Release 0.34.0

2026-02-03 23:43:39 +00:00 · 2025-09-10 14:15:41 -07:00
60 changed files with 902 additions and 2219 deletions
--- a/.github/workflows/rust-ci.yml
+++ b/.github/workflows/rust-ci.yml
@@ -62,8 +62,6 @@ jobs:
          components: rustfmt
      - name: cargo fmt
        run: cargo fmt -- --config imports_granularity=Item --check
-      - name: Verify codegen for mcp-types
-        run: ./mcp-types/check_lib_rs.py

  cargo_shear:
    name: cargo shear
--- a/.github/workflows/rust-release.yml
+++ b/.github/workflows/rust-release.yml
@@ -219,22 +219,3 @@ jobs:
        with:
          tag: ${{ github.ref_name }}
          config: .github/dotslash-config.json
-
-  update-branch:
-    name: Update latest-alpha-cli branch
-    permissions:
-      contents: write
-    needs: release
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Update latest-alpha-cli branch
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          set -euo pipefail
-          gh api \
-            repos/${GITHUB_REPOSITORY}/git/refs/heads/latest-alpha-cli \
-            -X PATCH \
-            -f sha="${GITHUB_SHA}" \
-            -f force=true
--- a/codex-rs/Cargo.lock
+++ b/codex-rs/Cargo.lock
@@ -561,6 +561,7 @@ dependencies = [
 "clap",
 "codex-common",
 "codex-core",
+ "codex-protocol",
 "serde",
 "serde_json",
 "tempfile",
@@ -768,7 +769,6 @@ version = "0.0.0"
 dependencies = [
 "anyhow",
 "assert_cmd",
- "base64",
 "codex-arg0",
 "codex-common",
 "codex-core",
--- a/codex-rs/Cargo.toml
+++ b/codex-rs/Cargo.toml
@@ -22,7 +22,7 @@ members = [
 resolver = "2"

 [workspace.package]
-version = "0.0.0"
+version = "0.34.0"
 # Track the edition for all workspace crates in one place. Individual
 # crates can still override this value, but keeping it here means new
 # crates created with `cargo new -w ...` automatically inherit the 2024
--- a/codex-rs/apply-patch/src/lib.rs
+++ b/codex-rs/apply-patch/src/lib.rs
@@ -733,8 +733,6 @@ fn compute_replacements(
        }
    }

-    replacements.sort_by(|(lhs_idx, _, _), (rhs_idx, _, _)| lhs_idx.cmp(rhs_idx));
-
    Ok(replacements)
 }

@@ -1218,33 +1216,6 @@ PATCH"#,
        assert_eq!(contents, "a\nB\nc\nd\nE\nf\ng\n");
    }

-    #[test]
-    fn test_pure_addition_chunk_followed_by_removal() {
-        let dir = tempdir().unwrap();
-        let path = dir.path().join("panic.txt");
-        fs::write(&path, "line1\nline2\nline3\n").unwrap();
-        let patch = wrap_patch(&format!(
-            r#"*** Update File: {}
-@@
-+after-context
-+second-line
-@@
- line1
-line2
-line3
-+line2-replacement"#,
-            path.display()
-        ));
-        let mut stdout = Vec::new();
-        let mut stderr = Vec::new();
-        apply_patch(&patch, &mut stdout, &mut stderr).unwrap();
-        let contents = fs::read_to_string(path).unwrap();
-        assert_eq!(
-            contents,
-            "line1\nline2-replacement\nafter-context\nsecond-line\n"
-        );
-    }
-
    /// Ensure that patches authored with ASCII characters can update lines that
    /// contain typographic Unicode punctuation (e.g. EN DASH, NON-BREAKING
    /// HYPHEN). Historically `git apply` succeeds in such scenarios but our
--- a/codex-rs/chatgpt/Cargo.toml
+++ b/codex-rs/chatgpt/Cargo.toml
@@ -11,6 +11,7 @@ anyhow = "1"
 clap = { version = "4", features = ["derive"] }
 codex-common = { path = "../common", features = ["cli"] }
 codex-core = { path = "../core" }
+codex-protocol = { path = "../protocol" }
 serde = { version = "1", features = ["derive"] }
 serde_json = "1"
 tokio = { version = "1", features = ["full"] }
--- a/codex-rs/chatgpt/src/chatgpt_token.rs
+++ b/codex-rs/chatgpt/src/chatgpt_token.rs
@@ -1,4 +1,5 @@
 use codex_core::CodexAuth;
+use codex_protocol::mcp_protocol::AuthMode;
 use std::path::Path;
 use std::sync::LazyLock;
 use std::sync::RwLock;
@@ -19,7 +20,7 @@ pub fn set_chatgpt_token_data(value: TokenData) {

 /// Initialize the ChatGPT token from auth.json file
 pub async fn init_chatgpt_token_from_auth(codex_home: &Path) -> std::io::Result<()> {
-    let auth = CodexAuth::from_codex_home(codex_home)?;
+    let auth = CodexAuth::from_codex_home(codex_home, AuthMode::ChatGPT)?;
    if let Some(auth) = auth {
        let token_data = auth.get_token_data().await?;
        set_chatgpt_token_data(token_data);
--- a/codex-rs/cli/src/login.rs
+++ b/codex-rs/cli/src/login.rs
@@ -1,6 +1,7 @@
 use codex_common::CliConfigOverrides;
 use codex_core::CodexAuth;
 use codex_core::auth::CLIENT_ID;
+use codex_core::auth::OPENAI_API_KEY_ENV_VAR;
 use codex_core::auth::login_with_api_key;
 use codex_core::auth::logout;
 use codex_core::config::Config;
@@ -8,6 +9,7 @@ use codex_core::config::ConfigOverrides;
 use codex_login::ServerOptions;
 use codex_login::run_login_server;
 use codex_protocol::mcp_protocol::AuthMode;
+use std::env;
 use std::path::PathBuf;

 pub async fn login_with_chatgpt(codex_home: PathBuf) -> std::io::Result<()> {
@@ -58,11 +60,19 @@ pub async fn run_login_with_api_key(
 pub async fn run_login_status(cli_config_overrides: CliConfigOverrides) -> ! {
    let config = load_config_or_exit(cli_config_overrides);

-    match CodexAuth::from_codex_home(&config.codex_home) {
+    match CodexAuth::from_codex_home(&config.codex_home, config.preferred_auth_method) {
        Ok(Some(auth)) => match auth.mode {
            AuthMode::ApiKey => match auth.get_token().await {
                Ok(api_key) => {
                    eprintln!("Logged in using an API key - {}", safe_format_key(&api_key));
+
+                    if let Ok(env_api_key) = env::var(OPENAI_API_KEY_ENV_VAR)
+                        && env_api_key == api_key
+                    {
+                        eprintln!(
+                            "   API loaded from OPENAI_API_KEY environment variable or .env file"
+                        );
+                    }
                    std::process::exit(0);
                }
                Err(e) => {
--- a/codex-rs/cli/src/proto.rs
+++ b/codex-rs/cli/src/proto.rs
@@ -37,8 +37,10 @@ pub async fn run_main(opts: ProtoCli) -> anyhow::Result<()> {

    let config = Config::load_with_cli_overrides(overrides_vec, ConfigOverrides::default())?;
    // Use conversation_manager API to start a conversation
-    let conversation_manager =
-        ConversationManager::new(AuthManager::shared(config.codex_home.clone()));
+    let conversation_manager = ConversationManager::new(AuthManager::shared(
+        config.codex_home.clone(),
+        config.preferred_auth_method,
+    ));
    let NewConversation {
        conversation_id: _,
        conversation,
--- a/codex-rs/core/Cargo.toml
+++ b/codex-rs/core/Cargo.toml
@@ -54,7 +54,6 @@ tracing = { version = "0.1.41", features = ["log"] }
 tree-sitter = "0.25.9"
 tree-sitter-bash = "0.25.0"
 uuid = { version = "1", features = ["serde", "v4"] }
-which = "6"
 wildmatch = "2.4.0"


@@ -70,6 +69,9 @@ openssl-sys = { version = "*", features = ["vendored"] }
 [target.aarch64-unknown-linux-musl.dependencies]
 openssl-sys = { version = "*", features = ["vendored"] }

+[target.'cfg(target_os = "windows")'.dependencies]
+which = "6"
+
 [dev-dependencies]
 assert_cmd = "2"
 core_test_support = { path = "tests/common" }
--- a/codex-rs/core/src/auth.rs
+++ b/codex-rs/core/src/auth.rs
@@ -70,9 +70,13 @@ impl CodexAuth {
        Ok(access)
    }

-    /// Loads the available auth information from the auth.json.
-    pub fn from_codex_home(codex_home: &Path) -> std::io::Result<Option<CodexAuth>> {
-        load_auth(codex_home)
+    /// Loads the available auth information from the auth.json or
+    /// OPENAI_API_KEY environment variable.
+    pub fn from_codex_home(
+        codex_home: &Path,
+        preferred_auth_method: AuthMode,
+    ) -> std::io::Result<Option<CodexAuth>> {
+        load_auth(codex_home, true, preferred_auth_method)
    }

    pub async fn get_token_data(&self) -> Result<TokenData, std::io::Error> {
@@ -189,11 +193,10 @@ impl CodexAuth {

 pub const OPENAI_API_KEY_ENV_VAR: &str = "OPENAI_API_KEY";

-pub fn read_openai_api_key_from_env() -> Option<String> {
+fn read_openai_api_key_from_env() -> Option<String> {
    env::var(OPENAI_API_KEY_ENV_VAR)
        .ok()
-        .map(|value| value.trim().to_string())
-        .filter(|value| !value.is_empty())
+        .filter(|s| !s.is_empty())
 }

 pub fn get_auth_file(codex_home: &Path) -> PathBuf {
@@ -211,7 +214,7 @@ pub fn logout(codex_home: &Path) -> std::io::Result<bool> {
    }
 }

-/// Writes an `auth.json` that contains only the API key.
+/// Writes an `auth.json` that contains only the API key. Intended for CLI use.
 pub fn login_with_api_key(codex_home: &Path, api_key: &str) -> std::io::Result<()> {
    let auth_dot_json = AuthDotJson {
        openai_api_key: Some(api_key.to_string()),
@@ -221,11 +224,28 @@ pub fn login_with_api_key(codex_home: &Path, api_key: &str) -> std::io::Result<(
    write_auth_json(&get_auth_file(codex_home), &auth_dot_json)
 }

-fn load_auth(codex_home: &Path) -> std::io::Result<Option<CodexAuth>> {
+fn load_auth(
+    codex_home: &Path,
+    include_env_var: bool,
+    preferred_auth_method: AuthMode,
+) -> std::io::Result<Option<CodexAuth>> {
+    // First, check to see if there is a valid auth.json file. If not, we fall
+    // back to AuthMode::ApiKey using the OPENAI_API_KEY environment variable
+    // (if it is set).
    let auth_file = get_auth_file(codex_home);
    let client = crate::default_client::create_client();
    let auth_dot_json = match try_read_auth_json(&auth_file) {
        Ok(auth) => auth,
+        // If auth.json does not exist, try to read the OPENAI_API_KEY from the
+        // environment variable.
+        Err(e) if e.kind() == std::io::ErrorKind::NotFound && include_env_var => {
+            return match read_openai_api_key_from_env() {
+                Some(api_key) => Ok(Some(CodexAuth::from_api_key_with_client(&api_key, client))),
+                None => Ok(None),
+            };
+        }
+        // Though if auth.json exists but is malformed, do not fall back to the
+        // env var because the user may be expecting to use AuthMode::ChatGPT.
        Err(e) => {
            return Err(e);
        }
@@ -237,11 +257,32 @@ fn load_auth(codex_home: &Path) -> std::io::Result<Option<CodexAuth>> {
        last_refresh,
    } = auth_dot_json;

-    // Prefer AuthMode.ApiKey if it's set in the auth.json.
+    // If the auth.json has an API key AND does not appear to be on a plan that
+    // should prefer AuthMode::ChatGPT, use AuthMode::ApiKey.
    if let Some(api_key) = &auth_json_api_key {
-        return Ok(Some(CodexAuth::from_api_key_with_client(api_key, client)));
+        // Should any of these be AuthMode::ChatGPT with the api_key set?
+        // Does AuthMode::ChatGPT indicate that there is an auth.json that is
+        // "refreshable" even if we are using the API key for auth?
+        match &tokens {
+            Some(tokens) => {
+                if tokens.should_use_api_key(preferred_auth_method, tokens.is_openai_email()) {
+                    return Ok(Some(CodexAuth::from_api_key_with_client(api_key, client)));
+                } else {
+                    // Ignore the API key and fall through to ChatGPT auth.
+                }
+            }
+            None => {
+                // We have an API key but no tokens in the auth.json file.
+                // Perhaps the user ran `codex login --api-key <KEY>` or updated
+                // auth.json by hand. Either way, let's assume they are trying
+                // to use their API key.
+                return Ok(Some(CodexAuth::from_api_key_with_client(api_key, client)));
+            }
+        }
    }

+    // For the AuthMode::ChatGPT variant, perhaps neither api_key nor
+    // openai_api_key should exist?
    Ok(Some(CodexAuth {
        api_key: None,
        mode: AuthMode::ChatGPT,
@@ -371,6 +412,7 @@ use std::sync::RwLock;
 /// Internal cached auth state.
 #[derive(Clone, Debug)]
 struct CachedAuth {
+    preferred_auth_mode: AuthMode,
    auth: Option<CodexAuth>,
 }

@@ -426,7 +468,9 @@ mod tests {
            auth_dot_json,
            auth_file: _,
            ..
-        } = super::load_auth(codex_home.path()).unwrap().unwrap();
+        } = super::load_auth(codex_home.path(), false, AuthMode::ChatGPT)
+            .unwrap()
+            .unwrap();
        assert_eq!(None, api_key);
        assert_eq!(AuthMode::ChatGPT, mode);

@@ -455,6 +499,88 @@ mod tests {
        )
    }

+    /// Even if the OPENAI_API_KEY is set in auth.json, if the plan is not in
+    /// [`TokenData::is_plan_that_should_use_api_key`], it should use
+    /// [`AuthMode::ChatGPT`].
+    #[tokio::test]
+    async fn pro_account_with_api_key_still_uses_chatgpt_auth() {
+        let codex_home = tempdir().unwrap();
+        let fake_jwt = write_auth_file(
+            AuthFileParams {
+                openai_api_key: Some("sk-test-key".to_string()),
+                chatgpt_plan_type: "pro".to_string(),
+            },
+            codex_home.path(),
+        )
+        .expect("failed to write auth file");
+
+        let CodexAuth {
+            api_key,
+            mode,
+            auth_dot_json,
+            auth_file: _,
+            ..
+        } = super::load_auth(codex_home.path(), false, AuthMode::ChatGPT)
+            .unwrap()
+            .unwrap();
+        assert_eq!(None, api_key);
+        assert_eq!(AuthMode::ChatGPT, mode);
+
+        let guard = auth_dot_json.lock().unwrap();
+        let auth_dot_json = guard.as_ref().expect("AuthDotJson should exist");
+        assert_eq!(
+            &AuthDotJson {
+                openai_api_key: None,
+                tokens: Some(TokenData {
+                    id_token: IdTokenInfo {
+                        email: Some("user@example.com".to_string()),
+                        chatgpt_plan_type: Some(PlanType::Known(KnownPlan::Pro)),
+                        raw_jwt: fake_jwt,
+                    },
+                    access_token: "test-access-token".to_string(),
+                    refresh_token: "test-refresh-token".to_string(),
+                    account_id: None,
+                }),
+                last_refresh: Some(
+                    DateTime::parse_from_rfc3339(LAST_REFRESH)
+                        .unwrap()
+                        .with_timezone(&Utc)
+                ),
+            },
+            auth_dot_json
+        )
+    }
+
+    /// If the OPENAI_API_KEY is set in auth.json and it is an enterprise
+    /// account, then it should use [`AuthMode::ApiKey`].
+    #[tokio::test]
+    async fn enterprise_account_with_api_key_uses_apikey_auth() {
+        let codex_home = tempdir().unwrap();
+        write_auth_file(
+            AuthFileParams {
+                openai_api_key: Some("sk-test-key".to_string()),
+                chatgpt_plan_type: "enterprise".to_string(),
+            },
+            codex_home.path(),
+        )
+        .expect("failed to write auth file");
+
+        let CodexAuth {
+            api_key,
+            mode,
+            auth_dot_json,
+            auth_file: _,
+            ..
+        } = super::load_auth(codex_home.path(), false, AuthMode::ChatGPT)
+            .unwrap()
+            .unwrap();
+        assert_eq!(Some("sk-test-key".to_string()), api_key);
+        assert_eq!(AuthMode::ApiKey, mode);
+
+        let guard = auth_dot_json.lock().expect("should unwrap");
+        assert!(guard.is_none(), "auth_dot_json should be None");
+    }
+
    #[tokio::test]
    async fn loads_api_key_from_auth_json() {
        let dir = tempdir().unwrap();
@@ -465,7 +591,9 @@ mod tests {
        )
        .unwrap();

-        let auth = super::load_auth(dir.path()).unwrap().unwrap();
+        let auth = super::load_auth(dir.path(), false, AuthMode::ChatGPT)
+            .unwrap()
+            .unwrap();
        assert_eq!(auth.mode, AuthMode::ApiKey);
        assert_eq!(auth.api_key, Some("sk-test-key".to_string()));

@@ -555,17 +683,26 @@ impl AuthManager {
    /// preferred auth method. Errors loading auth are swallowed; `auth()` will
    /// simply return `None` in that case so callers can treat it as an
    /// unauthenticated state.
-    pub fn new(codex_home: PathBuf) -> Self {
-        let auth = CodexAuth::from_codex_home(&codex_home).ok().flatten();
+    pub fn new(codex_home: PathBuf, preferred_auth_mode: AuthMode) -> Self {
+        let auth = CodexAuth::from_codex_home(&codex_home, preferred_auth_mode)
+            .ok()
+            .flatten();
        Self {
            codex_home,
-            inner: RwLock::new(CachedAuth { auth }),
+            inner: RwLock::new(CachedAuth {
+                preferred_auth_mode,
+                auth,
+            }),
        }
    }

    /// Create an AuthManager with a specific CodexAuth, for testing only.
    pub fn from_auth_for_testing(auth: CodexAuth) -> Arc<Self> {
-        let cached = CachedAuth { auth: Some(auth) };
+        let preferred_auth_mode = auth.mode;
+        let cached = CachedAuth {
+            preferred_auth_mode,
+            auth: Some(auth),
+        };
        Arc::new(Self {
            codex_home: PathBuf::new(),
            inner: RwLock::new(cached),
@@ -577,10 +714,21 @@ impl AuthManager {
        self.inner.read().ok().and_then(|c| c.auth.clone())
    }

-    /// Force a reload of the auth information from auth.json. Returns
+    /// Preferred auth method used when (re)loading.
+    pub fn preferred_auth_method(&self) -> AuthMode {
+        self.inner
+            .read()
+            .map(|c| c.preferred_auth_mode)
+            .unwrap_or(AuthMode::ApiKey)
+    }
+
+    /// Force a reload using the existing preferred auth method. Returns
    /// whether the auth value changed.
    pub fn reload(&self) -> bool {
-        let new_auth = CodexAuth::from_codex_home(&self.codex_home).ok().flatten();
+        let preferred = self.preferred_auth_method();
+        let new_auth = CodexAuth::from_codex_home(&self.codex_home, preferred)
+            .ok()
+            .flatten();
        if let Ok(mut guard) = self.inner.write() {
            let changed = !AuthManager::auths_equal(&guard.auth, &new_auth);
            guard.auth = new_auth;
@@ -599,8 +747,8 @@ impl AuthManager {
    }

    /// Convenience constructor returning an `Arc` wrapper.
-    pub fn shared(codex_home: PathBuf) -> Arc<Self> {
-        Arc::new(Self::new(codex_home))
+    pub fn shared(codex_home: PathBuf, preferred_auth_mode: AuthMode) -> Arc<Self> {
+        Arc::new(Self::new(codex_home, preferred_auth_mode))
    }

    /// Attempt to refresh the current auth token (if any). On success, reload
--- a/codex-rs/core/src/codex.rs
+++ b/codex-rs/core/src/codex.rs
@@ -19,14 +19,13 @@ use codex_apply_patch::ApplyPatchAction;
 use codex_apply_patch::MaybeApplyPatchVerified;
 use codex_apply_patch::maybe_parse_apply_patch_verified;
 use codex_protocol::mcp_protocol::ConversationId;
-use codex_protocol::protocol::ConversationPathResponseEvent;
+use codex_protocol::protocol::ConversationHistoryResponseEvent;
 use codex_protocol::protocol::RolloutItem;
 use codex_protocol::protocol::TaskStartedEvent;
 use codex_protocol::protocol::TurnAbortReason;
 use codex_protocol::protocol::TurnAbortedEvent;
 use futures::prelude::*;
 use mcp_types::CallToolResult;
-use serde::Deserialize;
 use serde::Serialize;
 use serde_json;
 use tokio::sync::oneshot;
@@ -113,7 +112,6 @@ use crate::safety::assess_command_safety;
 use crate::safety::assess_safety_for_untrusted_command;
 use crate::shell;
 use crate::turn_diff_tracker::TurnDiffTracker;
-use crate::unified_exec::UnifiedExecSessionManager;
 use crate::user_instructions::UserInstructions;
 use crate::user_notification::UserNotification;
 use crate::util::backoff;
@@ -282,7 +280,6 @@ pub(crate) struct Session {
    /// Manager for external MCP servers/tools.
    mcp_connection_manager: McpConnectionManager,
    session_manager: ExecSessionManager,
-    unified_exec_manager: UnifiedExecSessionManager,

    /// External notifier command (will be passed as args to exec()). When
    /// `None` this feature is disabled.
@@ -474,7 +471,6 @@ impl Session {
                include_web_search_request: config.tools_web_search_request,
                use_streamable_shell_tool: config.use_experimental_streamable_shell_tool,
                include_view_image_tool: config.include_view_image_tool,
-                experimental_unified_exec_tool: config.use_experimental_unified_exec_tool,
            }),
            user_instructions,
            base_instructions,
@@ -488,7 +484,6 @@ impl Session {
            tx_event: tx_event.clone(),
            mcp_connection_manager,
            session_manager: ExecSessionManager::default(),
-            unified_exec_manager: UnifiedExecSessionManager::default(),
            notify,
            state: Mutex::new(state),
            rollout: Mutex::new(Some(rollout_recorder)),
@@ -1154,7 +1149,6 @@ async fn submission_loop(
                    include_web_search_request: config.tools_web_search_request,
                    use_streamable_shell_tool: config.use_experimental_streamable_shell_tool,
                    include_view_image_tool: config.include_view_image_tool,
-                    experimental_unified_exec_tool: config.use_experimental_unified_exec_tool,
                });

                let new_turn_context = TurnContext {
@@ -1257,8 +1251,6 @@ async fn submission_loop(
                            use_streamable_shell_tool: config
                                .use_experimental_streamable_shell_tool,
                            include_view_image_tool: config.include_view_image_tool,
-                            experimental_unified_exec_tool: config
-                                .use_experimental_unified_exec_tool,
                        }),
                        user_instructions: turn_context.user_instructions.clone(),
                        base_instructions: turn_context.base_instructions.clone(),
@@ -1405,29 +1397,14 @@ async fn submission_loop(
                sess.send_event(event).await;
                break;
            }
-            Op::GetPath => {
+            Op::GetHistory => {
                let sub_id = sub.id.clone();
-                // Flush rollout writes before returning the path so readers observe a consistent file.
-                let (path, rec_opt) = {
-                    let guard = sess.rollout.lock_unchecked();
-                    match guard.as_ref() {
-                        Some(rec) => (rec.get_rollout_path(), Some(rec.clone())),
-                        None => {
-                            error!("rollout recorder not found");
-                            continue;
-                        }
-                    }
-                };
-                if let Some(rec) = rec_opt
-                    && let Err(e) = rec.flush().await
-                {
-                    warn!("failed to flush rollout recorder before GetHistory: {e}");
-                }
+
                let event = Event {
                    id: sub_id.clone(),
-                    msg: EventMsg::ConversationPath(ConversationPathResponseEvent {
+                    msg: EventMsg::ConversationHistory(ConversationHistoryResponseEvent {
                        conversation_id: sess.conversation_id,
-                        path,
+                        entries: sess.state.lock_unchecked().history.contents(),
                    }),
                };
                sess.send_event(event).await;
@@ -2105,72 +2082,6 @@ async fn handle_response_item(
    Ok(output)
 }

