy", policy_src)?;
+    parser
+        .parse("test.codexpolicy", policy_src)
+        .expect("parse policy");
     let policy = parser.build();
 
-    let rules = rule_snapshots(policy.rules().get_vec("npm").context("missing npm rules")?);
+    let rules = rule_snapshots(policy.rules().get_vec("npm").expect("npm rules"));
     assert_eq!(
         vec![RuleSnapshot::Prefix(PrefixRule {
             pattern: PrefixPattern {
@@ -281,9 +228,9 @@ prefix_rule(
         rules
     );
 
-    let npm_i = policy.check(&tokens(&["npm", "i", "--legacy-peer-deps"]), &allow_all);
+    let npm_i = policy.check(&tokens(&["npm", "i", "--legacy-peer-deps"]));
     assert_eq!(
-        Evaluation {
+        Evaluation::Match {
             decision: Decision::Allow,
             matched_rules: vec![RuleMatch::PrefixRuleMatch {
                 matched_prefix: tokens(&["npm", "i", "--legacy-peer-deps"]),
@@ -293,12 +240,9 @@ prefix_rule(
         npm_i
     );
 
-    let npm_install = policy.check(
-        &tokens(&["npm", "install", "--no-save", "leftpad"]),
-        &allow_all,
-    );
+    let npm_install = policy.check(&tokens(&["npm", "install", "--no-save", "leftpad"]));
     assert_eq!(
-        Evaluation {
+        Evaluation::Match {
             decision: Decision::Allow,
             matched_rules: vec![RuleMatch::PrefixRuleMatch {
                 matched_prefix: tokens(&["npm", "install", "--no-save"]),
@@ -307,11 +251,10 @@ prefix_rule(
         },
         npm_install
     );
-    Ok(())
 }
 
 #[test]
-fn match_and_not_match_examples_are_enforced() -> Result<()> {
+fn match_and_not_match_examples_are_enforced() {
     let policy_src = r#"
 prefix_rule(
     pattern = ["git", "status"],
@@ -323,11 +266,13 @@ prefix_rule(
 )
     "#;
     let mut parser = PolicyParser::new();
-    parser.parse("test.codexpolicy", policy_src)?;
+    parser
+        .parse("test.codexpolicy", policy_src)
+        .expect("parse policy");
     let policy = parser.build();
-    let match_eval = policy.check(&tokens(&["git", "status"]), &allow_all);
+    let match_eval = policy.check(&tokens(&["git", "status"]));
     assert_eq!(
-        Evaluation {
+        Evaluation::Match {
             decision: Decision::Allow,
             matched_rules: vec![RuleMatch::PrefixRuleMatch {
                 matched_prefix: tokens(&["git", "status"]),
@@ -337,25 +282,17 @@ prefix_rule(
         match_eval
     );
 
-    let no_match_eval = policy.check(
-        &tokens(&["git", "--config", "color.status=always", "status"]),
-        &allow_all,
-    );
-    assert_eq!(
-        Evaluation {
-            decision: Decision::Allow,
-            matched_rules: vec![RuleMatch::HeuristicsRuleMatch {
-                command: tokens(&["git", "--config", "color.status=always", "status",]),
-                decision: Decision::Allow,
-            }],
-        },
-        no_match_eval
-    );
-    Ok(())
+    let no_match_eval = policy.check(&tokens(&[
+        "git",
+        "--config",
+        "color.status=always",
+        "status",
+    ]));
+    assert_eq!(Evaluation::NoMatch {}, no_match_eval);
 }
 
 #[test]
-fn strictest_decision_wins_across_matches() -> Result<()> {
+fn strictest_decision_wins_across_matches() {
     let policy_src = r#"
 prefix_rule(
     pattern = ["git"],
@@ -367,12 +304,14 @@ prefix_rule(
 )
     "#;
     let mut parser = PolicyParser::new();
-    parser.parse("test.codexpolicy", policy_src)?;
+    parser
+        .parse("test.codexpolicy", policy_src)
+        .expect("parse policy");
     let policy = parser.build();
 
-    let commit = policy.check(&tokens(&["git", "commit", "-m", "hi"]), &allow_all);
+    let commit = policy.check(&tokens(&["git", "commit", "-m", "hi"]));
     assert_eq!(
-        Evaluation {
+        Evaluation::Match {
             decision: Decision::Forbidden,
             matched_rules: vec![
                 RuleMatch::PrefixRuleMatch {
@@ -387,11 +326,10 @@ prefix_rule(
         },
         commit
     );
-    Ok(())
 }
 
 #[test]
-fn strictest_decision_across_multiple_commands() -> Result<()> {
+fn strictest_decision_across_multiple_commands() {
     let policy_src = r#"
 prefix_rule(
     pattern = ["git"],
@@ -403,7 +341,9 @@ prefix_rule(
 )
     "#;
     let mut parser = PolicyParser::new();
-    parser.parse("test.codexpolicy", policy_src)?;
+    parser
+        .parse("test.codexpolicy", policy_src)
+        .expect("parse policy");
     let policy = parser.build();
 
     let commands = vec![
@@ -411,9 +351,9 @@ prefix_rule(
         tokens(&["git", "commit", "-m", "hi"]),
     ];
 
-    let evaluation = policy.check_multiple(&commands, &allow_all);
+    let evaluation = policy.check_multiple(&commands);
     assert_eq!(
-        Evaluation {
+        Evaluation::Match {
             decision: Decision::Forbidden,
             matched_rules: vec![
                 RuleMatch::PrefixRuleMatch {
@@ -432,23 +372,4 @@ prefix_rule(
         },
         evaluation
     );
-    Ok(())
-}
-
-#[test]
-fn heuristics_match_is_returned_when_no_policy_matches() {
-    let policy = Policy::empty();
-    let command = tokens(&["python"]);
-
-    let evaluation = policy.check(&command, &prompt_all);
-    assert_eq!(
-        Evaluation {
-            decision: Decision::Prompt,
-            matched_rules: vec![RuleMatch::HeuristicsRuleMatch {
-                command,
-                decision: Decision::Prompt,
-            }],
-        },
-        evaluation
-    );
 }

codex-rs/lmstudio/Cargo.toml

@@ -14,7 +14,7 @@ codex-core = { path = "../core" }
 reqwest = { version = "0.12", features = ["json", "stream"] }
 serde_json = "1"
 tokio = { version = "1", features = ["rt"] }
-tracing = { version = "0.1.43", features = ["log"] }
+tracing = { version = "0.1.41", features = ["log"] }
 which = "6.0"
 
