fix path

cleanup
moving concurrent execution to mcp instead of subprocess/exec
2026-04-24 22:54:54 +00:00 · 2025-07-26 18:34:36 +01:00 · 2025-07-26 18:32:46 +01:00 · 2025-07-26 18:32:45 +01:00 · 2025-07-26 18:32:11 +01:00 · 2025-07-26 18:32:09 +01:00
60 changed files with 3390 additions and 2379 deletions
--- a/codex-rs/Cargo.lock
+++ b/codex-rs/Cargo.lock
@@ -463,18 +463,18 @@ checksum = "df8670b8c7b9dae1793364eafadf7239c40d669904660c5960d74cfd80b46a53"

 [[package]]
 name = "castaway"
-version = "0.2.4"
+version = "0.2.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dec551ab6e7578819132c713a93c022a05d60159dc86e7a7050223577484c55a"
+checksum = "0abae9be0aaf9ea96a3b1b8b1b55c602ca751eba1b1500220cea4ecbafe7c0d5"
 dependencies = [
 "rustversion",
 ]

 [[package]]
 name = "cc"
-version = "1.2.30"
+version = "1.2.29"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "deec109607ca693028562ed836a5f1c4b8bd77755c4e132fc5ce11b0b6211ae7"
+checksum = "5c1599538de2394445747c8cf7935946e3cc27e9625f889d979bfb2aaf569362"
 dependencies = [
 "jobserver",
 "libc",
@@ -570,9 +570,9 @@ checksum = "b94f61472cee1439c0b966b47e3aca9ae07e45d070759512cd390ea2bebc6675"

 [[package]]
 name = "clipboard-win"
-version = "5.4.1"
+version = "5.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bde03770d3df201d4fb868f2c9c59e66a3e4e2bd06692a0fe701e7103c7e84d4"
+checksum = "15efe7a882b08f34e38556b14f2fb3daa98769d06c7f0c1b076dfd0d983bc892"
 dependencies = [
 "error-code",
 ]
@@ -605,18 +605,6 @@ dependencies = [
 "tree-sitter-bash",
 ]

-[[package]]
-name = "codex-arg0"
-version = "0.0.0"
-dependencies = [
- "anyhow",
- "codex-apply-patch",
- "codex-core",
- "codex-linux-sandbox",
- "dotenvy",
- "tokio",
-]
-
 [[package]]
 name = "codex-chatgpt"
 version = "0.0.0"
@@ -638,20 +626,27 @@ name = "codex-cli"
 version = "0.0.0"
 dependencies = [
 "anyhow",
+ "assert_cmd",
+ "chrono",
 "clap",
 "clap_complete",
- "codex-arg0",
 "codex-chatgpt",
 "codex-common",
 "codex-core",
 "codex-exec",
+ "codex-linux-sandbox",
 "codex-login",
+ "codex-mcp-client",
 "codex-mcp-server",
 "codex-tui",
+ "mcp-types",
+ "serde",
 "serde_json",
+ "tempfile",
 "tokio",
 "tracing",
 "tracing-subscriber",
+ "uuid",
 ]

 [[package]]
@@ -719,17 +714,14 @@ name = "codex-exec"
 version = "0.0.0"
 dependencies = [
 "anyhow",
- "assert_cmd",
 "chrono",
 "clap",
- "codex-arg0",
 "codex-common",
 "codex-core",
+ "codex-linux-sandbox",
 "owo-colors",
- "predicates",
 "serde_json",
 "shlex",
- "tempfile",
 "tokio",
 "tracing",
 "tracing-subscriber",
@@ -776,6 +768,7 @@ dependencies = [
 "clap",
 "codex-common",
 "codex-core",
+ "dotenvy",
 "landlock",
 "libc",
 "seccompiler",
@@ -787,19 +780,11 @@ dependencies = [
 name = "codex-login"
 version = "0.0.0"
 dependencies = [
- "base64 0.22.1",
 "chrono",
- "http-body-util",
- "hyper",
- "hyper-util",
- "open",
- "rand 0.8.5",
 "reqwest",
 "serde",
 "serde_json",
- "sha2",
 "tokio",
- "url",
 ]

 [[package]]
@@ -821,8 +806,8 @@ version = "0.0.0"
 dependencies = [
 "anyhow",
 "assert_cmd",
- "codex-arg0",
 "codex-core",
+ "codex-linux-sandbox",
 "mcp-types",
 "mcp_test_support",
 "pretty_assertions",
@@ -848,10 +833,10 @@ dependencies = [
 "base64 0.22.1",
 "clap",
 "codex-ansi-escape",
- "codex-arg0",
 "codex-common",
 "codex-core",
 "codex-file-search",
+ "codex-linux-sandbox",
 "codex-login",
 "color-eyre",
 "crossterm",
@@ -1000,9 +985,9 @@ dependencies = [

 [[package]]
 name = "crc32fast"
-version = "1.5.0"
+version = "1.4.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9481c1c90cbf2ac953f07c8d4a58aa3945c425b7185c9154d67a65e4230da511"
+checksum = "a97769d94ddab943e4510d138150169a2758b5ef3eb191a9ee688de3e23ef7b3"
 dependencies = [
 "cfg-if",
 ]
@@ -1549,7 +1534,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0ce92ff622d6dadf7349484f42c93271a0d49b7cc4d466a936405bacbe10aa78"
 dependencies = [
 "cfg-if",
- "rustix 1.0.8",
+ "rustix 1.0.7",
 "windows-sys 0.59.0",
 ]

@@ -1998,9 +1983,9 @@ dependencies = [

 [[package]]
 name = "hyper-util"
-version = "0.1.16"
+version = "0.1.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8d9b05277c7e8da2c93a568989bb6207bef0112e8d17df7a6eda4a3cf143bc5e"
+checksum = "7f66d5bd4c6f02bf0542fad85d626775bab9258cf795a4256dcaf3161114d1df"
 dependencies = [
 "base64 0.22.1",
 "bytes",
@@ -2014,7 +1999,7 @@ dependencies = [
 "libc",
 "percent-encoding",
 "pin-project-lite",
- "socket2 0.6.0",
+ "socket2",
 "system-configuration",
 "tokio",
 "tower-service",
@@ -2267,9 +2252,9 @@ dependencies = [

 [[package]]
 name = "instability"
-version = "0.3.9"
+version = "0.3.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "435d80800b936787d62688c927b6490e887c7ef5ff9ce922c6c6050fca75eb9a"
+checksum = "0bf9fed6d91cfb734e7476a06bde8300a1b94e217e1b523b6f0cd1a01998c71d"
 dependencies = [
 "darling",
 "indoc",
@@ -2300,9 +2285,9 @@ dependencies = [

 [[package]]
 name = "io-uring"
-version = "0.7.9"
+version = "0.7.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d93587f37623a1a17d94ef2bc9ada592f5465fe7732084ab7beefabe5c77c0c4"
+checksum = "b86e202f00093dcba4275d4636b93ef9dd75d025ae560d2521b45ea28ab49013"
 dependencies = [
 "bitflags 2.9.1",
 "cfg-if",
@@ -2325,15 +2310,6 @@ dependencies = [
 "serde",
 ]

-[[package]]
-name = "is-docker"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "928bae27f42bc99b60d9ac7334e3a21d10ad8f1835a4e12ec3ec0464765ed1b3"
-dependencies = [
- "once_cell",
-]
-
 [[package]]
 name = "is-terminal"
 version = "0.4.16"
@@ -2345,16 +2321,6 @@ dependencies = [
 "windows-sys 0.59.0",
 ]

-[[package]]
-name = "is-wsl"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "173609498df190136aa7dea1a91db051746d339e18476eed5ca40521f02d7aa5"
-dependencies = [
- "is-docker",
- "once_cell",
-]
-
 [[package]]
 name = "is_terminal_polyfill"
 version = "1.70.1"
@@ -2525,9 +2491,9 @@ dependencies = [

 [[package]]
 name = "libredox"
-version = "0.1.6"
+version = "0.1.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4488594b9328dee448adb906d8b126d9b7deb7cf5c22161ee591610bb1be83c0"
+checksum = "1580801010e535496706ba011c15f8532df6b42297d2e471fec38ceadd8c0638"
 dependencies = [
 "bitflags 2.9.1",
 "libc",
@@ -2948,17 +2914,6 @@ dependencies = [
 "pkg-config",
 ]

-[[package]]
-name = "open"
-version = "5.3.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e2483562e62ea94312f3576a7aca397306df7990b8d89033e18766744377ef95"
-dependencies = [
- "is-wsl",
- "libc",
- "pathdiff",
-]
-
 [[package]]
 name = "openssl"
 version = "0.10.73"
@@ -3090,12 +3045,6 @@ dependencies = [
 "once_cell",
 ]

-[[package]]
-name = "pathdiff"
-version = "0.2.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "df94ce210e5bc13cb6651479fa48d14f601d9858cfe0467f43ae157023b938d3"
-
 [[package]]
 name = "percent-encoding"
 version = "2.3.1"
@@ -3417,7 +3366,8 @@ dependencies = [
 [[package]]
 name = "ratatui"
 version = "0.29.0"
-source = "git+https://github.com/nornagon/ratatui?branch=nornagon-v0.29.0-patch#bca287ddc5d38fe088c79e2eda22422b96226f2e"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "eabd94c2f37801c20583fc49dd5cd6b0ba68c716787c2dd6ed18571e1e63117b"
 dependencies = [
 "bitflags 2.9.1",
 "cassowary",
@@ -3522,9 +3472,9 @@ dependencies = [

 [[package]]
 name = "redox_syscall"
-version = "0.5.15"
+version = "0.5.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7e8af0dde094006011e6a740d4879319439489813bd0bcdc7d821beaeeff48ec"
+checksum = "0d04b7d0ee6b4a0207a0a7adb104d23ecb0b47d6beae7152d0fa34b692b29fd6"
 dependencies = [
 "bitflags 2.9.1",
 ]
@@ -3672,9 +3622,9 @@ dependencies = [

 [[package]]
 name = "rgb"
-version = "0.8.52"
+version = "0.8.51"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0c6a884d2998352bb4daf0183589aec883f16a6da1f4dde84d8e2e9a5409a1ce"
+checksum = "a457e416a0f90d246a4c3288bd7a25b2304ca727f253f95be383dd17af56be8f"

 [[package]]
 name = "ring"
@@ -3750,22 +3700,22 @@ dependencies = [

 [[package]]
 name = "rustix"
-version = "1.0.8"
+version = "1.0.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "11181fbabf243db407ef8df94a6ce0b2f9a733bd8be4ad02b4eda9602296cac8"
+checksum = "c71e83d6afe7ff64890ec6b71d6a69bb8a610ab78ce364b3352876bb4c801266"
 dependencies = [
 "bitflags 2.9.1",
 "errno",
 "libc",
 "linux-raw-sys 0.9.4",
- "windows-sys 0.60.2",
+ "windows-sys 0.59.0",
 ]

 [[package]]
 name = "rustls"
-version = "0.23.29"
+version = "0.23.28"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2491382039b29b9b11ff08b76ff6c97cf287671dbb74f0be44bda389fffe9bd1"
+checksum = "7160e3e10bf4535308537f3c4e1641468cd0e485175d6163087c0393c7d46643"
 dependencies = [
 "once_cell",
 "rustls-pki-types",
@@ -3785,9 +3735,9 @@ dependencies = [

 [[package]]
 name = "rustls-webpki"
-version = "0.103.4"
+version = "0.103.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0a17884ae0c1b773f1ccd2bd4a8c72f16da897310a98b0e84bf349ad5ead92fc"
+checksum = "e4a72fe2bcf7a6ac6fd7d0b9e5cb68aeb7d4c0a0271730218b3e92d43b4eb435"
 dependencies = [
 "ring",
 "rustls-pki-types",
@@ -4013,9 +3963,9 @@ dependencies = [

 [[package]]
 name = "serde_json"
-version = "1.0.141"
+version = "1.0.140"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "30b9eff21ebe718216c6ec64e1d9ac57087aad11efc64e32002bce4a0d4c03d3"
+checksum = "20068b6e96dc6c9bd23e01df8827e6c7e1f2fddd43c21810382803c136b99373"
 dependencies = [
 "indexmap 2.10.0",
 "itoa",
@@ -4108,17 +4058,6 @@ dependencies = [
 "digest",
 ]

-[[package]]
-name = "sha2"
-version = "0.10.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283"
-dependencies = [
- "cfg-if",
- "cpufeatures",
- "digest",
-]
-
 [[package]]
 name = "sharded-slab"
 version = "0.1.7"
@@ -4219,16 +4158,6 @@ dependencies = [
 "windows-sys 0.52.0",
 ]

-[[package]]
-name = "socket2"
-version = "0.6.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "233504af464074f9d066d7b5416c5f9b894a5862a6506e306f7b816cdd6f1807"
-dependencies = [
- "libc",
- "windows-sys 0.59.0",
-]
-
 [[package]]
 name = "stable_deref_trait"
 version = "1.2.0"
@@ -4520,7 +4449,7 @@ dependencies = [
 "fastrand",
 "getrandom 0.3.3",
 "once_cell",
- "rustix 1.0.8",
+ "rustix 1.0.7",
 "windows-sys 0.59.0",
 ]

@@ -4541,7 +4470,7 @@ version = "0.4.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "45c6481c4829e4cc63825e62c49186a34538b7b2750b73b266581ffb612fb5ed"
 dependencies = [
- "rustix 1.0.8",
+ "rustix 1.0.7",
 "windows-sys 0.59.0",
 ]

@@ -4687,7 +4616,7 @@ dependencies = [
 "pin-project-lite",
 "signal-hook-registry",
 "slab",
- "socket2 0.5.10",
+ "socket2",
 "tokio-macros",
 "windows-sys 0.52.0",
 ]
@@ -4829,9 +4758,9 @@ dependencies = [

 [[package]]
 name = "toml_writer"
-version = "1.0.2"
+version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fcc842091f2def52017664b53082ecbbeb5c7731092bad69d2c63050401dfd64"
+checksum = "b679217f2848de74cabd3e8fc5e6d66f40b7da40f8e1954d92054d9010690fd5"

 [[package]]
 name = "tower"
@@ -5653,9 +5582,9 @@ checksum = "271414315aff87387382ec3d271b52d7ae78726f5d44ac98b4f4030c91880486"

 [[package]]
 name = "winnow"
-version = "0.7.12"
+version = "0.7.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f3edebf492c8125044983378ecb5766203ad3b4c2f7a922bd7dd207f6d443e95"
+checksum = "74c7b26e3480b707944fc872477815d29a8e429d2f93a1ce000f5fa84a15cbcd"
 dependencies = [
 "memchr",
 ]
--- a/codex-rs/Cargo.toml
+++ b/codex-rs/Cargo.toml
@@ -3,7 +3,6 @@ resolver = "2"
 members = [
    "ansi-escape",
    "apply-patch",
-    "arg0",
    "cli",
    "common",
    "core",
@@ -41,8 +40,3 @@ strip = "symbols"