-async fn handle_unified_exec_tool_call(
-    sess: &Session,
-    call_id: String,
-    session_id: Option<String>,
-    arguments: Vec<String>,
-    timeout_ms: Option<u64>,
-) -> ResponseInputItem {
-    let parsed_session_id = if let Some(session_id) = session_id {
-        match session_id.parse::<i32>() {
-            Ok(parsed) => Some(parsed),
-            Err(output) => {
-                return ResponseInputItem::FunctionCallOutput {
-                    call_id: call_id.to_string(),
-                    output: FunctionCallOutputPayload {
-                        content: format!("invalid session_id: {session_id} due to error {output}"),
-                        success: Some(false),
-                    },
-                };
-            }
-        }
-    } else {
-        None
-    };
-
-    let request = crate::unified_exec::UnifiedExecRequest {
-        session_id: parsed_session_id,
-        input_chunks: &arguments,
-        timeout_ms,
-    };
-
-    let result = sess.unified_exec_manager.handle_request(request).await;
-
-    let output_payload = match result {
-        Ok(value) => {
-            #[derive(Serialize)]
-            struct SerializedUnifiedExecResult<'a> {
-                session_id: Option<String>,
-                output: &'a str,
-            }
-
-            match serde_json::to_string(&SerializedUnifiedExecResult {
-                session_id: value.session_id.map(|id| id.to_string()),
-                output: &value.output,
-            }) {
-                Ok(serialized) => FunctionCallOutputPayload {
-                    content: serialized,
-                    success: Some(true),
-                },
-                Err(err) => FunctionCallOutputPayload {
-                    content: format!("failed to serialize unified exec output: {err}"),
-                    success: Some(false),
-                },
-            }
-        }
-        Err(err) => FunctionCallOutputPayload {
-            content: format!("unified exec failed: {err}"),
-            success: Some(false),
-        },
-    };
-
-    ResponseInputItem::FunctionCallOutput {
-        call_id,
-        output: output_payload,
-    }
-}
-
 async fn handle_function_call(
    sess: &Session,
    turn_context: &TurnContext,
@@ -2198,38 +2109,6 @@ async fn handle_function_call(
            )
            .await
        }
-        "unified_exec" => {
-            #[derive(Deserialize)]
-            struct UnifiedExecArgs {
-                input: Vec<String>,
-                #[serde(default)]
-                session_id: Option<String>,
-                #[serde(default)]
-                timeout_ms: Option<u64>,
-            }
-
-            let args = match serde_json::from_str::<UnifiedExecArgs>(&arguments) {
-                Ok(args) => args,
-                Err(err) => {
-                    return ResponseInputItem::FunctionCallOutput {
-                        call_id,
-                        output: FunctionCallOutputPayload {
-                            content: format!("failed to parse function arguments: {err}"),
-                            success: Some(false),
-                        },
-                    };
-                }
-            };
-
-            handle_unified_exec_tool_call(
-                sess,
-                call_id,
-                args.session_id,
-                args.input,
-                args.timeout_ms,
-            )
-            .await
-        }
        "view_image" => {
            #[derive(serde::Deserialize)]
            struct SeeImageArgs {
--- a/codex-rs/core/src/config.rs
+++ b/codex-rs/core/src/config.rs
@@ -19,6 +19,7 @@ use codex_protocol::config_types::ReasoningEffort;
 use codex_protocol::config_types::ReasoningSummary;
 use codex_protocol::config_types::SandboxMode;
 use codex_protocol::config_types::Verbosity;
+use codex_protocol::mcp_protocol::AuthMode;
 use codex_protocol::mcp_protocol::Tools;
 use codex_protocol::mcp_protocol::UserSavedConfig;
 use dirs::home_dir;
@@ -166,10 +167,10 @@ pub struct Config {

    pub tools_web_search_request: bool,

-    pub use_experimental_streamable_shell_tool: bool,
+    /// If set to `true`, the API key will be signed with the `originator` header.
+    pub preferred_auth_method: AuthMode,

-    /// If set to `true`, used only the experimental unified exec tool.
-    pub use_experimental_unified_exec_tool: bool,
+    pub use_experimental_streamable_shell_tool: bool,

    /// Include the `view_image` tool that lets the agent attach a local image path to context.
    pub include_view_image_tool: bool,
@@ -260,7 +261,17 @@ pub fn load_config_as_toml(codex_home: &Path) -> std::io::Result<TomlValue> {
    }
 }

-fn set_project_trusted_inner(doc: &mut DocumentMut, project_path: &Path) -> anyhow::Result<()> {
+/// Patch `CODEX_HOME/config.toml` project state.
+/// Use with caution.
+pub fn set_project_trusted(codex_home: &Path, project_path: &Path) -> anyhow::Result<()> {
+    let config_path = codex_home.join(CONFIG_TOML_FILE);
+    // Parse existing config if present; otherwise start a new document.
+    let mut doc = match std::fs::read_to_string(config_path.clone()) {
+        Ok(s) => s.parse::<DocumentMut>()?,
+        Err(e) if e.kind() == std::io::ErrorKind::NotFound => DocumentMut::new(),
+        Err(e) => return Err(e.into()),
+    };
+
    // Ensure we render a human-friendly structure:
    //
    // [projects]
@@ -276,26 +287,14 @@ fn set_project_trusted_inner(doc: &mut DocumentMut, project_path: &Path) -> anyh
    // Ensure top-level `projects` exists as a non-inline, explicit table. If it
    // exists but was previously represented as a non-table (e.g., inline),
    // replace it with an explicit table.
+    let mut created_projects_table = false;
    {
        let root = doc.as_table_mut();
-        // If `projects` exists but isn't a standard table (e.g., it's an inline table),
-        // convert it to an explicit table while preserving existing entries.
-        let existing_projects = root.get("projects").cloned();
-        if existing_projects.as_ref().is_none_or(|i| !i.is_table()) {
-            let mut projects_tbl = toml_edit::Table::new();
-            projects_tbl.set_implicit(true);
-
-            // If there was an existing inline table, migrate its entries to explicit tables.
-            if let Some(inline_tbl) = existing_projects.as_ref().and_then(|i| i.as_inline_table()) {
-                for (k, v) in inline_tbl.iter() {
-                    if let Some(inner_tbl) = v.as_inline_table() {
-                        let new_tbl = inner_tbl.clone().into_table();
-                        projects_tbl.insert(k, toml_edit::Item::Table(new_tbl));
-                    }
-                }
-            }
-
-            root.insert("projects", toml_edit::Item::Table(projects_tbl));
+        let needs_table = !root.contains_key("projects")
+            || root.get("projects").and_then(|i| i.as_table()).is_none();
+        if needs_table {
+            root.insert("projects", toml_edit::table());
+            created_projects_table = true;
        }
    }
    let Some(projects_tbl) = doc["projects"].as_table_mut() else {
@@ -304,6 +303,12 @@ fn set_project_trusted_inner(doc: &mut DocumentMut, project_path: &Path) -> anyh
        ));
    };

+    // If we created the `projects` table ourselves, keep it implicit so we
+    // don't render a standalone `[projects]` header.
+    if created_projects_table {
+        projects_tbl.set_implicit(true);
+    }
+
    // Ensure the per-project entry is its own explicit table. If it exists but
    // is not a table (e.g., an inline table), replace it with an explicit table.
    let needs_proj_table = !projects_tbl.contains_key(project_key.as_str())
@@ -322,21 +327,6 @@ fn set_project_trusted_inner(doc: &mut DocumentMut, project_path: &Path) -> anyh
    };
    proj_tbl.set_implicit(false);
    proj_tbl["trust_level"] = toml_edit::value("trusted");
-    Ok(())
-}
-
-/// Patch `CODEX_HOME/config.toml` project state.
-/// Use with caution.
-pub fn set_project_trusted(codex_home: &Path, project_path: &Path) -> anyhow::Result<()> {
-    let config_path = codex_home.join(CONFIG_TOML_FILE);
-    // Parse existing config if present; otherwise start a new document.
-    let mut doc = match std::fs::read_to_string(config_path.clone()) {
-        Ok(s) => s.parse::<DocumentMut>()?,
-        Err(e) if e.kind() == std::io::ErrorKind::NotFound => DocumentMut::new(),
-        Err(e) => return Err(e.into()),
-    };
-
-    set_project_trusted_inner(&mut doc, project_path)?;

    // ensure codex_home exists
    std::fs::create_dir_all(codex_home)?;
@@ -486,10 +476,12 @@ pub struct ConfigToml {
    pub experimental_instructions_file: Option<PathBuf>,

    pub experimental_use_exec_command_tool: Option<bool>,
-    pub experimental_use_unified_exec_tool: Option<bool>,

    pub projects: Option<HashMap<String, ProjectConfig>>,

+    /// If set to `true`, the API key will be signed with the `originator` header.
+    pub preferred_auth_method: Option<AuthMode>,
+
    /// Nested tools section for feature toggles
    pub tools: Option<ToolsToml>,

@@ -830,12 +822,10 @@ impl Config {
            include_plan_tool: include_plan_tool.unwrap_or(false),
            include_apply_patch_tool: include_apply_patch_tool.unwrap_or(false),
            tools_web_search_request,
+            preferred_auth_method: cfg.preferred_auth_method.unwrap_or(AuthMode::ChatGPT),
            use_experimental_streamable_shell_tool: cfg
                .experimental_use_exec_command_tool
                .unwrap_or(false),
-            use_experimental_unified_exec_tool: cfg
-                .experimental_use_unified_exec_tool
-                .unwrap_or(false),
            include_view_image_tool,
            active_profile: active_profile_name,
            disable_paste_burst: cfg.disable_paste_burst.unwrap_or(false),
@@ -1209,8 +1199,8 @@ model_verbosity = "high"
                include_plan_tool: false,
                include_apply_patch_tool: false,
                tools_web_search_request: false,
+                preferred_auth_method: AuthMode::ChatGPT,
                use_experimental_streamable_shell_tool: false,
-                use_experimental_unified_exec_tool: false,
                include_view_image_tool: true,
                active_profile: Some("o3".to_string()),
                disable_paste_burst: false,
@@ -1266,8 +1256,8 @@ model_verbosity = "high"
            include_plan_tool: false,
            include_apply_patch_tool: false,
            tools_web_search_request: false,
+            preferred_auth_method: AuthMode::ChatGPT,
            use_experimental_streamable_shell_tool: false,
-            use_experimental_unified_exec_tool: false,
            include_view_image_tool: true,
            active_profile: Some("gpt3".to_string()),
            disable_paste_burst: false,
@@ -1338,8 +1328,8 @@ model_verbosity = "high"
            include_plan_tool: false,
            include_apply_patch_tool: false,
            tools_web_search_request: false,
+            preferred_auth_method: AuthMode::ChatGPT,
            use_experimental_streamable_shell_tool: false,
-            use_experimental_unified_exec_tool: false,
            include_view_image_tool: true,
            active_profile: Some("zdr".to_string()),
            disable_paste_burst: false,
@@ -1396,8 +1386,8 @@ model_verbosity = "high"
            include_plan_tool: false,
            include_apply_patch_tool: false,
            tools_web_search_request: false,
+            preferred_auth_method: AuthMode::ChatGPT,
            use_experimental_streamable_shell_tool: false,
-            use_experimental_unified_exec_tool: false,
            include_view_image_tool: true,
            active_profile: Some("gpt5".to_string()),
            disable_paste_burst: false,
@@ -1410,14 +1400,17 @@ model_verbosity = "high"

    #[test]
    fn test_set_project_trusted_writes_explicit_tables() -> anyhow::Result<()> {
-        let project_dir = Path::new("/some/path");
-        let mut doc = DocumentMut::new();
+        let codex_home = TempDir::new().unwrap();
+        let project_dir = TempDir::new().unwrap();

-        set_project_trusted_inner(&mut doc, project_dir)?;
+        // Call the function under test
+        set_project_trusted(codex_home.path(), project_dir.path())?;

-        let contents = doc.to_string();
+        // Read back the generated config.toml and assert exact contents
+        let config_path = codex_home.path().join(CONFIG_TOML_FILE);
+        let contents = std::fs::read_to_string(&config_path)?;

-        let raw_path = project_dir.to_string_lossy();
+        let raw_path = project_dir.path().to_string_lossy();
        let path_str = if raw_path.contains('\\') {
            format!("'{raw_path}'")
        } else {
@@ -1435,10 +1428,12 @@ trust_level = "trusted"

    #[test]
    fn test_set_project_trusted_converts_inline_to_explicit() -> anyhow::Result<()> {
-        let project_dir = Path::new("/some/path");
+        let codex_home = TempDir::new().unwrap();
+        let project_dir = TempDir::new().unwrap();

        // Seed config.toml with an inline project entry under [projects]
-        let raw_path = project_dir.to_string_lossy();
+        let config_path = codex_home.path().join(CONFIG_TOML_FILE);
+        let raw_path = project_dir.path().to_string_lossy();
        let path_str = if raw_path.contains('\\') {
            format!("'{raw_path}'")
        } else {
@@ -1450,12 +1445,13 @@ trust_level = "trusted"
 {path_str} = {{ trust_level = "untrusted" }}
 "#
        );
-        let mut doc = initial.parse::<DocumentMut>()?;
+        std::fs::create_dir_all(codex_home.path())?;
+        std::fs::write(&config_path, initial)?;

        // Run the function; it should convert to explicit tables and set trusted
-        set_project_trusted_inner(&mut doc, project_dir)?;
+        set_project_trusted(codex_home.path(), project_dir.path())?;

-        let contents = doc.to_string();
+        let contents = std::fs::read_to_string(&config_path)?;

        // Assert exact output after conversion to explicit table
        let expected = format!(
@@ -1469,38 +1465,4 @@ trust_level = "trusted"

        Ok(())
    }
-
-    #[test]
-    fn test_set_project_trusted_migrates_top_level_inline_projects_preserving_entries()
-    -> anyhow::Result<()> {
-        let initial = r#"toplevel = "baz"
-projects = { "/Users/mbolin/code/codex4" = { trust_level = "trusted", foo = "bar" } , "/Users/mbolin/code/codex3" = { trust_level = "trusted" } }
-model = "foo""#;
-        let mut doc = initial.parse::<DocumentMut>()?;
-
-        // Approve a new directory
-        let new_project = Path::new("/Users/mbolin/code/codex2");
-        set_project_trusted_inner(&mut doc, new_project)?;
-
-        let contents = doc.to_string();
-
-        // Since we created the [projects] table as part of migration, it is kept implicit.
-        // Expect explicit per-project tables, preserving prior entries and appending the new one.
-        let expected = r#"toplevel = "baz"
-model = "foo"
-
-[projects."/Users/mbolin/code/codex4"]
-trust_level = "trusted"
-foo = "bar"
-
-[projects."/Users/mbolin/code/codex3"]
-trust_level = "trusted"
-
-[projects."/Users/mbolin/code/codex2"]
-trust_level = "trusted"
-"#;
-        assert_eq!(contents, expected);
-
-        Ok(())
-    }
 }
--- a/codex-rs/core/src/conversation_manager.rs
+++ b/codex-rs/core/src/conversation_manager.rs
@@ -150,13 +150,13 @@ impl ConversationManager {
    /// caller's `config`). The new conversation will have a fresh id.
    pub async fn fork_conversation(
        &self,
+        conversation_history: Vec<ResponseItem>,
        num_messages_to_drop: usize,
        config: Config,
-        path: PathBuf,
    ) -> CodexResult<NewConversation> {
        // Compute the prefix up to the cut point.
-        let history = RolloutRecorder::get_rollout_history(&path).await?;
-        let history = truncate_after_dropping_last_messages(history, num_messages_to_drop);
+        let history =
+            truncate_after_dropping_last_messages(conversation_history, num_messages_to_drop);

        // Spawn a new conversation with the computed initial history.
        let auth_manager = self.auth_manager.clone();
@@ -171,36 +171,36 @@ impl ConversationManager {

 /// Return a prefix of `items` obtained by dropping the last `n` user messages
 /// and all items that follow them.
-fn truncate_after_dropping_last_messages(history: InitialHistory, n: usize) -> InitialHistory {
+fn truncate_after_dropping_last_messages(items: Vec<ResponseItem>, n: usize) -> InitialHistory {
    if n == 0 {
-        return InitialHistory::Forked(history.get_rollout_items());
+        let rolled: Vec<RolloutItem> = items.into_iter().map(RolloutItem::ResponseItem).collect();
+        return InitialHistory::Forked(rolled);
    }

-    // Work directly on rollout items, and cut the vector at the nth-from-last user message input.
-    let items: Vec<RolloutItem> = history.get_rollout_items();
-
-    // Find indices of user message inputs in rollout order.
-    let mut user_positions: Vec<usize> = Vec::new();
-    for (idx, item) in items.iter().enumerate() {
-        if let RolloutItem::ResponseItem(ResponseItem::Message { role, .. }) = item
+    // Walk backwards counting only `user` Message items, find cut index.
+    let mut count = 0usize;
+    let mut cut_index = 0usize;
+    for (idx, item) in items.iter().enumerate().rev() {
+        if let ResponseItem::Message { role, .. } = item
            && role == "user"
        {
-            user_positions.push(idx);
+            count += 1;
+            if count == n {
+                // Cut everything from this user message to the end.
+                cut_index = idx;
+                break;
+            }
        }
    }
-
-    // If fewer than n user messages exist, treat as empty.
-    if user_positions.len() < n {
-        return InitialHistory::New;
-    }
-
-    // Cut strictly before the nth-from-last user message (do not keep the nth itself).
-    let cut_idx = user_positions[user_positions.len() - n];
-    let rolled: Vec<RolloutItem> = items.into_iter().take(cut_idx).collect();
-
-    if rolled.is_empty() {
+    if cut_index == 0 {
+        // No prefix remains after dropping; start a new conversation.
        InitialHistory::New
    } else {
+        let rolled: Vec<RolloutItem> = items
+            .into_iter()
+            .take(cut_index)
+            .map(RolloutItem::ResponseItem)
+            .collect();
        InitialHistory::Forked(rolled)
    }
 }
@@ -256,13 +256,7 @@ mod tests {
            assistant_msg("a4"),
        ];

-        // Wrap as InitialHistory::Forked with response items only.
-        let initial: Vec<RolloutItem> = items
-            .iter()
-            .cloned()
-            .map(RolloutItem::ResponseItem)
-            .collect();
-        let truncated = truncate_after_dropping_last_messages(InitialHistory::Forked(initial), 1);
+        let truncated = truncate_after_dropping_last_messages(items.clone(), 1);
        let got_items = truncated.get_rollout_items();
        let expected_items = vec![
            RolloutItem::ResponseItem(items[0].clone()),
@@ -274,12 +268,7 @@ mod tests {
            serde_json::to_value(&expected_items).unwrap()
        );

-        let initial2: Vec<RolloutItem> = items
-            .iter()
-            .cloned()
-            .map(RolloutItem::ResponseItem)
-            .collect();
-        let truncated2 = truncate_after_dropping_last_messages(InitialHistory::Forked(initial2), 2);
+        let truncated2 = truncate_after_dropping_last_messages(items, 2);
        assert!(matches!(truncated2, InitialHistory::New));
    }
 }
--- a/codex-rs/core/src/environment_context.rs
+++ b/codex-rs/core/src/environment_context.rs
@@ -26,7 +26,6 @@ pub(crate) struct EnvironmentContext {
    pub approval_policy: Option<AskForApproval>,
    pub sandbox_mode: Option<SandboxMode>,
    pub network_access: Option<NetworkAccess>,
-    pub writable_roots: Option<Vec<PathBuf>>,
    pub shell: Option<Shell>,
 }

@@ -58,16 +57,6 @@ impl EnvironmentContext {
                }
                None => None,
            },
-            writable_roots: match sandbox_policy {
-                Some(SandboxPolicy::WorkspaceWrite { writable_roots, .. }) => {
-                    if writable_roots.is_empty() {
-                        None
-                    } else {
-                        Some(writable_roots.clone())
-                    }
-                }
-                _ => None,
-            },
            shell,
        }
    }
@@ -83,7 +72,6 @@ impl EnvironmentContext {
    ///   <cwd>...</cwd>
    ///   <approval_policy>...</approval_policy>
    ///   <sandbox_mode>...</sandbox_mode>
-    ///   <writable_roots>...</writable_roots>
    ///   <network_access>...</network_access>
    ///   <shell>...</shell>
    /// </environment_context>
@@ -106,16 +94,6 @@ impl EnvironmentContext {
                "  <network_access>{network_access}</network_access>"
            ));
        }
-        if let Some(writable_roots) = self.writable_roots {
-            lines.push("  <writable_roots>".to_string());
-            for writable_root in writable_roots {
-                lines.push(format!(
-                    "    <root>{}</root>",
-                    writable_root.to_string_lossy()
-                ));
-            }
-            lines.push("  </writable_roots>".to_string());
-        }
        if let Some(shell) = self.shell
            && let Some(shell_name) = shell.name()
        {
@@ -137,77 +115,3 @@ impl From<EnvironmentContext> for ResponseItem {
        }
    }
 }
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use pretty_assertions::assert_eq;
-
-    fn workspace_write_policy(writable_roots: Vec<&str>, network_access: bool) -> SandboxPolicy {
-        SandboxPolicy::WorkspaceWrite {
-            writable_roots: writable_roots.into_iter().map(PathBuf::from).collect(),
-            network_access,
-            exclude_tmpdir_env_var: false,
-            exclude_slash_tmp: false,
-        }
-    }
-
-    #[test]
-    fn serialize_workspace_write_environment_context() {
-        let context = EnvironmentContext::new(
-            Some(PathBuf::from("/repo")),
-            Some(AskForApproval::OnRequest),
-            Some(workspace_write_policy(vec!["/repo", "/tmp"], false)),
-            None,
-        );
-
-        let expected = r#"<environment_context>
-  <cwd>/repo</cwd>
-  <approval_policy>on-request</approval_policy>
-  <sandbox_mode>workspace-write</sandbox_mode>
-  <network_access>restricted</network_access>
-  <writable_roots>
-    <root>/repo</root>
-    <root>/tmp</root>
-  </writable_roots>
-</environment_context>"#;
-
-        assert_eq!(context.serialize_to_xml(), expected);
-    }
-
-    #[test]
-    fn serialize_read_only_environment_context() {
-        let context = EnvironmentContext::new(
-            None,
-            Some(AskForApproval::Never),
-            Some(SandboxPolicy::ReadOnly),
-            None,
-        );
-
-        let expected = r#"<environment_context>
-  <approval_policy>never</approval_policy>
-  <sandbox_mode>read-only</sandbox_mode>
-  <network_access>restricted</network_access>
-</environment_context>"#;
-
-        assert_eq!(context.serialize_to_xml(), expected);
-    }
-
-    #[test]
-    fn serialize_full_access_environment_context() {
-        let context = EnvironmentContext::new(
-            None,
-            Some(AskForApproval::OnFailure),
-            Some(SandboxPolicy::DangerFullAccess),
-            None,
-        );
-
-        let expected = r#"<environment_context>
-  <approval_policy>on-failure</approval_policy>
-  <sandbox_mode>danger-full-access</sandbox_mode>
-  <network_access>enabled</network_access>
-</environment_context>"#;
-
-        assert_eq!(context.serialize_to_xml(), expected);
-    }
-}
--- a/codex-rs/core/src/exec_command/exec_command_session.rs
+++ b/codex-rs/core/src/exec_command/exec_command_session.rs
@@ -24,9 +24,6 @@ pub(crate) struct ExecCommandSession {