 [dev-dependencies]

codex-rs/login/src/device_code_auth.rs

@@ -8,10 +8,11 @@ use std::time::Instant;
 
 use crate::pkce::PkceCodes;
 use crate::server::ServerOptions;
-use std::io;
+use std::io::Write;
+use std::io::{self};
 
-const ANSI_BLUE: &str = "\x1b[94m";
-const ANSI_GRAY: &str = "\x1b[90m";
+const ANSI_YELLOW: &str = "\x1b[93m";
+const ANSI_BOLD: &str = "\x1b[1m";
 const ANSI_RESET: &str = "\x1b[0m";
 
 #[derive(Deserialize)]
@@ -137,16 +138,14 @@ async fn poll_for_token(
     }
 }
 
-fn print_device_code_prompt(code: &str) {
-    println!(
-        "\nWelcome to Codex [v{ANSI_GRAY}{version}{ANSI_RESET}]\n{ANSI_GRAY}OpenAI's command-line coding agent{ANSI_RESET}\n\
-\nFollow these steps to sign in with ChatGPT using device code authorization:\n\
-\n1. Open this link in your browser\n   {ANSI_BLUE}https://auth.openai.com/codex/device{ANSI_RESET}\n\
-\n2. Enter this one-time code {ANSI_GRAY}(expires in 15 minutes){ANSI_RESET}\n   {ANSI_BLUE}{code}{ANSI_RESET}\n\
-\n{ANSI_GRAY}Device codes are a common phishing target. Never share this code.{ANSI_RESET}\n",
-        version = env!("CARGO_PKG_VERSION"),
-        code = code
+fn print_colored_warning_device_code() {
+    let mut stdout = io::stdout().lock();
+    let _ = write!(
+        stdout,
+        "{ANSI_YELLOW}{ANSI_BOLD}Only use device code authentication when browser login is not available.{ANSI_RESET}{ANSI_YELLOW}\n\
+{ANSI_BOLD}Keep the code secret; do not share it.{ANSI_RESET}{ANSI_RESET}\n\n"
     );
+    let _ = stdout.flush();
 }
 
 /// Full device code login flow.
@@ -154,9 +153,13 @@ pub async fn run_device_code_login(opts: ServerOptions) -> std::io::Result<()> {
     let client = reqwest::Client::new();
     let base_url = opts.issuer.trim_end_matches('/');
     let api_base_url = format!("{}/api/accounts", opts.issuer.trim_end_matches('/'));
+    print_colored_warning_device_code();
     let uc = request_user_code(&client, &api_base_url, &opts.client_id).await?;
 
-    print_device_code_prompt(&uc.user_code);
+    println!(
+        "To authenticate:\n  1. Open in your browser: {ANSI_BOLD}https://auth.openai.com/codex/device{ANSI_RESET}\n  2. Enter the one-time code below within 15 minutes:\n\n     {ANSI_BOLD}{}{ANSI_RESET}\n",
+        uc.user_code
+    );
 
     let code_resp = poll_for_token(
         &client,

codex-rs/mcp-server/src/codex_tool_runner.rs

@@ -180,7 +180,6 @@ async fn run_codex_tool_session_inner(
                         call_id,
                         reason: _,
                         risk,
-                        allow_prefix: _,
                         parsed_cmd,
                     }) => {
                         handle_exec_approval_request(

codex-rs/mcp-types/generate_mcp_types.py

@@ -38,13 +38,6 @@ SERVER_NOTIFICATION_TYPE_NAMES: list[str] = []
 # order to compile without warnings.
 LARGE_ENUMS = {"ServerResult"}
 
-# some types need setting a default value for `r#type`
-# ref: [#7417](https://github.com/openai/codex/pull/7417)
-default_type_values: dict[str, str] = {
-    "ToolInputSchema": "object",
-    "ToolOutputSchema": "object",
-}
-
 
 def main() -> int:
     parser = argparse.ArgumentParser(
@@ -358,14 +351,6 @@ class StructField:
             out.append(f"    pub {self.name}: {self.type_name},\n")
 
 
-def append_serde_attr(existing: str | None, fragment: str) -> str:
-    if existing is None:
-        return f"#[serde({fragment})]"
-    assert existing.startswith("#[serde(") and existing.endswith(")]"), existing
-    body = existing[len("#[serde(") : -2]
-    return f"#[serde({body}, {fragment})]"
-
-
 def define_struct(
     name: str,
     properties: dict[str, Any],
@@ -374,14 +359,6 @@ def define_struct(
 ) -> list[str]:
     out: list[str] = []
 
-    type_default_fn: str | None = None
-    if name in default_type_values:
-        snake_name = to_snake_case(name) or name
-        type_default_fn = f"{snake_name}_type_default_str"
-        out.append(f"fn {type_default_fn}() -> String {{\n")
-        out.append(f'    "{default_type_values[name]}".to_string()\n')
-        out.append("}\n\n")
-
     fields: list[StructField] = []
     for prop_name, prop in properties.items():
         if prop_name == "_meta":
@@ -403,10 +380,6 @@ def define_struct(
         if is_optional:
             prop_type = f"Option<{prop_type}>"
         rs_prop = rust_prop_name(prop_name, is_optional)
-
-        if prop_name == "type" and type_default_fn:
-            rs_prop.serde = append_serde_attr(rs_prop.serde, f'default = "{type_default_fn}"')
-
         if prop_type.startswith("&'static str"):
             fields.append(StructField("const", rs_prop.name, prop_type, rs_prop.serde, rs_prop.ts))
         else:

codex-rs/mcp-types/src/lib.rs

@@ -1474,10 +1474,6 @@ pub struct Tool {
     pub title: Option<String>,
 }
 
-fn tool_output_schema_type_default_str() -> String {
-    "object".to_string()
-}
-
 /// An optional JSON Schema object defining the structure of the tool's output returned in
 /// the structuredContent field of a CallToolResult.
 #[derive(Debug, Clone, PartialEq, Deserialize, Serialize, JsonSchema, TS)]
@@ -1488,14 +1484,9 @@ pub struct ToolOutputSchema {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     #[ts(optional)]
     pub required: Option<Vec<String>>,
-    #[serde(default = "tool_output_schema_type_default_str")]
     pub r#type: String, // &'static str = "object"
 }
 