 # See https://github.com/openai/codex/issues/1411 for details.
 codegen-units = 1
-
-[patch.crates-io]
-# ratatui = { path = "../../ratatui" }
-ratatui = { git = "https://github.com/nornagon/ratatui", branch = "nornagon-v0.29.0-patch" }
-
--- a/codex-rs/arg0/Cargo.toml
+++ b/codex-rs/arg0/Cargo.toml
@@ -1,19 +0,0 @@
-[package]
-name = "codex-arg0"
-version = { workspace = true }
-edition = "2024"
-
-[lib]
-name = "codex_arg0"
-path = "src/lib.rs"
-
-[lints]
-workspace = true
-
-[dependencies]
-anyhow = "1"
-codex-apply-patch = { path = "../apply-patch" }
-codex-core = { path = "../core" }
-codex-linux-sandbox = { path = "../linux-sandbox" }
-dotenvy = "0.15.7"
-tokio = { version = "1", features = ["rt-multi-thread"] }
--- a/codex-rs/arg0/src/lib.rs
+++ b/codex-rs/arg0/src/lib.rs
@@ -1,89 +0,0 @@
-use std::future::Future;
-use std::path::Path;
-use std::path::PathBuf;
-
-/// While we want to deploy the Codex CLI as a single executable for simplicity,
-/// we also want to expose some of its functionality as distinct CLIs, so we use
-/// the "arg0 trick" to determine which CLI to dispatch. This effectively allows
-/// us to simulate deploying multiple executables as a single binary on Mac and
-/// Linux (but not Windows).
-///
-/// When the current executable is invoked through the hard-link or alias named
-/// `codex-linux-sandbox` we *directly* execute
-/// [`codex_linux_sandbox::run_main`] (which never returns). Otherwise we:
-///
-/// 1.  Use [`dotenvy::from_path`] and [`dotenvy::dotenv`] to modify the
-///     environment before creating any threads.
-/// 2.  Construct a Tokio multi-thread runtime.
-/// 3.  Derive the path to the current executable (so children can re-invoke the
-///     sandbox) when running on Linux.
-/// 4.  Execute the provided async `main_fn` inside that runtime, forwarding any
-///     error. Note that `main_fn` receives `codex_linux_sandbox_exe:
-///     Option<PathBuf>`, as an argument, which is generally needed as part of
-///     constructing [`codex_core::config::Config`].
-///
-/// This function should be used to wrap any `main()` function in binary crates
-/// in this workspace that depends on these helper CLIs.
-pub fn arg0_dispatch_or_else<F, Fut>(main_fn: F) -> anyhow::Result<()>
-where
-    F: FnOnce(Option<PathBuf>) -> Fut,
-    Fut: Future<Output = anyhow::Result<()>>,
-{
-    // Determine if we were invoked via the special alias.
-    let mut args = std::env::args_os();
-    let argv0 = args.next().unwrap_or_default();
-    let exe_name = Path::new(&argv0)
-        .file_name()
-        .and_then(|s| s.to_str())
-        .unwrap_or("");
-
-    if exe_name == "codex-linux-sandbox" {
-        // Safety: [`run_main`] never returns.
-        codex_linux_sandbox::run_main();
-    }
-
-    let argv1 = args.next().unwrap_or_default();
-    if argv1 == "--codex-run-as-apply-patch" {
-        let patch_arg = args.next().and_then(|s| s.to_str().map(|s| s.to_owned()));
-        let exit_code = match patch_arg {
-            Some(patch_arg) => {
-                let mut stdout = std::io::stdout();
-                let mut stderr = std::io::stderr();
-                match codex_apply_patch::apply_patch(&patch_arg, &mut stdout, &mut stderr) {
-                    Ok(()) => 0,
-                    Err(_) => 1,
-                }
-            }
-            None => {
-                eprintln!("Error: --codex-run-as-apply-patch requires a UTF-8 PATCH argument.");
-                1
-            }
-        };
-        std::process::exit(exit_code);
-    }
-
-    // This modifies the environment, which is not thread-safe, so do this
-    // before creating any threads/the Tokio runtime.
-    load_dotenv();
-
-    // Regular invocation – create a Tokio runtime and execute the provided
-    // async entry-point.
-    let runtime = tokio::runtime::Runtime::new()?;
-    runtime.block_on(async move {
-        let codex_linux_sandbox_exe: Option<PathBuf> = if cfg!(target_os = "linux") {
-            std::env::current_exe().ok()
-        } else {
-            None
-        };
-
-        main_fn(codex_linux_sandbox_exe).await
-    })
-}
-
-/// Load env vars from ~/.codex/.env and `$(pwd)/.env`.
-fn load_dotenv() {
-    if let Ok(codex_home) = codex_core::config::find_codex_home() {
-        dotenvy::from_path(codex_home.join(".env")).ok();
-    }
-    dotenvy::dotenv().ok();
-}
--- a/codex-rs/cli/Cargo.toml
+++ b/codex-rs/cli/Cargo.toml
@@ -18,15 +18,21 @@ workspace = true
 anyhow = "1"
 clap = { version = "4", features = ["derive"] }
 clap_complete = "4"
-codex-arg0 = { path = "../arg0" }
 codex-chatgpt = { path = "../chatgpt" }
 codex-core = { path = "../core" }
 codex-common = { path = "../common", features = ["cli"] }
 codex-exec = { path = "../exec" }
 codex-login = { path = "../login" }
+codex-linux-sandbox = { path = "../linux-sandbox" }
 codex-mcp-server = { path = "../mcp-server" }
+# Added for `codex pap` subcommand to act as an MCP client to the `codex mcp` server.
+codex-mcp-client = { path = "../mcp-client" }
+# Direct dependency for types used in pap subcommand
+mcp-types = { path = "../mcp-types" }
 codex-tui = { path = "../tui" }
 serde_json = "1"
+serde = { version = "1", features = ["derive"] }
+chrono = { version = "0.4", default-features = false, features = ["clock"] }
 tokio = { version = "1", features = [
    "io-std",
    "macros",
@@ -36,3 +42,10 @@ tokio = { version = "1", features = [
 ] }
 tracing = "0.1.41"
 tracing-subscriber = "0.3.19"
+uuid = { version = "1", features = ["v4"] }
+
+[dev-dependencies]
+assert_cmd = "2"
+serde = { version = "1", features = ["derive"] }
+serde_json = "1"
+tempfile = "3"
--- a/codex-rs/cli/src/concurrent/mod.rs
+++ b/codex-rs/cli/src/concurrent/mod.rs
@@ -0,0 +1,368 @@
+use std::fs::File;
+use std::path::PathBuf;
+use std::process::{Command, Stdio};
+use std::io::Write; // added for write_all / flush
+
+use anyhow::Context;
+use codex_common::ApprovalModeCliArg;
+use codex_tui::Cli as TuiCli;
+
+/// Attempt to handle a concurrent background run. Returns Ok(true) if a background exec
+/// process was spawned (in which case the caller should NOT start the TUI), or Ok(false)
+/// to proceed with normal interactive execution.
+pub fn maybe_spawn_concurrent(
+    tui_cli: &mut TuiCli,
+    root_raw_overrides: &[String],
+    concurrent: bool,
+    concurrent_automerge: Option<bool>,
+    concurrent_branch_name: &Option<String>,
+) -> anyhow::Result<bool> {
+    if !concurrent { return Ok(false); }
+
+    // Enforce autonomous execution conditions when running interactive mode.
+    // Validate git repository presence (required for --concurrent) only if we're in interactive path.
+    {
+        let dir_to_check = tui_cli
+            .cwd
+            .clone()
+            .unwrap_or_else(|| std::env::current_dir().unwrap_or_else(|_| PathBuf::from(".")));
+        let status = Command::new("git")
+            .arg("-C")
+            .arg(&dir_to_check)
+            .arg("rev-parse")
+            .arg("--git-dir")
+            .stdout(Stdio::null())
+            .stderr(Stdio::null())
+            .status();
+        if status.as_ref().map(|s| !s.success()).unwrap_or(true) {
+            eprintln!(
+                "Error: --concurrent requires a git repository (directory {:?} is not managed by git).",
+                dir_to_check
+            );
+            std::process::exit(2);
+        }
+    }
+
+    let ap = tui_cli.approval_policy;
+    let approval_on_failure = matches!(ap, Some(ApprovalModeCliArg::OnFailure));
+    // (removed unused `autonomous` variable – full_auto logic applied directly below where needed)
+
+    // Build exec args from interactive CLI for autonomous run without TUI (background).
+    // todo: pap dynamically get those
+    let mut worker_args: Vec<String> = Vec::new();
+    // Map model/profile directly.
+    if let Some(model) = &tui_cli.model { worker_args.push("--model".into()); worker_args.push(model.clone()); }
+    if let Some(profile) = &tui_cli.config_profile { worker_args.push("--profile".into()); worker_args.push(profile.clone()); }
+    // Derive approval-policy & sandbox (respect explicit flags first, then full-auto / dangerous shortcuts).
+    let mut approval_policy: Option<String> = tui_cli.approval_policy.map(|a| format!("{a:?}").to_lowercase().replace('_', "-"));
+    let mut sandbox: Option<String> = tui_cli.sandbox_mode.map(|s| format!("{s:?}").to_lowercase().replace('_', "-"));
+    if approval_policy.is_none() && tui_cli.full_auto { approval_policy = Some("on-failure".into()); }
+    if sandbox.is_none() && tui_cli.full_auto { sandbox = Some("workspace-write".into()); }
+    if tui_cli.dangerously_bypass_approvals_and_sandbox { approval_policy = Some("never".into()); sandbox = Some("danger-full-access".into()); }
+    if let Some(ap) = approval_policy { worker_args.push("--approval-policy".into()); worker_args.push(ap); }
+    if let Some(sb) = sandbox { worker_args.push("--sandbox".into()); worker_args.push(sb); }
+    // Config overrides (-c) from root and interactive CLI.
+    for raw in root_raw_overrides { worker_args.push("--worker-config".into()); worker_args.push(raw.clone()); }
+    for raw in &tui_cli.config_overrides.raw_overrides { worker_args.push("--worker-config".into()); worker_args.push(raw.clone()); }
+
+    // Derive a single slug (shared by worktree branch & log filename) from the prompt.
+    let raw_prompt = tui_cli.prompt.as_deref().unwrap_or("");
+    let snippet = raw_prompt.chars().take(32).collect::<String>();
+    let mut slug: String = snippet
+        .chars()
+        .map(|c| if c.is_ascii_alphanumeric() { c.to_ascii_lowercase() } else { '-' })
+        .collect();
+    while slug.contains("--") { slug = slug.replace("--", "-"); }
+    slug = slug.trim_matches('-').to_string();
+    if slug.is_empty() { slug = "prompt".into(); }
+
+    // Determine concurrent defaults from env (no config file), then apply CLI precedence.
+    let env_automerge = parse_env_bool("CONCURRENT_AUTOMERGE");
+    let env_branch_name = std::env::var("CONCURRENT_BRANCH_NAME").ok();
+    let effective_automerge = concurrent_automerge.or(env_automerge).unwrap_or(true);
+    let user_branch_name_opt = concurrent_branch_name.clone().or(env_branch_name);
+    let branch_name_effective = if let Some(bn_raw) = user_branch_name_opt.as_ref() {
+        let bn_trim = bn_raw.trim();
+        if bn_trim.is_empty() { format!("codex/{slug}") } else { bn_trim.to_string() }
+    } else {
+        format!("codex/{slug}")
+    };
+
+    // Unique job id for this concurrent run (used for log file naming instead of slug).
+    let task_id = uuid::Uuid::new_v4().to_string();
+
+    // Prepare log file path early so we can write pre-spawn logs (e.g. worktree creation output) into it.
+    let log_dir = match codex_base_dir() {
+        Ok(base) => {
+            let d = base.join("log");
+            let _ = std::fs::create_dir_all(&d);
+            d
+        }
+        Err(_) => PathBuf::from("/tmp"),
+    };
+    let log_path = log_dir.join(format!("codex-logs-{}.log", task_id));
+
+    // If user did NOT specify an explicit cwd, create an isolated git worktree.
+    let mut created_worktree: Option<(PathBuf, String)> = None; // (path, branch)
+    let mut original_branch: Option<String> = None;
+    let mut original_commit: Option<String> = None;
+    let mut pre_spawn_logs = String::new();
+    if tui_cli.cwd.is_none() {
+        original_branch = git_capture(["rev-parse", "--abbrev-ref", "HEAD"]).ok();
+        original_commit = git_capture(["rev-parse", "HEAD"]).ok();
+        match create_concurrent_worktree(&branch_name_effective) {
+            Ok(Some(info)) => {
+                // Record worktree path to pass as --cwd to worker
+                worker_args.push("--cwd".into());
+                worker_args.push(info.worktree_path.display().to_string());
+                created_worktree = Some((info.worktree_path, info.branch_name.clone()));
+                // Keep the original git output plus a concise created line (for log file only).
+                pre_spawn_logs.push_str(&info.logs);
+                pre_spawn_logs.push_str(&format!(
+                    "Created git worktree at {} (branch {}) for concurrent run\n",
+                    created_worktree.as_ref().unwrap().0.display(), info.branch_name
+                ));
+            }
+            Ok(None) => {
+                // Silence console noise: do not warn here to keep stdout clean; we still proceed.
+            }
+            Err(e) => {
+                eprintln!("Error: failed to create git worktree for --concurrent: {e}");
+                eprintln!("Hint: remove or rename existing branch '{branch_name_effective}', or pass --concurrent-branch-name to choose a unique name.");
+                std::process::exit(3);
+            }
+        }
+    } else if let Some(explicit) = &tui_cli.cwd {
+        worker_args.push("--cwd".into());
+        worker_args.push(explicit.display().to_string());
+    }
+
+    // Prompt (safe to unwrap due to earlier validation in autonomous case). For non-autonomous
+    // (interactive later) runs we intentionally do NOT pass the prompt to the subprocess so it
+    // will wait for a Submission over stdin.
+    if let Some(prompt) = tui_cli.prompt.clone() { worker_args.push("--prompt".into()); worker_args.push(prompt); } else { eprintln!("Error: --concurrent requires a prompt."); return Ok(false); }
+
+    // Create (or truncate) the log file and write any pre-spawn logs we captured.
+    let file = match File::create(&log_path) {
+        Ok(mut f) => {
+            if !pre_spawn_logs.is_empty() {
+                let _ = f.write_all(pre_spawn_logs.as_bytes());
+                let _ = f.flush();
+            }
+            f
+        }
+        Err(e) => {
+            eprintln!("Failed to create log file {}: {e}. Falling back to interactive mode.", log_path.display());
+            return Ok(false);
+        }
+    };
+    let file_err = file.try_clone().ok();
+    let mut cmd = Command::new(
+        std::env::current_exe().unwrap_or_else(|_| PathBuf::from("codex"))
+    );
+    cmd.arg("worker");
+    for a in &worker_args { cmd.arg(a); }
+    if let Some((wt_path, branch)) = &created_worktree {
+        if effective_automerge { cmd.env("CODEX_CONCURRENT_AUTOMERGE", "1"); }
+        cmd.env("CODEX_CONCURRENT_BRANCH", branch);
+        cmd.env("CODEX_CONCURRENT_WORKTREE", wt_path);
+        if let Some(ob) = &original_branch { cmd.env("CODEX_ORIGINAL_BRANCH", ob); }
+        if let Some(oc) = &original_commit { cmd.env("CODEX_ORIGINAL_COMMIT", oc); }
+        if let Ok(orig_root) = std::env::current_dir() { cmd.env("CODEX_ORIGINAL_ROOT", orig_root); }
+    }
+    cmd.env("CODEX_TASK_ID", &task_id);
+    cmd.stdout(Stdio::from(file));
+    if let Some(f2) = file_err { cmd.stderr(Stdio::from(f2)); }
+    match cmd.spawn() {
+        Ok(mut child) => {
+            let branch_val = created_worktree.as_ref().map(|(_, b)| b.as_str()).unwrap_or("(none)");
+            let worktree_val = created_worktree
+                .as_ref()
+                .map(|(p, _)| p.display().to_string())
+                .unwrap_or_else(|| "(original cwd)".to_string());
+            println!("\x1b[1mTask ID:\x1b[0m {}", task_id);
+            println!("\x1b[1mPID:\x1b[0m {}", child.id());
+            println!("\x1b[1mBranch:\x1b[0m {}", branch_val);
+            println!("\x1b[1mWorktree:\x1b[0m {}", worktree_val);
+            let initial_state = "started";
+            println!("\x1b[1mState:\x1b[0m {}", initial_state);
+            println!("\nStreaming logs (press Ctrl+C to abort view; task will continue)...\n");
+            let record_time = std::time::SystemTime::now()
+                .duration_since(std::time::UNIX_EPOCH)
+                .map(|d| d.as_secs())
+                .unwrap_or(0);
+            if let Ok(base) = codex_base_dir() {
+                let tasks_path = base.join("tasks.jsonl");
+                let record = serde_json::json!({
+                    "task_id": task_id,
+                    "pid": child.id(),
+                    "worktree": created_worktree.as_ref().map(|(p, _)| p.display().to_string()),
+                    "branch": created_worktree.as_ref().map(|(_, b)| b.clone()),
+                    "original_branch": original_branch,
+                    "original_commit": original_commit,
+                    "log_path": log_path.display().to_string(),
+                    "prompt": raw_prompt,
+                    "model": tui_cli.model.clone(),
+                    "start_time": record_time,
+                    "automerge": effective_automerge,
+                    "explicit_branch_name": user_branch_name_opt,
+                    "token_count": serde_json::Value::Null,
+                    "state": initial_state,
+                });
+                if let Ok(mut f) = std::fs::OpenOptions::new().create(true).append(true).open(&tasks_path) {
+                    use std::io::Write;
+                    let _ = writeln!(f, "{}", record.to_string());
+                }
+            }
+            if let Err(e) = stream_log_until_exit(&log_path, &mut child) {
+                eprintln!("Error streaming logs: {e}");
+            }
+            return Ok(true);
+        }
+        Err(e) => {
+            eprintln!("Failed to start background exec: {e}. Falling back to interactive mode.");
+        }
+    }
+
+    Ok(false)
+}
+
+/// Return the base Codex directory under the user's home (~/.codex), creating it if necessary.
+fn codex_base_dir() -> anyhow::Result<PathBuf> {
+    if let Ok(val) = std::env::var("CODEX_HOME") {
+        if !val.is_empty() {
+            return Ok(PathBuf::from(val).canonicalize()?);
+        }
+    }
+    let home = std::env::var_os("HOME").ok_or_else(|| anyhow::anyhow!("Could not find home directory"))?;
+    let base = PathBuf::from(home).join(".codex");
+    std::fs::create_dir_all(&base)?;
+    Ok(base)
+}
+
+/// Attempt to create a git worktree for an isolated concurrent run capturing git output.
+struct WorktreeInfo { worktree_path: PathBuf, branch_name: String, logs: String }
+fn create_concurrent_worktree(branch_name: &str) -> anyhow::Result<Option<WorktreeInfo>> {
+    // Determine repository root.
+    let output = Command::new("git").arg("rev-parse").arg("--show-toplevel").output();
+    let repo_root = match output {
+        Ok(out) if out.status.success() => {
+            let s = String::from_utf8_lossy(&out.stdout).trim().to_string();
+            if s.is_empty() { return Ok(None); }
+            PathBuf::from(s)
+        }
+        _ => return Ok(None),
+    };
+
+    // Derive repo name from root directory.
+    let repo_name = repo_root
+        .file_name()
+        .and_then(|s| s.to_str())
+        .unwrap_or("repo");
+
+    // Fast-fail if branch already exists.
+    if Command::new("git")
+        .current_dir(&repo_root)
+        .arg("rev-parse")
+        .arg("--verify")
+        .arg(branch_name)
+        .stdout(Stdio::null())
+        .stderr(Stdio::null())
+        .status()
+        .map(|s| s.success())
+        .unwrap_or(false) {
+        anyhow::bail!("branch '{branch_name}' already exists");
+    }
+
+    // Construct worktree directory under ~/.codex/worktrees/<repo_name>/.
+    let base_dir = codex_base_dir()?.join("worktrees").join(repo_name);
+    std::fs::create_dir_all(&base_dir)?;
+    let mut worktree_path = base_dir.join(branch_name.replace('/', "-"));
+
+    if worktree_path.exists() {
+        for i in 1..1000 {
+            let candidate = base_dir.join(format!("{}-{}", branch_name.replace('/', "-"), i));
+            if !candidate.exists() { worktree_path = candidate; break; }
+        }
+    }
+
+    // Run git worktree add capturing output (stdout+stderr).
+    let add_out = Command::new("git")
+        .current_dir(&repo_root)
+        .arg("worktree")
+        .arg("add")
+        .arg("-b")
+        .arg(&branch_name)
+        .arg(&worktree_path)
+        .arg("HEAD")
+        .output()?;
+    if !add_out.status.success() {
+        anyhow::bail!("git worktree add failed with status {}", add_out.status);
+    }
+    let mut logs = String::new();
+    if !add_out.stdout.is_empty() { logs.push_str(&String::from_utf8_lossy(&add_out.stdout)); }
+    if !add_out.stderr.is_empty() { logs.push_str(&String::from_utf8_lossy(&add_out.stderr)); }
+
+    Ok(Some(WorktreeInfo { worktree_path, branch_name: branch_name.to_string(), logs }))
+}
+
+/// Helper: capture trimmed stdout of a git command.
+fn git_capture<I, S>(args: I) -> anyhow::Result<String>
+where
+    I: IntoIterator<Item = S>,
+    S: AsRef<str>,
+{
+    let mut cmd = Command::new("git");
+    for a in args { cmd.arg(a.as_ref()); }
+    let out = cmd.output().context("running git command")?;
+    if !out.status.success() { anyhow::bail!("git command failed"); }
+    Ok(String::from_utf8_lossy(&out.stdout).trim().to_string())
+}
+
+/// Parse common boolean environment variable representations.
+fn parse_env_bool(name: &str) -> Option<bool> {
+    let raw = std::env::var(name).ok()?;
+    let lower = raw.to_ascii_lowercase();
+    match lower.as_str() {
+        "1" | "true" | "yes" | "on" => Some(true),
+        "0" | "false" | "no" | "off" => Some(false),
+        _ => None,
+    }
+}
+
+// Attach helper: follow the log file while the child runs.
+// todo: remove this once we have a tui
+fn stream_log_until_exit(log_path: &std::path::Path, child: &mut std::process::Child) -> anyhow::Result<()> {
+    use std::io::{Read, Seek, SeekFrom};
+    use std::time::Duration;
+    let mut f = std::fs::OpenOptions::new().read(true).open(log_path)?;
+    // Print any existing content first.
+    let mut existing = String::new();
+    f.read_to_string(&mut existing)?;
+    print!("{}", existing);
+    let mut pos: u64 = existing.len() as u64;
+    loop {
+        // Check if process has exited.
+        if let Some(status) = child.try_wait()? {
+            // Drain any remaining bytes.
+            let mut tail = String::new();
+            f.seek(SeekFrom::Start(pos))?;
+            f.read_to_string(&mut tail)?;
+            if !tail.is_empty() { print!("{}", tail); }
+            println!("\n\x1b[1mTask exited with status: {}\x1b[0m", status);
+            break;
+        }
+        // Read new bytes if any.
+        let meta = f.metadata()?;
+        let len = meta.len();
+        if len > pos {
+            f.seek(SeekFrom::Start(pos))?;
+            let mut buf = String::new();
+            f.read_to_string(&mut buf)?;
+            if !buf.is_empty() { print!("{}", buf); }
+            pos = len;
+        }
+        std::thread::sleep(Duration::from_millis(500));
+    }
+    Ok(())
+} 
--- a/codex-rs/cli/src/inspect.rs
+++ b/codex-rs/cli/src/inspect.rs
@@ -0,0 +1,185 @@
+use clap::Parser;
+use serde::Deserialize;
+use std::fs::File;
+use std::io::{BufRead, BufReader};
+use std::path::PathBuf;
+use std::fs;
+
+#[derive(Debug, Parser)]
+pub struct InspectCli {
+    /// Task identifier (full/short task id or exact branch name)
+    pub id: String,
+    /// Output JSON instead of human table
+    #[arg(long)]
+    pub json: bool,
+}
+
+#[derive(Debug, Deserialize)]
+struct RawRecord {
+    task_id: Option<String>,
+    pid: Option<u64>,
+    worktree: Option<String>,
+    branch: Option<String>,
+    original_branch: Option<String>,
+    original_commit: Option<String>,
+    log_path: Option<String>,
+    prompt: Option<String>,
+    model: Option<String>,
+    start_time: Option<u64>,
+    update_time: Option<u64>,
+    token_count: Option<serde_json::Value>,
+    state: Option<String>,
+    completion_time: Option<u64>,
+    end_time: Option<u64>,
+    automerge: Option<bool>,
+    explicit_branch_name: Option<String>,
+}
+
+#[derive(Debug, serde::Serialize, Default, Clone)]
+struct TaskFull {
+    task_id: String,
+    pid: Option<u64>,
+    branch: Option<String>,
+    worktree: Option<String>,
+    original_branch: Option<String>,
+    original_commit: Option<String>,
+    log_path: Option<String>,
+    prompt: Option<String>,
+    model: Option<String>,
+    start_time: Option<u64>,
+    end_time: Option<u64>,
+    state: Option<String>,
+    total_tokens: Option<u64>,
+    input_tokens: Option<u64>,
+    output_tokens: Option<u64>,
+    reasoning_output_tokens: Option<u64>,
+    automerge: Option<bool>,
+    explicit_branch_name: Option<String>,
+    last_update_time: Option<u64>,
+    duration_secs: Option<u64>,
+}
+
+pub fn run_inspect(cli: InspectCli) -> anyhow::Result<()> {
+    let id = cli.id.to_lowercase();
+    let tasks = load_task_records()?;
+    let matches: Vec<TaskFull> = tasks
+        .into_iter()
+        .filter(|t| t.task_id.starts_with(&id) || t.branch.as_deref().map(|b| b == id).unwrap_or(false))
+        .collect();
+    if matches.is_empty() {
+        eprintln!("No task matches identifier '{}'.", id);
+        return Ok(());
+    }
+    if matches.len() > 1 {
+        eprintln!("Identifier '{}' is ambiguous; matches: {}", id, matches.iter().map(|m| &m.task_id[..8]).collect::<Vec<_>>().join(", "));
+        return Ok(());
+    }
+    let task = &matches[0];
+    if cli.json {
+        println!("{}", serde_json::to_string_pretty(task)?);
+        return Ok(());
+    }
+    print_human(task);
+    Ok(())
+}
+
+fn base_dir() -> Option<PathBuf> {
+    if let Ok(val) = std::env::var("CODEX_HOME") { if !val.is_empty() { return std::fs::canonicalize(val).ok(); } }
+    let home = std::env::var_os("HOME")?;
+    Some(PathBuf::from(home).join(".codex"))
+}
+
+fn load_task_records() -> anyhow::Result<Vec<TaskFull>> {
+    let mut map: std::collections::HashMap<String, TaskFull> = std::collections::HashMap::new();
+    let Some(base) = base_dir() else { return Ok(vec![]); };
+    let tasks = base.join("tasks.jsonl");
+    if !tasks.exists() { return Ok(vec![]); }
+    let f = File::open(tasks)?;
+    let reader = BufReader::new(f);
+    for line in reader.lines() {
+        let Ok(line) = line else { continue };
+        if line.trim().is_empty() { continue; }
+        let Ok(val) = serde_json::from_str::<serde_json::Value>(&line) else { continue };
+        let Ok(rec) = serde_json::from_value::<RawRecord>(val) else { continue };
+        let Some(task_id) = rec.task_id.clone() else { continue };
+        let entry = map.entry(task_id.clone()).or_insert_with(|| TaskFull { task_id: task_id.clone(), ..Default::default() });
+        // Initial metadata fields
+        if rec.start_time.is_some() {
+            entry.pid = rec.pid.or(entry.pid);
+            entry.branch = rec.branch.or(entry.branch.clone());
+            entry.worktree = rec.worktree.or(entry.worktree.clone());
+            entry.original_branch = rec.original_branch.or(entry.original_branch.clone());
+            entry.original_commit = rec.original_commit.or(entry.original_commit.clone());
+            entry.log_path = rec.log_path.or(entry.log_path.clone());
+            entry.prompt = rec.prompt.or(entry.prompt.clone());
+            entry.model = rec.model.or(entry.model.clone());
+            entry.start_time = rec.start_time.or(entry.start_time);
+            entry.automerge = rec.automerge.or(entry.automerge);
+            entry.explicit_branch_name = rec.explicit_branch_name.or(entry.explicit_branch_name.clone());
+        }
+        if let Some(state) = rec.state { entry.state = Some(state); }
+        if rec.update_time.is_some() { entry.last_update_time = rec.update_time; }
+        if rec.end_time.is_some() || rec.completion_time.is_some() {
+            entry.end_time = rec.end_time.or(rec.completion_time).or(entry.end_time);
+        }
+        if let Some(tc) = rec.token_count.as_ref() {
+            if let Some(total) = tc.get("total_tokens").and_then(|v| v.as_u64()) { entry.total_tokens = Some(total); }
+            if let Some(inp) = tc.get("input_tokens").and_then(|v| v.as_u64()) { entry.input_tokens = Some(inp); }
+            if let Some(out) = tc.get("output_tokens").and_then(|v| v.as_u64()) { entry.output_tokens = Some(out); }
+            if let Some(rout) = tc.get("reasoning_output_tokens").and_then(|v| v.as_u64()) { entry.reasoning_output_tokens = Some(rout); }
+        }
+    }
+    // Compute duration
+    for t in map.values_mut() {
+        if let (Some(s), Some(e)) = (t.start_time, t.end_time) { t.duration_secs = Some(e.saturating_sub(s)); }
+    }
+    Ok(map.into_values().collect())
+}
+
+fn print_human(task: &TaskFull) {
+    println!("Task {}", task.task_id);
+    println!("State: {}", task.state.as_deref().unwrap_or("?"));
+    if let Some(model) = &task.model { println!("Model: {}", model); } else { println!("Model: {}", resolve_default_model()); }
+    if let Some(branch) = &task.branch { println!("Branch: {}", branch); }
+    if let Some(wt) = &task.worktree { println!("Worktree: {}", wt); }
+    if let Some(ob) = &task.original_branch { println!("Original branch: {}", ob); }
+    if let Some(oc) = &task.original_commit { println!("Original commit: {}", oc); }
+    if let Some(start) = task.start_time { println!("Start: {}", format_epoch(start)); }
+    if let Some(end) = task.end_time { println!("End: {}", format_epoch(end)); }
+    if let Some(d) = task.duration_secs { println!("Duration: {}s", d); }
+    if let Some(pid) = task.pid { println!("PID: {}", pid); }
+    if let Some(log) = &task.log_path { println!("Log: {}", log); }
+    if let Some(am) = task.automerge { println!("Automerge: {}", am); }
+    if let Some(exp) = &task.explicit_branch_name { println!("Explicit branch name: {}", exp); }
+    if let Some(total) = task.total_tokens { println!("Total tokens: {}", total); }
+    if task.input_tokens.is_some() || task.output_tokens.is_some() {
+        println!("  Input: {:?} Output: {:?} Reasoning: {:?}", task.input_tokens, task.output_tokens, task.reasoning_output_tokens);
+    }
+    if let Some(p) = &task.prompt { println!("Prompt:\n{}", p); }
+}
+
+fn format_epoch(secs: u64) -> String {
+    use chrono::{TimeZone, Utc};
+    if let Some(dt) = Utc.timestamp_opt(secs as i64, 0).single() { dt.to_rfc3339() } else { secs.to_string() }
+}
+
+fn resolve_default_model() -> String {
+    if let Some(base) = base_dir() {
+        let candidates = ["config.json", "config.yaml", "config.yml"];
+        for name in candidates {
+            let p = base.join(name);
+            if p.exists() {
+                if let Ok(raw) = fs::read_to_string(&p) {
+                    if name.ends_with(".json") {
+                        if let Ok(v) = serde_json::from_str::<serde_json::Value>(&raw) {
+                            if let Some(m) = v.get("model").and_then(|x| x.as_str()) { if !m.trim().is_empty() { return m.to_string(); } }
+                        }
+                    } else {
+                        for line in raw.lines() { if let Some(rest) = line.trim().strip_prefix("model:") { let val = rest.trim().trim_matches('"'); if !val.is_empty() { return val.to_string(); } } }
+                    }
+                }
+            }
+        }
+    }
+    "codex-mini-latest".to_string()
+} 
--- a/codex-rs/cli/src/lib.rs
+++ b/codex-rs/cli/src/lib.rs
@@ -1,7 +1,11 @@
+pub mod concurrent;
 pub mod debug_sandbox;
 mod exit_status;
 pub mod login;
 pub mod proto;
+pub mod tasks;
+pub mod logs;
+pub mod inspect;