    /// JoinHandle for the child wait task.
    wait_handle: StdMutex<Option<JoinHandle<()>>>,
-
-    /// Tracks whether the underlying process has exited.
-    exit_status: std::sync::Arc<std::sync::atomic::AtomicBool>,
 }

 impl ExecCommandSession {
@@ -37,7 +34,6 @@ impl ExecCommandSession {
        reader_handle: JoinHandle<()>,
        writer_handle: JoinHandle<()>,
        wait_handle: JoinHandle<()>,
-        exit_status: std::sync::Arc<std::sync::atomic::AtomicBool>,
    ) -> Self {
        Self {
            writer_tx,
@@ -46,7 +42,6 @@ impl ExecCommandSession {
            reader_handle: StdMutex::new(Some(reader_handle)),
            writer_handle: StdMutex::new(Some(writer_handle)),
            wait_handle: StdMutex::new(Some(wait_handle)),
-            exit_status,
        }
    }

@@ -57,10 +52,6 @@ impl ExecCommandSession {
    pub(crate) fn output_receiver(&self) -> broadcast::Receiver<Vec<u8>> {
        self.output_tx.subscribe()
    }
-
-    pub(crate) fn has_exited(&self) -> bool {
-        self.exit_status.load(std::sync::atomic::Ordering::SeqCst)
-    }
 }

 impl Drop for ExecCommandSession {
--- a/codex-rs/core/src/exec_command/mod.rs
+++ b/codex-rs/core/src/exec_command/mod.rs
@@ -6,7 +6,6 @@ mod session_manager;

 pub use exec_command_params::ExecCommandParams;
 pub use exec_command_params::WriteStdinParams;
-pub(crate) use exec_command_session::ExecCommandSession;
 pub use responses_api::EXEC_COMMAND_TOOL_NAME;
 pub use responses_api::WRITE_STDIN_TOOL_NAME;
 pub use responses_api::create_exec_command_tool_for_responses_api;
--- a/codex-rs/core/src/exec_command/session_manager.rs
+++ b/codex-rs/core/src/exec_command/session_manager.rs
@@ -3,7 +3,6 @@ use std::io::ErrorKind;
 use std::io::Read;
 use std::sync::Arc;
 use std::sync::Mutex as StdMutex;
-use std::sync::atomic::AtomicBool;
 use std::sync::atomic::AtomicU32;

 use portable_pty::CommandBuilder;
@@ -20,7 +19,6 @@ use crate::exec_command::exec_command_params::ExecCommandParams;
 use crate::exec_command::exec_command_params::WriteStdinParams;
 use crate::exec_command::exec_command_session::ExecCommandSession;
 use crate::exec_command::session_id::SessionId;
-use crate::truncate::truncate_middle;
 use codex_protocol::models::FunctionCallOutputPayload;

 #[derive(Debug, Default)]
@@ -329,14 +327,11 @@ async fn create_exec_command_session(

    // Keep the child alive until it exits, then signal exit code.
    let (exit_tx, exit_rx) = oneshot::channel::<i32>();
-    let exit_status = Arc::new(AtomicBool::new(false));
-    let wait_exit_status = exit_status.clone();
    let wait_handle = tokio::task::spawn_blocking(move || {
        let code = match child.wait() {
            Ok(status) => status.exit_code() as i32,
            Err(_) => -1,
        };
-        wait_exit_status.store(true, std::sync::atomic::Ordering::SeqCst);
        let _ = exit_tx.send(code);
    });

@@ -348,11 +343,116 @@ async fn create_exec_command_session(
        reader_handle,
        writer_handle,
        wait_handle,
-        exit_status,
    );
    Ok((session, exit_rx))
 }

+/// Truncate the middle of a UTF-8 string to at most `max_bytes` bytes,
+/// preserving the beginning and the end. Returns the possibly truncated
+/// string and `Some(original_token_count)` (estimated at 4 bytes/token)
+/// if truncation occurred; otherwise returns the original string and `None`.
+fn truncate_middle(s: &str, max_bytes: usize) -> (String, Option<u64>) {
+    // No truncation needed
+    if s.len() <= max_bytes {
+        return (s.to_string(), None);
+    }
+    let est_tokens = (s.len() as u64).div_ceil(4);
+    if max_bytes == 0 {
+        // Cannot keep any content; still return a full marker (never truncated).
+        return (format!("…{est_tokens} tokens truncated…"), Some(est_tokens));
+    }
+
+    // Helper to truncate a string to a given byte length on a char boundary.
+    fn truncate_on_boundary(input: &str, max_len: usize) -> &str {
+        if input.len() <= max_len {
+            return input;
+        }
+        let mut end = max_len;
+        while end > 0 && !input.is_char_boundary(end) {
+            end -= 1;
+        }
+        &input[..end]
+    }
+
+    // Given a left/right budget, prefer newline boundaries; otherwise fall back
+    // to UTF-8 char boundaries.
+    fn pick_prefix_end(s: &str, left_budget: usize) -> usize {
+        if let Some(head) = s.get(..left_budget)
+            && let Some(i) = head.rfind('\n')
+        {
+            return i + 1; // keep the newline so suffix starts on a fresh line
+        }
+        truncate_on_boundary(s, left_budget).len()
+    }
+
+    fn pick_suffix_start(s: &str, right_budget: usize) -> usize {
+        let start_tail = s.len().saturating_sub(right_budget);
+        if let Some(tail) = s.get(start_tail..)
+            && let Some(i) = tail.find('\n')
+        {
+            return start_tail + i + 1; // start after newline
+        }
+        // Fall back to a char boundary at or after start_tail.
+        let mut idx = start_tail.min(s.len());
+        while idx < s.len() && !s.is_char_boundary(idx) {
+            idx += 1;
+        }
+        idx
+    }
+
+    // Refine marker length and budgets until stable. Marker is never truncated.
+    let mut guess_tokens = est_tokens; // worst-case: everything truncated
+    for _ in 0..4 {
+        let marker = format!("…{guess_tokens} tokens truncated…");
+        let marker_len = marker.len();
+        let keep_budget = max_bytes.saturating_sub(marker_len);
+        if keep_budget == 0 {
+            // No room for any content within the cap; return a full, untruncated marker
+            // that reflects the entire truncated content.
+            return (format!("…{est_tokens} tokens truncated…"), Some(est_tokens));
+        }
+
+        let left_budget = keep_budget / 2;
+        let right_budget = keep_budget - left_budget;
+        let prefix_end = pick_prefix_end(s, left_budget);
+        let mut suffix_start = pick_suffix_start(s, right_budget);
+        if suffix_start < prefix_end {
+            suffix_start = prefix_end;
+        }
+        let kept_content_bytes = prefix_end + (s.len() - suffix_start);
+        let truncated_content_bytes = s.len().saturating_sub(kept_content_bytes);
+        let new_tokens = (truncated_content_bytes as u64).div_ceil(4);
+        if new_tokens == guess_tokens {
+            let mut out = String::with_capacity(marker_len + kept_content_bytes + 1);
+            out.push_str(&s[..prefix_end]);
+            out.push_str(&marker);
+            // Place marker on its own line for symmetry when we keep line boundaries.
+            out.push('\n');
+            out.push_str(&s[suffix_start..]);
+            return (out, Some(est_tokens));
+        }
+        guess_tokens = new_tokens;
+    }
+
+    // Fallback: use last guess to build output.
+    let marker = format!("…{guess_tokens} tokens truncated…");
+    let marker_len = marker.len();
+    let keep_budget = max_bytes.saturating_sub(marker_len);
+    if keep_budget == 0 {
+        return (format!("…{est_tokens} tokens truncated…"), Some(est_tokens));
+    }
+    let left_budget = keep_budget / 2;
+    let right_budget = keep_budget - left_budget;
+    let prefix_end = pick_prefix_end(s, left_budget);
+    let suffix_start = pick_suffix_start(s, right_budget);
+    let mut out = String::with_capacity(marker_len + prefix_end + (s.len() - suffix_start) + 1);
+    out.push_str(&s[..prefix_end]);
+    out.push_str(&marker);
+    out.push('\n');
+    out.push_str(&s[suffix_start..]);
+    (out, Some(est_tokens))
+}
+
 #[cfg(test)]
 mod tests {
    use super::*;
@@ -516,4 +616,50 @@ Output:
 abc"#;
        assert_eq!(expected, text);
    }
+
+    #[test]
+    fn truncate_middle_no_newlines_fallback() {
+        // A long string with no newlines that exceeds the cap.
+        let s = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+        let max_bytes = 16; // force truncation
+        let (out, original) = truncate_middle(s, max_bytes);
+        // For very small caps, we return the full, untruncated marker,
+        // even if it exceeds the cap.
+        assert_eq!(out, "…16 tokens truncated…");
+        // Original string length is 62 bytes => ceil(62/4) = 16 tokens.
+        assert_eq!(original, Some(16));
+    }
+
+    #[test]
+    fn truncate_middle_prefers_newline_boundaries() {
+        // Build a multi-line string of 20 numbered lines (each "NNN\n").
+        let mut s = String::new();
+        for i in 1..=20 {
+            s.push_str(&format!("{i:03}\n"));
+        }
+        // Total length: 20 lines * 4 bytes per line = 80 bytes.
+        assert_eq!(s.len(), 80);
+
+        // Choose a cap that forces truncation while leaving room for
+        // a few lines on each side after accounting for the marker.
+        let max_bytes = 64;
+        // Expect exact output: first 4 lines, marker, last 4 lines, and correct token estimate (80/4 = 20).
+        assert_eq!(
+            truncate_middle(&s, max_bytes),
+            (
+                r#"001
+002
+003
+004
+…12 tokens truncated…
+017
+018
+019
+020
+"#
+                .to_string(),
+                Some(20)
+            )
+        );
+    }
 }
--- a/codex-rs/core/src/lib.rs
+++ b/codex-rs/core/src/lib.rs
@@ -35,8 +35,6 @@ mod mcp_tool_call;
 mod message_history;
 mod model_provider_info;
 pub mod parse_command;
-mod truncate;
-mod unified_exec;
 mod user_instructions;
 pub use model_provider_info::BUILT_IN_OSS_MODEL_PROVIDER_ID;
 pub use model_provider_info::ModelProviderInfo;
--- a/codex-rs/core/src/mcp_connection_manager.rs
+++ b/codex-rs/core/src/mcp_connection_manager.rs
@@ -17,7 +17,7 @@ use anyhow::Result;
 use anyhow::anyhow;
 use codex_mcp_client::McpClient;
 use mcp_types::ClientCapabilities;
-use mcp_types::Implementation;
+use mcp_types::McpClientInfo;
 use mcp_types::Tool;

 use serde_json::json;
@@ -159,14 +159,10 @@ impl McpConnectionManager {
                                // indicates this should be an empty object.
                                elicitation: Some(json!({})),
                            },
-                            client_info: Implementation {
+                            client_info: McpClientInfo {
                                name: "codex-mcp-client".to_owned(),
                                version: env!("CARGO_PKG_VERSION").to_owned(),
                                title: Some("Codex".into()),
-                                // This field is used by Codex when it is an MCP
-                                // server: it should not be used when Codex is
-                                // an MCP client.
-                                user_agent: None,
                            },
                            protocol_version: mcp_types::MCP_SCHEMA_VERSION.to_owned(),
                        };
--- a/codex-rs/core/src/model_provider_info.rs
+++ b/codex-rs/core/src/model_provider_info.rs
@@ -80,10 +80,7 @@ pub struct ModelProviderInfo {
    /// the connection as lost.
    pub stream_idle_timeout_ms: Option<u64>,

-    /// Does this provider require an OpenAI API Key or ChatGPT login token? If true,
-    /// user is presented with login screen on first run, and login preference and token/key
-    /// are stored in auth.json. If false (which is the default), login screen is skipped,
-    /// and API key (if needed) comes from the "env_key" environment variable.
+    /// Whether this provider requires some form of standard authentication (API key, ChatGPT token).
    #[serde(default)]
    pub requires_openai_auth: bool,
 }
--- a/codex-rs/core/src/openai_tools.rs
+++ b/codex-rs/core/src/openai_tools.rs
@@ -70,7 +70,6 @@ pub(crate) struct ToolsConfig {
    pub apply_patch_tool_type: Option<ApplyPatchToolType>,
    pub web_search_request: bool,
    pub include_view_image_tool: bool,
-    pub experimental_unified_exec_tool: bool,
 }

 pub(crate) struct ToolsConfigParams<'a> {
@@ -82,7 +81,6 @@ pub(crate) struct ToolsConfigParams<'a> {
    pub(crate) include_web_search_request: bool,
    pub(crate) use_streamable_shell_tool: bool,
    pub(crate) include_view_image_tool: bool,
-    pub(crate) experimental_unified_exec_tool: bool,
 }

 impl ToolsConfig {
@@ -96,7 +94,6 @@ impl ToolsConfig {
            include_web_search_request,
            use_streamable_shell_tool,
            include_view_image_tool,
-            experimental_unified_exec_tool,
        } = params;
        let mut shell_type = if *use_streamable_shell_tool {
            ConfigShellToolType::StreamableShell
@@ -129,7 +126,6 @@ impl ToolsConfig {
            apply_patch_tool_type,
            web_search_request: *include_web_search_request,
            include_view_image_tool: *include_view_image_tool,
-            experimental_unified_exec_tool: *experimental_unified_exec_tool,
        }
    }
 }
@@ -204,53 +200,6 @@ fn create_shell_tool() -> OpenAiTool {
    })
 }

-fn create_unified_exec_tool() -> OpenAiTool {
-    let mut properties = BTreeMap::new();
-    properties.insert(
-        "input".to_string(),
-        JsonSchema::Array {
-            items: Box::new(JsonSchema::String { description: None }),
-            description: Some(
-                "When no session_id is provided, treat the array as the command and arguments \
-                 to launch. When session_id is set, concatenate the strings (in order) and write \
-                 them to the session's stdin."
-                    .to_string(),
-            ),
-        },
-    );
-    properties.insert(
-        "session_id".to_string(),
-        JsonSchema::String {
-            description: Some(
-                "Identifier for an existing interactive session. If omitted, a new command \
-                 is spawned."
-                    .to_string(),
-            ),
-        },
-    );
-    properties.insert(
-        "timeout_ms".to_string(),
-        JsonSchema::Number {
-            description: Some(
-                "Maximum time in milliseconds to wait for output after writing the input."
-                    .to_string(),
-            ),
-        },
-    );
-
-    OpenAiTool::Function(ResponsesApiTool {
-        name: "unified_exec".to_string(),
-        description:
-            "Runs a command in a PTY. Provide a session_id to reuse an existing interactive session.".to_string(),
-        strict: false,
-        parameters: JsonSchema::Object {
-            properties,
-            required: Some(vec!["input".to_string()]),
-            additional_properties: Some(false),
-        },
-    })
-}
-
 fn create_shell_tool_for_sandbox(sandbox_policy: &SandboxPolicy) -> OpenAiTool {
    let mut properties = BTreeMap::new();
    properties.insert(
@@ -291,20 +240,17 @@ fn create_shell_tool_for_sandbox(sandbox_policy: &SandboxPolicy) -> OpenAiTool {
    let description = match sandbox_policy {
        SandboxPolicy::WorkspaceWrite {
            network_access,
+            writable_roots,
            ..
        } => {
-            let network_line = if !network_access {
-                "\n    - Commands that require network access"
-            } else {
-                ""
-            };
-
            format!(
                r#"
 The shell tool is used to execute shell commands.
 - When invoking the shell tool, your call will be running in a sandbox, and some shell commands will require escalated privileges:
  - Types of actions that require escalated privileges:
-    - Writing files other than those in the writable roots (see the environment context for the allowed directories){network_line}
+    - Writing files other than those in the writable roots
+      - writable roots:
+{}{}
  - Examples of commands that require escalated privileges:
    - git commit
    - npm install or pnpm install
@@ -313,6 +259,12 @@ The shell tool is used to execute shell commands.
 - When invoking a command that will require escalated privileges:
  - Provide the with_escalated_permissions parameter with the boolean value true
  - Include a short, 1 sentence explanation for why we need to run with_escalated_permissions in the justification parameter."#,
+                writable_roots.iter().map(|wr| format!("        - {}", wr.to_string_lossy())).collect::<Vec<String>>().join("\n"),
+                if !network_access {
+                    "\n    - Commands that require network access\n"
+                } else {
+                    ""
+                }
            )
        }
        SandboxPolicy::DangerFullAccess => {
@@ -582,27 +534,23 @@ pub(crate) fn get_openai_tools(
 ) -> Vec<OpenAiTool> {
    let mut tools: Vec<OpenAiTool> = Vec::new();

-    if config.experimental_unified_exec_tool {
-        tools.push(create_unified_exec_tool());
-    } else {
-        match &config.shell_type {
-            ConfigShellToolType::DefaultShell => {
-                tools.push(create_shell_tool());
-            }
-            ConfigShellToolType::ShellWithRequest { sandbox_policy } => {
-                tools.push(create_shell_tool_for_sandbox(sandbox_policy));
-            }
-            ConfigShellToolType::LocalShell => {
-                tools.push(OpenAiTool::LocalShell {});
-            }
-            ConfigShellToolType::StreamableShell => {
-                tools.push(OpenAiTool::Function(
-                    crate::exec_command::create_exec_command_tool_for_responses_api(),
-                ));
-                tools.push(OpenAiTool::Function(
-                    crate::exec_command::create_write_stdin_tool_for_responses_api(),
-                ));
-            }
+    match &config.shell_type {
+        ConfigShellToolType::DefaultShell => {
+            tools.push(create_shell_tool());
+        }
+        ConfigShellToolType::ShellWithRequest { sandbox_policy } => {
+            tools.push(create_shell_tool_for_sandbox(sandbox_policy));
+        }
+        ConfigShellToolType::LocalShell => {
+            tools.push(OpenAiTool::LocalShell {});
+        }
+        ConfigShellToolType::StreamableShell => {
+            tools.push(OpenAiTool::Function(
+                crate::exec_command::create_exec_command_tool_for_responses_api(),
+            ));
+            tools.push(OpenAiTool::Function(
+                crate::exec_command::create_write_stdin_tool_for_responses_api(),
+            ));
        }
    }

@@ -629,8 +577,10 @@ pub(crate) fn get_openai_tools(
    if config.include_view_image_tool {
        tools.push(create_view_image_tool());
    }
+
    if let Some(mcp_tools) = mcp_tools {
        // Ensure deterministic ordering to maximize prompt cache hits.
+        // HashMap iteration order is non-deterministic, so sort by fully-qualified tool name.
        let mut entries: Vec<(String, mcp_types::Tool)> = mcp_tools.into_iter().collect();
        entries.sort_by(|a, b| a.0.cmp(&b.0));

@@ -692,13 +642,12 @@ mod tests {
            include_web_search_request: true,
            use_streamable_shell_tool: false,
            include_view_image_tool: true,
-            experimental_unified_exec_tool: true,
        });
        let tools = get_openai_tools(&config, Some(HashMap::new()));

        assert_eq_tool_names(
            &tools,
-            &["unified_exec", "update_plan", "web_search", "view_image"],
+            &["local_shell", "update_plan", "web_search", "view_image"],
        );
    }

@@ -714,13 +663,12 @@ mod tests {
            include_web_search_request: true,
            use_streamable_shell_tool: false,
            include_view_image_tool: true,
-            experimental_unified_exec_tool: true,
        });
        let tools = get_openai_tools(&config, Some(HashMap::new()));

        assert_eq_tool_names(
            &tools,
-            &["unified_exec", "update_plan", "web_search", "view_image"],
+            &["shell", "update_plan", "web_search", "view_image"],
        );
    }

@@ -736,7 +684,6 @@ mod tests {
            include_web_search_request: true,
            use_streamable_shell_tool: false,
            include_view_image_tool: true,
-            experimental_unified_exec_tool: true,
        });
        let tools = get_openai_tools(
            &config,
@@ -779,7 +726,7 @@ mod tests {
        assert_eq_tool_names(
            &tools,
            &[
-                "unified_exec",
+                "shell",
                "web_search",
                "view_image",
                "test_server/do_something_cool",
@@ -842,7 +789,6 @@ mod tests {
            include_web_search_request: false,
            use_streamable_shell_tool: false,
            include_view_image_tool: true,
-            experimental_unified_exec_tool: true,
        });

        // Intentionally construct a map with keys that would sort alphabetically.
@@ -895,11 +841,11 @@ mod tests {
        ]);

        let tools = get_openai_tools(&config, Some(tools_map));
-        // Expect unified_exec first, followed by MCP tools sorted by fully-qualified name.
+        // Expect shell first, followed by MCP tools sorted by fully-qualified name.
        assert_eq_tool_names(
            &tools,
            &[
-                "unified_exec",
+                "shell",
                "view_image",
                "test_server/cool",
                "test_server/do",
@@ -920,7 +866,6 @@ mod tests {
            include_web_search_request: true,
            use_streamable_shell_tool: false,
            include_view_image_tool: true,
-            experimental_unified_exec_tool: true,
        });

        let tools = get_openai_tools(
@@ -948,7 +893,7 @@ mod tests {

        assert_eq_tool_names(
            &tools,
-            &["unified_exec", "web_search", "view_image", "dash/search"],
+            &["shell", "web_search", "view_image", "dash/search"],
        );

        assert_eq!(
@@ -983,7 +928,6 @@ mod tests {
            include_web_search_request: true,
            use_streamable_shell_tool: false,
            include_view_image_tool: true,
-            experimental_unified_exec_tool: true,
        });

        let tools = get_openai_tools(
@@ -1009,7 +953,7 @@ mod tests {

        assert_eq_tool_names(
            &tools,
-            &["unified_exec", "web_search", "view_image", "dash/paginate"],
+            &["shell", "web_search", "view_image", "dash/paginate"],
        );
        assert_eq!(
            tools[3],
@@ -1041,7 +985,6 @@ mod tests {
            include_web_search_request: true,
            use_streamable_shell_tool: false,
            include_view_image_tool: true,
-            experimental_unified_exec_tool: true,
        });

        let tools = get_openai_tools(
@@ -1065,10 +1008,7 @@ mod tests {
            )])),
        );

-        assert_eq_tool_names(
-            &tools,
-            &["unified_exec", "web_search", "view_image", "dash/tags"],
-        );
+        assert_eq_tool_names(&tools, &["shell", "web_search", "view_image", "dash/tags"]);
        assert_eq!(
            tools[3],
            OpenAiTool::Function(ResponsesApiTool {
@@ -1102,7 +1042,6 @@ mod tests {
            include_web_search_request: true,
            use_streamable_shell_tool: false,
            include_view_image_tool: true,
-            experimental_unified_exec_tool: true,
        });

        let tools = get_openai_tools(
@@ -1126,10 +1065,7 @@ mod tests {
            )])),
        );