-fn tool_input_schema_type_default_str() -> String {
-    "object".to_string()
-}
-
 /// A JSON Schema object defining the expected parameters for the tool.
 #[derive(Debug, Clone, PartialEq, Deserialize, Serialize, JsonSchema, TS)]
 pub struct ToolInputSchema {
@@ -1505,7 +1496,6 @@ pub struct ToolInputSchema {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     #[ts(optional)]
     pub required: Option<Vec<String>>,
-    #[serde(default = "tool_input_schema_type_default_str")]
     pub r#type: String, // &'static str = "object"
 }
 

codex-rs/otel/src/otel_event_manager.rs

@@ -352,7 +352,7 @@ impl OtelEventManager {
         &self,
         tool_name: &str,
         call_id: &str,
-        decision: &ReviewDecision,
+        decision: ReviewDecision,
         source: ToolDecisionSource,
     ) {
         tracing::event!(
@@ -369,7 +369,7 @@ impl OtelEventManager {
             slug = %self.metadata.slug,
             tool_name = %tool_name,
             call_id = %call_id,
-            decision = %decision.clone().to_string().to_lowercase(),
+            decision = %decision.to_string().to_lowercase(),
             source = %source.to_string(),
         );
     }

codex-rs/protocol/src/approvals.rs

@@ -51,10 +51,6 @@ pub struct ExecApprovalRequestEvent {
     /// Optional model-provided risk assessment describing the blocked command.
     #[serde(skip_serializing_if = "Option::is_none")]
     pub risk: Option<SandboxCommandAssessment>,
-    /// Prefix rule that can be added to the user's execpolicy to allow future runs.
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    #[ts(optional, type = "Array<string>")]
-    pub allow_prefix: Option<Vec<String>>,
     pub parsed_cmd: Vec<ParsedCommand>,
 }
 

codex-rs/protocol/src/models.rs

@@ -132,7 +132,6 @@ pub enum ResponseItem {
     GhostSnapshot {
         ghost_commit: GhostCommit,
     },
-    #[serde(alias = "compaction")]
     CompactionSummary {
         encrypted_content: String,
     },
@@ -538,7 +537,6 @@ mod tests {
     use anyhow::Result;
     use mcp_types::ImageContent;
     use mcp_types::TextContent;
-    use pretty_assertions::assert_eq;
     use tempfile::tempdir;
 
     #[test]
@@ -652,21 +650,6 @@ mod tests {
         Ok(())
     }
 
-    #[test]
-    fn deserializes_compaction_alias() -> Result<()> {
-        let json = r#"{"type":"compaction","encrypted_content":"abc"}"#;
-
-        let item: ResponseItem = serde_json::from_str(json)?;
-
-        assert_eq!(
-            item,
-            ResponseItem::CompactionSummary {
-                encrypted_content: "abc".into(),
-            }
-        );
-        Ok(())
-    }
-
     #[test]
     fn roundtrips_web_search_call_actions() -> Result<()> {
         let cases = vec![

codex-rs/protocol/src/protocol.rs

@@ -1256,47 +1256,13 @@ pub struct GitInfo {
     pub repository_url: Option<String>,
 }
 
-#[derive(Debug, Clone, Copy, Deserialize, Serialize, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "snake_case")]
-pub enum ReviewDelivery {
-    Inline,
-    Detached,
-}
-
-#[derive(Serialize, Deserialize, Clone, Debug, PartialEq, JsonSchema, TS)]
-#[serde(tag = "type", rename_all = "camelCase")]
-#[ts(tag = "type")]
-pub enum ReviewTarget {
-    /// Review the working tree: staged, unstaged, and untracked files.
-    UncommittedChanges,
-
-    /// Review changes between the current branch and the given base branch.
-    #[serde(rename_all = "camelCase")]
-    #[ts(rename_all = "camelCase")]
-    BaseBranch { branch: String },
-
-    /// Review the changes introduced by a specific commit.
-    #[serde(rename_all = "camelCase")]
-    #[ts(rename_all = "camelCase")]
-    Commit {
-        sha: String,
-        /// Optional human-readable label (e.g., commit subject) for UIs.
-        title: Option<String>,
-    },
-
-    /// Arbitrary instructions provided by the user.
-    #[serde(rename_all = "camelCase")]
-    #[ts(rename_all = "camelCase")]
-    Custom { instructions: String },
-}
-
 #[derive(Debug, Clone, Deserialize, Serialize, PartialEq, JsonSchema, TS)]
 /// Review request sent to the review session.
 pub struct ReviewRequest {
-    pub target: ReviewTarget,
-    #[serde(skip_serializing_if = "Option::is_none")]
-    #[ts(optional)]
-    pub user_facing_hint: Option<String>,
+    pub prompt: String,
+    pub user_facing_hint: String,
+    #[serde(default)]
+    pub append_to_original_thread: bool,
 }
 
 /// Structured review result produced by a child review session.
@@ -1646,16 +1612,14 @@ pub struct SessionConfiguredEvent {
 }
 
 /// User's decision in response to an ExecApprovalRequest.
-#[derive(Debug, Default, Clone, Deserialize, Serialize, PartialEq, Eq, Display, JsonSchema, TS)]
+#[derive(
+    Debug, Default, Clone, Copy, Deserialize, Serialize, PartialEq, Eq, Display, JsonSchema, TS,
+)]
 #[serde(rename_all = "snake_case")]
 pub enum ReviewDecision {
     /// User has approved this command and the agent should execute it.
     Approved,
 
-    /// User has approved this command and wants to add the command prefix to
-    /// the execpolicy allow list so future matching commands are permitted.
-    ApprovedAllowPrefix { allow_prefix: Vec<String> },
-
     /// User has approved this command and wants to automatically approve any
     /// future identical instances (`command` and `cwd` match exactly) for the
     /// remainder of the session.

codex-rs/tui/Cargo.toml

@@ -91,7 +91,6 @@ unicode-width = { workspace = true }
 url = { workspace = true }
 
 codex-windows-sandbox = { workspace = true }
-tokio-util = { workspace = true, features = ["time"] }
 