 use clap::Parser;
 use codex_common::CliConfigOverrides;
--- a/codex-rs/cli/src/login.rs
+++ b/codex-rs/cli/src/login.rs
@@ -21,7 +21,8 @@ pub async fn run_login_with_chatgpt(cli_config_overrides: CliConfigOverrides) ->
        }
    };

-    match login_with_chatgpt(&config.codex_home).await {
+    let capture_output = false;
+    match login_with_chatgpt(&config.codex_home, capture_output).await {
        Ok(_) => {
            eprintln!("Successfully logged in");
            std::process::exit(0);
--- a/codex-rs/cli/src/logs.rs
+++ b/codex-rs/cli/src/logs.rs
@@ -0,0 +1,145 @@
+use clap::Parser;
+use serde::Deserialize;
+use std::collections::HashMap;
+use std::fs::File;
+use std::io::{BufRead, BufReader, Read, Seek, SeekFrom};
+use std::path::PathBuf;
+use std::thread;
+use std::time::Duration;
+
+#[derive(Debug, Parser)]
+pub struct LogsCli {
+    /// Task identifier: full/short task UUID or branch name
+    pub id: String,
+    /// Follow log output (stream new lines)
+    #[arg(short = 'f', long = "follow")]
+    pub follow: bool,
+    /// Show only the last N lines (like tail -n). If omitted, show full file.
+    #[arg(short = 'n', long = "lines")]
+    pub lines: Option<usize>,
+}
+
+#[derive(Debug, Deserialize)]
+struct RawRecord {
+    task_id: Option<String>,
+    branch: Option<String>,
+    log_path: Option<String>,
+    start_time: Option<u64>,
+}
+
+#[derive(Debug, Clone)]
+struct TaskMeta {
+    task_id: String,
+    branch: Option<String>,
+    log_path: String,
+    start_time: Option<u64>,
+}
+
+pub fn run_logs(cli: LogsCli) -> anyhow::Result<()> {
+    let id = cli.id.to_lowercase();
+    let tasks = load_tasks_index()?;
+    if tasks.is_empty() {
+        eprintln!("No tasks found in tasks.jsonl");
+        return Ok(());
+    }
+    let matches: Vec<&TaskMeta> = tasks
+        .values()
+        .filter(|meta| {
+            meta.task_id.starts_with(&id) || meta.branch.as_deref().map(|b| b == id).unwrap_or(false)
+        })
+        .collect();
+    if matches.is_empty() {
+        eprintln!("No task matches identifier '{}'.", id);
+        return Ok(());
+    }
+    if matches.len() > 1 {
+        eprintln!("Identifier '{}' is ambiguous; matches: {}", id, matches.iter().map(|m| &m.task_id[..8]).collect::<Vec<_>>().join(", "));
+        return Ok(());
+    }
+    let task = matches[0];
+    let path = PathBuf::from(&task.log_path);
+    if !path.exists() {
+        eprintln!("Log file not found at {}", path.display());
+        return Ok(());
+    }
+
+    if cli.follow {
+        tail_file(&path, cli.lines)?;
+    } else {
+        print_file(&path, cli.lines)?;
+    }
+    Ok(())
+}
+
+fn base_dir() -> Option<PathBuf> {
+    if let Ok(val) = std::env::var("CODEX_HOME") { if !val.is_empty() { return std::fs::canonicalize(val).ok(); } }
+    let home = std::env::var_os("HOME")?;
+    Some(PathBuf::from(home).join(".codex"))
+}
+
+fn load_tasks_index() -> anyhow::Result<HashMap<String, TaskMeta>> {
+    let mut map: HashMap<String, TaskMeta> = HashMap::new();
+    let Some(base) = base_dir() else { return Ok(map); };
+    let tasks = base.join("tasks.jsonl");
+    if !tasks.exists() { return Ok(map); }
+    let f = File::open(tasks)?;
+    let reader = BufReader::new(f);
+    for line in reader.lines() {
+        let Ok(line) = line else { continue };
+        if line.trim().is_empty() { continue; }
+        let Ok(val) = serde_json::from_str::<serde_json::Value>(&line) else { continue };
+        let Ok(rec) = serde_json::from_value::<RawRecord>(val) else { continue };
+        let (Some(task_id), Some(log_path)) = (rec.task_id.clone(), rec.log_path.clone()) else { continue };
+        // Insert or update only if not already present (we just need initial metadata)
+        map.entry(task_id.clone()).or_insert(TaskMeta {
+            task_id,
+            branch: rec.branch,
+            log_path,
+            start_time: rec.start_time,
+        });
+    }
+    Ok(map)
+}
+
+fn print_file(path: &PathBuf, last_lines: Option<usize>) -> anyhow::Result<()> {
+    if let Some(n) = last_lines {
+        let f = File::open(path)?;
+        let reader = BufReader::new(f);
+        let mut buf: std::collections::VecDeque<String> = std::collections::VecDeque::with_capacity(n);
+        for line in reader.lines() {
+            if let Ok(l) = line { if buf.len() == n { buf.pop_front(); } buf.push_back(l); }
+        }
+        for l in buf { println!("{}", l); }
+        return Ok(());
+    }
+    // Full file
+    let mut f = File::open(path)?;
+    let mut contents = String::new();
+    f.read_to_string(&mut contents)?;
+    print!("{}", contents);
+    Ok(())
+}
+
+fn tail_file(path: &PathBuf, last_lines: Option<usize>) -> anyhow::Result<()> {
+    use std::io::{self};
+    // Initial output
+    if let Some(n) = last_lines { print_file(path, Some(n))?; } else { print_file(path, None)?; }
+    let mut f = File::open(path)?;
+    let mut pos = f.metadata()?.len();
+    loop {
+        thread::sleep(Duration::from_millis(500));
+        let meta = match f.metadata() { Ok(m) => m, Err(_) => break };
+        let len = meta.len();
+        if len < pos { // truncated
+            pos = 0;
+        }
+        if len > pos {
+            f.seek(SeekFrom::Start(pos))?;
+            let mut buf = String::new();
+            f.read_to_string(&mut buf)?;
+            if !buf.is_empty() { print!("{}", buf); io::Write::flush(&mut std::io::stdout())?; }
+            pos = len;
+        }
+    }
+    Ok(())
+} 
--- a/codex-rs/cli/src/main.rs
+++ b/codex-rs/cli/src/main.rs
@@ -2,9 +2,9 @@ use clap::CommandFactory;
 use clap::Parser;
 use clap_complete::Shell;
 use clap_complete::generate;
-use codex_arg0::arg0_dispatch_or_else;
 use codex_chatgpt::apply_command::ApplyCommand;
 use codex_chatgpt::apply_command::run_apply_command;
+use codex_cli::concurrent::maybe_spawn_concurrent;
 use codex_cli::LandlockCommand;
 use codex_cli::SeatbeltCommand;
 use codex_cli::login::run_login_with_chatgpt;
@@ -15,6 +15,11 @@ use codex_tui::Cli as TuiCli;
 use std::path::PathBuf;

 use crate::proto::ProtoCli;
+use codex_mcp_client::McpClient;
+use mcp_types::{ClientCapabilities, Implementation};
+use serde_json::json;
+use std::time::Duration;
+use tracing::{debug, info};

 /// Codex CLI
 ///
@@ -33,6 +38,25 @@ struct MultitoolCli {
    #[clap(flatten)]
    interactive: TuiCli,

+    /// Autonomous mode: run the command in the background & concurrently using a git worktree.
+    /// Requires the current directory (or --cd provided path) to be a git repository.
+    #[clap(long)]
+    concurrent: bool,
+
+    /// Control whether the concurrent run auto-merges the worktree branch back into the original branch.
+    /// Defaults to true (may also be set via CONCURRENT_AUTOMERGE env var).
+    #[clap(long = "concurrent-automerge", value_name = "BOOL")]
+    concurrent_automerge: Option<bool>,
+
+    /// Explicit branch name to use for the concurrent worktree instead of the default `codex/<slug>`.
+    /// May also be set via CONCURRENT_BRANCH_NAME env var.
+    #[clap(long = "concurrent-branch-name", value_name = "BRANCH")]
+    concurrent_branch_name: Option<String>,
+
+    /// Best-of-n: run n concurrent worktrees (1-4) and let user pick the best result. Implies --concurrent and disables automerge.
+    #[clap(long = "best-of-n", short = 'n', value_name = "N", default_value_t = 1)]
+    pub best_of_n: u8,
+
    #[clap(subcommand)]
    subcommand: Option<Subcommand>,
 }
@@ -62,6 +86,19 @@ enum Subcommand {
    /// Apply the latest diff produced by Codex agent as a `git apply` to your local working tree.
    #[clap(visible_alias = "a")]
    Apply(ApplyCommand),
+
+    /// Manage / inspect concurrent background tasks.
+    Tasks(codex_cli::tasks::TasksCli),
+
+    /// Show or follow logs for a specific task.
+    Logs(codex_cli::logs::LogsCli),
+
+    /// Inspect full metadata for a task.
+    Inspect(codex_cli::inspect::InspectCli),
+
+    /// Hidden: internal worker used for --concurrent MCP-based runs.
+    #[clap(hide = true)]
+    Worker(ConcurrentWorkerCli),
 }

 #[derive(Debug, Parser)]
@@ -92,8 +129,29 @@ struct LoginCommand {
    config_overrides: CliConfigOverrides,
 }

+#[derive(Debug, Parser)]
+struct ConcurrentWorkerCli {
+    #[clap(long)]
+    prompt: String,
+    #[clap(long)]
+    model: Option<String>,
+    #[clap(long)]
+    profile: Option<String>,
+    #[clap(long, value_name = "POLICY")] // untrusted | on-failure | never
+    approval_policy: Option<String>,
+    #[clap(long, value_name = "MODE")] // read-only | workspace-write | danger-full-access
+    sandbox: Option<String>,
+    #[clap(long)]
+    cwd: Option<String>,
+    #[clap(flatten)]
+    config_overrides: CliConfigOverrides,
+    /// Optional base instructions override
+    #[clap(long = "base-instructions")]
+    base_instructions: Option<String>,
+}
+
 fn main() -> anyhow::Result<()> {
-    arg0_dispatch_or_else(|codex_linux_sandbox_exe| async move {
+    codex_linux_sandbox::run_with_sandbox(|codex_linux_sandbox_exe| async move {
        cli_main(codex_linux_sandbox_exe).await?;
        Ok(())
    })
@@ -105,9 +163,25 @@ async fn cli_main(codex_linux_sandbox_exe: Option<PathBuf>) -> anyhow::Result<()
    match cli.subcommand {
        None => {
            let mut tui_cli = cli.interactive;
+            let root_raw_overrides = cli.config_overrides.raw_overrides.clone();
            prepend_config_flags(&mut tui_cli.config_overrides, cli.config_overrides);
-            let usage = codex_tui::run_main(tui_cli, codex_linux_sandbox_exe).await?;
-            println!("{}", codex_core::protocol::FinalOutput::from(usage));
+            // Attempt concurrent background spawn; if it returns true we skip launching the TUI.
+            if let Ok(spawned) = maybe_spawn_concurrent(
+                &mut tui_cli,
+                &root_raw_overrides,
+                cli.concurrent,
+                cli.concurrent_automerge,
+                &cli.concurrent_branch_name,
+            ) {
+                if !spawned {
+                    let usage = codex_tui::run_main(tui_cli, codex_linux_sandbox_exe)?;
+                    println!("{}", codex_core::protocol::FinalOutput::from(usage));
+                }
+            } else {
+                // On error fallback to interactive.
+                let usage = codex_tui::run_main(tui_cli, codex_linux_sandbox_exe)?;
+                println!("{}", codex_core::protocol::FinalOutput::from(usage));
+            }
        }
        Some(Subcommand::Exec(mut exec_cli)) => {
            prepend_config_flags(&mut exec_cli.config_overrides, cli.config_overrides);
@@ -116,6 +190,136 @@ async fn cli_main(codex_linux_sandbox_exe: Option<PathBuf>) -> anyhow::Result<()
        Some(Subcommand::Mcp) => {
            codex_mcp_server::run_main(codex_linux_sandbox_exe).await?;
        }
+        Some(Subcommand::Worker(worker_cli)) => {
+            // Internal worker invoked by maybe_spawn_concurrent. Runs a single Codex MCP tool-call.
+            debug!(?worker_cli.prompt, "starting concurrent worker");
+            // Build MCP client by spawning current binary with `mcp` subcommand.
+            let exe = std::env::current_exe()?;
+            let exe_str = exe.to_string_lossy().to_string();
+            // Pass through OPENAI_API_KEY (and related) so MCP server can access the model provider.
+            let mut extra_env: std::collections::HashMap<String, String> = std::collections::HashMap::new();
+            // TODO: pap check if this is needed + check if we can use the same env vars as the main process (overall)
+            if let Ok(v) = std::env::var("OPENAI_API_KEY") { extra_env.insert("OPENAI_API_KEY".into(), v); }
+            if let Ok(v) = std::env::var("OPENAI_BASE_URL") { extra_env.insert("OPENAI_BASE_URL".into(), v); }
+            let client = McpClient::new_stdio_client(exe_str, vec!["mcp".to_string()], Some(extra_env)).await?;
+            // Initialize MCP session.
+            let init_params = mcp_types::InitializeRequestParams {
+                capabilities: ClientCapabilities { experimental: None, roots: None, sampling: None, elicitation: Some(json!({})) },
+                client_info: Implementation { name: "codex-concurrent-worker".into(), version: env!("CARGO_PKG_VERSION").into(), title: Some("Codex Concurrent Worker".into()) },
+                protocol_version: mcp_types::MCP_SCHEMA_VERSION.to_string(),
+            };
+            let _init_res = client.initialize(init_params, None, Some(Duration::from_secs(15))).await?;
+            debug!("initialized MCP session for worker");
+            // Build arguments for codex tool call using kebab-case keys expected by MCP server.
+            let mut arg_obj = serde_json::Map::new();
+            // todo: how to pass all variables dynamically?
+            arg_obj.insert("prompt".to_string(), worker_cli.prompt.clone().into());
+            if let Some(m) = worker_cli.model.clone() { arg_obj.insert("model".into(), m.into()); }
+            if let Some(p) = worker_cli.profile.clone() { arg_obj.insert("profile".into(), p.into()); }
+            if let Some(ap) = worker_cli.approval_policy.clone() { arg_obj.insert("approval-policy".into(), ap.into()); }
+            if let Some(sb) = worker_cli.sandbox.clone() { arg_obj.insert("sandbox".into(), sb.into()); }
+            if let Some(cwd) = worker_cli.cwd.clone() { arg_obj.insert("cwd".into(), cwd.into()); }
+            if let Some(bi) = worker_cli.base_instructions.clone() { arg_obj.insert("base-instructions".into(), bi.into()); }
+            let config_json = serde_json::to_value(&worker_cli.config_overrides)?;
+            arg_obj.insert("config".into(), config_json);
+            let args_json = serde_json::Value::Object(arg_obj);
+            debug!(?args_json, "calling codex tool via MCP");
+            let mut session_id: Option<String> = None;
+            // Grab notifications receiver to watch for SessionConfigured (to extract sessionId) while first tool call runs.
+            let mut notif_rx = client.take_notification_receiver().await;
+            // Spawn a task to extract sessionId and print filtered events.
+            if let Some(mut rx) = notif_rx.take() {
+                tokio::spawn(async move {
+                    use serde_json::Value;
+                    while let Some(n) = rx.recv().await {
+                        if let Some(p) = &n.params {
+                            if let Some(root) = p.as_object() {
+                                if let Some(val) = root.get("sessionId").or_else(|| root.get("session_id")) {
+                                    // todo: reuse session id as task id
+                                    if let Some(s) = val.as_str() { if !s.is_empty() { println!("SESSION ID: {}", s); } }
+                                }
+                                if let Some(Value::Object(msg)) = root.get("msg") {
+                                    if let Some(Value::String(typ)) = msg.get("type") {
+                                        if typ.ends_with("_delta") { continue; }
+                                        // todo: use the tui once it manages multi processes
+                                        match typ.as_str() {
+                                            "agent_reasoning" => {
+                                                if let Some(Value::String(text)) = msg.get("text") { println!("\x1b[36mreasoning:\x1b[0m {}", text); }
+                                            }
+                                            "exec_approval_request" => {
+                                                let cmd = msg.get("command").and_then(|v| v.as_array()).map(|arr| arr.iter().filter_map(|x| x.as_str()).collect::<Vec<_>>().join(" ")).unwrap_or_default();
+                                                let cwd = msg.get("cwd").and_then(|v| v.as_str()).unwrap_or("");
+                                                println!("\x1b[33mexec approval requested:\x1b[0m {cmd} (cwd: {cwd})");
+                                            }
+                                            "apply_patch_approval_request" => {
+                                                let reason = msg.get("reason").and_then(|v| v.as_str()).unwrap_or("");
+                                                println!("\x1b[35mpatch approval requested:\x1b[0m {reason}");
+                                            }
+                                            "task_complete" => {
+                                                println!("\x1b[32mtask complete\x1b[0m");
+                                            }
+                                            _ => { /* suppress other event types */ }
+                                        }
+                                    }
+                                }
+                            }
+                        }
+                    }
+                });
+            }
+            let first_result = client.call_tool("codex".to_string(), Some(args_json), None).await;
+            // todo: to test we have not implemented the tool call yet
+            match &first_result {
+                Ok(r) => debug!(blocks = r.content.len(), "codex initial tool call completed"),
+                Err(e) => debug!(error = %e, "codex tool call failed"),
+            }
+            let first_result = first_result?;
+            // Print any text content to stdout.
+            let mut printed_any = false;
+            for block in &first_result.content {
+                if let mcp_types::ContentBlock::TextContent(t) = block { println!("{}", t.text); printed_any = true; }
+            }
+            if !printed_any { info!("no text content blocks returned from initial codex tool call"); }
+            // Attempt to parse session id from printed notifications (fallback approach): scan stdout not feasible here; so rely on user-visible marker.
+            // Interactive loop for follow-up prompts.
+            use std::io::{stdin, stdout, Write};
+            loop {
+                print!("codex> "); let _ = stdout().flush();
+                let mut line = String::new();
+                if stdin().read_line(&mut line).is_err() { break; }
+                let trimmed = line.trim();
+                if trimmed.is_empty() || trimmed == "/exit" || trimmed == ":q" { break; }
+                // If session id still unknown, ask user to paste it.
+                if session_id.is_none() {
+                    if trimmed.starts_with("session ") { session_id = Some(trimmed[8..].trim().to_string()); println!("Stored session id."); continue; }
+                }
+                if session_id.is_none() { println!("(Need session id; when you see 'SESSION ID: <uuid>' above, copy it or type 'session <uuid>')"); continue; }
+                let args = serde_json::json!({ "sessionId": session_id.clone().unwrap(), "prompt": trimmed });
+                let reply = client.call_tool("codex-reply".to_string(), Some(args), None).await;
+                match reply {
+                    Ok(r) => {
+                        for block in r.content {
+                            if let mcp_types::ContentBlock::TextContent(t) = block { println!("{}", t.text); }
+                        }
+                    }
+                    Err(e) => println!("Error: {e}"),
+                }
+            }
+            // Append completion record to tasks.jsonl now that interactive loop ends.
+            if let Ok(task_id) = std::env::var("CODEX_TASK_ID") {
+                if let Some(base) = codex_base_dir_for_worker() {
+                    let tasks_path = base.join("tasks.jsonl");
+                    let ts = std::time::SystemTime::now().duration_since(std::time::UNIX_EPOCH).map(|d| d.as_secs()).unwrap_or(0);
+                    let obj = serde_json::json!({
+                        "task_id": task_id,
+                        "completion_time": ts,
+                        "end_time": ts,
+                        "state": "done",
+                    });
+                    let _ = append_json_line(&tasks_path, &obj);
+                }
+            }
+        }
        Some(Subcommand::Login(mut login_cli)) => {
            prepend_config_flags(&mut login_cli.config_overrides, cli.config_overrides);
            run_login_with_chatgpt(login_cli.config_overrides).await;
@@ -149,6 +353,15 @@ async fn cli_main(codex_linux_sandbox_exe: Option<PathBuf>) -> anyhow::Result<()
            prepend_config_flags(&mut apply_cli.config_overrides, cli.config_overrides);
            run_apply_command(apply_cli, None).await?;
        }
+        Some(Subcommand::Tasks(tasks_cli)) => {
+            codex_cli::tasks::run_tasks(tasks_cli)?;
+        }
+        Some(Subcommand::Logs(logs_cli)) => {
+            codex_cli::logs::run_logs(logs_cli)?;
+        }
+        Some(Subcommand::Inspect(inspect_cli)) => {
+            codex_cli::inspect::run_inspect(inspect_cli)?;
+        }
    }