-        assert_eq_tool_names(
-            &tools,
-            &["unified_exec", "web_search", "view_image", "dash/value"],
-        );
+        assert_eq_tool_names(&tools, &["shell", "web_search", "view_image", "dash/value"]);
        assert_eq!(
            tools[3],
            OpenAiTool::Function(ResponsesApiTool {
@@ -1169,8 +1105,11 @@ mod tests {
 The shell tool is used to execute shell commands.
 - When invoking the shell tool, your call will be running in a sandbox, and some shell commands will require escalated privileges:
  - Types of actions that require escalated privileges:
-    - Writing files other than those in the writable roots (see the environment context for the allowed directories)
+    - Writing files other than those in the writable roots
+      - writable roots:
+        - workspace
    - Commands that require network access
+
  - Examples of commands that require escalated privileges:
    - git commit
    - npm install or pnpm install
--- a/codex-rs/core/src/rollout/policy.rs
+++ b/codex-rs/core/src/rollout/policy.rs
@@ -65,6 +65,6 @@ pub(crate) fn should_persist_event_msg(ev: &EventMsg) -> bool {
        | EventMsg::PlanUpdate(_)
        | EventMsg::TurnAborted(_)
        | EventMsg::ShutdownComplete
-        | EventMsg::ConversationPath(_) => false,
+        | EventMsg::ConversationHistory(_) => false,
    }
 }
--- a/codex-rs/core/src/rollout/recorder.rs
+++ b/codex-rs/core/src/rollout/recorder.rs
@@ -77,13 +77,7 @@ pub enum RolloutRecorderParams {

 enum RolloutCmd {
    AddItems(Vec<RolloutItem>),
-    /// Ensure all prior writes are processed; respond when flushed.
-    Flush {
-        ack: oneshot::Sender<()>,
-    },
-    Shutdown {
-        ack: oneshot::Sender<()>,
-    },
+    Shutdown { ack: oneshot::Sender<()> },
 }

 impl RolloutRecorderParams {
@@ -191,17 +185,6 @@ impl RolloutRecorder {
            .map_err(|e| IoError::other(format!("failed to queue rollout items: {e}")))
    }

-    /// Flush all queued writes and wait until they are committed by the writer task.
-    pub async fn flush(&self) -> std::io::Result<()> {
-        let (tx, rx) = oneshot::channel();
-        self.tx
-            .send(RolloutCmd::Flush { ack: tx })
-            .await
-            .map_err(|e| IoError::other(format!("failed to queue rollout flush: {e}")))?;
-        rx.await
-            .map_err(|e| IoError::other(format!("failed waiting for rollout flush: {e}")))
-    }
-
    pub(crate) async fn get_rollout_history(path: &Path) -> std::io::Result<InitialHistory> {
        info!("Resuming rollout from {path:?}");
        tracing::error!("Resuming rollout from {path:?}");
@@ -228,11 +211,11 @@ impl RolloutRecorder {
            match serde_json::from_value::<RolloutLine>(v.clone()) {
                Ok(rollout_line) => match rollout_line.item {
                    RolloutItem::SessionMeta(session_meta_line) => {
-                        // Use the FIRST SessionMeta encountered in the file as the canonical
-                        // conversation id and main session information. Keep all items intact.
-                        if conversation_id.is_none() {
-                            conversation_id = Some(session_meta_line.meta.id);
-                        }
+                        tracing::error!(
+                            "Parsed conversation ID from rollout file: {:?}",
+                            session_meta_line.meta.id
+                        );
+                        conversation_id = Some(session_meta_line.meta.id);
                        items.push(RolloutItem::SessionMeta(session_meta_line));
                    }
                    RolloutItem::ResponseItem(item) => {
@@ -268,10 +251,6 @@ impl RolloutRecorder {
        }))
    }

-    pub(crate) fn get_rollout_path(&self) -> PathBuf {
-        self.rollout_path.clone()
-    }
-
    pub async fn shutdown(&self) -> std::io::Result<()> {
        let (tx_done, rx_done) = oneshot::channel();
        match self.tx.send(RolloutCmd::Shutdown { ack: tx_done }).await {
@@ -372,14 +351,6 @@ async fn rollout_writer(
                    }
                }
            }
-            RolloutCmd::Flush { ack } => {
-                // Ensure underlying file is flushed and then ack.
-                if let Err(e) = writer.file.flush().await {
-                    let _ = ack.send(());
-                    return Err(e);
-                }
-                let _ = ack.send(());
-            }
            RolloutCmd::Shutdown { ack } => {
                let _ = ack.send(());
            }
--- a/codex-rs/core/src/token_data.rs
+++ b/codex-rs/core/src/token_data.rs
@@ -3,6 +3,8 @@ use serde::Deserialize;
 use serde::Serialize;
 use thiserror::Error;

+use codex_protocol::mcp_protocol::AuthMode;
+
 #[derive(Deserialize, Serialize, Clone, Debug, PartialEq, Default)]
 pub struct TokenData {
    /// Flat info parsed from the JWT in auth.json.
@@ -20,6 +22,36 @@ pub struct TokenData {
    pub account_id: Option<String>,
 }

+impl TokenData {
+    /// Returns true if this is a plan that should use the traditional
+    /// "metered" billing via an API key.
+    pub(crate) fn should_use_api_key(
+        &self,
+        preferred_auth_method: AuthMode,
+        is_openai_email: bool,
+    ) -> bool {
+        if preferred_auth_method == AuthMode::ApiKey {
+            return true;
+        }
+        // If the email is an OpenAI email, use AuthMode::ChatGPT unless preferred_auth_method is AuthMode::ApiKey.
+        if is_openai_email {
+            return false;
+        }
+
+        self.id_token
+            .chatgpt_plan_type
+            .as_ref()
+            .is_none_or(|plan| plan.is_plan_that_should_use_api_key())
+    }
+
+    pub fn is_openai_email(&self) -> bool {
+        self.id_token
+            .email
+            .as_deref()
+            .is_some_and(|email| email.trim().to_ascii_lowercase().ends_with("@openai.com"))
+    }
+}
+
 /// Flat subset of useful claims in id_token from auth.json.
 #[derive(Debug, Clone, PartialEq, Eq, Default, Serialize, Deserialize)]
 pub struct IdTokenInfo {
@@ -48,6 +80,19 @@ pub(crate) enum PlanType {
 }

 impl PlanType {
+    fn is_plan_that_should_use_api_key(&self) -> bool {
+        match self {
+            Self::Known(known) => {
+                use KnownPlan::*;
+                !matches!(known, Free | Plus | Pro | Team)
+            }
+            Self::Unknown(_) => {
+                // Unknown plans should use the API key.
+                true
+            }
+        }
+    }
+
    pub fn as_string(&self) -> String {
        match self {
            Self::Known(known) => format!("{known:?}").to_lowercase(),
--- a/codex-rs/core/src/truncate.rs
+++ b/codex-rs/core/src/truncate.rs
@@ -1,180 +0,0 @@
-//! Utilities for truncating large chunks of output while preserving a prefix
-//! and suffix on UTF-8 boundaries.
-
-/// Truncate the middle of a UTF-8 string to at most `max_bytes` bytes,
-/// preserving the beginning and the end. Returns the possibly truncated
-/// string and `Some(original_token_count)` (estimated at 4 bytes/token)
-/// if truncation occurred; otherwise returns the original string and `None`.
-pub(crate) fn truncate_middle(s: &str, max_bytes: usize) -> (String, Option<u64>) {
-    if s.len() <= max_bytes {
-        return (s.to_string(), None);
-    }
-
-    let est_tokens = (s.len() as u64).div_ceil(4);
-    if max_bytes == 0 {
-        return (format!("…{est_tokens} tokens truncated…"), Some(est_tokens));
-    }
-
-    fn truncate_on_boundary(input: &str, max_len: usize) -> &str {
-        if input.len() <= max_len {
-            return input;
-        }
-        let mut end = max_len;
-        while end > 0 && !input.is_char_boundary(end) {
-            end -= 1;
-        }
-        &input[..end]
-    }
-
-    fn pick_prefix_end(s: &str, left_budget: usize) -> usize {
-        if let Some(head) = s.get(..left_budget)
-            && let Some(i) = head.rfind('\n')
-        {
-            return i + 1;
-        }
-        truncate_on_boundary(s, left_budget).len()
-    }
-
-    fn pick_suffix_start(s: &str, right_budget: usize) -> usize {
-        let start_tail = s.len().saturating_sub(right_budget);
-        if let Some(tail) = s.get(start_tail..)
-            && let Some(i) = tail.find('\n')
-        {
-            return start_tail + i + 1;
-        }
-
-        let mut idx = start_tail.min(s.len());
-        while idx < s.len() && !s.is_char_boundary(idx) {
-            idx += 1;
-        }
-        idx
-    }
-
-    let mut guess_tokens = est_tokens;
-    for _ in 0..4 {
-        let marker = format!("…{guess_tokens} tokens truncated…");
-        let marker_len = marker.len();
-        let keep_budget = max_bytes.saturating_sub(marker_len);
-        if keep_budget == 0 {
-            return (format!("…{est_tokens} tokens truncated…"), Some(est_tokens));
-        }
-
-        let left_budget = keep_budget / 2;
-        let right_budget = keep_budget - left_budget;
-        let prefix_end = pick_prefix_end(s, left_budget);
-        let mut suffix_start = pick_suffix_start(s, right_budget);
-        if suffix_start < prefix_end {
-            suffix_start = prefix_end;
-        }
-
-        let kept_content_bytes = prefix_end + (s.len() - suffix_start);
-        let truncated_content_bytes = s.len().saturating_sub(kept_content_bytes);
-        let new_tokens = (truncated_content_bytes as u64).div_ceil(4);
-
-        if new_tokens == guess_tokens {
-            let mut out = String::with_capacity(marker_len + kept_content_bytes + 1);
-            out.push_str(&s[..prefix_end]);
-            out.push_str(&marker);
-            out.push('\n');
-            out.push_str(&s[suffix_start..]);
-            return (out, Some(est_tokens));
-        }
-
-        guess_tokens = new_tokens;
-    }
-
-    let marker = format!("…{guess_tokens} tokens truncated…");
-    let marker_len = marker.len();
-    let keep_budget = max_bytes.saturating_sub(marker_len);
-    if keep_budget == 0 {
-        return (format!("…{est_tokens} tokens truncated…"), Some(est_tokens));
-    }
-
-    let left_budget = keep_budget / 2;
-    let right_budget = keep_budget - left_budget;
-    let prefix_end = pick_prefix_end(s, left_budget);
-    let suffix_start = pick_suffix_start(s, right_budget);
-
-    let mut out = String::with_capacity(marker_len + prefix_end + (s.len() - suffix_start) + 1);
-    out.push_str(&s[..prefix_end]);
-    out.push_str(&marker);
-    out.push('\n');
-    out.push_str(&s[suffix_start..]);
-    (out, Some(est_tokens))
-}
-
-#[cfg(test)]
-mod tests {
-    use super::truncate_middle;
-
-    #[test]
-    fn truncate_middle_no_newlines_fallback() {
-        let s = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ*";
-        let max_bytes = 32;
-        let (out, original) = truncate_middle(s, max_bytes);
-        assert!(out.starts_with("abc"));
-        assert!(out.contains("tokens truncated"));
-        assert!(out.ends_with("XYZ*"));
-        assert_eq!(original, Some((s.len() as u64).div_ceil(4)));
-    }
-
-    #[test]
-    fn truncate_middle_prefers_newline_boundaries() {
-        let mut s = String::new();
-        for i in 1..=20 {
-            s.push_str(&format!("{i:03}\n"));
-        }
-        assert_eq!(s.len(), 80);
-
-        let max_bytes = 64;
-        let (out, tokens) = truncate_middle(&s, max_bytes);
-        assert!(out.starts_with("001\n002\n003\n004\n"));
-        assert!(out.contains("tokens truncated"));
-        assert!(out.ends_with("017\n018\n019\n020\n"));
-        assert_eq!(tokens, Some(20));
-    }
-
-    #[test]
-    fn truncate_middle_handles_utf8_content() {
-        let s = "😀😀😀😀😀😀😀😀😀😀\nsecond line with ascii text\n";
-        let max_bytes = 32;
-        let (out, tokens) = truncate_middle(s, max_bytes);
-
-        assert!(out.contains("tokens truncated"));
-        assert!(!out.contains('\u{fffd}'));
-        assert_eq!(tokens, Some((s.len() as u64).div_ceil(4)));
-    }
-
-    #[test]
-    fn truncate_middle_prefers_newline_boundaries_2() {
-        // Build a multi-line string of 20 numbered lines (each "NNN\n").
-        let mut s = String::new();
-        for i in 1..=20 {
-            s.push_str(&format!("{i:03}\n"));
-        }
-        // Total length: 20 lines * 4 bytes per line = 80 bytes.
-        assert_eq!(s.len(), 80);
-
-        // Choose a cap that forces truncation while leaving room for
-        // a few lines on each side after accounting for the marker.
-        let max_bytes = 64;
-        // Expect exact output: first 4 lines, marker, last 4 lines, and correct token estimate (80/4 = 20).
-        assert_eq!(
-            truncate_middle(&s, max_bytes),
-            (
-                r#"001
-002
-003
-004
-…12 tokens truncated…
-017
-018
-019
-020
-"#
-                .to_string(),
-                Some(20)
-            )
-        );
-    }
-}
--- a/codex-rs/core/src/unified_exec/errors.rs
+++ b/codex-rs/core/src/unified_exec/errors.rs
@@ -1,22 +0,0 @@
-use thiserror::Error;
-
-#[derive(Debug, Error)]
-pub(crate) enum UnifiedExecError {
-    #[error("Failed to create unified exec session: {pty_error}")]
-    CreateSession {
-        #[source]
-        pty_error: anyhow::Error,
-    },
-    #[error("Unknown session id {session_id}")]
-    UnknownSessionId { session_id: i32 },
-    #[error("failed to write to stdin")]
-    WriteToStdin,
-    #[error("missing command line for unified exec request")]
-    MissingCommandLine,
-}
-
-impl UnifiedExecError {
-    pub(crate) fn create_session(error: anyhow::Error) -> Self {
-        Self::CreateSession { pty_error: error }
-    }
-}
--- a/codex-rs/core/src/unified_exec/mod.rs
+++ b/codex-rs/core/src/unified_exec/mod.rs
@@ -1,653 +0,0 @@
-use portable_pty::CommandBuilder;
-use portable_pty::PtySize;
-use portable_pty::native_pty_system;
-use std::collections::HashMap;
-use std::collections::VecDeque;
-use std::io::ErrorKind;
-use std::io::Read;
-use std::sync::Arc;
-use std::sync::Mutex as StdMutex;
-use std::sync::atomic::AtomicBool;
-use std::sync::atomic::AtomicI32;
-use std::sync::atomic::Ordering;
-use tokio::sync::Mutex;
-use tokio::sync::Notify;
-use tokio::sync::mpsc;
-use tokio::task::JoinHandle;
-use tokio::time::Duration;
-use tokio::time::Instant;
-
-use crate::exec_command::ExecCommandSession;
-use crate::truncate::truncate_middle;
-
-mod errors;
-
-pub(crate) use errors::UnifiedExecError;
-
-const DEFAULT_TIMEOUT_MS: u64 = 1_000;
-const MAX_TIMEOUT_MS: u64 = 60_000;
-const UNIFIED_EXEC_OUTPUT_MAX_BYTES: usize = 128 * 1024; // 128 KiB
-
-#[derive(Debug)]
-pub(crate) struct UnifiedExecRequest<'a> {
-    pub session_id: Option<i32>,
-    pub input_chunks: &'a [String],
-    pub timeout_ms: Option<u64>,
-}
-
-#[derive(Debug, Clone, PartialEq)]
-pub(crate) struct UnifiedExecResult {
-    pub session_id: Option<i32>,
-    pub output: String,
-}
-
-#[derive(Debug, Default)]
-pub(crate) struct UnifiedExecSessionManager {
-    next_session_id: AtomicI32,
-    sessions: Mutex<HashMap<i32, ManagedUnifiedExecSession>>,
-}
-
-#[derive(Debug)]
-struct ManagedUnifiedExecSession {
-    session: ExecCommandSession,
-    output_buffer: OutputBuffer,
-    /// Notifies waiters whenever new output has been appended to
-    /// `output_buffer`, allowing clients to poll for fresh data.
-    output_notify: Arc<Notify>,
-    output_task: JoinHandle<()>,
-}
-
-#[derive(Debug, Default)]
-struct OutputBufferState {
-    chunks: VecDeque<Vec<u8>>,
-    total_bytes: usize,
-}
-
-impl OutputBufferState {
-    fn push_chunk(&mut self, chunk: Vec<u8>) {
-        self.total_bytes = self.total_bytes.saturating_add(chunk.len());
-        self.chunks.push_back(chunk);
-
-        let mut excess = self
-            .total_bytes
-            .saturating_sub(UNIFIED_EXEC_OUTPUT_MAX_BYTES);
-
-        while excess > 0 {
-            match self.chunks.front_mut() {
-                Some(front) if excess >= front.len() => {
-                    excess -= front.len();
-                    self.total_bytes = self.total_bytes.saturating_sub(front.len());
-                    self.chunks.pop_front();
-                }
-                Some(front) => {
-                    front.drain(..excess);
-                    self.total_bytes = self.total_bytes.saturating_sub(excess);
-                    break;
-                }
-                None => break,
-            }
-        }
-    }
-
-    fn drain(&mut self) -> Vec<Vec<u8>> {
-        let drained: Vec<Vec<u8>> = self.chunks.drain(..).collect();
-        self.total_bytes = 0;
-        drained
-    }
-}
-
-type OutputBuffer = Arc<Mutex<OutputBufferState>>;
-type OutputHandles = (OutputBuffer, Arc<Notify>);
-
-impl ManagedUnifiedExecSession {
-    fn new(session: ExecCommandSession) -> Self {
-        let output_buffer = Arc::new(Mutex::new(OutputBufferState::default()));
-        let output_notify = Arc::new(Notify::new());
-        let mut receiver = session.output_receiver();
-        let buffer_clone = Arc::clone(&output_buffer);
-        let notify_clone = Arc::clone(&output_notify);
-        let output_task = tokio::spawn(async move {
-            while let Ok(chunk) = receiver.recv().await {
-                let mut guard = buffer_clone.lock().await;
-                guard.push_chunk(chunk);
-                drop(guard);
-                notify_clone.notify_waiters();
-            }
-        });
-
-        Self {
-            session,
-            output_buffer,
-            output_notify,
-            output_task,
-        }
-    }
-
-    fn writer_sender(&self) -> mpsc::Sender<Vec<u8>> {
-        self.session.writer_sender()
-    }
-
-    fn output_handles(&self) -> OutputHandles {
-        (
-            Arc::clone(&self.output_buffer),
-            Arc::clone(&self.output_notify),
-        )
-    }
-
-    fn has_exited(&self) -> bool {
-        self.session.has_exited()
-    }
-}
-
-impl Drop for ManagedUnifiedExecSession {
-    fn drop(&mut self) {
-        self.output_task.abort();
-    }
-}
-
-impl UnifiedExecSessionManager {
-    pub async fn handle_request(
-        &self,
-        request: UnifiedExecRequest<'_>,
-    ) -> Result<UnifiedExecResult, UnifiedExecError> {
-        let (timeout_ms, timeout_warning) = match request.timeout_ms {
-            Some(requested) if requested > MAX_TIMEOUT_MS => (
-                MAX_TIMEOUT_MS,
-                Some(format!(
-                    "Warning: requested timeout {requested}ms exceeds maximum of {MAX_TIMEOUT_MS}ms; clamping to {MAX_TIMEOUT_MS}ms.\n"
-                )),
-            ),
-            Some(requested) => (requested, None),
-            None => (DEFAULT_TIMEOUT_MS, None),
-        };
-
-        let mut new_session: Option<ManagedUnifiedExecSession> = None;
-        let session_id;
-        let writer_tx;
-        let output_buffer;
-        let output_notify;
-
-        if let Some(existing_id) = request.session_id {
-            let mut sessions = self.sessions.lock().await;
-            match sessions.get(&existing_id) {
-                Some(session) => {
-                    if session.has_exited() {
-                        sessions.remove(&existing_id);
-                        return Err(UnifiedExecError::UnknownSessionId {
-                            session_id: existing_id,
-                        });
-                    }
-                    let (buffer, notify) = session.output_handles();
-                    session_id = existing_id;
-                    writer_tx = session.writer_sender();
-                    output_buffer = buffer;
-                    output_notify = notify;
-                }
-                None => {
-                    return Err(UnifiedExecError::UnknownSessionId {
-                        session_id: existing_id,
-                    });
-                }
-            }
-            drop(sessions);
-        } else {
-            let command = request.input_chunks.to_vec();
-            let new_id = self.next_session_id.fetch_add(1, Ordering::SeqCst);
-            let session = create_unified_exec_session(&command).await?;
-            let managed_session = ManagedUnifiedExecSession::new(session);
-            let (buffer, notify) = managed_session.output_handles();
-            writer_tx = managed_session.writer_sender();
-            output_buffer = buffer;
-            output_notify = notify;
-            session_id = new_id;
-            new_session = Some(managed_session);
-        };
-
-        if request.session_id.is_some() {
-            let joined_input = request.input_chunks.join(" ");
-            if !joined_input.is_empty() && writer_tx.send(joined_input.into_bytes()).await.is_err()
-            {
-                return Err(UnifiedExecError::WriteToStdin);
-            }
-        }
-
-        let mut collected: Vec<u8> = Vec::with_capacity(4096);
-        let start = Instant::now();
-        let deadline = start + Duration::from_millis(timeout_ms);
-
-        loop {
-            let drained_chunks;
-            let mut wait_for_output = None;
-            {
-                let mut guard = output_buffer.lock().await;
-                drained_chunks = guard.drain();
-                if drained_chunks.is_empty() {
-                    wait_for_output = Some(output_notify.notified());
-                }
-            }
-
-            if drained_chunks.is_empty() {
-                let remaining = deadline.saturating_duration_since(Instant::now());
-                if remaining == Duration::ZERO {
-                    break;
-                }
-
-                let notified = wait_for_output.unwrap_or_else(|| output_notify.notified());
-                tokio::pin!(notified);
-                tokio::select! {
-                    _ = &mut notified => {}
-                    _ = tokio::time::sleep(remaining) => break,
-                }
-                continue;
-            }
-
-            for chunk in drained_chunks {
-                collected.extend_from_slice(&chunk);
-            }
-
-            if Instant::now() >= deadline {
-                break;
-            }
-        }
-
-        let (output, _maybe_tokens) = truncate_middle(
-            &String::from_utf8_lossy(&collected),
-            UNIFIED_EXEC_OUTPUT_MAX_BYTES,
-        );
-        let output = if let Some(warning) = timeout_warning {
-            format!("{warning}{output}")
-        } else {
-            output
-        };
-
-        let should_store_session = if let Some(session) = new_session.as_ref() {
-            !session.has_exited()
-        } else if request.session_id.is_some() {
-            let mut sessions = self.sessions.lock().await;
-            if let Some(existing) = sessions.get(&session_id) {
-                if existing.has_exited() {
-                    sessions.remove(&session_id);
-                    false
-                } else {
-                    true
-                }
-            } else {
-                false
-            }
-        } else {
-            true
-        };
-
-        if should_store_session {
-            if let Some(session) = new_session {
-                self.sessions.lock().await.insert(session_id, session);
-            }
-            Ok(UnifiedExecResult {
-                session_id: Some(session_id),
-                output,
-            })
-        } else {
-            Ok(UnifiedExecResult {
-                session_id: None,
-                output,
-            })
-        }
-    }
-}
-
-async fn create_unified_exec_session(
-    command: &[String],
-) -> Result<ExecCommandSession, UnifiedExecError> {
-    if command.is_empty() {
-        return Err(UnifiedExecError::MissingCommandLine);
-    }
-
-    let pty_system = native_pty_system();
-
-    let pair = pty_system
-        .openpty(PtySize {
-            rows: 24,
-            cols: 80,
-            pixel_width: 0,
-            pixel_height: 0,
-        })
-        .map_err(UnifiedExecError::create_session)?;
-
-    // Safe thanks to the check at the top of the function.
-    let mut command_builder = CommandBuilder::new(command[0].clone());
-    for arg in &command[1..] {
-        command_builder.arg(arg);
-    }
-
-    let mut child = pair
-        .slave
-        .spawn_command(command_builder)
-        .map_err(UnifiedExecError::create_session)?;
-    let killer = child.clone_killer();
-
-    let (writer_tx, mut writer_rx) = mpsc::channel::<Vec<u8>>(128);
-    let (output_tx, _) = tokio::sync::broadcast::channel::<Vec<u8>>(256);
-
-    let mut reader = pair
-        .master
-        .try_clone_reader()
-        .map_err(UnifiedExecError::create_session)?;
-    let output_tx_clone = output_tx.clone();
-    let reader_handle = tokio::task::spawn_blocking(move || {
-        let mut buf = [0u8; 8192];
-        loop {
-            match reader.read(&mut buf) {
-                Ok(0) => break,
-                Ok(n) => {
-                    let _ = output_tx_clone.send(buf[..n].to_vec());
-                }
-                Err(ref e) if e.kind() == ErrorKind::Interrupted => continue,
-                Err(ref e) if e.kind() == ErrorKind::WouldBlock => {
-                    std::thread::sleep(Duration::from_millis(5));
-                    continue;
-                }
-                Err(_) => break,
-            }
-        }
-    });
-
-    let writer = pair
-        .master
-        .take_writer()
-        .map_err(UnifiedExecError::create_session)?;
-    let writer = Arc::new(StdMutex::new(writer));
-    let writer_handle = tokio::spawn({
-        let writer = writer.clone();
-        async move {
-            while let Some(bytes) = writer_rx.recv().await {
-                let writer = writer.clone();
-                let _ = tokio::task::spawn_blocking(move || {
-                    if let Ok(mut guard) = writer.lock() {
-                        use std::io::Write;
-                        let _ = guard.write_all(&bytes);
-                        let _ = guard.flush();
-                    }
-                })
-                .await;
-            }
-        }
-    });
-
-    let exit_status = Arc::new(AtomicBool::new(false));
-    let wait_exit_status = Arc::clone(&exit_status);
-    let wait_handle = tokio::task::spawn_blocking(move || {
-        let _ = child.wait();
-        wait_exit_status.store(true, Ordering::SeqCst);
-    });
-
-    Ok(ExecCommandSession::new(
-        writer_tx,
-        output_tx,
-        killer,
-        reader_handle,
-        writer_handle,
-        wait_handle,
-        exit_status,
-    ))
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-
-    #[test]
-    fn push_chunk_trims_only_excess_bytes() {
-        let mut buffer = OutputBufferState::default();
-        buffer.push_chunk(vec![b'a'; UNIFIED_EXEC_OUTPUT_MAX_BYTES]);
-        buffer.push_chunk(vec![b'b']);
-        buffer.push_chunk(vec![b'c']);
-
-        assert_eq!(buffer.total_bytes, UNIFIED_EXEC_OUTPUT_MAX_BYTES);
-        assert_eq!(buffer.chunks.len(), 3);
-        assert_eq!(
-            buffer.chunks.front().unwrap().len(),
-            UNIFIED_EXEC_OUTPUT_MAX_BYTES - 2
-        );
-        assert_eq!(buffer.chunks.pop_back().unwrap(), vec![b'c']);
-        assert_eq!(buffer.chunks.pop_back().unwrap(), vec![b'b']);
-    }
-
-    #[cfg(unix)]
-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn unified_exec_persists_across_requests_jif() -> Result<(), UnifiedExecError> {
-        let manager = UnifiedExecSessionManager::default();
-
-        let open_shell = manager
-            .handle_request(UnifiedExecRequest {
-                session_id: None,
-                input_chunks: &["bash".to_string(), "-i".to_string()],
-                timeout_ms: Some(1_500),
-            })
-            .await?;
-        let session_id = open_shell.session_id.expect("expected session_id");
-
-        manager
-            .handle_request(UnifiedExecRequest {
-                session_id: Some(session_id),
-                input_chunks: &[
-                    "export".to_string(),
-                    "CODEX_INTERACTIVE_SHELL_VAR=codex\n".to_string(),
-                ],
-                timeout_ms: Some(2_500),
-            })
-            .await?;
-
-        let out_2 = manager
-            .handle_request(UnifiedExecRequest {
-                session_id: Some(session_id),
-                input_chunks: &["echo $CODEX_INTERACTIVE_SHELL_VAR\n".to_string()],
-                timeout_ms: Some(1_500),
-            })
-            .await?;
-        assert!(out_2.output.contains("codex"));
-
-        Ok(())
-    }
-
-    #[cfg(unix)]
-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn multi_unified_exec_sessions() -> Result<(), UnifiedExecError> {
-        let manager = UnifiedExecSessionManager::default();
-
-        let shell_a = manager
-            .handle_request(UnifiedExecRequest {
-                session_id: None,
-                input_chunks: &["/bin/bash".to_string(), "-i".to_string()],
-                timeout_ms: Some(1_500),
-            })
-            .await?;
-        let session_a = shell_a.session_id.expect("expected session id");
-
-        manager
-            .handle_request(UnifiedExecRequest {
-                session_id: Some(session_a),
-                input_chunks: &["export CODEX_INTERACTIVE_SHELL_VAR=codex\n".to_string()],
-                timeout_ms: Some(1_500),
-            })
-            .await?;
-
-        let out_2 = manager
-            .handle_request(UnifiedExecRequest {
-                session_id: None,
-                input_chunks: &[
-                    "echo".to_string(),
-                    "$CODEX_INTERACTIVE_SHELL_VAR\n".to_string(),
-                ],
-                timeout_ms: Some(1_500),
-            })
-            .await?;
-        assert!(!out_2.output.contains("codex"));
-
-        let out_3 = manager
-            .handle_request(UnifiedExecRequest {
-                session_id: Some(session_a),
-                input_chunks: &["echo $CODEX_INTERACTIVE_SHELL_VAR\n".to_string()],
-                timeout_ms: Some(1_500),
-            })
-            .await?;
-        assert!(out_3.output.contains("codex"));
-
-        Ok(())
-    }
-
-    #[cfg(unix)]
-    #[tokio::test]
-    async fn unified_exec_timeouts() -> Result<(), UnifiedExecError> {
-        let manager = UnifiedExecSessionManager::default();
-
-        let open_shell = manager
-            .handle_request(UnifiedExecRequest {
-                session_id: None,
-                input_chunks: &["bash".to_string(), "-i".to_string()],
-                timeout_ms: Some(1_500),
-            })
-            .await?;
-        let session_id = open_shell.session_id.expect("expected session id");
-
-        manager
-            .handle_request(UnifiedExecRequest {
-                session_id: Some(session_id),
-                input_chunks: &[
-                    "export".to_string(),
-                    "CODEX_INTERACTIVE_SHELL_VAR=codex\n".to_string(),
-                ],
-                timeout_ms: Some(1_500),
-            })
-            .await?;
-
-        let out_2 = manager
-            .handle_request(UnifiedExecRequest {
-                session_id: Some(session_id),
-                input_chunks: &["sleep 5 && echo $CODEX_INTERACTIVE_SHELL_VAR\n".to_string()],
-                timeout_ms: Some(10),
-            })
-            .await?;
-        assert!(!out_2.output.contains("codex"));
-
-        tokio::time::sleep(Duration::from_secs(7)).await;
-
-        let empty = Vec::new();
-        let out_3 = manager
-            .handle_request(UnifiedExecRequest {
-                session_id: Some(session_id),
-                input_chunks: &empty,
-                timeout_ms: Some(100),
-            })
-            .await?;
-
-        assert!(out_3.output.contains("codex"));
-
-        Ok(())
-    }
-
-    #[cfg(unix)]
-    #[tokio::test]
-    async fn requests_with_large_timeout_are_capped() -> Result<(), UnifiedExecError> {
-        let manager = UnifiedExecSessionManager::default();
-
-        let result = manager
-            .handle_request(UnifiedExecRequest {
-                session_id: None,
-                input_chunks: &["echo".to_string(), "codex".to_string()],
-                timeout_ms: Some(120_000),
-            })
-            .await?;
-
-        assert!(result.output.starts_with(
-            "Warning: requested timeout 120000ms exceeds maximum of 60000ms; clamping to 60000ms.\n"
-        ));
-        assert!(result.output.contains("codex"));
-
-        Ok(())
-    }
-
-    #[cfg(unix)]
-    #[tokio::test]
-    async fn completed_commands_do_not_persist_sessions() -> Result<(), UnifiedExecError> {
-        let manager = UnifiedExecSessionManager::default();
-        let result = manager
-            .handle_request(UnifiedExecRequest {
-                session_id: None,
-                input_chunks: &["/bin/echo".to_string(), "codex".to_string()],
-                timeout_ms: Some(1_500),
-            })
-            .await?;
-
-        assert!(result.session_id.is_none());
-        assert!(result.output.contains("codex"));
-
-        assert!(manager.sessions.lock().await.is_empty());
-
-        Ok(())
-    }
-
-    #[cfg(unix)]
-    #[tokio::test]
-    async fn correct_path_resolution() -> Result<(), UnifiedExecError> {
-        let manager = UnifiedExecSessionManager::default();
-        let result = manager
-            .handle_request(UnifiedExecRequest {
-                session_id: None,
-                input_chunks: &["echo".to_string(), "codex".to_string()],
-                timeout_ms: Some(1_500),
-            })
-            .await?;
-
-        assert!(result.session_id.is_none());
-        assert!(result.output.contains("codex"));
-
-        assert!(manager.sessions.lock().await.is_empty());
-
-        Ok(())
-    }
-
-    #[cfg(unix)]
-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn reusing_completed_session_returns_unknown_session() -> Result<(), UnifiedExecError> {
-        let manager = UnifiedExecSessionManager::default();
-
-        let open_shell = manager
-            .handle_request(UnifiedExecRequest {
-                session_id: None,
-                input_chunks: &["/bin/bash".to_string(), "-i".to_string()],
-                timeout_ms: Some(1_500),
-            })
-            .await?;
-        let session_id = open_shell.session_id.expect("expected session id");
-
-        manager
-            .handle_request(UnifiedExecRequest {
-                session_id: Some(session_id),
-                input_chunks: &["exit\n".to_string()],
-                timeout_ms: Some(1_500),
-            })
-            .await?;
-
-        tokio::time::sleep(Duration::from_millis(200)).await;
-
-        let err = manager
-            .handle_request(UnifiedExecRequest {
-                session_id: Some(session_id),
-                input_chunks: &[],
-                timeout_ms: Some(100),
-            })
-            .await
-            .expect_err("expected unknown session error");
-
-        match err {
-            UnifiedExecError::UnknownSessionId { session_id: err_id } => {
-                assert_eq!(err_id, session_id);
-            }
-            other => panic!("expected UnknownSessionId, got {other:?}"),
-        }
-
-        assert!(!manager.sessions.lock().await.contains_key(&session_id));
-
-        Ok(())
-    }
-}
--- a/codex-rs/core/tests/suite/client.rs
+++ b/codex-rs/core/tests/suite/client.rs
@@ -8,6 +8,7 @@ use codex_core::protocol::EventMsg;
 use codex_core::protocol::InputItem;
 use codex_core::protocol::Op;
 use codex_core::spawn::CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR;
+use codex_protocol::mcp_protocol::AuthMode;
 use core_test_support::load_default_config_for_test;
 use core_test_support::load_sse_fixture_with_id;
 use core_test_support::wait_for_event;
@@ -488,6 +489,79 @@ async fn chatgpt_auth_sends_correct_request() {
    );
 }