 [target.'cfg(unix)'.dependencies]
 libc = { workspace = true }

codex-rs/tui/src/app.rs

@@ -14,8 +14,6 @@ use crate::pager_overlay::Overlay;
 use crate::render::highlight::highlight_bash_to_lines;
 use crate::render::renderable::Renderable;
 use crate::resume_picker::ResumeSelection;
-use crate::skill_error_prompt::SkillErrorPromptOutcome;
-use crate::skill_error_prompt::run_skill_error_prompt;
 use crate::tui;
 use crate::tui::TuiEvent;
 use crate::update_action::UpdateAction;
@@ -38,7 +36,6 @@ use codex_core::protocol::Op;
 use codex_core::protocol::SessionSource;
 use codex_core::protocol::TokenUsage;
 use codex_core::protocol_config_types::ReasoningEffort as ReasoningEffortConfig;
-use codex_core::skills::load_skills;
 use codex_protocol::ConversationId;
 use color_eyre::eyre::Result;
 use color_eyre::eyre::WrapErr;
@@ -270,20 +267,6 @@ impl App {
             SessionSource::Cli,
         ));
 
-        let skills_outcome = load_skills(&config);
-        if !skills_outcome.errors.is_empty() {
-            match run_skill_error_prompt(tui, &skills_outcome.errors).await {
-                SkillErrorPromptOutcome::Exit => {
-                    return Ok(AppExitInfo {
-                        token_usage: TokenUsage::default(),
-                        conversation_id: None,
-                        update_action: None,
-                    });
-                }
-                SkillErrorPromptOutcome::Continue => {}
-            }
-        }
-
         let enhanced_keys_supported = tui.enhanced_keys_supported();
 
         let mut chat_widget = match resume_selection {

codex-rs/tui/src/bottom_pane/approval_overlay.rs

@@ -43,7 +43,6 @@ pub(crate) enum ApprovalRequest {
         command: Vec<String>,
         reason: Option<String>,
         risk: Option<SandboxCommandAssessment>,
-        allow_prefix: Option<Vec<String>>,
     },
     ApplyPatch {
         id: String,
@@ -105,8 +104,8 @@ impl ApprovalOverlay {
         header: Box<dyn Renderable>,
     ) -> (Vec<ApprovalOption>, SelectionViewParams) {
         let (options, title) = match &variant {
-            ApprovalVariant::Exec { allow_prefix, .. } => (
-                exec_options(allow_prefix.clone()),
+            ApprovalVariant::Exec { .. } => (
+                exec_options(),
                 "Would you like to run the following command?".to_string(),
             ),
             ApprovalVariant::ApplyPatch { .. } => (
@@ -161,12 +160,12 @@ impl ApprovalOverlay {
             return;
         };
         if let Some(variant) = self.current_variant.as_ref() {
-            match (variant, &option.decision) {
-                (ApprovalVariant::Exec { id, command, .. }, ApprovalDecision::Review(decision)) => {
-                    self.handle_exec_decision(id, command, decision.clone());
+            match (&variant, &option.decision) {
+                (ApprovalVariant::Exec { id, command }, ApprovalDecision::Review(decision)) => {
+                    self.handle_exec_decision(id, command, *decision);
                 }
                 (ApprovalVariant::ApplyPatch { id, .. }, ApprovalDecision::Review(decision)) => {
-                    self.handle_patch_decision(id, decision.clone());
+                    self.handle_patch_decision(id, *decision);
                 }
                 (
                     ApprovalVariant::McpElicitation {
@@ -186,7 +185,7 @@ impl ApprovalOverlay {
     }
 
     fn handle_exec_decision(&self, id: &str, command: &[String], decision: ReviewDecision) {
-        let cell = history_cell::new_approval_decision_cell(command.to_vec(), decision.clone());
+        let cell = history_cell::new_approval_decision_cell(command.to_vec(), decision);
         self.app_event_tx.send(AppEvent::InsertHistoryCell(cell));
         self.app_event_tx.send(AppEvent::CodexOp(Op::ExecApproval {
             id: id.to_string(),
@@ -274,7 +273,7 @@ impl BottomPaneView for ApprovalOverlay {
             && let Some(variant) = self.current_variant.as_ref()
         {
             match &variant {
-                ApprovalVariant::Exec { id, command, .. } => {
+                ApprovalVariant::Exec { id, command } => {
                     self.handle_exec_decision(id, command, ReviewDecision::Abort);
                 }
                 ApprovalVariant::ApplyPatch { id, .. } => {
@@ -337,7 +336,6 @@ impl From<ApprovalRequest> for ApprovalRequestState {
                 command,
                 reason,
                 risk,
-                allow_prefix,
             } => {
                 let reason = reason.filter(|item| !item.is_empty());
                 let has_reason = reason.is_some();
@@ -357,11 +355,7 @@ impl From<ApprovalRequest> for ApprovalRequestState {
                 }
                 header.extend(full_cmd_lines);
                 Self {
-                    variant: ApprovalVariant::Exec {
-                        id,
-                        command,
-                        allow_prefix,
-                    },
+                    variant: ApprovalVariant::Exec { id, command },
                     header: Box::new(Paragraph::new(header).wrap(Wrap { trim: false })),
                 }
             }
@@ -437,7 +431,6 @@ enum ApprovalVariant {
     Exec {
         id: String,
         command: Vec<String>,
-        allow_prefix: Option<Vec<String>>,
     },
     ApplyPatch {
         id: String,
@@ -470,32 +463,27 @@ impl ApprovalOption {
     }
 }
 
-fn exec_options(allow_prefix: Option<Vec<String>>) -> Vec<ApprovalOption> {
-    vec![ApprovalOption {
-        label: "Yes, proceed".to_string(),
-        decision: ApprovalDecision::Review(ReviewDecision::Approved),
-        display_shortcut: None,
-        additional_shortcuts: vec![key_hint::plain(KeyCode::Char('y'))],
-    }]
-    .into_iter()
-    .chain(allow_prefix.map(|prefix| {
-        let rendered_prefix = strip_bash_lc_and_escape(&prefix);
+fn exec_options() -> Vec<ApprovalOption> {
+    vec![
         ApprovalOption {
-            label: format!("Yes, and don't ask again for `{rendered_prefix}` commands"),
-            decision: ApprovalDecision::Review(ReviewDecision::ApprovedAllowPrefix {
-                allow_prefix: prefix,
-            }),
+            label: "Yes, proceed".to_string(),
+            decision: ApprovalDecision::Review(ReviewDecision::Approved),
             display_shortcut: None,
-            additional_shortcuts: vec![key_hint::plain(KeyCode::Char('p'))],
-        }
-    }))
-    .chain([ApprovalOption {
-        label: "No, and tell Codex what to do differently".to_string(),
-        decision: ApprovalDecision::Review(ReviewDecision::Abort),
-        display_shortcut: Some(key_hint::plain(KeyCode::Esc)),
-        additional_shortcuts: vec![key_hint::plain(KeyCode::Char('n'))],
-    }])
-    .collect()
+            additional_shortcuts: vec![key_hint::plain(KeyCode::Char('y'))],
+        },
+        ApprovalOption {
+            label: "Yes, and don't ask again for this command".to_string(),
+            decision: ApprovalDecision::Review(ReviewDecision::ApprovedForSession),
+            display_shortcut: None,
+            additional_shortcuts: vec![key_hint::plain(KeyCode::Char('a'))],
+        },
+        ApprovalOption {
+            label: "No, and tell Codex what to do differently".to_string(),
+            decision: ApprovalDecision::Review(ReviewDecision::Abort),
+            display_shortcut: Some(key_hint::plain(KeyCode::Esc)),
+            additional_shortcuts: vec![key_hint::plain(KeyCode::Char('n'))],
+        },
+    ]
 }
 