    Ok(())
@@ -170,3 +383,18 @@ fn print_completion(cmd: CompletionCommand) {
    let name = "codex";
    generate(cmd.shell, &mut app, name, &mut std::io::stdout());
 }
+
+// Helper functions for worker
+fn codex_base_dir_for_worker() -> Option<std::path::PathBuf> {
+    if let Ok(val) = std::env::var("CODEX_HOME") { if !val.is_empty() { return std::fs::canonicalize(val).ok(); } }
+    let home = std::env::var_os("HOME")?;
+    let base = std::path::PathBuf::from(home).join(".codex");
+    let _ = std::fs::create_dir_all(&base);
+    Some(base)
+}
+
+fn append_json_line(path: &std::path::PathBuf, val: &serde_json::Value) -> std::io::Result<()> {
+    use std::io::Write;
+    let mut f = std::fs::OpenOptions::new().create(true).append(true).open(path)?;
+    writeln!(f, "{}", val.to_string())
+}
--- a/codex-rs/cli/src/proto.rs
+++ b/codex-rs/cli/src/proto.rs
@@ -4,7 +4,6 @@ use std::sync::Arc;
 use clap::Parser;
 use codex_common::CliConfigOverrides;
 use codex_core::Codex;
-use codex_core::CodexSpawnOk;
 use codex_core::config::Config;
 use codex_core::config::ConfigOverrides;
 use codex_core::protocol::Submission;
@@ -36,7 +35,7 @@ pub async fn run_main(opts: ProtoCli) -> anyhow::Result<()> {

    let config = Config::load_with_cli_overrides(overrides_vec, ConfigOverrides::default())?;
    let ctrl_c = notify_on_sigint();
-    let CodexSpawnOk { codex, .. } = Codex::spawn(config, ctrl_c.clone()).await?;
+    let (codex, _init_id, _session_id) = Codex::spawn(config, ctrl_c.clone()).await?;
    let codex = Arc::new(codex);

    // Task that reads JSON lines from stdin and forwards to Submission Queue
--- a/codex-rs/cli/src/tasks.rs
+++ b/codex-rs/cli/src/tasks.rs
@@ -0,0 +1,212 @@
+use clap::{Parser, Subcommand};
+use serde::{Deserialize, Serialize};
+use std::collections::HashMap;
+use std::fs::File;
+use std::io::{BufRead, BufReader};
+use std::fs;
+use chrono::Local;
+use codex_common::elapsed::format_duration;
+
+#[derive(Debug, Parser)]
+pub struct TasksCli {
+    #[command(subcommand)]
+    pub cmd: TasksCommand,
+}
+
+#[derive(Debug, Subcommand)]
+pub enum TasksCommand {
+    /// List background concurrent tasks (from ~/.codex/tasks.jsonl)
+    Ls(TasksListArgs),
+}
+
+#[derive(Debug, Parser)]
+pub struct TasksListArgs {
+    /// Output raw JSON instead of table
+    #[arg(long)]
+    pub json: bool,
+    /// Limit number of tasks displayed (most recent first)
+    #[arg(long)]
+    pub limit: Option<usize>,
+    /// Show completed tasks as well (by default only running tasks)
+    #[arg(short = 'a', long = "all")]
+    pub all: bool,
+    /// Show all columns including prompt text
+    #[arg(long = "all-columns")]
+    pub all_columns: bool,
+}
+
+#[derive(Debug, Deserialize)]
+struct RawRecord {
+    task_id: Option<String>,
+    pid: Option<u64>,
+    worktree: Option<String>,
+    branch: Option<String>,
+    original_branch: Option<String>,
+    original_commit: Option<String>,
+    log_path: Option<String>,
+    prompt: Option<String>,
+    model: Option<String>,
+    start_time: Option<u64>,
+    update_time: Option<u64>,
+    token_count: Option<serde_json::Value>,
+    state: Option<String>,
+    completion_time: Option<u64>,
+    end_time: Option<u64>,
+}
+
+#[derive(Debug, Serialize, Default, Clone)]
+struct TaskAggregate {
+    task_id: String,
+    pid: Option<u64>,
+    branch: Option<String>,
+    worktree: Option<String>,
+    prompt: Option<String>,
+    model: Option<String>,
+    start_time: Option<u64>,
+    last_update_time: Option<u64>,
+    total_tokens: Option<u64>,
+    state: Option<String>,
+    end_time: Option<u64>,
+}
+
+pub fn run_tasks(cmd: TasksCli) -> anyhow::Result<()> {
+    match cmd.cmd {
+        TasksCommand::Ls(args) => list_tasks(args),
+    }
+}
+
+fn base_dir() -> Option<std::path::PathBuf> {
+    if let Ok(val) = std::env::var("CODEX_HOME") { if !val.is_empty() { return std::fs::canonicalize(val).ok(); } }
+    let home = std::env::var_os("HOME")?;
+    let base = std::path::PathBuf::from(home).join(".codex");
+    Some(base)
+}
+
+fn list_tasks(args: TasksListArgs) -> anyhow::Result<()> {
+    let Some(base) = base_dir() else {
+        println!("No home directory found; cannot locate tasks.jsonl");
+        return Ok(());
+    };
+    let path = base.join("tasks.jsonl");
+    if !path.exists() {
+        println!("No tasks.jsonl found (no concurrent tasks recorded yet)");
+        return Ok(());
+    }
+
+    let f = File::open(&path)?;
+    let reader = BufReader::new(f);
+
+    let mut agg: HashMap<String, TaskAggregate> = HashMap::new();
+    for line_res in reader.lines() {
+        let line = match line_res { Ok(l) => l, Err(_) => continue };
+        if line.trim().is_empty() { continue; }
+        let raw: serde_json::Value = match serde_json::from_str(&line) { Ok(v) => v, Err(_) => continue };
+        let rec: RawRecord = match serde_json::from_value(raw) { Ok(r) => r, Err(_) => continue };
+        let Some(task_id) = rec.task_id.clone() else { continue }; // must have task_id
+        let entry = agg.entry(task_id.clone()).or_insert_with(|| TaskAggregate { task_id: task_id.clone(), ..Default::default() });
+        if rec.start_time.is_some() { // initial metadata line
+            entry.pid = rec.pid.or(entry.pid);
+            entry.branch = rec.branch.or(entry.branch.clone());
+            entry.worktree = rec.worktree.or(entry.worktree.clone());
+            entry.prompt = rec.prompt.or(entry.prompt.clone());
+            entry.model = rec.model.or(entry.model.clone());
+            entry.start_time = rec.start_time.or(entry.start_time);
+        }
+        if let Some(tc_val) = rec.token_count.as_ref() { if tc_val.is_object() { if let Some(total) = tc_val.get("total_tokens").and_then(|v| v.as_u64()) { entry.total_tokens = Some(total); } } }
+        if rec.update_time.is_some() { entry.last_update_time = rec.update_time; }
+        if let Some(state) = rec.state { entry.state = Some(state); }
+        if rec.completion_time.is_some() || rec.end_time.is_some() {
+            entry.end_time = rec.end_time.or(rec.completion_time).or(entry.end_time);
+        }
+    }
+
+    // Collect and sort by start_time desc
+    let mut tasks: Vec<TaskAggregate> = agg.into_values().collect();
+    tasks.sort_by_key(|j| std::cmp::Reverse(j.start_time.unwrap_or(0)));
+
+    if !args.all { tasks.retain(|j| j.state.as_deref() != Some("done")); }
+    if let Some(limit) = args.limit { tasks.truncate(limit); }
+
+    if args.json {
+        println!("{}", serde_json::to_string_pretty(&tasks)?);
+        return Ok(());
+    }
+
+    if tasks.is_empty() {
+        println!("No tasks found");
+        return Ok(());
+    }
+
+    // Table header
+    if args.all_columns {
+        println!("\x1b[1m{:<8} {:>6} {:<22} {:<12} {:<8} {:>8} {:<12} {}\x1b[0m", "TASK_ID", "PID", "BRANCH", "START", "STATE", "TOKENS", "MODEL", "PROMPT");
+    } else {
+        // Widened branch column to 22 chars for better readability.
+        println!("\x1b[1m{:<8} {:>6} {:<22} {:<12} {:<8} {:>8} {:<12}\x1b[0m", "TASK_ID", "PID", "BRANCH", "START", "STATE", "TOKENS", "MODEL");
+    }
+    for t in tasks {
+        let task_short = if t.task_id.len() > 8 { &t.task_id[..8] } else { &t.task_id };
+        let pid_str = t.pid.map(|p| p.to_string()).unwrap_or_default();
+        let mut branch = t.branch.clone().unwrap_or_default();
+        let branch_limit = if args.all_columns { 22 } else { 22 }; // unified width
+        if branch.len() > branch_limit { branch.truncate(branch_limit); }
+        let start = t.start_time.map(|start_secs| {
+            let now = Local::now().timestamp() as u64;
+            if now > start_secs {
+                let elapsed = std::time::Duration::from_secs(now - start_secs);
+                format!("{} ago", format_duration(elapsed))
+            } else {
+                "just now".to_string()
+            }
+        }).unwrap_or_default();
+        let tokens = t.total_tokens.map(|t| t.to_string()).unwrap_or_default();
+        let state = t.state.clone().unwrap_or_else(|| "?".into());
+        let mut model = t.model.clone().unwrap_or_default();
+        if model.trim().is_empty() { model = resolve_default_model(); }
+        if model.is_empty() { model.push('-'); }
+        if model.len() > 12 { model.truncate(12); }
+        if args.all_columns {
+            let mut prompt = t.prompt.clone().unwrap_or_default().replace('\n', " ");
+            if prompt.len() > 60 { prompt.truncate(60); }
+            println!("{:<8} {:>6} {:<22} {:<12} {:<8} {:>8} {:<12} {}", task_short, pid_str, branch, start, state, tokens, model, prompt);
+        } else {
+            println!("{:<8} {:>6} {:<22} {:<12} {:<8} {:>8} {:<12}", task_short, pid_str, branch, start, state, tokens, model);
+        }
+    }
+
+    Ok(())
+}
+
+fn resolve_default_model() -> String {
+    // Attempt to read config json/yaml for model, otherwise fallback to hardcoded default.
+    if let Some(base) = base_dir() {
+        let candidates = ["config.json", "config.yaml", "config.yml"];
+        for name in candidates {
+            let p = base.join(name);
+            if p.exists() {
+                if let Ok(raw) = fs::read_to_string(&p) {
+                    // Try JSON first.
+                    if name.ends_with(".json") {
+                        if let Ok(v) = serde_json::from_str::<serde_json::Value>(&raw) {
+                            if let Some(m) = v.get("model").and_then(|x| x.as_str()) {
+                                if !m.trim().is_empty() { return m.to_string(); }
+                            }
+                        }
+                    } else {
+                        // Very lightweight YAML parse: look for line starting with model:
+                        for line in raw.lines() {
+                            if let Some(rest) = line.trim().strip_prefix("model:") {
+                                let val = rest.trim().trim_matches('"');
+                                if !val.is_empty() {
+                                    return val.to_string();
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    }
+    // Fallback default agentic model used elsewhere.
+    "codex-mini-latest".to_string()
+} 
--- a/codex-rs/cli/tests/concurrent_background.rs
+++ b/codex-rs/cli/tests/concurrent_background.rs
@@ -0,0 +1,101 @@
+// Minimal integration test for --concurrent background spawning.
+// Verifies that invoking the top-level CLI with --concurrent records a task entry
+// in CODEX_HOME/tasks.jsonl and that multiple invocations append distinct task_ids.
+
+use std::fs;
+use std::io::Write;
+use std::process::Command;
+use std::time::{Duration, Instant};
+
+use tempfile::TempDir;
+
+// Skip helper when sandbox network disabled (mirrors existing tests' behavior).
+fn network_disabled() -> bool {
+    std::env::var(codex_core::exec::CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR).is_ok()
+}
+
+#[test]
+fn concurrent_creates_task_records() {
+    if network_disabled() {
+        eprintln!("Skipping concurrent_creates_task_records due to sandbox network-disabled env");
+        return;
+    }
+
+    // Temp home (CODEX_HOME) and separate temp git repo.
+    let home = TempDir::new().expect("temp home");
+    let repo = TempDir::new().expect("temp repo");
+
+    // Initialize a minimal git repository (needed for --concurrent worktree logic).
+    assert!(Command::new("git").arg("init").current_dir(repo.path()).status().unwrap().success());
+    fs::write(repo.path().join("README.md"), "# temp\n").unwrap();
+    assert!(Command::new("git").arg("add").arg(".").current_dir(repo.path()).status().unwrap().success());
+    assert!(Command::new("git")
+        .args(["commit", "-m", "init"]) // may warn about user/email; allow non-zero if commit already exists
+        .current_dir(repo.path())
+        .status()
+        .map(|s| s.success())
+        .unwrap_or(true));
+
+    // SSE fixture so the spawned background exec does not perform a real network call.
+    let fixture = home.path().join("fixture.sse");
+    let mut f = fs::File::create(&fixture).unwrap();
+    writeln!(f, "data: {{\"choices\":[{{\"delta\":{{\"content\":\"ok\"}}}}]}}\n").unwrap();
+    writeln!(f, "data: {{\"choices\":[{{\"delta\":{{}}}}]}}\n").unwrap();
+    writeln!(f, "data: [DONE]\n").unwrap();
+
+    // Helper to run one concurrent invocation with a given prompt.
+    let run_once = |prompt: &str| {
+        let mut cmd = Command::new("cargo");
+        cmd.arg("run")
+            .arg("-p")
+            .arg("codex-cli")
+            .arg("--quiet")
+            .arg("--")
+            .arg("--concurrent")
+            .arg("--full-auto")
+            .arg("-C")
+            .arg(repo.path())
+            .arg(prompt);
+        cmd.env("CODEX_HOME", home.path())
+            .env("OPENAI_API_KEY", "dummy")
+            .env("CODEX_RS_SSE_FIXTURE", &fixture)
+            .env("OPENAI_BASE_URL", "http://unused.local");
+        let output = cmd.output().expect("spawn codex");
+        assert!(output.status.success(), "concurrent codex run failed: stderr={}", String::from_utf8_lossy(&output.stderr));
+    };
+
+    run_once("Add a cat in ASCII");
+    run_once("Add hello world comment");
+
+    // Wait for tasks.jsonl to contain at least two lines with task records.
+    let tasks_path = home.path().join("tasks.jsonl");
+    let deadline = Instant::now() + Duration::from_secs(10);
+    let mut lines: Vec<String> = Vec::new();
+    while Instant::now() < deadline {
+        if tasks_path.exists() {
+            let content = fs::read_to_string(&tasks_path).unwrap_or_default();
+            lines = content.lines().filter(|l| !l.trim().is_empty()).map(|s| s.to_string()).collect();
+            if lines.len() >= 2 { break; }
+        }
+        std::thread::sleep(Duration::from_millis(100));
+    }
+    assert!(lines.len() >= 2, "Expected at least 2 task records, got {}", lines.len());
+
+    // Parse JSON and ensure distinct task_ids and prompts present.
+    let mut task_ids = std::collections::HashSet::new();
+    let mut saw_cat = false;
+    let mut saw_hello = false;
+    for line in &lines {
+        if let Ok(val) = serde_json::from_str::<serde_json::Value>(line) {
+            if let Some(tid) = val.get("task_id").and_then(|v| v.as_str()) { task_ids.insert(tid.to_string()); }
+            if let Some(p) = val.get("prompt").and_then(|v| v.as_str()) {
+                if p.contains("cat") { saw_cat = true; }
+                if p.contains("hello") { saw_hello = true; }
+            }
+            assert_eq!(val.get("state").and_then(|v| v.as_str()), Some("started"), "task record missing started state");
+        }
+    }
+    assert!(task_ids.len() >= 2, "Expected distinct task_ids, got {:?}", task_ids);
+    assert!(saw_cat, "Did not find cat prompt in tasks.jsonl");
+    assert!(saw_hello, "Did not find hello prompt in tasks.jsonl");
+} 
--- a/codex-rs/common/Cargo.toml
+++ b/codex-rs/common/Cargo.toml
@@ -10,7 +10,7 @@ workspace = true
 clap = { version = "4", features = ["derive", "wrap_help"], optional = true }
 codex-core = { path = "../core" }
 toml = { version = "0.9", optional = true }
-serde = { version = "1", optional = true }
+serde = { version = "1", features = ["derive"], optional = true }

 [features]
 # Separate feature so that `clap` is not a mandatory dependency.
--- a/codex-rs/common/src/config_override.rs
+++ b/codex-rs/common/src/config_override.rs
@@ -15,7 +15,7 @@ use toml::Value;
 /// CLI option that captures arbitrary configuration overrides specified as
 /// `-c key=value`. It intentionally keeps both halves **unparsed** so that the
 /// calling code can decide how to interpret the right-hand side.
-#[derive(Parser, Debug, Default, Clone)]
+#[derive(Parser, Debug, Default, Clone, serde::Serialize)]
 pub struct CliConfigOverrides {
    /// Override a configuration value that would otherwise be loaded from
    /// `~/.codex/config.toml`. Use a dotted path (`foo.bar.baz`) to override
--- a/codex-rs/common/src/elapsed.rs
+++ b/codex-rs/common/src/elapsed.rs
@@ -22,7 +22,8 @@ fn format_elapsed_millis(millis: i64) -> String {
    if millis < 1000 {
        format!("{millis}ms")
    } else if millis < 60_000 {
-        format!("{:.2}s", millis as f64 / 1000.0)
+        let secs = millis / 1000;
+        format!("{secs}s")
    } else {
        let minutes = millis / 60_000;
        let seconds = (millis % 60_000) / 1000;
@@ -48,13 +49,12 @@ mod tests {
    #[test]
    fn test_format_duration_seconds() {
        // Durations between 1s (inclusive) and 60s (exclusive) should be
-        // printed with 2-decimal-place seconds.
+        // printed as whole seconds.
        let dur = Duration::from_millis(1_500); // 1.5s
-        assert_eq!(format_duration(dur), "1.50s");
+        assert_eq!(format_duration(dur), "1s");

-        // 59.999s rounds to 60.00s
        let dur2 = Duration::from_millis(59_999);
-        assert_eq!(format_duration(dur2), "60.00s");
+        assert_eq!(format_duration(dur2), "59s");
    }

    #[test]
--- a/codex-rs/core/README.md
+++ b/codex-rs/core/README.md
@@ -2,18 +2,9 @@

 This crate implements the business logic for Codex. It is designed to be used by the various Codex UIs written in Rust.