+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn prefers_chatgpt_token_when_config_prefers_chatgpt() {
+    if std::env::var(CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR).is_ok() {
+        println!(
+            "Skipping test because it cannot execute when network is disabled in a Codex sandbox."
+        );
+        return;
+    }
+
+    // Mock server
+    let server = MockServer::start().await;
+
+    let first = ResponseTemplate::new(200)
+        .insert_header("content-type", "text/event-stream")
+        .set_body_raw(sse_completed("resp1"), "text/event-stream");
+
+    // Expect ChatGPT base path and correct headers
+    Mock::given(method("POST"))
+        .and(path("/v1/responses"))
+        .and(header_regex("Authorization", r"Bearer Access-123"))
+        .and(header_regex("chatgpt-account-id", r"acc-123"))
+        .respond_with(first)
+        .expect(1)
+        .mount(&server)
+        .await;
+
+    let model_provider = ModelProviderInfo {
+        base_url: Some(format!("{}/v1", server.uri())),
+        ..built_in_model_providers()["openai"].clone()
+    };
+
+    // Init session
+    let codex_home = TempDir::new().unwrap();
+    // Write auth.json that contains both API key and ChatGPT tokens for a plan that should prefer ChatGPT.
+    let _jwt = write_auth_json(
+        &codex_home,
+        Some("sk-test-key"),
+        "pro",
+        "Access-123",
+        Some("acc-123"),
+    );
+
+    let mut config = load_default_config_for_test(&codex_home);
+    config.model_provider = model_provider;
+    config.preferred_auth_method = AuthMode::ChatGPT;
+
+    let auth_manager =
+        match CodexAuth::from_codex_home(codex_home.path(), config.preferred_auth_method) {
+            Ok(Some(auth)) => codex_core::AuthManager::from_auth_for_testing(auth),
+            Ok(None) => panic!("No CodexAuth found in codex_home"),
+            Err(e) => panic!("Failed to load CodexAuth: {e}"),
+        };
+    let conversation_manager = ConversationManager::new(auth_manager);
+    let NewConversation {
+        conversation: codex,
+        ..
+    } = conversation_manager
+        .new_conversation(config)
+        .await
+        .expect("create new conversation");
+
+    codex
+        .submit(Op::UserInput {
+            items: vec![InputItem::Text {
+                text: "hello".into(),
+            }],
+        })
+        .await
+        .unwrap();
+
+    wait_for_event(&codex, |ev| matches!(ev, EventMsg::TaskComplete(_))).await;
+}
+
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn prefers_apikey_when_config_prefers_apikey_even_with_chatgpt_tokens() {
    if std::env::var(CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR).is_ok() {
@@ -532,12 +606,14 @@ async fn prefers_apikey_when_config_prefers_apikey_even_with_chatgpt_tokens() {

    let mut config = load_default_config_for_test(&codex_home);
    config.model_provider = model_provider;
+    config.preferred_auth_method = AuthMode::ApiKey;

-    let auth_manager = match CodexAuth::from_codex_home(codex_home.path()) {
-        Ok(Some(auth)) => codex_core::AuthManager::from_auth_for_testing(auth),
-        Ok(None) => panic!("No CodexAuth found in codex_home"),
-        Err(e) => panic!("Failed to load CodexAuth: {e}"),
-    };
+    let auth_manager =
+        match CodexAuth::from_codex_home(codex_home.path(), config.preferred_auth_method) {
+            Ok(Some(auth)) => codex_core::AuthManager::from_auth_for_testing(auth),
+            Ok(None) => panic!("No CodexAuth found in codex_home"),
+            Err(e) => panic!("Failed to load CodexAuth: {e}"),
+        };
    let conversation_manager = ConversationManager::new(auth_manager);
    let NewConversation {
        conversation: codex,
--- a/codex-rs/core/tests/suite/fork_conversation.rs
+++ b/codex-rs/core/tests/suite/fork_conversation.rs
@@ -1,16 +1,12 @@
 use codex_core::CodexAuth;
-use codex_core::ContentItem;
 use codex_core::ConversationManager;
 use codex_core::ModelProviderInfo;
 use codex_core::NewConversation;
-use codex_core::ResponseItem;
 use codex_core::built_in_model_providers;
-use codex_core::protocol::ConversationPathResponseEvent;
+use codex_core::protocol::ConversationHistoryResponseEvent;
 use codex_core::protocol::EventMsg;
 use codex_core::protocol::InputItem;
 use codex_core::protocol::Op;
-use codex_core::protocol::RolloutItem;
-use codex_core::protocol::RolloutLine;
 use core_test_support::load_default_config_for_test;
 use core_test_support::wait_for_event;
 use tempfile::TempDir;
@@ -75,121 +71,84 @@ async fn fork_conversation_twice_drops_to_first_message() {
        let _ = wait_for_event(&codex, |ev| matches!(ev, EventMsg::TaskComplete(_))).await;
    }

-    // Request history from the base conversation to obtain rollout path.
-    codex.submit(Op::GetPath).await.unwrap();
+    // Request history from the base conversation.
+    codex.submit(Op::GetHistory).await.unwrap();
    let base_history =
-        wait_for_event(&codex, |ev| matches!(ev, EventMsg::ConversationPath(_))).await;
-    let base_path = match &base_history {
-        EventMsg::ConversationPath(ConversationPathResponseEvent { path, .. }) => path.clone(),
+        wait_for_event(&codex, |ev| matches!(ev, EventMsg::ConversationHistory(_))).await;
+
+    // Capture entries from the base history and compute expected prefixes after each fork.
+    let entries_after_three = match &base_history {
+        EventMsg::ConversationHistory(ConversationHistoryResponseEvent { entries, .. }) => {
+            entries.clone()
+        }
        _ => panic!("expected ConversationHistory event"),
    };
+    // History layout for this test:
+    // [0] user instructions,
+    // [1] environment context,
+    // [2] "first" user message,
+    // [3] "second" user message,
+    // [4] "third" user message.

-    // GetHistory flushes before returning the path; no wait needed.
+    // Fork 1: drops the last user message and everything after.
+    let expected_after_first = vec![
+        entries_after_three[0].clone(),
+        entries_after_three[1].clone(),
+        entries_after_three[2].clone(),
+        entries_after_three[3].clone(),
+    ];

-    // Helper: read rollout items (excluding SessionMeta) from a JSONL path.
-    let read_items = |p: &std::path::Path| -> Vec<RolloutItem> {
-        let text = std::fs::read_to_string(p).expect("read rollout file");
-        let mut items: Vec<RolloutItem> = Vec::new();
-        for line in text.lines() {
-            if line.trim().is_empty() {
-                continue;
-            }
-            let v: serde_json::Value = serde_json::from_str(line).expect("jsonl line");
-            let rl: RolloutLine = serde_json::from_value(v).expect("rollout line");
-            match rl.item {
-                RolloutItem::SessionMeta(_) => {}
-                other => items.push(other),
-            }
-        }
-        items
-    };
+    // Fork 2: drops the last user message and everything after.
+    // [0] user instructions,
+    // [1] environment context,
+    // [2] "first" user message,
+    let expected_after_second = vec![
+        entries_after_three[0].clone(),
+        entries_after_three[1].clone(),
+        entries_after_three[2].clone(),
+    ];

-    // Compute expected prefixes after each fork by truncating base rollout at nth-from-last user input.
-    let base_items = read_items(&base_path);
-    let find_user_input_positions = |items: &[RolloutItem]| -> Vec<usize> {
-        let mut pos = Vec::new();
-        for (i, it) in items.iter().enumerate() {
-            if let RolloutItem::ResponseItem(ResponseItem::Message { role, content, .. }) = it
-                && role == "user"
-            {
-                // Consider any user message as an input boundary; recorder stores both EventMsg and ResponseItem.
-                // We specifically look for input items, which are represented as ContentItem::InputText.
-                if content
-                    .iter()
-                    .any(|c| matches!(c, ContentItem::InputText { .. }))
-                {
-                    pos.push(i);
-                }
-            }
-        }
-        pos
-    };
-    let user_inputs = find_user_input_positions(&base_items);
-
-    // After dropping last user input (n=1), cut strictly before that input if present, else empty.
-    let cut1 = user_inputs
-        .get(user_inputs.len().saturating_sub(1))
-        .copied()
-        .unwrap_or(0);
-    let expected_after_first: Vec<RolloutItem> = base_items[..cut1].to_vec();
-
-    // After dropping again (n=1 on fork1), compute expected relative to fork1's rollout.
-
-    // Fork once with n=1 → drops the last user input and everything after.
+    // Fork once with n=1 → drops the last user message and everything after.
    let NewConversation {
        conversation: codex_fork1,
        ..
    } = conversation_manager
-        .fork_conversation(1, config_for_fork.clone(), base_path.clone())
+        .fork_conversation(entries_after_three.clone(), 1, config_for_fork.clone())
        .await
        .expect("fork 1");

-    codex_fork1.submit(Op::GetPath).await.unwrap();
+    codex_fork1.submit(Op::GetHistory).await.unwrap();
    let fork1_history = wait_for_event(&codex_fork1, |ev| {
-        matches!(ev, EventMsg::ConversationPath(_))
+        matches!(ev, EventMsg::ConversationHistory(_))
    })
    .await;
-    let fork1_path = match &fork1_history {
-        EventMsg::ConversationPath(ConversationPathResponseEvent { path, .. }) => path.clone(),
+    let entries_after_first_fork = match &fork1_history {
+        EventMsg::ConversationHistory(ConversationHistoryResponseEvent { entries, .. }) => {
+            assert!(matches!(
+                fork1_history,
+                EventMsg::ConversationHistory(ConversationHistoryResponseEvent { ref entries, .. }) if *entries == expected_after_first
+            ));
+            entries.clone()
+        }
        _ => panic!("expected ConversationHistory event after first fork"),
    };

-    // GetHistory on fork1 flushed; the file is ready.
-    let fork1_items = read_items(&fork1_path);
-    pretty_assertions::assert_eq!(
-        serde_json::to_value(&fork1_items).unwrap(),
-        serde_json::to_value(&expected_after_first).unwrap()
-    );
-
    // Fork again with n=1 → drops the (new) last user message, leaving only the first.
    let NewConversation {
        conversation: codex_fork2,
        ..
    } = conversation_manager
-        .fork_conversation(1, config_for_fork.clone(), fork1_path.clone())
+        .fork_conversation(entries_after_first_fork.clone(), 1, config_for_fork.clone())
        .await
        .expect("fork 2");

-    codex_fork2.submit(Op::GetPath).await.unwrap();
+    codex_fork2.submit(Op::GetHistory).await.unwrap();
    let fork2_history = wait_for_event(&codex_fork2, |ev| {
-        matches!(ev, EventMsg::ConversationPath(_))
+        matches!(ev, EventMsg::ConversationHistory(_))
    })
    .await;
-    let fork2_path = match &fork2_history {
-        EventMsg::ConversationPath(ConversationPathResponseEvent { path, .. }) => path.clone(),
-        _ => panic!("expected ConversationHistory event after second fork"),
-    };
-    // GetHistory on fork2 flushed; the file is ready.
-    let fork1_items = read_items(&fork1_path);
-    let fork1_user_inputs = find_user_input_positions(&fork1_items);
-    let cut_last_on_fork1 = fork1_user_inputs
-        .get(fork1_user_inputs.len().saturating_sub(1))
-        .copied()
-        .unwrap_or(0);
-    let expected_after_second: Vec<RolloutItem> = fork1_items[..cut_last_on_fork1].to_vec();
-    let fork2_items = read_items(&fork2_path);
-    pretty_assertions::assert_eq!(
-        serde_json::to_value(&fork2_items).unwrap(),
-        serde_json::to_value(&expected_after_second).unwrap()
-    );
+    assert!(matches!(
+        fork2_history,
+        EventMsg::ConversationHistory(ConversationHistoryResponseEvent { ref entries, .. }) if *entries == expected_after_second
+    ));
 }
--- a/codex-rs/core/tests/suite/prompt_caching.rs
+++ b/codex-rs/core/tests/suite/prompt_caching.rs
@@ -426,17 +426,11 @@ async fn overrides_turn_context_but_keeps_cached_prefix_and_key_constant() {
    // After overriding the turn context, the environment context should be emitted again
    // reflecting the new approval policy and sandbox settings. Omit cwd because it did
    // not change.
-    let expected_env_text_2 = format!(
-        r#"<environment_context>
+    let expected_env_text_2 = r#"<environment_context>
  <approval_policy>never</approval_policy>
  <sandbox_mode>workspace-write</sandbox_mode>
  <network_access>enabled</network_access>
-  <writable_roots>
-    <root>{}</root>
-  </writable_roots>
-</environment_context>"#,
-        writable.path().to_string_lossy()
-    );
+</environment_context>"#;
    let expected_env_msg_2 = serde_json::json!({
        "type": "message",
        "role": "user",
--- a/codex-rs/exec/src/event_processor_with_human_output.rs
+++ b/codex-rs/exec/src/event_processor_with_human_output.rs
@@ -559,7 +559,7 @@ impl EventProcessor for EventProcessorWithHumanOutput {
                }
            },
            EventMsg::ShutdownComplete => return CodexStatus::Shutdown,
-            EventMsg::ConversationPath(_) => {}
+            EventMsg::ConversationHistory(_) => {}
            EventMsg::UserMessage(_) => {}
        }
        CodexStatus::Running
--- a/codex-rs/exec/src/lib.rs
+++ b/codex-rs/exec/src/lib.rs
@@ -146,7 +146,7 @@ pub async fn run_main(cli: Cli, codex_linux_sandbox_exe: Option<PathBuf>) -> any
        model_provider,
        codex_linux_sandbox_exe,
        base_instructions: None,
-        include_plan_tool: Some(true),
+        include_plan_tool: None,
        include_apply_patch_tool: None,
        include_view_image_tool: None,
        show_raw_agent_reasoning: oss.then_some(true),
@@ -187,8 +187,10 @@ pub async fn run_main(cli: Cli, codex_linux_sandbox_exe: Option<PathBuf>) -> any
        std::process::exit(1);
    }