 fn patch_options() -> Vec<ApprovalOption> {
@@ -551,7 +539,6 @@ mod tests {
             command: vec!["echo".to_string(), "hi".to_string()],
             reason: Some("reason".to_string()),
             risk: None,
-            allow_prefix: None,
         }
     }
 
@@ -584,40 +571,6 @@ mod tests {
         assert!(saw_op, "expected approval decision to emit an op");
     }
 
-    #[test]
-    fn exec_prefix_option_emits_allow_prefix() {
-        let (tx, mut rx) = unbounded_channel::<AppEvent>();
-        let tx = AppEventSender::new(tx);
-        let mut view = ApprovalOverlay::new(
-            ApprovalRequest::Exec {
-                id: "test".to_string(),
-                command: vec!["echo".to_string()],
-                reason: None,
-                risk: None,
-                allow_prefix: Some(vec!["echo".to_string()]),
-            },
-            tx,
-        );
-        view.handle_key_event(KeyEvent::new(KeyCode::Char('p'), KeyModifiers::NONE));
-        let mut saw_op = false;
-        while let Ok(ev) = rx.try_recv() {
-            if let AppEvent::CodexOp(Op::ExecApproval { decision, .. }) = ev {
-                assert_eq!(
-                    decision,
-                    ReviewDecision::ApprovedAllowPrefix {
-                        allow_prefix: vec!["echo".to_string()]
-                    }
-                );
-                saw_op = true;
-                break;
-            }
-        }
-        assert!(
-            saw_op,
-            "expected approval decision to emit an op with allow prefix"
-        );
-    }
-
     #[test]
     fn header_includes_command_snippet() {
         let (tx, _rx) = unbounded_channel::<AppEvent>();
@@ -628,7 +581,6 @@ mod tests {
             command,
             reason: None,
             risk: None,
-            allow_prefix: None,
         };
 
         let view = ApprovalOverlay::new(exec_request, tx);
@@ -682,6 +634,7 @@ mod tests {
         let (tx_raw, mut rx) = unbounded_channel::<AppEvent>();
         let tx = AppEventSender::new(tx_raw);
         let mut view = ApprovalOverlay::new(make_exec_request(), tx);
+        view.handle_key_event(KeyEvent::new(KeyCode::Down, KeyModifiers::NONE));
         view.handle_key_event(KeyEvent::new(KeyCode::Enter, KeyModifiers::NONE));
 
         assert!(
@@ -696,6 +649,6 @@ mod tests {
                 break;
             }
         }
-        assert_eq!(decision, Some(ReviewDecision::Approved));
+        assert_eq!(decision, Some(ReviewDecision::ApprovedForSession));
     }
 }

codex-rs/tui/src/bottom_pane/chat_composer.rs

@@ -101,7 +101,6 @@ pub(crate) struct ChatComposer {
     dismissed_file_popup_token: Option<String>,
     current_file_query: Option<String>,
     pending_pastes: Vec<(String, String)>,
-    large_paste_counters: HashMap<usize, usize>,
     has_focus: bool,
     attached_images: Vec<AttachedImage>,
     placeholder_text: String,
@@ -114,7 +113,6 @@ pub(crate) struct ChatComposer {
     footer_mode: FooterMode,
     footer_hint_override: Option<Vec<(String, String)>>,
     context_window_percent: Option<i64>,
-    context_window_used_tokens: Option<i64>,
 }
 
 /// Popup state – at most one can be visible at any time.
@@ -148,7 +146,6 @@ impl ChatComposer {
             dismissed_file_popup_token: None,
             current_file_query: None,
             pending_pastes: Vec::new(),
-            large_paste_counters: HashMap::new(),
             has_focus: has_input_focus,
             attached_images: Vec::new(),
             placeholder_text,
@@ -159,7 +156,6 @@ impl ChatComposer {
             footer_mode: FooterMode::ShortcutSummary,
             footer_hint_override: None,
             context_window_percent: None,
-            context_window_used_tokens: None,
         };
         // Apply configuration via the setter to keep side-effects centralized.
         this.set_disable_paste_burst(disable_paste_burst);
@@ -224,7 +220,7 @@ impl ChatComposer {
     pub fn handle_paste(&mut self, pasted: String) -> bool {
         let char_count = pasted.chars().count();
         if char_count > LARGE_PASTE_CHAR_THRESHOLD {
-            let placeholder = self.next_large_paste_placeholder(char_count);
+            let placeholder = format!("[Pasted Content {char_count} chars]");
             self.textarea.insert_element(&placeholder);
             self.pending_pastes.push((placeholder, pasted));
         } else if char_count > 1 && self.handle_paste_image_path(pasted.clone()) {
@@ -364,17 +360,6 @@ impl ChatComposer {
         self.set_has_focus(has_focus);
     }
 
-    fn next_large_paste_placeholder(&mut self, char_count: usize) -> String {
-        let base = format!("[Pasted Content {char_count} chars]");
-        let next_suffix = self.large_paste_counters.entry(char_count).or_insert(0);
-        *next_suffix += 1;
-        if *next_suffix == 1 {
-            base
-        } else {
-            format!("{base} #{next_suffix}")
-        }
-    }
-
     pub(crate) fn insert_str(&mut self, text: &str) {
         self.textarea.insert_str(text);
         self.sync_command_popup();
@@ -1402,7 +1387,6 @@ impl ChatComposer {
             use_shift_enter_hint: self.use_shift_enter_hint,
             is_task_running: self.is_task_running,
             context_window_percent: self.context_window_percent,
-            context_window_used_tokens: self.context_window_used_tokens,
         }
     }
 
@@ -1533,13 +1517,10 @@ impl ChatComposer {
         self.is_task_running = running;
     }
 