-## Dependencies
+Though for non-Rust UIs, we are also working to define a _protocol_ for talking to Codex. See:

-Note that `codex-core` makes some assumptions about certain helper utilities being available in the environment. Currently, this
+- [Specification](../docs/protocol_v1.md)
+- [Rust types](./src/protocol.rs)

-### macOS
-
-Expects `/usr/bin/sandbox-exec` to be present.
-
-### Linux
-
-Expects the binary containing `codex-core` to run the equivalent of `codex debug landlock` when `arg0` is `codex-linux-sandbox`. See the `codex-arg0` crate for details.
-
-### All Platforms
-
-Expects the binary containing `codex-core` to simulate the virtual `apply_patch` CLI when `arg1` is `--codex-run-as-apply-patch`. See the `codex-arg0` crate for details.
+You can use the `proto` subcommand using the executable in the [`cli` crate](../cli) to speak the protocol using newline-delimited-JSON over stdin/stdout.
--- a/codex-rs/core/src/apply_patch.rs
+++ b/codex-rs/core/src/apply_patch.rs
@@ -1,406 +0,0 @@
-use crate::codex::Session;
-use crate::models::FunctionCallOutputPayload;
-use crate::models::ResponseInputItem;
-use crate::protocol::Event;
-use crate::protocol::EventMsg;
-use crate::protocol::FileChange;
-use crate::protocol::PatchApplyBeginEvent;
-use crate::protocol::PatchApplyEndEvent;
-use crate::protocol::ReviewDecision;
-use crate::safety::SafetyCheck;
-use crate::safety::assess_patch_safety;
-use anyhow::Context;
-use codex_apply_patch::AffectedPaths;
-use codex_apply_patch::ApplyPatchAction;
-use codex_apply_patch::ApplyPatchFileChange;
-use codex_apply_patch::print_summary;
-use std::collections::HashMap;
-use std::path::Path;
-use std::path::PathBuf;
-
-pub(crate) async fn apply_patch(
-    sess: &Session,
-    sub_id: String,
-    call_id: String,
-    action: ApplyPatchAction,
-) -> ResponseInputItem {
-    let writable_roots_snapshot = {
-        #[allow(clippy::unwrap_used)]
-        let guard = sess.writable_roots.lock().unwrap();
-        guard.clone()
-    };
-
-    let auto_approved = match assess_patch_safety(
-        &action,
-        sess.approval_policy,
-        &writable_roots_snapshot,
-        &sess.cwd,
-    ) {
-        SafetyCheck::AutoApprove { .. } => true,
-        SafetyCheck::AskUser => {
-            // Compute a readable summary of path changes to include in the
-            // approval request so the user can make an informed decision.
-            let rx_approve = sess
-                .request_patch_approval(sub_id.clone(), call_id.clone(), &action, None, None)
-                .await;
-            match rx_approve.await.unwrap_or_default() {
-                ReviewDecision::Approved | ReviewDecision::ApprovedForSession => false,
-                ReviewDecision::Denied | ReviewDecision::Abort => {
-                    return ResponseInputItem::FunctionCallOutput {
-                        call_id,
-                        output: FunctionCallOutputPayload {
-                            content: "patch rejected by user".to_string(),
-                            success: Some(false),
-                        },
-                    };
-                }
-            }
-        }
-        SafetyCheck::Reject { reason } => {
-            return ResponseInputItem::FunctionCallOutput {
-                call_id,
-                output: FunctionCallOutputPayload {
-                    content: format!("patch rejected: {reason}"),
-                    success: Some(false),
-                },
-            };
-        }
-    };
-
-    // Verify write permissions before touching the filesystem.
-    let writable_snapshot = {
-        #[allow(clippy::unwrap_used)]
-        sess.writable_roots.lock().unwrap().clone()
-    };
-
-    if let Some(offending) = first_offending_path(&action, &writable_snapshot, &sess.cwd) {
-        let root = offending.parent().unwrap_or(&offending).to_path_buf();
-
-        let reason = Some(format!(
-            "grant write access to {} for this session",
-            root.display()
-        ));
-
-        let rx = sess
-            .request_patch_approval(
-                sub_id.clone(),
-                call_id.clone(),
-                &action,
-                reason.clone(),
-                Some(root.clone()),
-            )
-            .await;
-
-        if !matches!(
-            rx.await.unwrap_or_default(),
-            ReviewDecision::Approved | ReviewDecision::ApprovedForSession
-        ) {
-            return ResponseInputItem::FunctionCallOutput {
-                call_id,
-                output: FunctionCallOutputPayload {
-                    content: "patch rejected by user".to_string(),
-                    success: Some(false),
-                },
-            };
-        }
-
-        // user approved, extend writable roots for this session
-        #[allow(clippy::unwrap_used)]
-        sess.writable_roots.lock().unwrap().push(root);
-    }
-
-    let _ = sess
-        .tx_event
-        .send(Event {
-            id: sub_id.clone(),
-            msg: EventMsg::PatchApplyBegin(PatchApplyBeginEvent {
-                call_id: call_id.clone(),
-                auto_approved,
-                changes: convert_apply_patch_to_protocol(&action),
-            }),
-        })
-        .await;
-
-    let mut stdout = Vec::new();
-    let mut stderr = Vec::new();
-    // Enforce writable roots. If a write is blocked, collect offending root
-    // and prompt the user to extend permissions.
-    let mut result = apply_changes_from_apply_patch_and_report(&action, &mut stdout, &mut stderr);
-
-    if let Err(err) = &result {
-        if err.kind() == std::io::ErrorKind::PermissionDenied {
-            // Determine first offending path.
-            let offending_opt = action
-                .changes()
-                .iter()
-                .flat_map(|(path, change)| match change {
-                    ApplyPatchFileChange::Add { .. } => vec![path.as_ref()],
-                    ApplyPatchFileChange::Delete => vec![path.as_ref()],
-                    ApplyPatchFileChange::Update {
-                        move_path: Some(move_path),
-                        ..
-                    } => {
-                        vec![path.as_ref(), move_path.as_ref()]
-                    }
-                    ApplyPatchFileChange::Update {
-                        move_path: None, ..
-                    } => vec![path.as_ref()],
-                })
-                .find_map(|path: &Path| {
-                    // ApplyPatchAction promises to guarantee absolute paths.
-                    if !path.is_absolute() {
-                        panic!("apply_patch invariant failed: path is not absolute: {path:?}");
-                    }
-
-                    let writable = {
-                        #[allow(clippy::unwrap_used)]
-                        let roots = sess.writable_roots.lock().unwrap();
-                        roots.iter().any(|root| path.starts_with(root))
-                    };
-                    if writable {
-                        None
-                    } else {
-                        Some(path.to_path_buf())
-                    }
-                });
-
-            if let Some(offending) = offending_opt {
-                let root = offending.parent().unwrap_or(&offending).to_path_buf();
-
-                let reason = Some(format!(
-                    "grant write access to {} for this session",
-                    root.display()
-                ));
-                let rx = sess
-                    .request_patch_approval(
-                        sub_id.clone(),
-                        call_id.clone(),
-                        &action,
-                        reason.clone(),
-                        Some(root.clone()),
-                    )
-                    .await;
-                if matches!(
-                    rx.await.unwrap_or_default(),
-                    ReviewDecision::Approved | ReviewDecision::ApprovedForSession
-                ) {
-                    // Extend writable roots.
-                    #[allow(clippy::unwrap_used)]
-                    sess.writable_roots.lock().unwrap().push(root);
-                    stdout.clear();
-                    stderr.clear();
-                    result = apply_changes_from_apply_patch_and_report(
-                        &action,
-                        &mut stdout,
-                        &mut stderr,
-                    );
-                }
-            }
-        }
-    }
-
-    // Emit PatchApplyEnd event.
-    let success_flag = result.is_ok();
-    let _ = sess
-        .tx_event
-        .send(Event {
-            id: sub_id.clone(),
-            msg: EventMsg::PatchApplyEnd(PatchApplyEndEvent {
-                call_id: call_id.clone(),
-                stdout: String::from_utf8_lossy(&stdout).to_string(),
-                stderr: String::from_utf8_lossy(&stderr).to_string(),
-                success: success_flag,
-            }),
-        })
-        .await;
-
-    match result {
-        Ok(_) => ResponseInputItem::FunctionCallOutput {
-            call_id,
-            output: FunctionCallOutputPayload {
-                content: String::from_utf8_lossy(&stdout).to_string(),
-                success: None,
-            },
-        },
-        Err(e) => ResponseInputItem::FunctionCallOutput {
-            call_id,
-            output: FunctionCallOutputPayload {
-                content: format!("error: {e:#}, stderr: {}", String::from_utf8_lossy(&stderr)),
-                success: Some(false),
-            },
-        },
-    }
-}
-
-/// Return the first path in `hunks` that is NOT under any of the
-/// `writable_roots` (after normalising). If all paths are acceptable,
-/// returns None.
-fn first_offending_path(
-    action: &ApplyPatchAction,
-    writable_roots: &[PathBuf],
-    cwd: &Path,
-) -> Option<PathBuf> {
-    let changes = action.changes();
-    for (path, change) in changes {
-        let candidate = match change {
-            ApplyPatchFileChange::Add { .. } => path,
-            ApplyPatchFileChange::Delete => path,
-            ApplyPatchFileChange::Update { move_path, .. } => move_path.as_ref().unwrap_or(path),
-        };
-
-        let abs = if candidate.is_absolute() {
-            candidate.clone()
-        } else {
-            cwd.join(candidate)
-        };
-
-        let mut allowed = false;
-        for root in writable_roots {
-            let root_abs = if root.is_absolute() {
-                root.clone()
-            } else {
-                cwd.join(root)
-            };
-            if abs.starts_with(&root_abs) {
-                allowed = true;
-                break;
-            }
-        }
-
-        if !allowed {
-            return Some(candidate.clone());
-        }
-    }
-    None
-}
-
-pub(crate) fn convert_apply_patch_to_protocol(
-    action: &ApplyPatchAction,
-) -> HashMap<PathBuf, FileChange> {
-    let changes = action.changes();
-    let mut result = HashMap::with_capacity(changes.len());
-    for (path, change) in changes {
-        let protocol_change = match change {
-            ApplyPatchFileChange::Add { content } => FileChange::Add {
-                content: content.clone(),
-            },
-            ApplyPatchFileChange::Delete => FileChange::Delete,
-            ApplyPatchFileChange::Update {
-                unified_diff,
-                move_path,
-                new_content: _new_content,
-            } => FileChange::Update {
-                unified_diff: unified_diff.clone(),
-                move_path: move_path.clone(),
-            },
-        };
-        result.insert(path.clone(), protocol_change);
-    }
-    result
-}
-
-fn apply_changes_from_apply_patch_and_report(
-    action: &ApplyPatchAction,
-    stdout: &mut impl std::io::Write,
-    stderr: &mut impl std::io::Write,
-) -> std::io::Result<()> {
-    match apply_changes_from_apply_patch(action) {
-        Ok(affected_paths) => {
-            print_summary(&affected_paths, stdout)?;
-        }
-        Err(err) => {
-            writeln!(stderr, "{err:?}")?;
-        }
-    }
-
-    Ok(())
-}
-
-fn apply_changes_from_apply_patch(action: &ApplyPatchAction) -> anyhow::Result<AffectedPaths> {
-    let mut added: Vec<PathBuf> = Vec::new();
-    let mut modified: Vec<PathBuf> = Vec::new();
-    let mut deleted: Vec<PathBuf> = Vec::new();
-
-    let changes = action.changes();
-    for (path, change) in changes {
-        match change {
-            ApplyPatchFileChange::Add { content } => {
-                if let Some(parent) = path.parent() {
-                    if !parent.as_os_str().is_empty() {
-                        std::fs::create_dir_all(parent).with_context(|| {
-                            format!("Failed to create parent directories for {}", path.display())
-                        })?;
-                    }
-                }
-                std::fs::write(path, content)
-                    .with_context(|| format!("Failed to write file {}", path.display()))?;
-                added.push(path.clone());
-            }
-            ApplyPatchFileChange::Delete => {
-                std::fs::remove_file(path)
-                    .with_context(|| format!("Failed to delete file {}", path.display()))?;
-                deleted.push(path.clone());
-            }
-            ApplyPatchFileChange::Update {
-                unified_diff: _unified_diff,
-                move_path,
-                new_content,
-            } => {
-                if let Some(move_path) = move_path {
-                    if let Some(parent) = move_path.parent() {
-                        if !parent.as_os_str().is_empty() {
-                            std::fs::create_dir_all(parent).with_context(|| {
-                                format!(
-                                    "Failed to create parent directories for {}",
-                                    move_path.display()
-                                )
-                            })?;
-                        }
-                    }
-
-                    std::fs::rename(path, move_path)
-                        .with_context(|| format!("Failed to rename file {}", path.display()))?;
-                    std::fs::write(move_path, new_content)?;
-                    modified.push(move_path.clone());
-                    deleted.push(path.clone());
-                } else {
-                    std::fs::write(path, new_content)?;
-                    modified.push(path.clone());
-                }
-            }
-        }
-    }
-
-    Ok(AffectedPaths {
-        added,
-        modified,
-        deleted,
-    })
-}
-
-pub(crate) fn get_writable_roots(cwd: &Path) -> Vec<PathBuf> {
-    let mut writable_roots = Vec::new();
-    if cfg!(target_os = "macos") {
-        // On macOS, $TMPDIR is private to the user.
-        writable_roots.push(std::env::temp_dir());
-
-        // Allow pyenv to update its shims directory. Without this, any tool
-        // that happens to be managed by `pyenv` will fail with an error like:
-        //
-        //   pyenv: cannot rehash: $HOME/.pyenv/shims isn't writable
-        //
-        // which is emitted every time `pyenv` tries to run `rehash` (for
-        // example, after installing a new Python package that drops an entry
-        // point). Although the sandbox is intentionally read‑only by default,
-        // writing to the user's local `pyenv` directory is safe because it
-        // is already user‑writable and scoped to the current user account.
-        if let Ok(home_dir) = std::env::var("HOME") {
-            let pyenv_dir = PathBuf::from(home_dir).join(".pyenv");
-            writable_roots.push(pyenv_dir);
-        }
-    }
-
-    writable_roots.push(cwd.to_path_buf());
-
-    writable_roots
-}
--- a/codex-rs/core/src/codex.rs
+++ b/codex-rs/core/src/codex.rs
@@ -4,17 +4,22 @@
 use std::borrow::Cow;
 use std::collections::HashMap;
 use std::collections::HashSet;
+use std::path::Path;
 use std::path::PathBuf;
 use std::sync::Arc;
 use std::sync::Mutex;
 use std::sync::atomic::AtomicU64;
 use std::time::Duration;

+use anyhow::Context;
 use async_channel::Receiver;
 use async_channel::Sender;
+use codex_apply_patch::AffectedPaths;
 use codex_apply_patch::ApplyPatchAction;
+use codex_apply_patch::ApplyPatchFileChange;
 use codex_apply_patch::MaybeApplyPatchVerified;
 use codex_apply_patch::maybe_parse_apply_patch_verified;
+use codex_apply_patch::print_summary;
 use futures::prelude::*;
 use mcp_types::CallToolResult;
 use serde::Serialize;
@@ -29,9 +34,6 @@ use tracing::trace;
 use tracing::warn;
 use uuid::Uuid;

-use crate::apply_patch::convert_apply_patch_to_protocol;
-use crate::apply_patch::get_writable_roots;
-use crate::apply_patch::{self};
 use crate::client::ModelClient;
 use crate::client_common::Prompt;
 use crate::client_common::ResponseEvent;
@@ -69,8 +71,11 @@ use crate::protocol::EventMsg;
 use crate::protocol::ExecApprovalRequestEvent;
 use crate::protocol::ExecCommandBeginEvent;
 use crate::protocol::ExecCommandEndEvent;
+use crate::protocol::FileChange;
 use crate::protocol::InputItem;
 use crate::protocol::Op;
+use crate::protocol::PatchApplyBeginEvent;
+use crate::protocol::PatchApplyEndEvent;
 use crate::protocol::ReviewDecision;
 use crate::protocol::SandboxPolicy;
 use crate::protocol::SessionConfiguredEvent;
@@ -79,6 +84,7 @@ use crate::protocol::TaskCompleteEvent;
 use crate::rollout::RolloutRecorder;
 use crate::safety::SafetyCheck;
 use crate::safety::assess_command_safety;
+use crate::safety::assess_patch_safety;
 use crate::shell;
 use crate::user_notification::UserNotification;
 use crate::util::backoff;
@@ -91,18 +97,11 @@ pub struct Codex {
    rx_event: Receiver<Event>,
 }

-/// Wrapper returned by [`Codex::spawn`] containing the spawned [`Codex`],
-/// the submission id for the initial `ConfigureSession` request and the
-/// unique session id.
-pub struct CodexSpawnOk {
-    pub codex: Codex,
-    pub init_id: String,
-    pub session_id: Uuid,
-}
-
 impl Codex {
-    /// Spawn a new [`Codex`] and initialize the session.
-    pub async fn spawn(config: Config, ctrl_c: Arc<Notify>) -> CodexResult<CodexSpawnOk> {
+    /// Spawn a new [`Codex`] and initialize the session. Returns the instance
+    /// of `Codex` and the ID of the `SessionInitialized` event that was
+    /// submitted to start the session.
+    pub async fn spawn(config: Config, ctrl_c: Arc<Notify>) -> CodexResult<(Codex, String, Uuid)> {
        // experimental resume path (undocumented)
        let resume_path = config.experimental_resume.clone();
        info!("resume_path: {resume_path:?}");
@@ -140,11 +139,7 @@ impl Codex {
        };
        let init_id = codex.submit(configure_session).await?;

-        Ok(CodexSpawnOk {
-            codex,
-            init_id,
-            session_id,
-        })
+        Ok((codex, init_id, session_id))
    }

    /// Submit the `op` wrapped in a `Submission` with a unique ID.
@@ -183,19 +178,19 @@ impl Codex {
 /// A session has at most 1 running task at a time, and can be interrupted by user input.
 pub(crate) struct Session {
    client: ModelClient,
-    pub(crate) tx_event: Sender<Event>,
+    tx_event: Sender<Event>,
    ctrl_c: Arc<Notify>,

    /// The session's current working directory. All relative paths provided by
    /// the model as well as sandbox policies are resolved against this path
    /// instead of `std::env::current_dir()`.
-    pub(crate) cwd: PathBuf,
+    cwd: PathBuf,
    base_instructions: Option<String>,
    user_instructions: Option<String>,
-    pub(crate) approval_policy: AskForApproval,
+    approval_policy: AskForApproval,
    sandbox_policy: SandboxPolicy,
    shell_environment_policy: ShellEnvironmentPolicy,
-    pub(crate) writable_roots: Mutex<Vec<PathBuf>>,
+    writable_roots: Mutex<Vec<PathBuf>>,
    disable_response_storage: bool,