-    let conversation_manager =
-        ConversationManager::new(AuthManager::shared(config.codex_home.clone()));
+    let conversation_manager = ConversationManager::new(AuthManager::shared(
+        config.codex_home.clone(),
+        config.preferred_auth_method,
+    ));
    let NewConversation {
        conversation_id: _,
        conversation,
--- a/codex-rs/mcp-client/src/main.rs
+++ b/codex-rs/mcp-client/src/main.rs
@@ -17,10 +17,10 @@ use anyhow::Context;
 use anyhow::Result;
 use codex_mcp_client::McpClient;
 use mcp_types::ClientCapabilities;
-use mcp_types::Implementation;
 use mcp_types::InitializeRequestParams;
 use mcp_types::ListToolsRequestParams;
 use mcp_types::MCP_SCHEMA_VERSION;
+use mcp_types::McpClientInfo;
 use tracing_subscriber::EnvFilter;

 #[tokio::main]
@@ -60,13 +60,10 @@ async fn main() -> Result<()> {
            sampling: None,
            elicitation: None,
        },
-        client_info: Implementation {
+        client_info: McpClientInfo {
            name: "codex-mcp-client".to_owned(),
            version: env!("CARGO_PKG_VERSION").to_owned(),
            title: Some("Codex".to_string()),
-            // This field is used by Codex when it is an MCP server: it should
-            // not be used when Codex is an MCP client.
-            user_agent: None,
        },
        protocol_version: MCP_SCHEMA_VERSION.to_owned(),
    };
--- a/codex-rs/mcp-server/Cargo.toml
+++ b/codex-rs/mcp-server/Cargo.toml
@@ -40,7 +40,6 @@ uuid = { version = "1", features = ["serde", "v4"] }

 [dev-dependencies]
 assert_cmd = "2"
-base64 = "0.22"
 mcp_test_support = { path = "tests/common" }
 os_info = "3.12.0"
 pretty_assertions = "1.4.1"
--- a/codex-rs/mcp-server/src/codex_message_processor.rs
+++ b/codex-rs/mcp-server/src/codex_message_processor.rs
@@ -11,9 +11,6 @@ use codex_core::NewConversation;
 use codex_core::RolloutRecorder;
 use codex_core::SessionMeta;
 use codex_core::auth::CLIENT_ID;
-use codex_core::auth::get_auth_file;
-use codex_core::auth::login_with_api_key;
-use codex_core::auth::try_read_auth_json;
 use codex_core::config::Config;
 use codex_core::config::ConfigOverrides;
 use codex_core::config::ConfigToml;
@@ -40,6 +37,7 @@ use codex_protocol::mcp_protocol::ApplyPatchApprovalParams;
 use codex_protocol::mcp_protocol::ApplyPatchApprovalResponse;
 use codex_protocol::mcp_protocol::ArchiveConversationParams;
 use codex_protocol::mcp_protocol::ArchiveConversationResponse;
+use codex_protocol::mcp_protocol::AuthMode;
 use codex_protocol::mcp_protocol::AuthStatusChangeNotification;
 use codex_protocol::mcp_protocol::ClientRequest;
 use codex_protocol::mcp_protocol::ConversationId;
@@ -57,8 +55,6 @@ use codex_protocol::mcp_protocol::InterruptConversationParams;
 use codex_protocol::mcp_protocol::InterruptConversationResponse;
 use codex_protocol::mcp_protocol::ListConversationsParams;
 use codex_protocol::mcp_protocol::ListConversationsResponse;
-use codex_protocol::mcp_protocol::LoginApiKeyParams;
-use codex_protocol::mcp_protocol::LoginApiKeyResponse;
 use codex_protocol::mcp_protocol::LoginChatGptCompleteNotification;
 use codex_protocol::mcp_protocol::LoginChatGptResponse;
 use codex_protocol::mcp_protocol::NewConversationParams;
@@ -71,7 +67,6 @@ use codex_protocol::mcp_protocol::SendUserMessageResponse;
 use codex_protocol::mcp_protocol::SendUserTurnParams;
 use codex_protocol::mcp_protocol::SendUserTurnResponse;
 use codex_protocol::mcp_protocol::ServerNotification;
-use codex_protocol::mcp_protocol::UserInfoResponse;
 use codex_protocol::mcp_protocol::UserSavedConfig;
 use codex_protocol::models::ContentItem;
 use codex_protocol::models::ResponseItem;
@@ -174,9 +169,6 @@ impl CodexMessageProcessor {
            ClientRequest::GitDiffToRemote { request_id, params } => {
                self.git_diff_to_origin(request_id, params.cwd).await;
            }
-            ClientRequest::LoginApiKey { request_id, params } => {
-                self.login_api_key(request_id, params).await;
-            }
            ClientRequest::LoginChatGpt { request_id } => {
                self.login_chatgpt(request_id).await;
            }
@@ -195,48 +187,12 @@ impl CodexMessageProcessor {
            ClientRequest::GetUserAgent { request_id } => {
                self.get_user_agent(request_id).await;
            }
-            ClientRequest::UserInfo { request_id } => {
-                self.get_user_info(request_id).await;
-            }
            ClientRequest::ExecOneOffCommand { request_id, params } => {
                self.exec_one_off_command(request_id, params).await;
            }
        }
    }

-    async fn login_api_key(&mut self, request_id: RequestId, params: LoginApiKeyParams) {
-        {
-            let mut guard = self.active_login.lock().await;
-            if let Some(active) = guard.take() {
-                active.drop();
-            }
-        }
-
-        match login_with_api_key(&self.config.codex_home, &params.api_key) {
-            Ok(()) => {
-                self.auth_manager.reload();
-                self.outgoing
-                    .send_response(request_id, LoginApiKeyResponse {})
-                    .await;
-
-                let payload = AuthStatusChangeNotification {
-                    auth_method: self.auth_manager.auth().map(|auth| auth.mode),
-                };
-                self.outgoing
-                    .send_server_notification(ServerNotification::AuthStatusChange(payload))
-                    .await;
-            }
-            Err(err) => {
-                let error = JSONRPCErrorError {
-                    code: INTERNAL_ERROR_CODE,
-                    message: format!("failed to save api key: {err}"),
-                    data: None,
-                };
-                self.outgoing.send_error(request_id, error).await;
-            }
-        }
-    }
-
    async fn login_chatgpt(&mut self, request_id: RequestId) {
        let config = self.config.as_ref();

@@ -390,7 +346,7 @@ impl CodexMessageProcessor {
            .await;

        // Send auth status change notification reflecting the current auth mode
-        // after logout.
+        // after logout (which may fall back to API key via env var).
        let current_auth_method = self.auth_manager.auth().map(|auth| auth.mode);
        let payload = AuthStatusChangeNotification {
            auth_method: current_auth_method,
@@ -405,6 +361,7 @@ impl CodexMessageProcessor {
        request_id: RequestId,
        params: codex_protocol::mcp_protocol::GetAuthStatusParams,
    ) {
+        let preferred_auth_method: AuthMode = self.auth_manager.preferred_auth_method();
        let include_token = params.include_token.unwrap_or(false);
        let do_refresh = params.refresh_token.unwrap_or(false);

@@ -412,11 +369,6 @@ impl CodexMessageProcessor {
            tracing::warn!("failed to refresh token while getting auth status: {err}");
        }

-        // Determine whether auth is required based on the active model provider.
-        // If a custom provider is configured with `requires_openai_auth == false`,
-        // then no auth step is required; otherwise, default to requiring auth.
-        let requires_openai_auth = Some(self.config.model_provider.requires_openai_auth);
-
        let response = match self.auth_manager.auth() {
            Some(auth) => {
                let (reported_auth_method, token_opt) = match auth.get_token().await {
@@ -432,14 +384,14 @@ impl CodexMessageProcessor {
                };
                codex_protocol::mcp_protocol::GetAuthStatusResponse {
                    auth_method: reported_auth_method,
+                    preferred_auth_method,
                    auth_token: token_opt,
-                    requires_openai_auth,
                }
            }
            None => codex_protocol::mcp_protocol::GetAuthStatusResponse {
                auth_method: None,
+                preferred_auth_method,
                auth_token: None,
-                requires_openai_auth,
            },
        };

@@ -487,18 +439,6 @@ impl CodexMessageProcessor {
        self.outgoing.send_response(request_id, response).await;
    }

-    async fn get_user_info(&self, request_id: RequestId) {
-        // Read alleged user email from auth.json (best-effort; not verified).
-        let auth_path = get_auth_file(&self.config.codex_home);
-        let alleged_user_email = match try_read_auth_json(&auth_path) {
-            Ok(auth) => auth.tokens.and_then(|t| t.id_token.email),
-            Err(_) => None,
-        };
-
-        let response = UserInfoResponse { alleged_user_email };
-        self.outgoing.send_response(request_id, response).await;
-    }
-
    async fn exec_one_off_command(&self, request_id: RequestId, params: ExecOneOffCommandParams) {
        tracing::debug!("ExecOneOffCommand params: {params:?}");

--- a/codex-rs/mcp-server/src/codex_tool_runner.rs
+++ b/codex-rs/mcp-server/src/codex_tool_runner.rs
@@ -277,7 +277,7 @@ async fn run_codex_tool_session_inner(
                    | EventMsg::GetHistoryEntryResponse(_)
                    | EventMsg::PlanUpdate(_)
                    | EventMsg::TurnAborted(_)
-                    | EventMsg::ConversationPath(_)
+                    | EventMsg::ConversationHistory(_)
                    | EventMsg::UserMessage(_)
                    | EventMsg::ShutdownComplete => {
                        // For now, we do not do anything extra for these
--- a/codex-rs/mcp-server/src/message_processor.rs
+++ b/codex-rs/mcp-server/src/message_processor.rs
@@ -56,7 +56,8 @@ impl MessageProcessor {
        config: Arc<Config>,
    ) -> Self {
        let outgoing = Arc::new(outgoing);
-        let auth_manager = AuthManager::shared(config.codex_home.clone());
+        let auth_manager =
+            AuthManager::shared(config.codex_home.clone(), config.preferred_auth_method);
        let conversation_manager = Arc::new(ConversationManager::new(auth_manager.clone()));
        let codex_message_processor = CodexMessageProcessor::new(
            auth_manager,
@@ -233,7 +234,7 @@ impl MessageProcessor {
            },
            instructions: None,
            protocol_version: params.protocol_version.clone(),
-            server_info: mcp_types::Implementation {
+            server_info: mcp_types::McpServerInfo {
                name: "codex-mcp-server".to_string(),
                version: env!("CARGO_PKG_VERSION").to_string(),
                title: Some("Codex".to_string()),
--- a/codex-rs/mcp-server/tests/common/mcp_process.rs
+++ b/codex-rs/mcp-server/tests/common/mcp_process.rs
@@ -18,7 +18,6 @@ use codex_protocol::mcp_protocol::CancelLoginChatGptParams;
 use codex_protocol::mcp_protocol::GetAuthStatusParams;
 use codex_protocol::mcp_protocol::InterruptConversationParams;
 use codex_protocol::mcp_protocol::ListConversationsParams;
-use codex_protocol::mcp_protocol::LoginApiKeyParams;
 use codex_protocol::mcp_protocol::NewConversationParams;
 use codex_protocol::mcp_protocol::RemoveConversationListenerParams;
 use codex_protocol::mcp_protocol::ResumeConversationParams;
@@ -27,13 +26,13 @@ use codex_protocol::mcp_protocol::SendUserTurnParams;

 use mcp_types::CallToolRequestParams;
 use mcp_types::ClientCapabilities;
-use mcp_types::Implementation;
 use mcp_types::InitializeRequestParams;
 use mcp_types::JSONRPC_VERSION;
 use mcp_types::JSONRPCMessage;
 use mcp_types::JSONRPCNotification;
 use mcp_types::JSONRPCRequest;
 use mcp_types::JSONRPCResponse;
+use mcp_types::McpClientInfo;
 use mcp_types::ModelContextProtocolNotification;
 use mcp_types::ModelContextProtocolRequest;
 use mcp_types::RequestId;
@@ -135,11 +134,10 @@ impl McpProcess {
                roots: None,
                sampling: None,
            },
-            client_info: Implementation {
+            client_info: McpClientInfo {
                name: "elicitation test".into(),
                title: Some("Elicitation Test".into()),
                version: "0.0.0".into(),
-                user_agent: None,
            },
            protocol_version: mcp_types::MCP_SCHEMA_VERSION.into(),
        };
@@ -296,11 +294,6 @@ impl McpProcess {
        self.send_request("getUserAgent", None).await
    }

-    /// Send a `userInfo` JSON-RPC request.
-    pub async fn send_user_info_request(&mut self) -> anyhow::Result<i64> {
-        self.send_request("userInfo", None).await
-    }
-
    /// Send a `listConversations` JSON-RPC request.
    pub async fn send_list_conversations_request(
        &mut self,
@@ -319,15 +312,6 @@ impl McpProcess {
        self.send_request("resumeConversation", params).await
    }

-    /// Send a `loginApiKey` JSON-RPC request.
-    pub async fn send_login_api_key_request(
-        &mut self,
-        params: LoginApiKeyParams,
-    ) -> anyhow::Result<i64> {
-        let params = Some(serde_json::to_value(params)?);
-        self.send_request("loginApiKey", params).await
-    }
-
    /// Send a `loginChatGpt` JSON-RPC request.
    pub async fn send_login_chat_gpt_request(&mut self) -> anyhow::Result<i64> {
        self.send_request("loginChatGpt", None).await
--- a/codex-rs/mcp-server/tests/suite/auth.rs
+++ b/codex-rs/mcp-server/tests/suite/auth.rs
@@ -1,10 +1,9 @@
 use std::path::Path;

+use codex_core::auth::login_with_api_key;
 use codex_protocol::mcp_protocol::AuthMode;
 use codex_protocol::mcp_protocol::GetAuthStatusParams;
 use codex_protocol::mcp_protocol::GetAuthStatusResponse;
-use codex_protocol::mcp_protocol::LoginApiKeyParams;
-use codex_protocol::mcp_protocol::LoginApiKeyResponse;
 use mcp_test_support::McpProcess;
 use mcp_test_support::to_response;
 use mcp_types::JSONRPCResponse;
@@ -37,29 +36,10 @@ stream_max_retries = 0
    )
 }

-async fn login_with_api_key_via_request(mcp: &mut McpProcess, api_key: &str) {
-    let request_id = mcp
-        .send_login_api_key_request(LoginApiKeyParams {
-            api_key: api_key.to_string(),
-        })
-        .await
-        .unwrap_or_else(|e| panic!("send loginApiKey: {e}"));
-
-    let resp: JSONRPCResponse = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_response_message(RequestId::Integer(request_id)),
-    )
-    .await
-    .unwrap_or_else(|e| panic!("loginApiKey timeout: {e}"))
-    .unwrap_or_else(|e| panic!("loginApiKey response: {e}"));
-    let _: LoginApiKeyResponse =
-        to_response(resp).unwrap_or_else(|e| panic!("deserialize login response: {e}"));
-}
-
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn get_auth_status_no_auth() {
    let codex_home = TempDir::new().unwrap_or_else(|e| panic!("create tempdir: {e}"));
-    create_config_toml(codex_home.path()).unwrap_or_else(|err| panic!("write config.toml: {err}"));
+    create_config_toml(codex_home.path()).expect("write config.toml");

    let mut mcp = McpProcess::new_with_env(codex_home.path(), &[("OPENAI_API_KEY", None)])
        .await
@@ -92,7 +72,8 @@ async fn get_auth_status_no_auth() {
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn get_auth_status_with_api_key() {
    let codex_home = TempDir::new().unwrap_or_else(|e| panic!("create tempdir: {e}"));
-    create_config_toml(codex_home.path()).unwrap_or_else(|err| panic!("write config.toml: {err}"));
+    create_config_toml(codex_home.path()).expect("write config.toml");
+    login_with_api_key(codex_home.path(), "sk-test-key").expect("seed api key");

    let mut mcp = McpProcess::new(codex_home.path())
        .await
@@ -102,8 +83,6 @@ async fn get_auth_status_with_api_key() {
        .expect("init timeout")
        .expect("init failed");

-    login_with_api_key_via_request(&mut mcp, "sk-test-key").await;
-
    let request_id = mcp
        .send_get_auth_status_request(GetAuthStatusParams {
            include_token: Some(true),
@@ -122,12 +101,14 @@ async fn get_auth_status_with_api_key() {
    let status: GetAuthStatusResponse = to_response(resp).expect("deserialize status");
    assert_eq!(status.auth_method, Some(AuthMode::ApiKey));
    assert_eq!(status.auth_token, Some("sk-test-key".to_string()));
+    assert_eq!(status.preferred_auth_method, AuthMode::ChatGPT);
 }

 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn get_auth_status_with_api_key_no_include_token() {
    let codex_home = TempDir::new().unwrap_or_else(|e| panic!("create tempdir: {e}"));
-    create_config_toml(codex_home.path()).unwrap_or_else(|err| panic!("write config.toml: {err}"));
+    create_config_toml(codex_home.path()).expect("write config.toml");
+    login_with_api_key(codex_home.path(), "sk-test-key").expect("seed api key");

    let mut mcp = McpProcess::new(codex_home.path())
        .await
@@ -137,8 +118,6 @@ async fn get_auth_status_with_api_key_no_include_token() {
        .expect("init timeout")
        .expect("init failed");

-    login_with_api_key_via_request(&mut mcp, "sk-test-key").await;
-
    // Build params via struct so None field is omitted in wire JSON.
    let params = GetAuthStatusParams {
        include_token: None,
@@ -159,4 +138,5 @@ async fn get_auth_status_with_api_key_no_include_token() {
    let status: GetAuthStatusResponse = to_response(resp).expect("deserialize status");
    assert_eq!(status.auth_method, Some(AuthMode::ApiKey));
    assert!(status.auth_token.is_none(), "token must be omitted");
+    assert_eq!(status.preferred_auth_method, AuthMode::ChatGPT);
 }
--- a/codex-rs/mcp-server/tests/suite/login.rs
+++ b/codex-rs/mcp-server/tests/suite/login.rs
@@ -1,7 +1,7 @@
 use std::path::Path;
 use std::time::Duration;

-use codex_login::login_with_api_key;
+use codex_core::auth::login_with_api_key;
 use codex_protocol::mcp_protocol::CancelLoginChatGptParams;
 use codex_protocol::mcp_protocol::CancelLoginChatGptResponse;
 use codex_protocol::mcp_protocol::GetAuthStatusParams;
@@ -95,7 +95,7 @@ async fn logout_chatgpt_removes_auth() {
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn login_and_cancel_chatgpt() {
    let codex_home = TempDir::new().unwrap_or_else(|e| panic!("create tempdir: {e}"));
-    create_config_toml(codex_home.path()).unwrap_or_else(|err| panic!("write config.toml: {err}"));
+    create_config_toml(codex_home.path()).expect("write config.toml");

    let mut mcp = McpProcess::new(codex_home.path())
        .await
--- a/codex-rs/mcp-server/tests/suite/mod.rs
+++ b/codex-rs/mcp-server/tests/suite/mod.rs
@@ -10,4 +10,3 @@ mod list_resume;
 mod login;
 mod send_message;
 mod user_agent;
-mod user_info;
--- a/codex-rs/mcp-server/tests/suite/user_info.rs
+++ b/codex-rs/mcp-server/tests/suite/user_info.rs
@@ -1,78 +0,0 @@
-use std::time::Duration;
-
-use anyhow::Context;
-use base64::Engine;
-use base64::engine::general_purpose::URL_SAFE_NO_PAD;
-use codex_core::auth::AuthDotJson;
-use codex_core::auth::get_auth_file;
-use codex_core::auth::write_auth_json;
-use codex_core::token_data::IdTokenInfo;
-use codex_core::token_data::TokenData;
-use codex_protocol::mcp_protocol::UserInfoResponse;
-use mcp_test_support::McpProcess;
-use mcp_test_support::to_response;
-use mcp_types::JSONRPCResponse;
-use mcp_types::RequestId;
-use pretty_assertions::assert_eq;
-use serde_json::json;
-use tempfile::TempDir;
-use tokio::time::timeout;
-
-const DEFAULT_READ_TIMEOUT: Duration = Duration::from_secs(10);
-
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn user_info_returns_email_from_auth_json() {
-    let codex_home = TempDir::new().expect("create tempdir");
-
-    let auth_path = get_auth_file(codex_home.path());
-    let mut id_token = IdTokenInfo::default();
-    id_token.email = Some("user@example.com".to_string());
-    id_token.raw_jwt = encode_id_token_with_email("user@example.com").expect("encode id token");
-
-    let auth = AuthDotJson {
-        openai_api_key: None,
-        tokens: Some(TokenData {
-            id_token,
-            access_token: "access".to_string(),
-            refresh_token: "refresh".to_string(),
-            account_id: None,
-        }),
-        last_refresh: None,
-    };
-    write_auth_json(&auth_path, &auth).expect("write auth.json");
-
-    let mut mcp = McpProcess::new(codex_home.path())
-        .await
-        .expect("spawn mcp process");
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize())
-        .await
-        .expect("initialize timeout")
-        .expect("initialize request");
-
-    let request_id = mcp.send_user_info_request().await.expect("send userInfo");
-    let response: JSONRPCResponse = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_response_message(RequestId::Integer(request_id)),
-    )
-    .await
-    .expect("userInfo timeout")
-    .expect("userInfo response");
-
-    let received: UserInfoResponse = to_response(response).expect("deserialize userInfo response");
-    let expected = UserInfoResponse {
-        alleged_user_email: Some("user@example.com".to_string()),
-    };
-
-    assert_eq!(received, expected);
-}
-
-fn encode_id_token_with_email(email: &str) -> anyhow::Result<String> {
-    let header_b64 = URL_SAFE_NO_PAD.encode(
-        serde_json::to_vec(&json!({ "alg": "none", "typ": "JWT" }))
-            .context("serialize jwt header")?,
-    );
-    let payload =
-        serde_json::to_vec(&json!({ "email": email })).context("serialize jwt payload")?;
-    let payload_b64 = URL_SAFE_NO_PAD.encode(payload);
-    Ok(format!("{header_b64}.{payload_b64}.signature"))
-}
--- a/codex-rs/mcp-types/check_lib_rs.py
+++ b/codex-rs/mcp-types/check_lib_rs.py
@@ -1,21 +0,0 @@
-#!/usr/bin/env python3
-
-import subprocess
-import sys
-from pathlib import Path
-
-
-def main() -> int:
-    crate_dir = Path(__file__).resolve().parent
-    generator = crate_dir / "generate_mcp_types.py"
-
-    result = subprocess.run(
-        [sys.executable, str(generator), "--check"],
-        cwd=crate_dir,
-        check=False,
-    )
-    return result.returncode
-
-
-if __name__ == "__main__":
-    raise SystemExit(main())
--- a/codex-rs/mcp-types/generate_mcp_types.py
+++ b/codex-rs/mcp-types/generate_mcp_types.py
@@ -5,19 +5,15 @@ import argparse
 import json
 import subprocess
 import sys
-import tempfile

 from dataclasses import (
    dataclass,
 )
-from difflib import unified_diff
 from pathlib import Path
-from shutil import copy2

 # Helper first so it is defined when other functions call it.
 from typing import Any, Literal

-
 SCHEMA_VERSION = "2025-06-18"
 JSONRPC_VERSION = "2.0"

@@ -47,31 +43,16 @@ def main() -> int:
    default_schema_file = (
        Path(__file__).resolve().parent / "schema" / SCHEMA_VERSION / "schema.json"
    )
-    default_lib_rs = Path(__file__).resolve().parent / "src/lib.rs"
    parser.add_argument(
        "schema_file",
        nargs="?",
        default=default_schema_file,
        help="schema.json file to process",
    )
-    parser.add_argument(
-        "--check",
-        action="store_true",
-        help="Regenerate lib.rs in a sandbox and ensure the checked-in file matches",
-    )
    args = parser.parse_args()
-    schema_file = Path(args.schema_file)
-    crate_dir = Path(__file__).resolve().parent
+    schema_file = args.schema_file

-    if args.check:
-        return run_check(schema_file, crate_dir, default_lib_rs)
-
-    generate_lib_rs(schema_file, default_lib_rs, fmt=True)
-    return 0
-
-
-def generate_lib_rs(schema_file: Path, lib_rs: Path, fmt: bool) -> None:
-    lib_rs.parent.mkdir(parents=True, exist_ok=True)
+    lib_rs = Path(__file__).resolve().parent / "src/lib.rs"

    global DEFINITIONS  # Allow helper functions to access the schema.