-    pub(crate) fn set_context_window(&mut self, percent: Option<i64>, used_tokens: Option<i64>) {
-        if self.context_window_percent == percent && self.context_window_used_tokens == used_tokens
-        {
-            return;
+    pub(crate) fn set_context_window_percent(&mut self, percent: Option<i64>) {
+        if self.context_window_percent != percent {
+            self.context_window_percent = percent;
         }
-        self.context_window_percent = percent;
-        self.context_window_used_tokens = used_tokens;
     }
 
     pub(crate) fn set_esc_backtrack_hint(&mut self, show: bool) {
@@ -2684,83 +2665,6 @@ mod tests {
         );
     }
 
-    #[test]
-    fn deleting_duplicate_length_pastes_removes_only_target() {
-        use crossterm::event::KeyCode;
-        use crossterm::event::KeyEvent;
-        use crossterm::event::KeyModifiers;
-
-        let (tx, _rx) = unbounded_channel::<AppEvent>();
-        let sender = AppEventSender::new(tx);
-        let mut composer = ChatComposer::new(
-            true,
-            sender,
-            false,
-            "Ask Codex to do anything".to_string(),
-            false,
-        );
-
-        let paste = "x".repeat(LARGE_PASTE_CHAR_THRESHOLD + 4);
-        let placeholder_base = format!("[Pasted Content {} chars]", paste.chars().count());
-        let placeholder_second = format!("{placeholder_base} #2");
-
-        composer.handle_paste(paste.clone());
-        composer.handle_paste(paste.clone());
-        assert_eq!(
-            composer.textarea.text(),
-            format!("{placeholder_base}{placeholder_second}")
-        );
-        assert_eq!(composer.pending_pastes.len(), 2);
-
-        composer.textarea.set_cursor(composer.textarea.text().len());
-        composer.handle_key_event(KeyEvent::new(KeyCode::Backspace, KeyModifiers::NONE));
-
-        assert_eq!(composer.textarea.text(), placeholder_base);
-        assert_eq!(composer.pending_pastes.len(), 1);
-        assert_eq!(composer.pending_pastes[0].0, placeholder_base);
-        assert_eq!(composer.pending_pastes[0].1, paste);
-    }
-
-    #[test]
-    fn large_paste_numbering_does_not_reuse_after_deletion() {
-        use crossterm::event::KeyCode;
-        use crossterm::event::KeyEvent;
-        use crossterm::event::KeyModifiers;
-
-        let (tx, _rx) = unbounded_channel::<AppEvent>();
-        let sender = AppEventSender::new(tx);
-        let mut composer = ChatComposer::new(
-            true,
-            sender,
-            false,
-            "Ask Codex to do anything".to_string(),
-            false,
-        );
-
-        let paste = "x".repeat(LARGE_PASTE_CHAR_THRESHOLD + 4);
-        let base = format!("[Pasted Content {} chars]", paste.chars().count());
-        let second = format!("{base} #2");
-        let third = format!("{base} #3");
-
-        composer.handle_paste(paste.clone());
-        composer.handle_paste(paste.clone());
-        assert_eq!(composer.textarea.text(), format!("{base}{second}"));
-
-        composer.textarea.set_cursor(base.len());
-        composer.handle_key_event(KeyEvent::new(KeyCode::Backspace, KeyModifiers::NONE));
-        assert_eq!(composer.textarea.text(), second);
-        assert_eq!(composer.pending_pastes.len(), 1);
-        assert_eq!(composer.pending_pastes[0].0, second);
-
-        composer.textarea.set_cursor(composer.textarea.text().len());
-        composer.handle_paste(paste);
-
-        assert_eq!(composer.textarea.text(), format!("{second}{third}"));
-        assert_eq!(composer.pending_pastes.len(), 2);
-        assert_eq!(composer.pending_pastes[0].0, second);
-        assert_eq!(composer.pending_pastes[1].0, third);
-    }
-
     #[test]
     fn test_partial_placeholder_deletion() {
         use crossterm::event::KeyCode;

codex-rs/tui/src/bottom_pane/footer.rs

@@ -1,7 +1,6 @@
 use crate::key_hint;
 use crate::key_hint::KeyBinding;
 use crate::render::line_utils::prefix_lines;
-use crate::status::format_tokens_compact;
 use crate::ui_consts::FOOTER_INDENT_COLS;
 use crossterm::event::KeyCode;
 use ratatui::buffer::Buffer;
@@ -19,7 +18,6 @@ pub(crate) struct FooterProps {
     pub(crate) use_shift_enter_hint: bool,
     pub(crate) is_task_running: bool,
     pub(crate) context_window_percent: Option<i64>,
-    pub(crate) context_window_used_tokens: Option<i64>,
 }
 
 #[derive(Clone, Copy, Debug, Eq, PartialEq)]
@@ -83,10 +81,7 @@ fn footer_lines(props: FooterProps) -> Vec<Line<'static>> {
             is_task_running: props.is_task_running,
         })],
         FooterMode::ShortcutSummary => {
-            let mut line = context_window_line(
-                props.context_window_percent,
-                props.context_window_used_tokens,
-            );
+            let mut line = context_window_line(props.context_window_percent);
             line.push_span(" · ".dim());
             line.extend(vec![
                 key_hint::plain(KeyCode::Char('?')).into(),
@@ -99,10 +94,7 @@ fn footer_lines(props: FooterProps) -> Vec<Line<'static>> {
             esc_backtrack_hint: props.esc_backtrack_hint,
         }),
         FooterMode::EscHint => vec![esc_hint_line(props.esc_backtrack_hint)],
-        FooterMode::ContextOnly => vec![context_window_line(
-            props.context_window_percent,
-            props.context_window_used_tokens,
-        )],
+        FooterMode::ContextOnly => vec![context_window_line(props.context_window_percent)],
     }
 }
 
@@ -229,18 +221,9 @@ fn build_columns(entries: Vec<Line<'static>>) -> Vec<Line<'static>> {
         .collect()
 }
 
-fn context_window_line(percent: Option<i64>, used_tokens: Option<i64>) -> Line<'static> {
-    if let Some(percent) = percent {
-        let percent = percent.clamp(0, 100);
-        return Line::from(vec![Span::from(format!("{percent}% context left")).dim()]);
-    }
-
-    if let Some(tokens) = used_tokens {
-        let used_fmt = format_tokens_compact(tokens);
-        return Line::from(vec![Span::from(format!("{used_fmt} used")).dim()]);
-    }
-
-    Line::from(vec![Span::from("100% context left").dim()])
+fn context_window_line(percent: Option<i64>) -> Line<'static> {
+    let percent = percent.unwrap_or(100).clamp(0, 100);
+    Line::from(vec![Span::from(format!("{percent}% context left")).dim()])
 }
 