    /// Manager for external MCP servers/tools.
@@ -1413,7 +1408,7 @@ async fn handle_container_exec_with_params(
    // check if this was a patch, and apply it if so
    match maybe_parse_apply_patch_verified(&params.command, &params.cwd) {
        MaybeApplyPatchVerified::Body(changes) => {
-            return apply_patch::apply_patch(sess, sub_id, call_id, changes).await;
+            return apply_patch(sess, sub_id, call_id, changes).await;
        }
        MaybeApplyPatchVerified::CorrectnessError(parse_error) => {
            // It looks like an invocation of `apply_patch`, but we
@@ -1662,6 +1657,384 @@ async fn handle_sandbox_error(
    }
 }

+async fn apply_patch(
+    sess: &Session,
+    sub_id: String,
+    call_id: String,
+    action: ApplyPatchAction,
+) -> ResponseInputItem {
+    let writable_roots_snapshot = {
+        let guard = sess.writable_roots.lock().unwrap();
+        guard.clone()
+    };
+
+    let auto_approved = match assess_patch_safety(
+        &action,
+        sess.approval_policy,
+        &writable_roots_snapshot,
+        &sess.cwd,
+    ) {
+        SafetyCheck::AutoApprove { .. } => true,
+        SafetyCheck::AskUser => {
+            // Compute a readable summary of path changes to include in the
+            // approval request so the user can make an informed decision.
+            let rx_approve = sess
+                .request_patch_approval(sub_id.clone(), call_id.clone(), &action, None, None)
+                .await;
+            match rx_approve.await.unwrap_or_default() {
+                ReviewDecision::Approved | ReviewDecision::ApprovedForSession => false,
+                ReviewDecision::Denied | ReviewDecision::Abort => {
+                    return ResponseInputItem::FunctionCallOutput {
+                        call_id,
+                        output: FunctionCallOutputPayload {
+                            content: "patch rejected by user".to_string(),
+                            success: Some(false),
+                        },
+                    };
+                }
+            }
+        }
+        SafetyCheck::Reject { reason } => {
+            return ResponseInputItem::FunctionCallOutput {
+                call_id,
+                output: FunctionCallOutputPayload {
+                    content: format!("patch rejected: {reason}"),
+                    success: Some(false),
+                },
+            };
+        }
+    };
+
+    // Verify write permissions before touching the filesystem.
+    let writable_snapshot = { sess.writable_roots.lock().unwrap().clone() };
+
+    if let Some(offending) = first_offending_path(&action, &writable_snapshot, &sess.cwd) {
+        let root = offending.parent().unwrap_or(&offending).to_path_buf();
+
+        let reason = Some(format!(
+            "grant write access to {} for this session",
+            root.display()
+        ));
+
+        let rx = sess
+            .request_patch_approval(
+                sub_id.clone(),
+                call_id.clone(),
+                &action,
+                reason.clone(),
+                Some(root.clone()),
+            )
+            .await;
+
+        if !matches!(
+            rx.await.unwrap_or_default(),
+            ReviewDecision::Approved | ReviewDecision::ApprovedForSession
+        ) {
+            return ResponseInputItem::FunctionCallOutput {
+                call_id,
+                output: FunctionCallOutputPayload {
+                    content: "patch rejected by user".to_string(),
+                    success: Some(false),
+                },
+            };
+        }
+
+        // user approved, extend writable roots for this session
+        sess.writable_roots.lock().unwrap().push(root);
+    }
+
+    let _ = sess
+        .tx_event
+        .send(Event {
+            id: sub_id.clone(),
+            msg: EventMsg::PatchApplyBegin(PatchApplyBeginEvent {
+                call_id: call_id.clone(),
+                auto_approved,
+                changes: convert_apply_patch_to_protocol(&action),
+            }),
+        })
+        .await;
+
+    let mut stdout = Vec::new();
+    let mut stderr = Vec::new();
+    // Enforce writable roots. If a write is blocked, collect offending root
+    // and prompt the user to extend permissions.
+    let mut result = apply_changes_from_apply_patch_and_report(&action, &mut stdout, &mut stderr);
+
+    if let Err(err) = &result {
+        if err.kind() == std::io::ErrorKind::PermissionDenied {
+            // Determine first offending path.
+            let offending_opt = action
+                .changes()
+                .iter()
+                .flat_map(|(path, change)| match change {
+                    ApplyPatchFileChange::Add { .. } => vec![path.as_ref()],
+                    ApplyPatchFileChange::Delete => vec![path.as_ref()],
+                    ApplyPatchFileChange::Update {
+                        move_path: Some(move_path),
+                        ..
+                    } => {
+                        vec![path.as_ref(), move_path.as_ref()]
+                    }
+                    ApplyPatchFileChange::Update {
+                        move_path: None, ..
+                    } => vec![path.as_ref()],
+                })
+                .find_map(|path: &Path| {
+                    // ApplyPatchAction promises to guarantee absolute paths.
+                    if !path.is_absolute() {
+                        panic!("apply_patch invariant failed: path is not absolute: {path:?}");
+                    }
+
+                    let writable = {
+                        let roots = sess.writable_roots.lock().unwrap();
+                        roots.iter().any(|root| path.starts_with(root))
+                    };
+                    if writable {
+                        None
+                    } else {
+                        Some(path.to_path_buf())
+                    }
+                });
+
+            if let Some(offending) = offending_opt {
+                let root = offending.parent().unwrap_or(&offending).to_path_buf();
+
+                let reason = Some(format!(
+                    "grant write access to {} for this session",
+                    root.display()
+                ));
+                let rx = sess
+                    .request_patch_approval(
+                        sub_id.clone(),
+                        call_id.clone(),
+                        &action,
+                        reason.clone(),
+                        Some(root.clone()),
+                    )
+                    .await;
+                if matches!(
+                    rx.await.unwrap_or_default(),
+                    ReviewDecision::Approved | ReviewDecision::ApprovedForSession
+                ) {
+                    // Extend writable roots.
+                    sess.writable_roots.lock().unwrap().push(root);
+                    stdout.clear();
+                    stderr.clear();
+                    result = apply_changes_from_apply_patch_and_report(
+                        &action,
+                        &mut stdout,
+                        &mut stderr,
+                    );
+                }
+            }
+        }
+    }
+
+    // Emit PatchApplyEnd event.
+    let success_flag = result.is_ok();
+    let _ = sess
+        .tx_event
+        .send(Event {
+            id: sub_id.clone(),
+            msg: EventMsg::PatchApplyEnd(PatchApplyEndEvent {
+                call_id: call_id.clone(),
+                stdout: String::from_utf8_lossy(&stdout).to_string(),
+                stderr: String::from_utf8_lossy(&stderr).to_string(),
+                success: success_flag,
+            }),
+        })
+        .await;
+
+    match result {
+        Ok(_) => ResponseInputItem::FunctionCallOutput {
+            call_id,
+            output: FunctionCallOutputPayload {
+                content: String::from_utf8_lossy(&stdout).to_string(),
+                success: None,
+            },
+        },
+        Err(e) => ResponseInputItem::FunctionCallOutput {
+            call_id,
+            output: FunctionCallOutputPayload {
+                content: format!("error: {e:#}, stderr: {}", String::from_utf8_lossy(&stderr)),
+                success: Some(false),
+            },
+        },
+    }
+}
+
+/// Return the first path in `hunks` that is NOT under any of the
+/// `writable_roots` (after normalising). If all paths are acceptable,
+/// returns None.
+fn first_offending_path(
+    action: &ApplyPatchAction,
+    writable_roots: &[PathBuf],
+    cwd: &Path,
+) -> Option<PathBuf> {
+    let changes = action.changes();
+    for (path, change) in changes {
+        let candidate = match change {
+            ApplyPatchFileChange::Add { .. } => path,
+            ApplyPatchFileChange::Delete => path,
+            ApplyPatchFileChange::Update { move_path, .. } => move_path.as_ref().unwrap_or(path),
+        };
+
+        let abs = if candidate.is_absolute() {
+            candidate.clone()
+        } else {
+            cwd.join(candidate)
+        };
+
+        let mut allowed = false;
+        for root in writable_roots {
+            let root_abs = if root.is_absolute() {
+                root.clone()
+            } else {
+                cwd.join(root)
+            };
+            if abs.starts_with(&root_abs) {
+                allowed = true;
+                break;
+            }
+        }
+
+        if !allowed {
+            return Some(candidate.clone());
+        }
+    }
+    None
+}
+
+fn convert_apply_patch_to_protocol(action: &ApplyPatchAction) -> HashMap<PathBuf, FileChange> {
+    let changes = action.changes();
+    let mut result = HashMap::with_capacity(changes.len());
+    for (path, change) in changes {
+        let protocol_change = match change {
+            ApplyPatchFileChange::Add { content } => FileChange::Add {
+                content: content.clone(),
+            },
+            ApplyPatchFileChange::Delete => FileChange::Delete,
+            ApplyPatchFileChange::Update {
+                unified_diff,
+                move_path,
+                new_content: _new_content,
+            } => FileChange::Update {
+                unified_diff: unified_diff.clone(),
+                move_path: move_path.clone(),
+            },
+        };
+        result.insert(path.clone(), protocol_change);
+    }
+    result
+}
+
+fn apply_changes_from_apply_patch_and_report(
+    action: &ApplyPatchAction,
+    stdout: &mut impl std::io::Write,
+    stderr: &mut impl std::io::Write,
+) -> std::io::Result<()> {
+    match apply_changes_from_apply_patch(action) {
+        Ok(affected_paths) => {
+            print_summary(&affected_paths, stdout)?;
+        }
+        Err(err) => {
+            writeln!(stderr, "{err:?}")?;
+        }
+    }
+
+    Ok(())
+}
+
+fn apply_changes_from_apply_patch(action: &ApplyPatchAction) -> anyhow::Result<AffectedPaths> {
+    let mut added: Vec<PathBuf> = Vec::new();
+    let mut modified: Vec<PathBuf> = Vec::new();
+    let mut deleted: Vec<PathBuf> = Vec::new();
+
+    let changes = action.changes();
+    for (path, change) in changes {
+        match change {
+            ApplyPatchFileChange::Add { content } => {
+                if let Some(parent) = path.parent() {
+                    if !parent.as_os_str().is_empty() {
+                        std::fs::create_dir_all(parent).with_context(|| {
+                            format!("Failed to create parent directories for {}", path.display())
+                        })?;
+                    }
+                }
+                std::fs::write(path, content)
+                    .with_context(|| format!("Failed to write file {}", path.display()))?;
+                added.push(path.clone());
+            }
+            ApplyPatchFileChange::Delete => {
+                std::fs::remove_file(path)
+                    .with_context(|| format!("Failed to delete file {}", path.display()))?;
+                deleted.push(path.clone());
+            }
+            ApplyPatchFileChange::Update {
+                unified_diff: _unified_diff,
+                move_path,
+                new_content,
+            } => {
+                if let Some(move_path) = move_path {
+                    if let Some(parent) = move_path.parent() {
+                        if !parent.as_os_str().is_empty() {
+                            std::fs::create_dir_all(parent).with_context(|| {
+                                format!(
+                                    "Failed to create parent directories for {}",
+                                    move_path.display()
+                                )
+                            })?;
+                        }
+                    }
+
+                    std::fs::rename(path, move_path)
+                        .with_context(|| format!("Failed to rename file {}", path.display()))?;
+                    std::fs::write(move_path, new_content)?;
+                    modified.push(move_path.clone());
+                    deleted.push(path.clone());
+                } else {
+                    std::fs::write(path, new_content)?;
+                    modified.push(path.clone());
+                }
+            }
+        }
+    }
+
+    Ok(AffectedPaths {
+        added,
+        modified,
+        deleted,
+    })
+}
+
+fn get_writable_roots(cwd: &Path) -> Vec<PathBuf> {
+    let mut writable_roots = Vec::new();
+    if cfg!(target_os = "macos") {
+        // On macOS, $TMPDIR is private to the user.
+        writable_roots.push(std::env::temp_dir());
+
+        // Allow pyenv to update its shims directory. Without this, any tool
+        // that happens to be managed by `pyenv` will fail with an error like:
+        //
+        //   pyenv: cannot rehash: $HOME/.pyenv/shims isn't writable
+        //
+        // which is emitted every time `pyenv` tries to run `rehash` (for
+        // example, after installing a new Python package that drops an entry
+        // point). Although the sandbox is intentionally read‑only by default,
+        // writing to the user's local `pyenv` directory is safe because it
+        // is already user‑writable and scoped to the current user account.
+        if let Ok(home_dir) = std::env::var("HOME") {
+            let pyenv_dir = PathBuf::from(home_dir).join(".pyenv");
+            writable_roots.push(pyenv_dir);
+        }
+    }
+
+    writable_roots.push(cwd.to_path_buf());
+
+    writable_roots
+}
+
 /// Exec output is a pre-serialized JSON payload
 fn format_exec_output(output: &str, exit_code: i32, duration: Duration) -> String {
    #[derive(Serialize)]
--- a/codex-rs/core/src/codex_wrapper.rs
+++ b/codex-rs/core/src/codex_wrapper.rs
@@ -1,7 +1,6 @@
 use std::sync::Arc;

 use crate::Codex;
-use crate::CodexSpawnOk;
 use crate::config::Config;
 use crate::protocol::Event;
 use crate::protocol::EventMsg;
@@ -9,27 +8,14 @@ use crate::util::notify_on_sigint;
 use tokio::sync::Notify;
 use uuid::Uuid;

-/// Represents an active Codex conversation, including the first event
-/// (which is [`EventMsg::SessionConfigured`]).
-pub struct CodexConversation {
-    pub codex: Codex,
-    pub session_id: Uuid,
-    pub session_configured: Event,
-    pub ctrl_c: Arc<Notify>,
-}
-
 /// Spawn a new [`Codex`] and initialize the session.
 ///
 /// Returns the wrapped [`Codex`] **and** the `SessionInitialized` event that
 /// is received as a response to the initial `ConfigureSession` submission so
 /// that callers can surface the information to the UI.
-pub async fn init_codex(config: Config) -> anyhow::Result<CodexConversation> {
+pub async fn init_codex(config: Config) -> anyhow::Result<(Codex, Event, Arc<Notify>, Uuid)> {
    let ctrl_c = notify_on_sigint();
-    let CodexSpawnOk {
-        codex,
-        init_id,
-        session_id,
-    } = Codex::spawn(config, ctrl_c.clone()).await?;
+    let (codex, init_id, session_id) = Codex::spawn(config, ctrl_c.clone()).await?;

    // The first event must be `SessionInitialized`. Validate and forward it to
    // the caller so that they can display it in the conversation history.
@@ -48,10 +34,5 @@ pub async fn init_codex(config: Config) -> anyhow::Result<CodexConversation> {
        ));
    }

-    Ok(CodexConversation {
-        codex,
-        session_id,
-        session_configured: event,
-        ctrl_c,
-    })
+    Ok((codex, event, ctrl_c, session_id))
 }
--- a/codex-rs/core/src/lib.rs
+++ b/codex-rs/core/src/lib.rs
@@ -5,14 +5,12 @@
 // the TUI or the tracing stack).
 #![deny(clippy::print_stdout, clippy::print_stderr)]

-mod apply_patch;
 mod bash;
 mod chat_completions;
 mod client;
 mod client_common;
 pub mod codex;
 pub use codex::Codex;
-pub use codex::CodexSpawnOk;
 pub mod codex_wrapper;
 pub mod config;
 pub mod config_profile;
--- a/codex-rs/core/src/mcp_connection_manager.rs
+++ b/codex-rs/core/src/mcp_connection_manager.rs
@@ -8,7 +8,6 @@

 use std::collections::HashMap;
 use std::collections::HashSet;
-use std::ffi::OsString;
 use std::time::Duration;

 use anyhow::Context;
@@ -128,12 +127,7 @@ impl McpConnectionManager {

            join_set.spawn(async move {
                let McpServerConfig { command, args, env } = cfg;
-                let client_res = McpClient::new_stdio_client(
-                    command.into(),
-                    args.into_iter().map(OsString::from).collect(),
-                    env,
-                )
-                .await;
+                let client_res = McpClient::new_stdio_client(command, args, env).await;
                match client_res {
                    Ok(client) => {
                        // Initialize the client.
--- a/codex-rs/core/src/protocol.rs
+++ b/codex-rs/core/src/protocol.rs
@@ -278,9 +278,8 @@ pub struct Event {
 }

 /// Response event from the agent
-#[derive(Debug, Clone, Deserialize, Serialize, Display)]
+#[derive(Debug, Clone, Deserialize, Serialize)]
 #[serde(tag = "type", rename_all = "snake_case")]
-#[strum(serialize_all = "snake_case")]
 pub enum EventMsg {
    /// Error while executing a submission
    Error(ErrorEvent),
--- a/codex-rs/core/tests/client.rs
+++ b/codex-rs/core/tests/client.rs
@@ -1,5 +1,4 @@
 use codex_core::Codex;
-use codex_core::CodexSpawnOk;
 use codex_core::ModelProviderInfo;
 use codex_core::exec::CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR;
 use codex_core::protocol::EventMsg;
@@ -73,7 +72,7 @@ async fn includes_session_id_and_model_headers_in_request() {
    let mut config = load_default_config_for_test(&codex_home);
    config.model_provider = model_provider;
    let ctrl_c = std::sync::Arc::new(tokio::sync::Notify::new());
-    let CodexSpawnOk { codex, .. } = Codex::spawn(config, ctrl_c.clone()).await.unwrap();
+    let (codex, _init_id, _session_id) = Codex::spawn(config, ctrl_c.clone()).await.unwrap();

    codex
        .submit(Op::UserInput {
@@ -149,7 +148,7 @@ async fn includes_base_instructions_override_in_request() {
    config.model_provider = model_provider;

    let ctrl_c = std::sync::Arc::new(tokio::sync::Notify::new());
-    let CodexSpawnOk { codex, .. } = Codex::spawn(config, ctrl_c.clone()).await.unwrap();
+    let (codex, ..) = Codex::spawn(config, ctrl_c.clone()).await.unwrap();

    codex
        .submit(Op::UserInput {
--- a/codex-rs/core/tests/live_agent.rs
+++ b/codex-rs/core/tests/live_agent.rs
@@ -20,7 +20,6 @@
 use std::time::Duration;

 use codex_core::Codex;
-use codex_core::CodexSpawnOk;
 use codex_core::error::CodexErr;
 use codex_core::protocol::AgentMessageEvent;
 use codex_core::protocol::ErrorEvent;
@@ -49,7 +48,7 @@ async fn spawn_codex() -> Result<Codex, CodexErr> {
    let mut config = load_default_config_for_test(&codex_home);
    config.model_provider.request_max_retries = Some(2);
    config.model_provider.stream_max_retries = Some(2);
-    let CodexSpawnOk { codex: agent, .. } =
+    let (agent, _init_id, _session_id) =
        Codex::spawn(config, std::sync::Arc::new(Notify::new())).await?;

    Ok(agent)
--- a/codex-rs/core/tests/stream_no_completed.rs
+++ b/codex-rs/core/tests/stream_no_completed.rs
@@ -4,7 +4,6 @@
 use std::time::Duration;

 use codex_core::Codex;
-use codex_core::CodexSpawnOk;
 use codex_core::ModelProviderInfo;
 use codex_core::exec::CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR;
 use codex_core::protocol::EventMsg;
@@ -95,7 +94,7 @@ async fn retries_on_early_close() {
    let codex_home = TempDir::new().unwrap();
    let mut config = load_default_config_for_test(&codex_home);
    config.model_provider = model_provider;
-    let CodexSpawnOk { codex, .. } = Codex::spawn(config, ctrl_c).await.unwrap();
+    let (codex, _init_id, _session_id) = Codex::spawn(config, ctrl_c).await.unwrap();

    codex
        .submit(Op::UserInput {
--- a/codex-rs/exec/Cargo.toml
+++ b/codex-rs/exec/Cargo.toml
@@ -18,13 +18,13 @@ workspace = true
 anyhow = "1"
 chrono = "0.4.40"
 clap = { version = "4", features = ["derive"] }
-codex-arg0 = { path = "../arg0" }
 codex-core = { path = "../core" }
 codex-common = { path = "../common", features = [
    "cli",
    "elapsed",
    "sandbox_summary",
 ] }
+codex-linux-sandbox = { path = "../linux-sandbox" }
 owo-colors = "4.2.0"
 serde_json = "1"
 shlex = "1.3.0"
@@ -37,8 +37,3 @@ tokio = { version = "1", features = [
 ] }
 tracing = { version = "0.1.41", features = ["log"] }
 tracing-subscriber = { version = "0.3.19", features = ["env-filter"] }
-
-[dev-dependencies]
-assert_cmd = "2"
-predicates = "3"
-tempfile = "3.13.0"
--- a/codex-rs/exec/src/event_processor_with_human_output.rs
+++ b/codex-rs/exec/src/event_processor_with_human_output.rs
@@ -24,12 +24,28 @@ use std::collections::HashMap;
 use std::io::Write;
 use std::path::PathBuf;
 use std::time::Instant;
+use std::path::Path;

 use crate::event_processor::CodexStatus;
 use crate::event_processor::EventProcessor;
 use crate::event_processor::create_config_summary_entries;
 use crate::event_processor::handle_last_message;