@@ -136,7 +117,9 @@ fn default_jsonrpc() -> String {{ JSONRPC_VERSION.to_owned() }}

    for req_name in CLIENT_REQUEST_TYPE_NAMES:
        defn = definitions[req_name]
-        method_const = defn.get("properties", {}).get("method", {}).get("const", req_name)
+        method_const = (
+            defn.get("properties", {}).get("method", {}).get("const", req_name)
+        )
        payload_type = f"<{req_name} as ModelContextProtocolRequest>::Params"
        try_from_impl_lines.append(f'            "{method_const}" => {{\n')
        try_from_impl_lines.append(
@@ -145,7 +128,9 @@ fn default_jsonrpc() -> String {{ JSONRPC_VERSION.to_owned() }}
        try_from_impl_lines.append(
            f"                let params: {payload_type} = serde_json::from_value(params_json)?;\n"
        )
-        try_from_impl_lines.append(f"                Ok(ClientRequest::{req_name}(params))\n")
+        try_from_impl_lines.append(
+            f"                Ok(ClientRequest::{req_name}(params))\n"
+        )
        try_from_impl_lines.append("            },\n")

    try_from_impl_lines.append(
@@ -159,7 +144,9 @@ fn default_jsonrpc() -> String {{ JSONRPC_VERSION.to_owned() }}

    # Generate TryFrom for ServerNotification
    notif_impl_lines: list[str] = []
-    notif_impl_lines.append("impl TryFrom<JSONRPCNotification> for ServerNotification {\n")
+    notif_impl_lines.append(
+        "impl TryFrom<JSONRPCNotification> for ServerNotification {\n"
+    )
    notif_impl_lines.append("    type Error = serde_json::Error;\n")
    notif_impl_lines.append(
        "    fn try_from(n: JSONRPCNotification) -> std::result::Result<Self, Self::Error> {\n"
@@ -168,7 +155,9 @@ fn default_jsonrpc() -> String {{ JSONRPC_VERSION.to_owned() }}

    for notif_name in SERVER_NOTIFICATION_TYPE_NAMES:
        n_def = definitions[notif_name]
-        method_const = n_def.get("properties", {}).get("method", {}).get("const", notif_name)
+        method_const = (
+            n_def.get("properties", {}).get("method", {}).get("const", notif_name)
+        )
        payload_type = f"<{notif_name} as ModelContextProtocolNotification>::Params"
        notif_impl_lines.append(f'            "{method_const}" => {{\n')
        # params may be optional
@@ -178,7 +167,9 @@ fn default_jsonrpc() -> String {{ JSONRPC_VERSION.to_owned() }}
        notif_impl_lines.append(
            f"                let params: {payload_type} = serde_json::from_value(params_json)?;\n"
        )
-        notif_impl_lines.append(f"                Ok(ServerNotification::{notif_name}(params))\n")
+        notif_impl_lines.append(
+            f"                Ok(ServerNotification::{notif_name}(params))\n"
+        )
        notif_impl_lines.append("            },\n")

    notif_impl_lines.append(
@@ -194,70 +185,13 @@ fn default_jsonrpc() -> String {{ JSONRPC_VERSION.to_owned() }}
        for chunk in out:
            f.write(chunk)

-    if fmt:
-        subprocess.check_call(
-            ["cargo", "fmt", "--", "--config", "imports_granularity=Item"],
-            cwd=lib_rs.parent.parent,
-            stderr=subprocess.DEVNULL,
-        )
+    subprocess.check_call(
+        ["cargo", "fmt", "--", "--config", "imports_granularity=Item"],
+        cwd=lib_rs.parent.parent,
+        stderr=subprocess.DEVNULL,
+    )

-
-def run_check(schema_file: Path, crate_dir: Path, checked_in_lib: Path) -> int:
-    config_path = crate_dir.parent / "rustfmt.toml"
-    eprint(f"Running --check with schema {schema_file}")
-
-    with tempfile.TemporaryDirectory() as tmp_dir:
-        tmp_path = Path(tmp_dir)
-        eprint(f"Created temporary workspace at {tmp_path}")
-        manifest_path = tmp_path / "Cargo.toml"
-        eprint(f"Copying Cargo.toml into {manifest_path}")
-        copy2(crate_dir / "Cargo.toml", manifest_path)
-        manifest_text = manifest_path.read_text(encoding="utf-8")
-        manifest_text = manifest_text.replace(
-            "version = { workspace = true }",
-            'version = "0.0.0"',
-        )
-        manifest_text = manifest_text.replace("\n[lints]\nworkspace = true\n", "\n")
-        manifest_path.write_text(manifest_text, encoding="utf-8")
-        src_dir = tmp_path / "src"
-        src_dir.mkdir(parents=True, exist_ok=True)
-        eprint(f"Generating lib.rs into {src_dir}")
-        generated_lib = src_dir / "lib.rs"
-
-        generate_lib_rs(schema_file, generated_lib, fmt=False)
-
-        eprint("Formatting generated lib.rs with rustfmt")
-        subprocess.check_call(
-            [
-                "rustfmt",
-                "--config-path",
-                str(config_path),
-                str(generated_lib),
-            ],
-            cwd=tmp_path,
-            stderr=subprocess.DEVNULL,
-        )
-
-        eprint("Comparing generated lib.rs with checked-in version")
-        checked_in_contents = checked_in_lib.read_text(encoding="utf-8")
-        generated_contents = generated_lib.read_text(encoding="utf-8")
-
-        if checked_in_contents == generated_contents:
-            eprint("lib.rs matches checked-in version")
-            return 0
-
-        diff = unified_diff(
-            checked_in_contents.splitlines(keepends=True),
-            generated_contents.splitlines(keepends=True),
-            fromfile=str(checked_in_lib),
-            tofile=str(generated_lib),
-        )
-        diff_text = "".join(diff)
-        eprint("Generated lib.rs does not match the checked-in version. Diff:")
-        if diff_text:
-            eprint(diff_text, end="")
-        eprint("Re-run generate_mcp_types.py without --check to update src/lib.rs.")
-        return 1
+    return 0


 def add_definition(name: str, definition: dict[str, Any], out: list[str]) -> None:
@@ -331,11 +265,8 @@ class StructField:
    name: str
    type_name: str
    serde: str | None = None
-    comment: str | None = None

    def append(self, out: list[str], supports_const: bool) -> None:
-        if self.comment:
-            out.append(f"    // {self.comment}\n")
        if self.serde:
            out.append(f"    {self.serde}\n")
        if self.viz == "const":
@@ -381,18 +312,6 @@ def define_struct(
        else:
            fields.append(StructField("pub", rs_prop.name, prop_type, rs_prop.serde))

-    # Special-case: add Codex-specific user_agent to Implementation
-    if name == "Implementation":
-        fields.append(
-            StructField(
-                "pub",
-                "user_agent",
-                "Option<String>",
-                '#[serde(default, skip_serializing_if = "Option::is_none")]',
-                "This is an extra field that the Codex MCP server sends as part of InitializeResult.",
-            )
-        )
-
    if implements_request_trait(name):
        add_trait_impl(name, "ModelContextProtocolRequest", fields, out)
    elif implements_notification_trait(name):
@@ -487,11 +406,15 @@ def define_untagged_enum(name: str, type_list: list[str], out: list[str]) -> Non
            case "integer":
                out.append("    Integer(i64),\n")
            case _:
-                raise ValueError(f"Unknown type in untagged enum: {simple_type} in {name}")
+                raise ValueError(
+                    f"Unknown type in untagged enum: {simple_type} in {name}"
+                )
    out.append("}\n\n")


-def define_any_of(name: str, list_of_refs: list[Any], description: str | None = None) -> list[str]:
+def define_any_of(
+    name: str, list_of_refs: list[Any], description: str | None = None
+) -> list[str]:
    """Generate a Rust enum for a JSON-Schema `anyOf` union.

    For most types we simply map each `$ref` inside the `anyOf` list to a
@@ -556,7 +479,9 @@ def define_any_of(name: str, list_of_refs: list[Any], description: str | None =
            if name == "ClientRequest":
                payload_type = f"<{ref_name} as ModelContextProtocolRequest>::Params"
            else:
-                payload_type = f"<{ref_name} as ModelContextProtocolNotification>::Params"
+                payload_type = (
+                    f"<{ref_name} as ModelContextProtocolNotification>::Params"
+                )

            # Determine the wire value for `method` so we can annotate the
            # variant appropriately. If for some reason the schema does not
@@ -564,7 +489,9 @@ def define_any_of(name: str, list_of_refs: list[Any], description: str | None =
            # least compile (although deserialization will likely fail).
            request_def = DEFINITIONS.get(ref_name, {})
            method_const = (
-                request_def.get("properties", {}).get("method", {}).get("const", ref_name)
+                request_def.get("properties", {})
+                .get("method", {})
+                .get("const", ref_name)
            )

            out.append(f'    #[serde(rename = "{method_const}")]\n')
@@ -614,7 +541,7 @@ def map_type(
    if type_prop == "string":
        if const_prop := typedef.get("const", None):
            assert isinstance(const_prop, str)
-            return f'&\'static str = "{const_prop}"'
+            return f'&\'static str = "{const_prop    }"'
        else:
            return "String"
    elif type_prop == "integer":
@@ -690,7 +617,7 @@ def rust_prop_name(name: str, is_optional: bool) -> RustProp:
        serde_annotations.append('skip_serializing_if = "Option::is_none"')

    if serde_annotations:
-        serde_str = f"#[serde({', '.join(serde_annotations)})]"
+        serde_str = f'#[serde({", ".join(serde_annotations)})]'
    else:
        serde_str = None
    return RustProp(prop_name, serde_str)
@@ -698,7 +625,9 @@ def rust_prop_name(name: str, is_optional: bool) -> RustProp:

 def to_snake_case(name: str) -> str:
    """Convert a camelCase or PascalCase name to snake_case."""
-    snake_case = name[0].lower() + "".join("_" + c.lower() if c.isupper() else c for c in name[1:])
+    snake_case = name[0].lower() + "".join(
+        "_" + c.lower() if c.isupper() else c for c in name[1:]
+    )
    if snake_case != name:
        return snake_case
    else:
@@ -734,9 +663,5 @@ def emit_doc_comment(text: str | None, out: list[str]) -> None:
        out.append(f"/// {line.rstrip()}\n")


-def eprint(*args: Any, **kwargs: Any) -> None:
-    print(*args, file=sys.stderr, **kwargs)
-
-
 if __name__ == "__main__":
    sys.exit(main())
--- a/codex-rs/mcp-types/src/lib.rs
+++ b/codex-rs/mcp-types/src/lib.rs
@@ -482,12 +482,20 @@ pub struct ImageContent {

 /// Describes the name and version of an MCP implementation, with an optional title for UI representation.
 #[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
-pub struct Implementation {
+pub struct McpClientInfo {
+    pub name: String,
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub title: Option<String>,
+    pub version: String,
+}
+
+/// Describes the name and version of an MCP implementation, with an optional title for UI representation.
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
+pub struct McpServerInfo {
    pub name: String,
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub title: Option<String>,
    pub version: String,
-    // This is an extra field that the Codex MCP server sends as part of InitializeResult.
    #[serde(default, skip_serializing_if = "Option::is_none")]
    pub user_agent: Option<String>,
 }
@@ -505,7 +513,7 @@ impl ModelContextProtocolRequest for InitializeRequest {
 pub struct InitializeRequestParams {
    pub capabilities: ClientCapabilities,
    #[serde(rename = "clientInfo")]
-    pub client_info: Implementation,
+    pub client_info: McpClientInfo,
    #[serde(rename = "protocolVersion")]
    pub protocol_version: String,
 }
@@ -519,7 +527,7 @@ pub struct InitializeResult {
    #[serde(rename = "protocolVersion")]
    pub protocol_version: String,
    #[serde(rename = "serverInfo")]
-    pub server_info: Implementation,
+    pub server_info: McpServerInfo,
 }

 impl From<InitializeResult> for serde_json::Value {
--- a/codex-rs/mcp-types/tests/suite/initialize.rs
+++ b/codex-rs/mcp-types/tests/suite/initialize.rs
@@ -1,10 +1,10 @@
 use mcp_types::ClientCapabilities;
 use mcp_types::ClientRequest;
-use mcp_types::Implementation;
 use mcp_types::InitializeRequestParams;
 use mcp_types::JSONRPC_VERSION;
 use mcp_types::JSONRPCMessage;
 use mcp_types::JSONRPCRequest;
+use mcp_types::McpClientInfo;
 use mcp_types::RequestId;
 use serde_json::json;

@@ -58,11 +58,10 @@ fn deserialize_initialize_request() {
                sampling: None,
                elicitation: None,
            },
-            client_info: Implementation {
+            client_info: McpClientInfo {
                name: "acme-client".into(),
                title: Some("Acme".to_string()),
                version: "1.2.3".into(),
-                user_agent: None,
            },
            protocol_version: "2025-06-18".into(),
        }
--- a/codex-rs/protocol-ts/src/lib.rs
+++ b/codex-rs/protocol-ts/src/lib.rs
@@ -31,8 +31,6 @@ pub fn generate_ts(out_dir: &Path, prettier: Option<&Path>) -> Result<()> {
    codex_protocol::mcp_protocol::SendUserTurnResponse::export_all_to(out_dir)?;
    codex_protocol::mcp_protocol::InterruptConversationResponse::export_all_to(out_dir)?;
    codex_protocol::mcp_protocol::GitDiffToRemoteResponse::export_all_to(out_dir)?;
-    codex_protocol::mcp_protocol::LoginApiKeyParams::export_all_to(out_dir)?;
-    codex_protocol::mcp_protocol::LoginApiKeyResponse::export_all_to(out_dir)?;
    codex_protocol::mcp_protocol::LoginChatGptResponse::export_all_to(out_dir)?;
    codex_protocol::mcp_protocol::CancelLoginChatGptResponse::export_all_to(out_dir)?;
    codex_protocol::mcp_protocol::LogoutChatGptResponse::export_all_to(out_dir)?;
@@ -41,7 +39,6 @@ pub fn generate_ts(out_dir: &Path, prettier: Option<&Path>) -> Result<()> {
    codex_protocol::mcp_protocol::ExecCommandApprovalResponse::export_all_to(out_dir)?;
    codex_protocol::mcp_protocol::GetUserSavedConfigResponse::export_all_to(out_dir)?;
    codex_protocol::mcp_protocol::GetUserAgentResponse::export_all_to(out_dir)?;
-    codex_protocol::mcp_protocol::UserInfoResponse::export_all_to(out_dir)?;

    // All notification types reachable from this enum will be generated by
    // induction, so they do not need to be listed individually.
--- a/codex-rs/protocol/src/mcp_protocol.rs
+++ b/codex-rs/protocol/src/mcp_protocol.rs
@@ -126,11 +126,6 @@ pub enum ClientRequest {
        request_id: RequestId,
        params: GitDiffToRemoteParams,
    },
-    LoginApiKey {
-        #[serde(rename = "id")]
-        request_id: RequestId,
-        params: LoginApiKeyParams,
-    },
    LoginChatGpt {
        #[serde(rename = "id")]
        request_id: RequestId,
@@ -157,10 +152,6 @@ pub enum ClientRequest {
        #[serde(rename = "id")]
        request_id: RequestId,
    },
-    UserInfo {
-        #[serde(rename = "id")]
-        request_id: RequestId,
-    },
    /// Execute a command (argv vector) under the server's sandbox.
    ExecOneOffCommand {
        #[serde(rename = "id")]
@@ -293,16 +284,6 @@ pub struct ArchiveConversationResponse {}
 #[serde(rename_all = "camelCase")]
 pub struct RemoveConversationSubscriptionResponse {}

-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, TS)]
-#[serde(rename_all = "camelCase")]
-pub struct LoginApiKeyParams {
-    pub api_key: String,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, TS)]
-#[serde(rename_all = "camelCase")]
-pub struct LoginApiKeyResponse {}
-
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, TS)]
 #[serde(rename_all = "camelCase")]
 pub struct LoginChatGptResponse {
@@ -382,14 +363,9 @@ pub struct ExecArbitraryCommandResponse {
 pub struct GetAuthStatusResponse {
    #[serde(skip_serializing_if = "Option::is_none")]
    pub auth_method: Option<AuthMode>,
+    pub preferred_auth_method: AuthMode,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub auth_token: Option<String>,
-
-    // Indicates that auth method must be valid to use the server.
-    // This can be false if using a custom provider that is configured
-    // with requires_openai_auth == false.
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub requires_openai_auth: Option<bool>,
 }

 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, TS)]
@@ -398,16 +374,6 @@ pub struct GetUserAgentResponse {
    pub user_agent: String,
 }

-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, TS)]
-#[serde(rename_all = "camelCase")]
-pub struct UserInfoResponse {
-    /// Note: `alleged_user_email` is not currently verified. We read it from
-    /// the local auth.json, which the user could theoretically modify. In the
-    /// future, we may add logic to verify the email against the server before
-    /// returning it.
-    pub alleged_user_email: Option<String>,
-}
-
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, TS)]
 #[serde(rename_all = "camelCase")]
 pub struct GetUserSavedConfigResponse {
--- a/codex-rs/protocol/src/models.rs
+++ b/codex-rs/protocol/src/models.rs
@@ -115,6 +115,7 @@ pub enum ResponseItem {
        status: Option<String>,
        action: WebSearchAction,
    },
+
    #[serde(other)]
    Other,
 }
--- a/codex-rs/protocol/src/protocol.rs
+++ b/codex-rs/protocol/src/protocol.rs
@@ -149,7 +149,7 @@ pub enum Op {

    /// Request the full in-memory conversation transcript for the current session.
    /// Reply is delivered via `EventMsg::ConversationHistory`.
-    GetPath,
+    GetHistory,

    /// Request the list of MCP tools available across all configured servers.
    /// Reply is delivered via `EventMsg::McpListToolsResponse`.
@@ -499,7 +499,7 @@ pub enum EventMsg {
    /// Notification that the agent is shutting down.
    ShutdownComplete,

-    ConversationPath(ConversationPathResponseEvent),
+    ConversationHistory(ConversationHistoryResponseEvent),
 }

 // Individual event payload types matching each `EventMsg` variant.
@@ -801,9 +801,9 @@ pub struct WebSearchEndEvent {
 /// Response payload for `Op::GetHistory` containing the current session's
 /// in-memory transcript.
 #[derive(Debug, Clone, Deserialize, Serialize, TS)]
-pub struct ConversationPathResponseEvent {
+pub struct ConversationHistoryResponseEvent {
    pub conversation_id: ConversationId,
-    pub path: PathBuf,
+    pub entries: Vec<ResponseItem>,
 }

 #[derive(Debug, Clone, Deserialize, Serialize, TS)]
--- a/codex-rs/tui/src/app_backtrack.rs
+++ b/codex-rs/tui/src/app_backtrack.rs
@@ -1,11 +1,9 @@
-use std::path::PathBuf;
-
 use crate::app::App;
 use crate::backtrack_helpers;
 use crate::pager_overlay::Overlay;
 use crate::tui;
 use crate::tui::TuiEvent;
-use codex_core::protocol::ConversationPathResponseEvent;
+use codex_core::protocol::ConversationHistoryResponseEvent;
 use codex_protocol::mcp_protocol::ConversationId;
 use color_eyre::eyre::Result;
 use crossterm::event::KeyCode;
@@ -100,7 +98,7 @@ impl App {
    ) {
        self.backtrack.pending = Some((base_id, drop_last_messages, prefill));
        self.app_event_tx.send(crate::app_event::AppEvent::CodexOp(
-            codex_core::protocol::Op::GetPath,
+            codex_core::protocol::Op::GetHistory,
        ));
    }

@@ -267,7 +265,7 @@ impl App {
    pub(crate) async fn on_conversation_history_for_backtrack(
        &mut self,
        tui: &mut tui::Tui,
-        ev: ConversationPathResponseEvent,
+        ev: ConversationHistoryResponseEvent,
    ) -> Result<()> {
        if let Some((base_id, _, _)) = self.backtrack.pending.as_ref()
            && ev.conversation_id == *base_id
@@ -283,14 +281,14 @@ impl App {
    async fn fork_and_switch_to_new_conversation(
        &mut self,
        tui: &mut tui::Tui,
-        ev: ConversationPathResponseEvent,
+        ev: ConversationHistoryResponseEvent,
        drop_count: usize,
        prefill: String,
    ) {
        let cfg = self.chat_widget.config_ref().clone();
        // Perform the fork via a thin wrapper for clarity/testability.
        let result = self
-            .perform_fork(ev.path.clone(), drop_count, cfg.clone())
+            .perform_fork(ev.entries.clone(), drop_count, cfg.clone())
            .await;
        match result {
            Ok(new_conv) => {
@@ -303,11 +301,13 @@ impl App {
    /// Thin wrapper around ConversationManager::fork_conversation.
    async fn perform_fork(
        &self,
-        path: PathBuf,
+        entries: Vec<codex_protocol::models::ResponseItem>,
        drop_count: usize,
        cfg: codex_core::config::Config,
    ) -> codex_core::error::Result<codex_core::NewConversation> {
-        self.server.fork_conversation(drop_count, cfg, path).await
+        self.server
+            .fork_conversation(entries, drop_count, cfg)
+            .await
    }

    /// Install a forked conversation into the ChatWidget and update UI to reflect selection.
--- a/codex-rs/tui/src/app_event.rs
+++ b/codex-rs/tui/src/app_event.rs
@@ -1,4 +1,4 @@
-use codex_core::protocol::ConversationPathResponseEvent;
+use codex_core::protocol::ConversationHistoryResponseEvent;
 use codex_core::protocol::Event;
 use codex_file_search::FileMatch;

@@ -58,5 +58,5 @@ pub(crate) enum AppEvent {
    UpdateSandboxPolicy(SandboxPolicy),