 #[derive(Clone, Copy, Debug, Eq, PartialEq)]
@@ -417,7 +400,6 @@ mod tests {
                 use_shift_enter_hint: false,
                 is_task_running: false,
                 context_window_percent: None,
-                context_window_used_tokens: None,
             },
         );
 
@@ -429,7 +411,6 @@ mod tests {
                 use_shift_enter_hint: true,
                 is_task_running: false,
                 context_window_percent: None,
-                context_window_used_tokens: None,
             },
         );
 
@@ -441,7 +422,6 @@ mod tests {
                 use_shift_enter_hint: false,
                 is_task_running: false,
                 context_window_percent: None,
-                context_window_used_tokens: None,
             },
         );
 
@@ -453,7 +433,6 @@ mod tests {
                 use_shift_enter_hint: false,
                 is_task_running: true,
                 context_window_percent: None,
-                context_window_used_tokens: None,
             },
         );
 
@@ -465,7 +444,6 @@ mod tests {
                 use_shift_enter_hint: false,
                 is_task_running: false,
                 context_window_percent: None,
-                context_window_used_tokens: None,
             },
         );
 
@@ -477,7 +455,6 @@ mod tests {
                 use_shift_enter_hint: false,
                 is_task_running: false,
                 context_window_percent: None,
-                context_window_used_tokens: None,
             },
         );
 
@@ -489,19 +466,6 @@ mod tests {
                 use_shift_enter_hint: false,
                 is_task_running: true,
                 context_window_percent: Some(72),
-                context_window_used_tokens: None,
-            },
-        );
-
-        snapshot_footer(
-            "footer_context_tokens_used",
-            FooterProps {
-                mode: FooterMode::ShortcutSummary,
-                esc_backtrack_hint: false,
-                use_shift_enter_hint: false,
-                is_task_running: false,
-                context_window_percent: None,
-                context_window_used_tokens: Some(123_456),
             },
         );
     }

codex-rs/tui/src/bottom_pane/mod.rs

@@ -76,7 +76,6 @@ pub(crate) struct BottomPane {
     /// Queued user messages to show above the composer while a turn is running.
     queued_user_messages: QueuedUserMessages,
     context_window_percent: Option<i64>,
-    context_window_used_tokens: Option<i64>,
 }
 
 pub(crate) struct BottomPaneParams {
@@ -119,7 +118,6 @@ impl BottomPane {
             esc_backtrack_hint: false,
             animations_enabled,
             context_window_percent: None,
-            context_window_used_tokens: None,
         }
     }
 
@@ -132,11 +130,6 @@ impl BottomPane {
         self.context_window_percent
     }
 
-    #[cfg(test)]
-    pub(crate) fn context_window_used_tokens(&self) -> Option<i64> {
-        self.context_window_used_tokens
-    }
-
     fn active_view(&self) -> Option<&dyn BottomPaneView> {
         self.view_stack.last().map(std::convert::AsRef::as_ref)
     }
@@ -351,16 +344,13 @@ impl BottomPane {
         }
     }
 
-    pub(crate) fn set_context_window(&mut self, percent: Option<i64>, used_tokens: Option<i64>) {
-        if self.context_window_percent == percent && self.context_window_used_tokens == used_tokens
-        {
+    pub(crate) fn set_context_window_percent(&mut self, percent: Option<i64>) {
+        if self.context_window_percent == percent {
             return;
         }
 
         self.context_window_percent = percent;
-        self.context_window_used_tokens = used_tokens;
-        self.composer
-            .set_context_window(percent, self.context_window_used_tokens);
+        self.composer.set_context_window_percent(percent);
         self.request_redraw();
     }
 
@@ -563,7 +553,6 @@ mod tests {
             command: vec!["echo".into(), "ok".into()],
             reason: None,
             risk: None,
-            allow_prefix: None,
         }
     }
 

codex-rs/tui/src/bottom_pane/snapshots/codex_tui__bottom_pane__footer__tests__footer_context_tokens_used.snap

@@ -1,5 +0,0 @@
----
-source: tui/src/bottom_pane/footer.rs
-expression: terminal.backend()
----
-"  123K used · ? for shortcuts                                                   "

codex-rs/tui/src/chatwidget.rs

@@ -20,7 +20,6 @@ use codex_core::protocol::AgentReasoningRawContentDeltaEvent;
 use codex_core::protocol::AgentReasoningRawContentEvent;
 use codex_core::protocol::ApplyPatchApprovalRequestEvent;
 use codex_core::protocol::BackgroundEventEvent;
-use codex_core::protocol::CreditsSnapshot;
 use codex_core::protocol::DeprecationNoticeEvent;
 use codex_core::protocol::ErrorEvent;
 use codex_core::protocol::Event;
@@ -41,7 +40,6 @@ use codex_core::protocol::Op;
 use codex_core::protocol::PatchApplyBeginEvent;
 use codex_core::protocol::RateLimitSnapshot;
 use codex_core::protocol::ReviewRequest;
-use codex_core::protocol::ReviewTarget;
 use codex_core::protocol::StreamErrorEvent;
 use codex_core::protocol::TaskCompleteEvent;
 use codex_core::protocol::TokenUsage;
@@ -516,7 +514,7 @@ impl ChatWidget {
         match info {
             Some(info) => self.apply_token_info(info),
             None => {
-                self.bottom_pane.set_context_window(None, None);
+                self.bottom_pane.set_context_window_percent(None);
                 self.token_info = None;
             }
         }
@@ -524,8 +522,7 @@ impl ChatWidget {
 
     fn apply_token_info(&mut self, info: TokenUsageInfo) {
         let percent = self.context_remaining_percent(&info);
-        let used_tokens = self.context_used_tokens(&info, percent.is_some());
-        self.bottom_pane.set_context_window(percent, used_tokens);
+        self.bottom_pane.set_context_window_percent(percent);
         self.token_info = Some(info);
     }
 