+// Helper: determine base ~/.codex directory similar to concurrent module.
+fn codex_base_dir_for_logging() -> Option<std::path::PathBuf> {
+    if let Ok(val) = std::env::var("CODEX_HOME") { if !val.is_empty() { return std::fs::canonicalize(val).ok(); } }
+    let home = std::env::var_os("HOME")?;
+    let base = std::path::PathBuf::from(home).join(".codex");
+    let _ = std::fs::create_dir_all(&base);
+    Some(base)
+}
+
+fn append_json_line(path: &Path, value: &serde_json::Value) -> std::io::Result<()> {
+    use std::io::Write as _;
+    let mut f = std::fs::OpenOptions::new().create(true).append(true).open(path)?;
+    writeln!(f, "{}", value.to_string())
+}
+
 /// This should be configurable. When used in CI, users may not want to impose
 /// a limit so they can see the full transcript.
 const MAX_OUTPUT_LINES_FOR_EXEC_TOOL_CALL: usize = 20;
@@ -59,6 +75,7 @@ pub(crate) struct EventProcessorWithHumanOutput {
    answer_started: bool,
    reasoning_started: bool,
    last_message_path: Option<PathBuf>,
+    last_token_usage: Option<TokenUsage>,
 }

 impl EventProcessorWithHumanOutput {
@@ -87,6 +104,7 @@ impl EventProcessorWithHumanOutput {
                answer_started: false,
                reasoning_started: false,
                last_message_path,
+                last_token_usage: None,
            }
        } else {
            Self {
@@ -104,6 +122,7 @@ impl EventProcessorWithHumanOutput {
                answer_started: false,
                reasoning_started: false,
                last_message_path,
+                last_token_usage: None,
            }
        }
    }
@@ -180,17 +199,74 @@ impl EventProcessor for EventProcessorWithHumanOutput {
                ts_println!(self, "{}", message.style(self.dimmed));
            }
            EventMsg::TaskStarted => {
-                // Ignore.
+                if let Ok(task_id) = std::env::var("CODEX_TASK_ID") {
+                    if let Some(base) = codex_base_dir_for_logging() {
+                        let tasks_path = base.join("tasks.jsonl");
+                        let ts = std::time::SystemTime::now()
+                            .duration_since(std::time::UNIX_EPOCH)
+                            .map(|d| d.as_secs())
+                            .unwrap_or(0);
+                        let obj = serde_json::json!({
+                            "task_id": task_id,
+                            "update_time": ts,
+                            "state": "started",
+                        });
+                        let _ = append_json_line(&tasks_path, &obj);
+                    }
+                }
            }
            EventMsg::TaskComplete(TaskCompleteEvent { last_agent_message }) => {
+                
                handle_last_message(
                    last_agent_message.as_deref(),
                    self.last_message_path.as_deref(),
                );
+                // On completion, append a final state entry with last token count snapshot.
+                if let Ok(task_id) = std::env::var("CODEX_TASK_ID") {
+                    if let Some(base) = codex_base_dir_for_logging() {
+                        let tasks_path = base.join("tasks.jsonl");
+                        let ts = std::time::SystemTime::now()
+                            .duration_since(std::time::UNIX_EPOCH)
+                            .map(|d| d.as_secs())
+                            .unwrap_or(0);
+                        let token_json = self.last_token_usage.as_ref().map(|u| serde_json::json!({
+                            "input_tokens": u.input_tokens,
+                            "cached_input_tokens": u.cached_input_tokens,
+                            "output_tokens": u.output_tokens,
+                            "reasoning_output_tokens": u.reasoning_output_tokens,
+                            "total_tokens": u.total_tokens,
+                        }));
+                        let mut obj = serde_json::json!({
+                            "task_id": task_id,
+                            "completion_time": ts,
+                            "end_time": ts,
+                            "state": "done",
+                        });
+                        if let Some(tj) = token_json { if let serde_json::Value::Object(ref mut map) = obj { map.insert("token_count".to_string(), tj); } }
+                        let _ = append_json_line(&tasks_path, &obj);
+                    }
+                }
                return CodexStatus::InitiateShutdown;
            }
            EventMsg::TokenCount(TokenUsage { total_tokens, .. }) => {
                ts_println!(self, "tokens used: {total_tokens}");
+                if let Ok(task_id) = std::env::var("CODEX_TASK_ID") {
+                    if let Some(base) = codex_base_dir_for_logging() {
+                        let tasks_path = base.join("tasks.jsonl");
+                        let ts = std::time::SystemTime::now()
+                            .duration_since(std::time::UNIX_EPOCH)
+                            .map(|d| d.as_secs())
+                            .unwrap_or(0);
+                        let full = serde_json::json!({
+                            "task_id": task_id,
+                            "update_time": ts,
+                            "token_count": {
+                                "total_tokens": total_tokens,
+                            }
+                        });
+                        let _ = append_json_line(&tasks_path, &full);
+                    }
+                }
            }
            EventMsg::AgentMessageDelta(AgentMessageDeltaEvent { delta }) => {
                if !self.answer_started {
@@ -475,10 +551,41 @@ impl EventProcessor for EventProcessorWithHumanOutput {
                }
            }
            EventMsg::ExecApprovalRequest(_) => {
-                // Should we exit?
+                // When a background task requests execution approval, persist a state transition
+                // so `codex tasks ls` can reflect that it is waiting on user input.
+                if let Ok(task_id) = std::env::var("CODEX_TASK_ID") {
+                    if let Some(base) = codex_base_dir_for_logging() {
+                        let tasks_path = base.join("tasks.jsonl");
+                        let ts = std::time::SystemTime::now()
+                            .duration_since(std::time::UNIX_EPOCH)
+                            .map(|d| d.as_secs())
+                            .unwrap_or(0);
+                        let obj = serde_json::json!({
+                            "task_id": task_id,
+                            "update_time": ts,
+                            "state": "waiting_exec_approval",
+                        });
+                        let _ = append_json_line(&tasks_path, &obj);
+                    }
+                }
            }
            EventMsg::ApplyPatchApprovalRequest(_) => {
-                // Should we exit?
+                // todo: test/verify and verify if useful to keep now
+                if let Ok(task_id) = std::env::var("CODEX_TASK_ID") {
+                    if let Some(base) = codex_base_dir_for_logging() {
+                        let tasks_path = base.join("tasks.jsonl");
+                        let ts = std::time::SystemTime::now()
+                            .duration_since(std::time::UNIX_EPOCH)
+                            .map(|d| d.as_secs())
+                            .unwrap_or(0);
+                        let obj = serde_json::json!({
+                            "task_id": task_id,
+                            "update_time": ts,
+                            "state": "waiting_patch_approval",
+                        });
+                        let _ = append_json_line(&tasks_path, &obj);
+                    }
+                }
            }
            EventMsg::AgentReasoning(agent_reasoning_event) => {
                if self.show_agent_reasoning {
--- a/codex-rs/exec/src/lib.rs
+++ b/codex-rs/exec/src/lib.rs
@@ -7,10 +7,10 @@ use std::io::IsTerminal;
 use std::io::Read;
 use std::path::PathBuf;
 use std::sync::Arc;
+use std::path::Path;

 pub use cli::Cli;
-use codex_core::codex_wrapper::CodexConversation;
-use codex_core::codex_wrapper::{self};
+use codex_core::codex_wrapper;
 use codex_core::config::Config;
 use codex_core::config::ConfigOverrides;
 use codex_core::config_types::SandboxMode;
@@ -156,14 +156,9 @@ pub async fn run_main(cli: Cli, codex_linux_sandbox_exe: Option<PathBuf>) -> any
        .with_writer(std::io::stderr)
        .try_init();

-    let CodexConversation {
-        codex: codex_wrapper,
-        session_configured,
-        ctrl_c,
-        ..
-    } = codex_wrapper::init_codex(config).await?;
+    let (codex_wrapper, event, ctrl_c, _session_id) = codex_wrapper::init_codex(config).await?;
    let codex = Arc::new(codex_wrapper);
-    info!("Codex initialized with event: {session_configured:?}");
+    info!("Codex initialized with event: {event:?}");

    let (tx, mut rx) = tokio::sync::mpsc::unbounded_channel::<Event>();
    {
@@ -243,5 +238,119 @@ pub async fn run_main(cli: Cli, codex_linux_sandbox_exe: Option<PathBuf>) -> any
        }
    }

+    // If running in concurrent auto-merge mode, attempt to commit and merge original branch.
+    if std::env::var("CODEX_CONCURRENT_AUTOMERGE").ok().as_deref() == Some("1") {
+        if let Err(e) = auto_commit_and_fast_forward_original_branch() {
+            eprintln!("[codex-concurrent] Auto-merge skipped: {e}");
+        }
+    }
+
+    Ok(())
+}
+
+fn handle_last_message(
+    last_agent_message: Option<String>,
+    last_message_file: Option<&Path>,
+) -> std::io::Result<()> {
+    match (last_agent_message, last_message_file) {
+        (Some(last_agent_message), Some(last_message_file)) => {
+            // Last message and a file to write to.
+            std::fs::write(last_message_file, last_agent_message)?;
+        }
+        (None, Some(last_message_file)) => {
+            eprintln!(
+                "Warning: No last message to write to file: {}",
+                last_message_file.to_string_lossy()
+            );
+        }
+        (_, None) => {
+            // No last message and no file to write to.
+        }
+    }
+    Ok(())
+}
+
+/// Auto-commit changes in the concurrent worktree branch and integrate them back into the original branch.
+/// Strategy:
+/// 1. Commit any pending changes on the concurrent branch.
+/// 2. Checkout the original branch in the original root and perform a --no-ff merge.
+/// Safety: Only performs merge operations if repository state allows; on conflicts it aborts and reports.
+fn auto_commit_and_fast_forward_original_branch() -> anyhow::Result<()> {
+    use std::process::Command;
+    let concurrent_branch = std::env::var("CODEX_CONCURRENT_BRANCH").ok().ok_or_else(|| anyhow::anyhow!("missing concurrent branch env"))?;
+    let original_branch = std::env::var("CODEX_ORIGINAL_BRANCH").ok().ok_or_else(|| anyhow::anyhow!("missing original branch env"))?;
+    let original_commit = std::env::var("CODEX_ORIGINAL_COMMIT").ok().ok_or_else(|| anyhow::anyhow!("missing original commit env"))?;
+    let worktree_dir_env = std::env::var("CODEX_CONCURRENT_WORKTREE").ok();
+    let original_root_env = std::env::var("CODEX_ORIGINAL_ROOT").ok();
+
+    // Determine directory to run git commit for concurrent branch (worktree if provided, else repo root from rev-parse).
+    let worktree_dir = if let Some(wt) = worktree_dir_env.clone() {
+        std::path::PathBuf::from(wt)
+    } else {
+        let repo_root = Command::new("git").args(["rev-parse", "--show-toplevel"]).output()?;
+        if !repo_root.status.success() { anyhow::bail!("not a git repo"); }
+        std::path::PathBuf::from(String::from_utf8_lossy(&repo_root.stdout).trim().to_string())
+    };
+
+    // Commit pending changes (git add ., git commit -m ...).
+    let status_out = Command::new("git")
+        .current_dir(&worktree_dir)
+        .args(["status", "--porcelain"]).output()?;
+    if !status_out.status.success() { anyhow::bail!("git status failed"); }
+    if !status_out.stdout.is_empty() {
+        let add_status = Command::new("git")
+            .current_dir(&worktree_dir)
+            .args(["add", "."]).status()?;
+        if !add_status.success() { anyhow::bail!("git add failed"); }
+        let commit_msg = format!("Codex concurrent run auto-commit on branch {concurrent_branch}");
+        let commit_status = Command::new("git")
+            .current_dir(&worktree_dir)
+            .args(["commit", "-m", &commit_msg]).status()?;
+        if !commit_status.success() { anyhow::bail!("git commit failed"); }
+        eprintln!("[codex-concurrent] Created commit in {concurrent_branch}.");
+    } else {
+        eprintln!("[codex-concurrent] No changes to commit in {concurrent_branch}.");
+    }
+
+    // Capture head of concurrent branch (for potential future use / diagnostics).
+    let concurrent_head_out = Command::new("git")
+        .current_dir(&worktree_dir)
+        .args(["rev-parse", &concurrent_branch]).output()?;
+    if !concurrent_head_out.status.success() { anyhow::bail!("failed to rev-parse concurrent branch"); }
+
+    // Determine where to integrate (original root if known, else worktree).
+    let integration_dir = if let Some(root) = original_root_env.clone() { std::path::PathBuf::from(root) } else { worktree_dir.clone() };
+
+    // Checkout original branch.
+    let co_status = Command::new("git")
+        .current_dir(&integration_dir)
+        .args(["checkout", &original_branch])
+        .status()?;
+    if !co_status.success() { anyhow::bail!("git checkout {original_branch} failed in original root"); }
+
+    // Check if concurrent branch already merged (ancestor test).
+    let ancestor_status = Command::new("git")
+        .current_dir(&integration_dir)
+        .args(["merge-base", "--is-ancestor", &concurrent_branch, &original_branch])
+        .status();
+    if let Ok(code) = ancestor_status {
+        if code.success() {
+            eprintln!("[codex-concurrent] {concurrent_branch} already merged into {original_branch}; skipping.");
+            return Ok(());
+        }
+    }
+
+    // Perform a --no-ff merge.
+    let merge_msg = format!("Merge concurrent Codex branch {concurrent_branch} (base {original_commit})");
+    let merge_status = Command::new("git")
+        .current_dir(&integration_dir)
+        .args(["merge", "--no-ff", &concurrent_branch, "-m", &merge_msg])
+        .status()?;
+    if !merge_status.success() {
+        let _ = Command::new("git").current_dir(&integration_dir).args(["merge", "--abort"]).status();
+        anyhow::bail!("git merge --no-ff failed (conflicts?)");
+    }
+    eprintln!("[codex-concurrent] Merged {concurrent_branch} into {original_branch} in original root: {}", integration_dir.display());
+
    Ok(())
 }
--- a/codex-rs/exec/src/main.rs
+++ b/codex-rs/exec/src/main.rs
@@ -10,7 +10,6 @@
 //! This allows us to ship a completely separate set of functionality as part
 //! of the `codex-exec` binary.
 use clap::Parser;
-use codex_arg0::arg0_dispatch_or_else;
 use codex_common::CliConfigOverrides;
 use codex_exec::Cli;
 use codex_exec::run_main;
@@ -25,7 +24,7 @@ struct TopCli {
 }

 fn main() -> anyhow::Result<()> {
-    arg0_dispatch_or_else(|codex_linux_sandbox_exe| async move {
+    codex_linux_sandbox::run_with_sandbox(|codex_linux_sandbox_exe| async move {
        let top_cli = TopCli::parse();
        // Merge root-level overrides into inner CLI struct so downstream logic remains unchanged.
        let mut inner = top_cli.inner;
--- a/codex-rs/exec/tests/apply_patch.rs
+++ b/codex-rs/exec/tests/apply_patch.rs
@@ -1,38 +0,0 @@
-use anyhow::Context;
-use assert_cmd::prelude::*;
-use std::fs;
-use std::process::Command;
-use tempfile::tempdir;
-
-/// While we may add an `apply-patch` subcommand to the `codex` CLI multitool
-/// at some point, we must ensure that the smaller `codex-exec` CLI can still
-/// emulate the `apply_patch` CLI.
-#[test]
-fn test_standalone_exec_cli_can_use_apply_patch() -> anyhow::Result<()> {
-    let tmp = tempdir()?;
-    let relative_path = "source.txt";
-    let absolute_path = tmp.path().join(relative_path);
-    fs::write(&absolute_path, "original content\n")?;
-
-    Command::cargo_bin("codex-exec")
-        .context("should find binary for codex-exec")?
-        .arg("--codex-run-as-apply-patch")
-        .arg(
-            r#"*** Begin Patch
-*** Update File: source.txt
-@@
-original content
-+modified by apply_patch
-*** End Patch"#,
-        )
-        .current_dir(tmp.path())
-        .assert()
-        .success()
-        .stdout("Success. Updated the following files:\nM source.txt\n")
-        .stderr(predicates::str::is_empty());
-    assert_eq!(
-        fs::read_to_string(absolute_path)?,
-        "modified by apply_patch\n"
-    );
-    Ok(())
-}
--- a/codex-rs/linux-sandbox/Cargo.toml
+++ b/codex-rs/linux-sandbox/Cargo.toml
@@ -14,16 +14,15 @@ path = "src/lib.rs"
 [lints]
 workspace = true

-[target.'cfg(target_os = "linux")'.dependencies]
+[dependencies]
 anyhow = "1"
 clap = { version = "4", features = ["derive"] }
 codex-common = { path = "../common", features = ["cli"] }
 codex-core = { path = "../core" }
-libc = "0.2.172"
-landlock = "0.4.1"
-seccompiler = "0.5.0"
+dotenvy = "0.15.7"
+tokio = { version = "1", features = ["rt-multi-thread"] }

-[target.'cfg(target_os = "linux")'.dev-dependencies]
+[dev-dependencies]
 tempfile = "3"
 tokio = { version = "1", features = [
    "io-std",
@@ -32,3 +31,8 @@ tokio = { version = "1", features = [
    "rt-multi-thread",
    "signal",
 ] }
+
+[target.'cfg(target_os = "linux")'.dependencies]
+libc = "0.2.172"
+landlock = "0.4.1"
+seccompiler = "0.5.0"
--- a/codex-rs/linux-sandbox/src/lib.rs
+++ b/codex-rs/linux-sandbox/src/lib.rs
@@ -4,11 +4,72 @@ mod landlock;
 mod linux_run_main;

 #[cfg(target_os = "linux")]
-pub fn run_main() -> ! {
-    linux_run_main::run_main();
+pub use linux_run_main::run_main;
+
+use std::future::Future;
+use std::path::PathBuf;
+
+/// Helper that consolidates the common boilerplate found in several Codex
+/// binaries (`codex`, `codex-exec`, `codex-tui`) around dispatching to the
+/// `codex-linux-sandbox` sub-command.
+///
+/// When the current executable is invoked through the hard-link or alias
+/// named `codex-linux-sandbox` we *directly* execute [`run_main`](crate::run_main)
+/// (which never returns). Otherwise we:
+/// 1.  Construct a Tokio multi-thread runtime.
+/// 2.  Derive the path to the current executable (so children can re-invoke
+///     the sandbox) when running on Linux.
+/// 3.  Execute the provided async `main_fn` inside that runtime, forwarding
+///     any error.
+///
+/// This function eliminates duplicated code across the various `main.rs`
+/// entry-points.
+pub fn run_with_sandbox<F, Fut>(main_fn: F) -> anyhow::Result<()>
+where
+    F: FnOnce(Option<PathBuf>) -> Fut,
+    Fut: Future<Output = anyhow::Result<()>>,
+{
+    use std::path::Path;
+
+    // Determine if we were invoked via the special alias.
+    let argv0 = std::env::args().next().unwrap_or_default();
+    let exe_name = Path::new(&argv0)
+        .file_name()
+        .and_then(|s| s.to_str())
+        .unwrap_or("");
+
+    if exe_name == "codex-linux-sandbox" {
+        // Safety: [`run_main`] never returns.
+        crate::run_main();
+    }
+
+    // This modifies the environment, which is not thread-safe, so do this
+    // before creating any threads/the Tokio runtime.
+    load_dotenv();
+
+    // Regular invocation – create a Tokio runtime and execute the provided
+    // async entry-point.
+    let runtime = tokio::runtime::Runtime::new()?;
+    runtime.block_on(async move {
+        let codex_linux_sandbox_exe: Option<PathBuf> = if cfg!(target_os = "linux") {
+            std::env::current_exe().ok()
+        } else {
+            None
+        };
+
+        main_fn(codex_linux_sandbox_exe).await
+    })
 }

 #[cfg(not(target_os = "linux"))]
 pub fn run_main() -> ! {
    panic!("codex-linux-sandbox is only supported on Linux");
 }
+
+/// Load env vars from ~/.codex/.env and `$(pwd)/.env`.
+fn load_dotenv() {
+    if let Ok(codex_home) = codex_core::config::find_codex_home() {
+        dotenvy::from_path(codex_home.join(".env")).ok();
+    }
+    dotenvy::dotenv().ok();
+}
--- a/codex-rs/login/Cargo.toml
+++ b/codex-rs/login/Cargo.toml
@@ -18,11 +18,3 @@ tokio = { version = "1", features = [
    "rt-multi-thread",
    "signal",
 ] }
-hyper = { version = "1", features = ["http1", "server"] }
-hyper-util = { version = "0.1", features = ["tokio"] }
-open = "5"
-url = "2"
-base64 = "0.22"
-sha2 = "0.10"
-rand = "0.8"
-http-body-util = "0.1"
--- a/codex-rs/login/src/lib.rs
+++ b/codex-rs/login/src/lib.rs
@@ -8,19 +8,52 @@ use std::io::Write;
 #[cfg(unix)]
 use std::os::unix::fs::OpenOptionsExt;
 use std::path::Path;
-use std::time::Duration;
+use std::process::Stdio;
+use tokio::process::Command;