    /// Forwarded conversation history snapshot from the current conversation.
-    ConversationHistory(ConversationPathResponseEvent),
+    ConversationHistory(ConversationHistoryResponseEvent),
 }
--- a/codex-rs/tui/src/chatwidget.rs
+++ b/codex-rs/tui/src/chatwidget.rs
@@ -1083,7 +1083,7 @@ impl ChatWidget {
                    self.on_user_message_event(ev);
                }
            }
-            EventMsg::ConversationPath(ev) => {
+            EventMsg::ConversationHistory(ev) => {
                self.app_event_tx
                    .send(crate::app_event::AppEvent::ConversationHistory(ev));
            }
--- a/codex-rs/tui/src/lib.rs
+++ b/codex-rs/tui/src/lib.rs
@@ -308,7 +308,7 @@ async fn run_ratatui_app(
        ..
    } = cli;

-    let auth_manager = AuthManager::shared(config.codex_home.clone());
+    let auth_manager = AuthManager::shared(config.codex_home.clone(), config.preferred_auth_method);
    let login_status = get_login_status(&config);
    let should_show_onboarding =
        should_show_onboarding(login_status, &config, should_show_trust_screen);
@@ -392,7 +392,7 @@ fn get_login_status(config: &Config) -> LoginStatus {
        // Reading the OpenAI API key is an async operation because it may need
        // to refresh the token. Block on it.
        let codex_home = config.codex_home.clone();
-        match CodexAuth::from_codex_home(&codex_home) {
+        match CodexAuth::from_codex_home(&codex_home, config.preferred_auth_method) {
            Ok(Some(auth)) => LoginStatus::AuthMode(auth.mode),
            Ok(None) => LoginStatus::NotAuthenticated,
            Err(err) => {
@@ -460,28 +460,60 @@ fn should_show_login_screen(login_status: LoginStatus, config: &Config) -> bool
        return false;
    }

-    login_status == LoginStatus::NotAuthenticated
+    match login_status {
+        LoginStatus::NotAuthenticated => true,
+        LoginStatus::AuthMode(method) => method != config.preferred_auth_method,
+    }
 }

 #[cfg(test)]
 mod tests {
    use super::*;

-    fn make_config() -> Config {
-        Config::load_from_base_config_with_overrides(
+    fn make_config(preferred: AuthMode) -> Config {
+        let mut cfg = Config::load_from_base_config_with_overrides(
            ConfigToml::default(),
            ConfigOverrides::default(),
            std::env::temp_dir(),
        )
-        .expect("load default config")
+        .expect("load default config");
+        cfg.preferred_auth_method = preferred;
+        cfg
    }

    #[test]
    fn shows_login_when_not_authenticated() {
-        let cfg = make_config();
+        let cfg = make_config(AuthMode::ChatGPT);
        assert!(should_show_login_screen(
            LoginStatus::NotAuthenticated,
            &cfg
        ));
    }
+
+    #[test]
+    fn shows_login_when_api_key_but_prefers_chatgpt() {
+        let cfg = make_config(AuthMode::ChatGPT);
+        assert!(should_show_login_screen(
+            LoginStatus::AuthMode(AuthMode::ApiKey),
+            &cfg
+        ))
+    }
+
+    #[test]
+    fn hides_login_when_api_key_and_prefers_api_key() {
+        let cfg = make_config(AuthMode::ApiKey);
+        assert!(!should_show_login_screen(
+            LoginStatus::AuthMode(AuthMode::ApiKey),
+            &cfg
+        ))
+    }
+
+    #[test]
+    fn hides_login_when_chatgpt_and_prefers_chatgpt() {
+        let cfg = make_config(AuthMode::ChatGPT);
+        assert!(!should_show_login_screen(
+            LoginStatus::AuthMode(AuthMode::ChatGPT),
+            &cfg
+        ))
+    }
 }
--- a/codex-rs/tui/src/onboarding/auth.rs
+++ b/codex-rs/tui/src/onboarding/auth.rs
@@ -2,17 +2,12 @@

 use codex_core::AuthManager;
 use codex_core::auth::CLIENT_ID;
-use codex_core::auth::login_with_api_key;
-use codex_core::auth::read_openai_api_key_from_env;
 use codex_login::ServerOptions;
 use codex_login::ShutdownHandle;
 use codex_login::run_login_server;
 use crossterm::event::KeyCode;
 use crossterm::event::KeyEvent;
-use crossterm::event::KeyModifiers;
 use ratatui::buffer::Buffer;
-use ratatui::layout::Constraint;
-use ratatui::layout::Layout;
 use ratatui::layout::Rect;
 use ratatui::prelude::Widget;
 use ratatui::style::Color;
@@ -20,9 +15,6 @@ use ratatui::style::Modifier;
 use ratatui::style::Style;
 use ratatui::style::Stylize;
 use ratatui::text::Line;
-use ratatui::widgets::Block;
-use ratatui::widgets::BorderType;
-use ratatui::widgets::Borders;
 use ratatui::widgets::Paragraph;
 use ratatui::widgets::WidgetRef;
 use ratatui::widgets::Wrap;
@@ -46,14 +38,8 @@ pub(crate) enum SignInState {
    ChatGptContinueInBrowser(ContinueInBrowserState),
    ChatGptSuccessMessage,
    ChatGptSuccess,
-    ApiKeyEntry(ApiKeyInputState),
-    ApiKeyConfigured,
-}
-
-#[derive(Clone, Default)]
-pub(crate) struct ApiKeyInputState {
-    value: String,
-    prepopulated_from_env: bool,
+    EnvVarMissing,
+    EnvVarFound,
 }

 #[derive(Clone)]
@@ -73,10 +59,6 @@ impl Drop for ContinueInBrowserState {

 impl KeyboardHandler for AuthModeWidget {
    fn handle_key_event(&mut self, key_event: KeyEvent) {
-        if self.handle_api_key_entry_key_event(&key_event) {
-            return;
-        }
-
        match key_event.code {
            KeyCode::Up | KeyCode::Char('k') => {
                self.highlighted_mode = AuthMode::ChatGPT;
@@ -87,7 +69,7 @@ impl KeyboardHandler for AuthModeWidget {
            KeyCode::Char('1') => {
                self.start_chatgpt_login();
            }
-            KeyCode::Char('2') => self.start_api_key_entry(),
+            KeyCode::Char('2') => self.verify_api_key(),
            KeyCode::Enter => {
                let sign_in_state = { (*self.sign_in_state.read().unwrap()).clone() };
                match sign_in_state {
@@ -96,9 +78,12 @@ impl KeyboardHandler for AuthModeWidget {
                            self.start_chatgpt_login();
                        }
                        AuthMode::ApiKey => {
-                            self.start_api_key_entry();
+                            self.verify_api_key();
                        }
                    },
+                    SignInState::EnvVarMissing => {
+                        *self.sign_in_state.write().unwrap() = SignInState::PickMode;
+                    }
                    SignInState::ChatGptSuccessMessage => {
                        *self.sign_in_state.write().unwrap() = SignInState::ChatGptSuccess;
                    }
@@ -116,10 +101,6 @@ impl KeyboardHandler for AuthModeWidget {
            _ => {}
        }
    }
-
-    fn handle_paste(&mut self, pasted: String) {
-        let _ = self.handle_api_key_entry_paste(pasted);
-    }
 }

 #[derive(Clone)]
@@ -130,6 +111,7 @@ pub(crate) struct AuthModeWidget {
    pub sign_in_state: Arc<RwLock<SignInState>>,
    pub codex_home: PathBuf,
    pub login_status: LoginStatus,
+    pub preferred_auth_method: AuthMode,
    pub auth_manager: Arc<AuthManager>,
 }

@@ -147,6 +129,24 @@ impl AuthModeWidget {
            "".into(),
        ];

+        // If the user is already authenticated but the method differs from their
+        // preferred auth method, show a brief explanation.
+        if let LoginStatus::AuthMode(current) = self.login_status
+            && current != self.preferred_auth_method
+        {
+            let to_label = |mode: AuthMode| match mode {
+                AuthMode::ApiKey => "API key",
+                AuthMode::ChatGPT => "ChatGPT",
+            };
+            let msg = format!(
+                "  You’re currently using {} while your preferred method is {}.",
+                to_label(current),
+                to_label(self.preferred_auth_method)
+            );
+            lines.push(msg.into());
+            lines.push("".into());
+        }
+
        let create_mode_item = |idx: usize,
                                selected_mode: AuthMode,
                                text: &str,
@@ -175,17 +175,29 @@ impl AuthModeWidget {

            vec![line1, line2]
        };
+        let chatgpt_label = if matches!(self.login_status, LoginStatus::AuthMode(AuthMode::ChatGPT))
+        {
+            "Continue using ChatGPT"
+        } else {
+            "Sign in with ChatGPT"
+        };

        lines.extend(create_mode_item(
            0,
            AuthMode::ChatGPT,
-            "Sign in with ChatGPT",
+            chatgpt_label,
            "Usage included with Plus, Pro, and Team plans",
        ));
+        let api_key_label = if matches!(self.login_status, LoginStatus::AuthMode(AuthMode::ApiKey))
+        {
+            "Continue using API key"
+        } else {
+            "Provide your own API key"
+        };
        lines.extend(create_mode_item(
            1,
            AuthMode::ApiKey,
-            "Provide your own API key",
+            api_key_label,
            "Pay for what you use",
        ));
        lines.push("".into());
@@ -270,213 +282,26 @@ impl AuthModeWidget {
            .render(area, buf);
    }

-    fn render_api_key_configured(&self, area: Rect, buf: &mut Buffer) {
-        let lines = vec![
-            "✓ API key configured".fg(Color::Green).into(),
-            "".into(),
-            "  Codex will use usage-based billing with your API key.".into(),
-        ];
+    fn render_env_var_found(&self, area: Rect, buf: &mut Buffer) {
+        let lines = vec!["✓ Using OPENAI_API_KEY".fg(Color::Green).into()];

        Paragraph::new(lines)
            .wrap(Wrap { trim: false })
            .render(area, buf);
    }

-    fn render_api_key_entry(&self, area: Rect, buf: &mut Buffer, state: &ApiKeyInputState) {
-        let [intro_area, input_area, footer_area] = Layout::vertical([
-            Constraint::Min(4),
-            Constraint::Length(3),
-            Constraint::Min(2),
-        ])
-        .areas(area);
-
-        let mut intro_lines: Vec<Line> = vec![
-            Line::from(vec![
-                "> ".into(),
-                "Use your own OpenAI API key for usage-based billing".bold(),
-            ]),
-            "".into(),
-            "  Paste or type your API key below. It will be stored locally in auth.json.".into(),
+    fn render_env_var_missing(&self, area: Rect, buf: &mut Buffer) {
+        let lines = vec![
+            "  To use Codex with the OpenAI API, set OPENAI_API_KEY in your environment"
+                .fg(Color::Cyan)
+                .into(),
            "".into(),
+            "  Press Enter to return".dim().into(),
        ];
-        if state.prepopulated_from_env {
-            intro_lines.push("  Detected OPENAI_API_KEY environment variable.".into());
-            intro_lines.push(
-                "  Paste a different key if you prefer to use another account."
-                    .dim()
-                    .into(),
-            );
-            intro_lines.push("".into());
-        }
-        Paragraph::new(intro_lines)
+
+        Paragraph::new(lines)
            .wrap(Wrap { trim: false })
-            .render(intro_area, buf);
-
-        let content_line: Line = if state.value.is_empty() {
-            vec!["Paste or type your API key".dim()].into()
-        } else {
-            Line::from(state.value.clone())
-        };
-        Paragraph::new(content_line)
-            .wrap(Wrap { trim: false })
-            .block(
-                Block::default()
-                    .title("API key")
-                    .borders(Borders::ALL)
-                    .border_type(BorderType::Rounded)
-                    .border_style(Style::default().fg(Color::Cyan)),
-            )
-            .render(input_area, buf);
-
-        let mut footer_lines: Vec<Line> = vec![
-            "  Press Enter to save".dim().into(),
-            "  Press Esc to go back".dim().into(),
-        ];
-        if let Some(error) = &self.error {
-            footer_lines.push("".into());
-            footer_lines.push(error.as_str().red().into());
-        }
-        Paragraph::new(footer_lines)
-            .wrap(Wrap { trim: false })
-            .render(footer_area, buf);
-    }
-
-    fn handle_api_key_entry_key_event(&mut self, key_event: &KeyEvent) -> bool {
-        let mut should_save: Option<String> = None;
-        let mut should_request_frame = false;
-
-        {
-            let mut guard = self.sign_in_state.write().unwrap();
-            if let SignInState::ApiKeyEntry(state) = &mut *guard {
-                match key_event.code {
-                    KeyCode::Esc => {
-                        *guard = SignInState::PickMode;
-                        self.error = None;
-                        should_request_frame = true;
-                    }
-                    KeyCode::Enter => {
-                        let trimmed = state.value.trim().to_string();
-                        if trimmed.is_empty() {
-                            self.error = Some("API key cannot be empty".to_string());
-                            should_request_frame = true;
-                        } else {
-                            should_save = Some(trimmed);
-                        }
-                    }
-                    KeyCode::Backspace => {
-                        if state.prepopulated_from_env {
-                            state.value.clear();
-                            state.prepopulated_from_env = false;
-                        } else {
-                            state.value.pop();
-                        }
-                        self.error = None;
-                        should_request_frame = true;
-                    }
-                    KeyCode::Char(c)
-                        if !key_event.modifiers.contains(KeyModifiers::CONTROL)
-                            && !key_event.modifiers.contains(KeyModifiers::ALT) =>
-                    {
-                        if state.prepopulated_from_env {
-                            state.value.clear();
-                            state.prepopulated_from_env = false;
-                        }
-                        state.value.push(c);
-                        self.error = None;
-                        should_request_frame = true;
-                    }
-                    _ => {}
-                }
-                // handled; let guard drop before potential save
-            } else {
-                return false;
-            }
-        }
-
-        if let Some(api_key) = should_save {
-            self.save_api_key(api_key);
-        } else if should_request_frame {
-            self.request_frame.schedule_frame();
-        }
-        true
-    }
-
-    fn handle_api_key_entry_paste(&mut self, pasted: String) -> bool {
-        let trimmed = pasted.trim();
-        if trimmed.is_empty() {
-            return false;
-        }
-
-        let mut guard = self.sign_in_state.write().unwrap();
-        if let SignInState::ApiKeyEntry(state) = &mut *guard {
-            if state.prepopulated_from_env {
-                state.value = trimmed.to_string();
-                state.prepopulated_from_env = false;
-            } else {
-                state.value.push_str(trimmed);
-            }
-            self.error = None;
-        } else {
-            return false;
-        }
-
-        drop(guard);
-        self.request_frame.schedule_frame();
-        true
-    }
-
-    fn start_api_key_entry(&mut self) {
-        self.error = None;
-        let prefill_from_env = read_openai_api_key_from_env();
-        let mut guard = self.sign_in_state.write().unwrap();
-        match &mut *guard {
-            SignInState::ApiKeyEntry(state) => {
-                if state.value.is_empty() {
-                    if let Some(prefill) = prefill_from_env.clone() {
-                        state.value = prefill;
-                        state.prepopulated_from_env = true;
-                    } else {
-                        state.prepopulated_from_env = false;
-                    }
-                }
-            }
-            _ => {
-                *guard = SignInState::ApiKeyEntry(ApiKeyInputState {
-                    value: prefill_from_env.clone().unwrap_or_default(),
-                    prepopulated_from_env: prefill_from_env.is_some(),
-                });
-            }
-        }
-        drop(guard);
-        self.request_frame.schedule_frame();
-    }
-
-    fn save_api_key(&mut self, api_key: String) {
-        match login_with_api_key(&self.codex_home, &api_key) {
-            Ok(()) => {
-                self.error = None;
-                self.login_status = LoginStatus::AuthMode(AuthMode::ApiKey);
-                self.auth_manager.reload();
-                *self.sign_in_state.write().unwrap() = SignInState::ApiKeyConfigured;
-            }
-            Err(err) => {
-                self.error = Some(format!("Failed to save API key: {err}"));
-                let mut guard = self.sign_in_state.write().unwrap();
-                if let SignInState::ApiKeyEntry(existing) = &mut *guard {
-                    if existing.value.is_empty() {
-                        existing.value.push_str(&api_key);
-                    }
-                    existing.prepopulated_from_env = false;
-                } else {
-                    *guard = SignInState::ApiKeyEntry(ApiKeyInputState {
-                        value: api_key,
-                        prepopulated_from_env: false,
-                    });
-                }
-            }
-        }
-
-        self.request_frame.schedule_frame();
+            .render(area, buf);
    }

    fn start_chatgpt_login(&mut self) {
@@ -529,6 +354,18 @@ impl AuthModeWidget {
            }
        }
    }
+
+    /// TODO: Read/write from the correct hierarchy config overrides + auth json + OPENAI_API_KEY.
+    fn verify_api_key(&mut self) {
+        if matches!(self.login_status, LoginStatus::AuthMode(AuthMode::ApiKey)) {
+            // We already have an API key configured (e.g., from auth.json or env),
+            // so mark this step complete immediately.
+            *self.sign_in_state.write().unwrap() = SignInState::EnvVarFound;
+        } else {
+            *self.sign_in_state.write().unwrap() = SignInState::EnvVarMissing;
+        }
+        self.request_frame.schedule_frame();
+    }
 }

 impl StepStateProvider for AuthModeWidget {
@@ -536,10 +373,10 @@ impl StepStateProvider for AuthModeWidget {
        let sign_in_state = self.sign_in_state.read().unwrap();
        match &*sign_in_state {
            SignInState::PickMode
-            | SignInState::ApiKeyEntry(_)
+            | SignInState::EnvVarMissing
            | SignInState::ChatGptContinueInBrowser(_)
            | SignInState::ChatGptSuccessMessage => StepState::InProgress,
-            SignInState::ChatGptSuccess | SignInState::ApiKeyConfigured => StepState::Complete,
+            SignInState::ChatGptSuccess | SignInState::EnvVarFound => StepState::Complete,
        }
    }
 }
@@ -560,11 +397,11 @@ impl WidgetRef for AuthModeWidget {
            SignInState::ChatGptSuccess => {
                self.render_chatgpt_success(area, buf);
            }
-            SignInState::ApiKeyEntry(state) => {
-                self.render_api_key_entry(area, buf, state);
+            SignInState::EnvVarMissing => {
+                self.render_env_var_missing(area, buf);
            }
-            SignInState::ApiKeyConfigured => {
-                self.render_api_key_configured(area, buf);
+            SignInState::EnvVarFound => {
+                self.render_env_var_found(area, buf);
            }
        }
    }
--- a/codex-rs/tui/src/onboarding/onboarding_screen.rs
+++ b/codex-rs/tui/src/onboarding/onboarding_screen.rs
@@ -34,7 +34,6 @@ enum Step {

 pub(crate) trait KeyboardHandler {
    fn handle_key_event(&mut self, key_event: KeyEvent);
-    fn handle_paste(&mut self, _pasted: String) {}
 }

 pub(crate) enum StepState {
@@ -70,6 +69,7 @@ impl OnboardingScreen {
            auth_manager,
            config,
        } = args;
+        let preferred_auth_method = config.preferred_auth_method;
        let cwd = config.cwd.clone();
        let codex_home = config.codex_home.clone();
        let mut steps: Vec<Step> = vec![Step::Welcome(WelcomeWidget {
@@ -84,6 +84,7 @@ impl OnboardingScreen {
                codex_home: codex_home.clone(),
                login_status,
                auth_manager,
+                preferred_auth_method,
            }))
        }
        let is_git_repo = get_git_repo_root(&cwd).is_some();
@@ -193,17 +194,6 @@ impl KeyboardHandler for OnboardingScreen {
        };
        self.request_frame.schedule_frame();
    }
-
-    fn handle_paste(&mut self, pasted: String) {
-        if pasted.is_empty() {
-            return;
-        }
-
-        if let Some(active_step) = self.current_steps_mut().into_iter().last() {
-            active_step.handle_paste(pasted);
-        }
-        self.request_frame.schedule_frame();
-    }
 }

 impl WidgetRef for &OnboardingScreen {
@@ -273,14 +263,6 @@ impl KeyboardHandler for Step {
            Step::TrustDirectory(widget) => widget.handle_key_event(key_event),
        }
    }
-
-    fn handle_paste(&mut self, pasted: String) {
-        match self {
-            Step::Welcome(_) => {}
-            Step::Auth(widget) => widget.handle_paste(pasted),
-            Step::TrustDirectory(widget) => widget.handle_paste(pasted),
-        }
-    }
 }

 impl StepStateProvider for Step {
@@ -330,14 +312,12 @@ pub(crate) async fn run_onboarding_app(
                TuiEvent::Key(key_event) => {
                    onboarding_screen.handle_key_event(key_event);
                }
-                TuiEvent::Paste(text) => {
-                    onboarding_screen.handle_paste(text);
-                }
                TuiEvent::Draw => {
                    let _ = tui.draw(u16::MAX, |frame| {
                        frame.render_widget_ref(&onboarding_screen, frame.area());
                    });
                }
+                _ => {}
            }
        }
    }
--- a/docs/advanced.md
+++ b/docs/advanced.md
@@ -8,7 +8,7 @@ Run Codex head-less in pipelines. Example GitHub Action step:
 - name: Update changelog via Codex
  run: |
    npm install -g @openai/codex
-    codex login --api-key "${{ secrets.OPENAI_KEY }}"
+    export OPENAI_API_KEY="${{ secrets.OPENAI_KEY }}"
    codex exec --full-auto "update CHANGELOG for next release"
 ```

--- a/docs/authentication.md
+++ b/docs/authentication.md
@@ -2,10 +2,10 @@

 ## Usage-based billing alternative: Use an OpenAI API key

-If you prefer to pay-as-you-go, you can still authenticate with your OpenAI API key:
+If you prefer to pay-as-you-go, you can still authenticate with your OpenAI API key by setting it as an environment variable:

 ```shell
-codex login --api-key "your-api-key-here"
+export OPENAI_API_KEY="your-api-key-here"
 ```

 This key must, at minimum, have write access to the Responses API.
@@ -18,6 +18,36 @@ If you've used the Codex CLI before with usage-based billing via an API key and
 2. Delete `~/.codex/auth.json` (on Windows: `C:\\Users\\USERNAME\\.codex\\auth.json`)
 3. Run `codex login` again

+## Forcing a specific auth method (advanced)
+
+You can explicitly choose which authentication Codex should prefer when both are available.
+
+- To always use your API key (even when ChatGPT auth exists), set:
+
+```toml
+# ~/.codex/config.toml
+preferred_auth_method = "apikey"
+```
+
+Or override ad-hoc via CLI:
+
+```bash
+codex --config preferred_auth_method="apikey"
+```
+
+- To prefer ChatGPT auth (default), set:
+
+```toml
+# ~/.codex/config.toml
+preferred_auth_method = "chatgpt"
+```
+
+Notes:
+
+- When `preferred_auth_method = "apikey"` and an API key is available, the login screen is skipped.
+- When `preferred_auth_method = "chatgpt"` (default), Codex prefers ChatGPT auth if present; if only an API key is present, it will use the API key. Certain account types may also require API-key mode.
+- To check which auth method is being used during a session, use the `/status` command in the TUI.
+
 ## Connecting on a "Headless" Machine

 Today, the login process entails running a server on `localhost:1455`. If you are on a "headless" server, such as a Docker container or are `ssh`'d into a remote machine, loading `localhost:1455` in the browser on your local machine will not automatically connect to the webserver running on the _headless_ machine, so you must use one of the following workarounds:
--- a/docs/config.md
+++ b/docs/config.md
@@ -612,4 +612,5 @@ Options that are specific to the TUI.
 | `experimental_use_exec_command_tool` | boolean | Use experimental exec command tool. |
 | `responses_originator_header_internal_override` | string | Override `originator` header value. |
 | `projects.<path>.trust_level` | string | Mark project/worktree as trusted (only `"trusted"` is recognized). |
+| `preferred_auth_method` | `chatgpt` \| `apikey` | Select default auth method (default: `chatgpt`). |
 | `tools.web_search` | boolean | Enable web search tool (alias: `web_search_request`) (default: false). |