@@ -538,20 +535,12 @@ impl ChatWidget {
             })
     }
 
-    fn context_used_tokens(&self, info: &TokenUsageInfo, percent_known: bool) -> Option<i64> {
-        if percent_known {
-            return None;
-        }
-
-        Some(info.total_token_usage.tokens_in_context_window())
-    }
-
     fn restore_pre_review_token_info(&mut self) {
         if let Some(saved) = self.pre_review_token_info.take() {
             match saved {
                 Some(info) => self.apply_token_info(info),
                 None => {
-                    self.bottom_pane.set_context_window(None, None);
+                    self.bottom_pane.set_context_window_percent(None);
                     self.token_info = None;
                 }
             }
@@ -559,19 +548,7 @@ impl ChatWidget {
     }
 
     pub(crate) fn on_rate_limit_snapshot(&mut self, snapshot: Option<RateLimitSnapshot>) {
-        if let Some(mut snapshot) = snapshot {
-            if snapshot.credits.is_none() {
-                snapshot.credits = self
-                    .rate_limit_snapshot
-                    .as_ref()
-                    .and_then(|display| display.credits.as_ref())
-                    .map(|credits| CreditsSnapshot {
-                        has_credits: credits.has_credits,
-                        unlimited: credits.unlimited,
-                        balance: credits.balance.clone(),
-                    });
-            }
-
+        if let Some(snapshot) = snapshot {
             let warnings = self.rate_limit_warnings.take_warnings(
                 snapshot
                     .secondary
@@ -1069,7 +1046,6 @@ impl ChatWidget {
             command: ev.command,
             reason: ev.reason,
             risk: ev.risk,
-            allow_prefix: ev.allow_prefix,
         };
         self.bottom_pane.push_approval_request(request);
         self.request_redraw();
@@ -1836,10 +1812,7 @@ impl ChatWidget {
             self.pre_review_token_info = Some(self.token_info.clone());
         }
         self.is_review_mode = true;
-        let hint = review
-            .user_facing_hint
-            .unwrap_or_else(|| codex_core::review_prompts::user_facing_hint(&review.target));
-        let banner = format!(">> Code review started: {hint} <<");
+        let banner = format!(">> Code review started: {} <<", review.user_facing_hint);
         self.add_to_history(history_cell::new_review_status_line(banner));
         self.request_redraw();
     }
@@ -2916,14 +2889,17 @@ impl ChatWidget {
 
         items.push(SelectionItem {
             name: "Review uncommitted changes".to_string(),
-            actions: vec![Box::new(move |tx: &AppEventSender| {
-                tx.send(AppEvent::CodexOp(Op::Review {
-                    review_request: ReviewRequest {
-                        target: ReviewTarget::UncommittedChanges,
-                        user_facing_hint: None,
-                    },
-                }));
-            })],
+            actions: vec![Box::new(
+                move |tx: &AppEventSender| {
+                    tx.send(AppEvent::CodexOp(Op::Review {
+                        review_request: ReviewRequest {
+                            prompt: "Review the current code changes (staged, unstaged, and untracked files) and provide prioritized findings.".to_string(),
+                            user_facing_hint: "current changes".to_string(),
+                            append_to_original_thread: true,
+                        },
+                    }));
+                },
+            )],
             dismiss_on_select: true,
             ..Default::default()
         });
@@ -2972,10 +2948,11 @@ impl ChatWidget {
                 actions: vec![Box::new(move |tx3: &AppEventSender| {
                     tx3.send(AppEvent::CodexOp(Op::Review {
                         review_request: ReviewRequest {
-                            target: ReviewTarget::BaseBranch {
-                                branch: branch.clone(),
-                            },
-                            user_facing_hint: None,
+                            prompt: format!(
+                                "Review the code changes against the base branch '{branch}'. Start by finding the merge diff between the current branch and {branch}'s upstream e.g. (`git merge-base HEAD \"$(git rev-parse --abbrev-ref \"{branch}@{{upstream}}\")\"`), then run `git diff` against that SHA to see what changes we would merge into the {branch} branch. Provide prioritized, actionable findings."
+                            ),
+                            user_facing_hint: format!("changes against '{branch}'"),
+                            append_to_original_thread: true,
                         },
                     }));
                 })],
@@ -3002,18 +2979,21 @@ impl ChatWidget {
         for entry in commits {
             let subject = entry.subject.clone();
             let sha = entry.sha.clone();
+            let short = sha.chars().take(7).collect::<String>();
             let search_val = format!("{subject} {sha}");
 
             items.push(SelectionItem {
                 name: subject.clone(),
                 actions: vec![Box::new(move |tx3: &AppEventSender| {
+                    let hint = format!("commit {short}");
+                    let prompt = format!(
+                        "Review the code changes introduced by commit {sha} (\"{subject}\"). Provide prioritized, actionable findings."
+                    );
                     tx3.send(AppEvent::CodexOp(Op::Review {
                         review_request: ReviewRequest {
-                            target: ReviewTarget::Commit {
-                                sha: sha.clone(),
-                                title: Some(subject.clone()),
-                            },
-                            user_facing_hint: None,
+                            prompt,
+                            user_facing_hint: hint,
+                            append_to_original_thread: true,
                         },
                     }));
                 })],
@@ -3046,10 +3026,9 @@ impl ChatWidget {
                 }
                 tx.send(AppEvent::CodexOp(Op::Review {
                     review_request: ReviewRequest {
-                        target: ReviewTarget::Custom {
-                            instructions: trimmed,
-                        },
-                        user_facing_hint: None,
+                        prompt: trimmed.clone(),
+                        user_facing_hint: trimmed,
+                        append_to_original_thread: true,
                     },
                 }));
             }),
@@ -3251,18 +3230,21 @@ pub(crate) fn show_review_commit_picker_with_entries(
     for entry in entries {
         let subject = entry.subject.clone();
         let sha = entry.sha.clone();
+        let short = sha.chars().take(7).collect::<String>();
         let search_val = format!("{subject} {sha}");
 
         items.push(SelectionItem {
             name: subject.clone(),
             actions: vec![Box::new(move |tx3: &AppEventSender| {
+                let hint = format!("commit {short}");
+                let prompt = format!(
+                    "Review the code changes introduced by commit {sha} (\"{subject}\"). Provide prioritized, actionable findings."
+                );
                 tx3.send(AppEvent::CodexOp(Op::Review {
                     review_request: ReviewRequest {
-                        target: ReviewTarget::Commit {
-                            sha: sha.clone(),
-                            title: Some(subject.clone()),
-                        },
-                        user_facing_hint: None,
+                        prompt,
+                        user_facing_hint: hint,
+                        append_to_original_thread: true,
                     },
                 }));
             })],