-mod server;
+const SOURCE_FOR_PYTHON_SERVER: &str = include_str!("./login_with_chatgpt.py");

 const CLIENT_ID: &str = "app_EMoamEEZ73f0CkXaXp7hrann";

-/// Spawn a local OAuth callback server and run the ChatGPT login flow.
-/// On success, reads the OPENAI_API_KEY from CODEX_HOME/auth.json and returns it.
-pub async fn login_with_chatgpt(codex_home: &Path) -> std::io::Result<String> {
-    // Run the Rust implementation of the login server (raw hyper).
-    // This replicates the behavior of login_with_chatgpt.py.
-    server::run_login_server(codex_home).await?;
-    try_read_openai_api_key(codex_home).await
+/// Run `python3 -c {{SOURCE_FOR_PYTHON_SERVER}}` with the CODEX_HOME
+/// environment variable set to the provided `codex_home` path. If the
+/// subprocess exits 0, read the OPENAI_API_KEY property out of
+/// CODEX_HOME/auth.json and return Ok(OPENAI_API_KEY). Otherwise, return Err
+/// with any information from the subprocess.
+///
+/// If `capture_output` is true, the subprocess's output will be captured and
+/// recorded in memory. Otherwise, the subprocess's output will be sent to the
+/// current process's stdout/stderr.
+pub async fn login_with_chatgpt(
+    codex_home: &Path,
+    capture_output: bool,
+) -> std::io::Result<String> {
+    let child = Command::new("python3")
+        .arg("-c")
+        .arg(SOURCE_FOR_PYTHON_SERVER)
+        .env("CODEX_HOME", codex_home)
+        .stdin(Stdio::null())
+        .stdout(if capture_output {
+            Stdio::piped()
+        } else {
+            Stdio::inherit()
+        })
+        .stderr(if capture_output {
+            Stdio::piped()
+        } else {
+            Stdio::inherit()
+        })
+        .spawn()?;
+
+    let output = child.wait_with_output().await?;
+    if output.status.success() {
+        try_read_openai_api_key(codex_home).await
+    } else {
+        let stderr = String::from_utf8_lossy(&output.stderr);
+        Err(std::io::Error::other(format!(
+            "login_with_chatgpt subprocess failed: {stderr}"
+        )))
+    }
 }

 /// Attempt to read the `OPENAI_API_KEY` from the `auth.json` file in the given
@@ -40,11 +73,7 @@ pub async fn try_read_auth_json(codex_home: &Path) -> std::io::Result<AuthDotJso
    let auth_dot_json: AuthDotJson = serde_json::from_str(&contents)?;

    if is_expired(&auth_dot_json) {
-        let refresh_response =
-            tokio::time::timeout(Duration::from_secs(60), try_refresh_token(&auth_dot_json))
-                .await
-                .map_err(|_| std::io::Error::other("timed out while refreshing OpenAI API key"))?
-                .map_err(std::io::Error::other)?;
+        let refresh_response = try_refresh_token(&auth_dot_json).await?;
        let mut auth_dot_json = auth_dot_json;
        auth_dot_json.tokens.id_token = refresh_response.id_token;
        if let Some(refresh_token) = refresh_response.refresh_token {
--- a/codex-rs/login/src/login_with_chatgpt.py
+++ b/codex-rs/login/src/login_with_chatgpt.py
@@ -0,0 +1,846 @@
+"""Script that spawns a local webserver for retrieving an OpenAI API key.
+
+- Listens on 127.0.0.1:1455
+- Opens http://localhost:1455/auth/callback in the browser
+- If the user successfully navigates the auth flow,
+  $CODEX_HOME/auth.json will be written with the API key.
+- User will be redirected to http://localhost:1455/success upon success.
+
+The script should exit with a non-zero code if the user fails to navigate the
+auth flow.
+
+To test this script locally without overwriting your existing auth.json file:
+
+```
+rm -rf /tmp/codex_home && mkdir /tmp/codex_home
+CODEX_HOME=/tmp/codex_home python3 codex-rs/login/src/login_with_chatgpt.py
+```
+"""
+
+from __future__ import annotations
+
+import argparse
+import base64
+import datetime
+import errno
+import hashlib
+import http.server
+import json
+import os
+import secrets
+import sys
+import threading
+import time
+import urllib.parse
+import urllib.request
+import webbrowser
+from dataclasses import dataclass
+from typing import Any, Dict  # for type hints
+
+# Required port for OAuth client.
+REQUIRED_PORT = 1455
+URL_BASE = f"http://localhost:{REQUIRED_PORT}"
+DEFAULT_ISSUER = "https://auth.openai.com"
+DEFAULT_CLIENT_ID = "app_EMoamEEZ73f0CkXaXp7hrann"
+
+EXIT_CODE_WHEN_ADDRESS_ALREADY_IN_USE = 13
+
+
+@dataclass
+class TokenData:
+    id_token: str
+    access_token: str
+    refresh_token: str
+    account_id: str
+
+
+@dataclass
+class AuthBundle:
+    """Aggregates authentication data produced after successful OAuth flow."""
+
+    api_key: str
+    token_data: TokenData
+    last_refresh: str
+
+
+def main() -> None:
+    parser = argparse.ArgumentParser(description="Retrieve API key via local HTTP flow")
+    parser.add_argument(
+        "--no-browser",
+        action="store_true",
+        help="Do not automatically open the browser",
+    )
+    parser.add_argument("--verbose", action="store_true", help="Enable request logging")
+    args = parser.parse_args()
+
+    codex_home = os.environ.get("CODEX_HOME")
+    if not codex_home:
+        eprint("ERROR: CODEX_HOME environment variable is not set")
+        sys.exit(1)
+
+    # Spawn server.
+    try:
+        httpd = _ApiKeyHTTPServer(
+            ("127.0.0.1", REQUIRED_PORT),
+            _ApiKeyHTTPHandler,
+            codex_home=codex_home,
+            verbose=args.verbose,
+        )
+    except OSError as e:
+        eprint(f"ERROR: {e}")
+        if e.errno == errno.EADDRINUSE:
+            # Caller might want to handle this case specially.
+            sys.exit(EXIT_CODE_WHEN_ADDRESS_ALREADY_IN_USE)
+        else:
+            sys.exit(1)
+
+    auth_url = httpd.auth_url()
+
+    with httpd:
+        eprint(f"Starting local login server on {URL_BASE}")
+        if not args.no_browser:
+            try:
+                webbrowser.open(auth_url, new=1, autoraise=True)
+            except Exception as e:
+                eprint(f"Failed to open browser: {e}")
+
+        eprint(
+            f"If your browser did not open, navigate to this URL to authenticate:\n\n{auth_url}"
+        )
+
+        # Run the server in the main thread until `shutdown()` is called by the
+        # request handler.
+        try:
+            httpd.serve_forever()
+        except KeyboardInterrupt:
+            eprint("\nKeyboard interrupt received, exiting.")
+
+        # Server has been shut down by the request handler. Exit with the code
+        # it set (0 on success, non-zero on failure).
+        sys.exit(httpd.exit_code)
+
+
+class _ApiKeyHTTPHandler(http.server.BaseHTTPRequestHandler):
+    """A minimal request handler that captures an *api key* from query/post."""
+
+    # We store the result in the server instance itself.
+    server: "_ApiKeyHTTPServer"  # type: ignore[override]  - helpful annotation
+
+    def do_GET(self) -> None:  # noqa: N802 – required by BaseHTTPRequestHandler
+        path = urllib.parse.urlparse(self.path).path
+
+        if path == "/success":
+            # Serve confirmation page then gracefully shut down the server so
+            # the main thread can exit with the previously captured exit code.
+            self._send_html(LOGIN_SUCCESS_HTML)
+
+            # Ensure the data is flushed to the client before we stop.
+            try:
+                self.wfile.flush()
+            except Exception as e:
+                eprint(f"Failed to flush response: {e}")
+
+            self.request_shutdown()
+        elif path == "/auth/callback":
+            query = urllib.parse.urlparse(self.path).query
+            params = urllib.parse.parse_qs(query)
+
+            # Validate state -------------------------------------------------
+            if params.get("state", [None])[0] != self.server.state:
+                self.send_error(400, "State parameter mismatch")
+                return
+
+            # Standard OAuth flow -----------------------------------------
+            code = params.get("code", [None])[0]
+            if not code:
+                self.send_error(400, "Missing authorization code")
+                return
+
+            try:
+                auth_bundle, success_url = self._exchange_code_for_api_key(code)
+            except Exception as exc:  # noqa: BLE001 – propagate to client
+                self.send_error(500, f"Token exchange failed: {exc}")
+                return
+
+            # Persist API key along with additional token metadata.
+            if _write_auth_file(
+                auth=auth_bundle,
+                codex_home=self.server.codex_home,
+            ):
+                self.server.exit_code = 0
+                self._send_redirect(success_url)
+            else:
+                self.send_error(500, "Unable to persist auth file")
+        else:
+            self.send_error(404, "Endpoint not supported")
+
+    def do_POST(self) -> None:  # noqa: N802 – required by BaseHTTPRequestHandler
+        self.send_error(404, "Endpoint not supported")
+
+    def send_error(self, code, message=None, explain=None) -> None:
+        """Send an error response and stop the server.
+
+        We avoid calling `sys.exit()` directly from the request-handling thread
+        so that the response has a chance to be written to the socket. Instead
+        we shut the server down; the main thread will then exit with the
+        appropriate status code.
+        """
+        super().send_error(code, message, explain)
+        try:
+            self.wfile.flush()
+        except Exception as e:
+            eprint(f"Failed to flush response: {e}")
+
+        self.request_shutdown()
+
+    def _send_redirect(self, url: str) -> None:
+        self.send_response(302)
+        self.send_header("Location", url)
+        self.end_headers()
+
+    def _send_html(self, body: str) -> None:
+        encoded = body.encode()
+        self.send_response(200)
+        self.send_header("Content-Type", "text/html; charset=utf-8")
+        self.send_header("Content-Length", str(len(encoded)))
+        self.end_headers()
+        self.wfile.write(encoded)
+
+    # Silence logging for cleanliness unless --verbose flag is used.
+    def log_message(self, fmt: str, *args):  # type: ignore[override]
+        if getattr(self.server, "verbose", False):  # type: ignore[attr-defined]
+            super().log_message(fmt, *args)
+
+    def _exchange_code_for_api_key(self, code: str) -> tuple[AuthBundle, str]:
+        """Perform token + token-exchange to obtain an OpenAI API key.
+
+        Returns (AuthBundle, success_url).
+        """
+
+        token_endpoint = f"{self.server.issuer}/oauth/token"
+
+        # 1. Authorization-code -> (id_token, access_token, refresh_token)
+        data = urllib.parse.urlencode(
+            {
+                "grant_type": "authorization_code",
+                "code": code,
+                "redirect_uri": self.server.redirect_uri,
+                "client_id": self.server.client_id,
+                "code_verifier": self.server.pkce.code_verifier,
+            }
+        ).encode()
+
+        token_data: TokenData
+
+        with urllib.request.urlopen(
+            urllib.request.Request(
+                token_endpoint,
+                data=data,
+                method="POST",
+                headers={"Content-Type": "application/x-www-form-urlencoded"},
+            )
+        ) as resp:
+            payload = json.loads(resp.read().decode())
+            
+            # Extract chatgpt_account_id from id_token
+            id_token_parts = payload["id_token"].split(".")
+            if len(id_token_parts) != 3:
+                raise ValueError("Invalid ID token")
+            id_token_claims = _decode_jwt_segment(id_token_parts[1])
+            auth_claims = id_token_claims.get("https://api.openai.com/auth", {})
+            chatgpt_account_id = auth_claims.get("chatgpt_account_id", "")
+            
+            token_data = TokenData(
+                id_token=payload["id_token"],
+                access_token=payload["access_token"],
+                refresh_token=payload["refresh_token"],
+                account_id=chatgpt_account_id,
+            )
+
+        access_token_parts = token_data.access_token.split(".")
+        if len(access_token_parts) != 3:
+            raise ValueError("Invalid access token")
+
+        access_token_claims = _decode_jwt_segment(access_token_parts[1])
+
+        token_claims = id_token_claims.get("https://api.openai.com/auth", {})
+        access_claims = access_token_claims.get("https://api.openai.com/auth", {})
+
+        org_id = token_claims.get("organization_id")
+        if not org_id:
+            raise ValueError("Missing organization in id_token claims")
+
+        project_id = token_claims.get("project_id")
+        if not project_id:
+            raise ValueError("Missing project in id_token claims")
+
+        random_id = secrets.token_hex(6)
+
+        # 2. Token exchange to obtain API key
+        today = datetime.datetime.now(datetime.timezone.utc).strftime("%Y-%m-%d")
+        exchange_data = urllib.parse.urlencode(
+            {
+                "grant_type": "urn:ietf:params:oauth:grant-type:token-exchange",
+                "client_id": self.server.client_id,
+                "requested_token": "openai-api-key",
+                "subject_token": token_data.id_token,
+                "subject_token_type": "urn:ietf:params:oauth:token-type:id_token",
+                "name": f"Codex CLI [auto-generated] ({today}) [{random_id}]",
+            }
+        ).encode()
+
+        exchanged_access_token: str
+        with urllib.request.urlopen(
+            urllib.request.Request(
+                token_endpoint,
+                data=exchange_data,
+                method="POST",
+                headers={"Content-Type": "application/x-www-form-urlencoded"},
+            )
+        ) as resp:
+            exchange_payload = json.loads(resp.read().decode())
+            exchanged_access_token = exchange_payload["access_token"]
+
+        # Determine whether the organization still requires additional
+        # setup (e.g., adding a payment method) based on the ID-token
+        # claim provided by the auth service.
+        completed_onboarding = token_claims.get("completed_platform_onboarding") == True
+        chatgpt_plan_type = access_claims.get("chatgpt_plan_type")
+        is_org_owner = token_claims.get("is_org_owner") == True
+        needs_setup = not completed_onboarding and is_org_owner
+
+        # Build the success URL on the same host/port as the callback and
+        # include the required query parameters for the front-end page.
+        success_url_query = {
+            "id_token": token_data.id_token,
+            "needs_setup": "true" if needs_setup else "false",
+            "org_id": org_id,
+            "project_id": project_id,
+            "plan_type": chatgpt_plan_type,
+            "platform_url": (
+                "https://platform.openai.com"
+                if self.server.issuer == "https://auth.openai.com"
+                else "https://platform.api.openai.org"
+            ),
+        }
+        success_url = f"{URL_BASE}/success?{urllib.parse.urlencode(success_url_query)}"
+
+        # Attempt to redeem complimentary API credits for eligible ChatGPT
+        # Plus / Pro subscribers. Any errors are logged but do not interrupt
+        # the login flow.
+
+        try:
+            maybe_redeem_credits(
+                issuer=self.server.issuer,
+                client_id=self.server.client_id,
+                id_token=token_data.id_token,
+                refresh_token=token_data.refresh_token,
+                codex_home=self.server.codex_home,
+            )
+        except Exception as exc:  # pragma: no cover – best-effort only
+            eprint(f"Unable to redeem ChatGPT subscriber API credits: {exc}")
+
+        # Persist refresh_token/id_token for future use (redeem credits etc.)
+        last_refresh_str = (
+            datetime.datetime.now(datetime.timezone.utc)
+            .isoformat()
+            .replace("+00:00", "Z")
+        )
+
+        auth_bundle = AuthBundle(
+            api_key=exchanged_access_token,
+            token_data=token_data,
+            last_refresh=last_refresh_str,
+        )
+
+        return (auth_bundle, success_url)
+
+    def request_shutdown(self) -> None:
+        # shutdown() must be invoked from another thread to avoid
+        # deadlocking the serve_forever() loop, which is running in this
+        # same thread. A short-lived helper thread does the trick.
+        threading.Thread(target=self.server.shutdown, daemon=True).start()
+
+
+def _write_auth_file(*, auth: AuthBundle, codex_home: str) -> bool:
+    """Persist *api_key* to $CODEX_HOME/auth.json.
+
+    Returns True on success, False otherwise.  Any error is printed to
+    *stderr* so that the Rust layer can surface the problem.
+    """
+    if not os.path.isdir(codex_home):
+        try:
+            os.makedirs(codex_home, exist_ok=True)
+        except Exception as exc:  # pragma: no cover – unlikely
+            eprint(f"ERROR: unable to create CODEX_HOME directory: {exc}")
+            return False
+
+    auth_path = os.path.join(codex_home, "auth.json")
+    auth_json_contents = {
+        "OPENAI_API_KEY": auth.api_key,
+        "tokens": {
+            "id_token": auth.token_data.id_token,
+            "access_token": auth.token_data.access_token,
+            "refresh_token": auth.token_data.refresh_token,
+            "account_id": auth.token_data.account_id,
+        },
+        "last_refresh": auth.last_refresh,
+    }
+    try:
+        with open(auth_path, "w", encoding="utf-8") as fp:
+            if hasattr(os, "fchmod"):  # POSIX-safe
+                os.fchmod(fp.fileno(), 0o600)
+            json.dump(auth_json_contents, fp, indent=2)
+    except Exception as exc:  # pragma: no cover – permissions/filesystem
+        eprint(f"ERROR: unable to write auth file: {exc}")
+        return False
+
+    return True
+
+
+@dataclass
+class PkceCodes:
+    code_verifier: str
+    code_challenge: str
+
+
+class _ApiKeyHTTPServer(http.server.HTTPServer):
+    """HTTPServer with shutdown helper & self-contained OAuth configuration."""
+
+    def __init__(
+        self,
+        server_address: tuple[str, int],
+        request_handler_class: type[http.server.BaseHTTPRequestHandler],
+        *,
+        codex_home: str,
+        verbose: bool = False,
+    ) -> None:
+        super().__init__(server_address, request_handler_class, bind_and_activate=True)
+
+        self.exit_code = 1
+        self.codex_home = codex_home
+        self.verbose: bool = verbose
+
+        self.issuer: str = DEFAULT_ISSUER
+        self.client_id: str = DEFAULT_CLIENT_ID
+        port = server_address[1]
+        self.redirect_uri: str = f"http://localhost:{port}/auth/callback"
+        self.pkce: PkceCodes = _generate_pkce()
+        self.state: str = secrets.token_hex(32)
+
+    def auth_url(self) -> str:
+        """Return fully-formed OpenID authorization URL."""
+        params = {
+            "response_type": "code",
+            "client_id": self.client_id,
+            "redirect_uri": self.redirect_uri,
+            "scope": "openid profile email offline_access",
+            "code_challenge": self.pkce.code_challenge,
+            "code_challenge_method": "S256",
+            "id_token_add_organizations": "true",
+            "state": self.state,
+        }
+        return f"{self.issuer}/oauth/authorize?" + urllib.parse.urlencode(params)
+
+
+def maybe_redeem_credits(
+    *,
+    issuer: str,
+    client_id: str,
+    id_token: str | None,
+    refresh_token: str,
+    codex_home: str,
+) -> None:
+    """Attempt to redeem complimentary API credits for ChatGPT subscribers.
+
+    The operation is best-effort: any error results in a warning being printed
+    and the function returning early without raising.
+    """
+    id_claims: Dict[str, Any] | None = parse_id_token_claims(id_token or "")
+
+    # Refresh expired ID token, if possible
+    token_expired = True
+    if id_claims and isinstance(id_claims.get("exp"), int):
+        token_expired = _current_timestamp_ms() >= int(id_claims["exp"]) * 1000
+
+    if token_expired:
+        eprint("Refreshing credentials...")
+        new_refresh_token: str | None = None
+        new_id_token: str | None = None
+
+        try:
+            payload = json.dumps(
+                {
+                    "client_id": client_id,
+                    "grant_type": "refresh_token",
+                    "refresh_token": refresh_token,
+                    "scope": "openid profile email",
+                }
+            ).encode()
+
+            req = urllib.request.Request(
+                url="https://auth.openai.com/oauth/token",
+                data=payload,
+                method="POST",
+                headers={"Content-Type": "application/json"},
+            )
+
+            with urllib.request.urlopen(req) as resp:
+                refresh_data = json.loads(resp.read().decode())
+                new_id_token = refresh_data.get("id_token")
+                new_id_claims = parse_id_token_claims(new_id_token or "")
+                new_refresh_token = refresh_data.get("refresh_token")
+        except Exception as err:
+            eprint("Unable to refresh ID token via token-exchange:", err)
+            return
+
+        if not new_id_token or not new_refresh_token:
+            return
+
+        # Update auth.json with new tokens.
+        try:
+            auth_dir = codex_home
+            auth_path = os.path.join(auth_dir, "auth.json")
+            with open(auth_path, "r", encoding="utf-8") as fp:
+                existing = json.load(fp)
+
+            tokens = existing.setdefault("tokens", {})
+            tokens["id_token"] = new_id_token
+            # Note this does not touch the access_token?
+            tokens["refresh_token"] = new_refresh_token
+            tokens["last_refresh"] = (
+                datetime.datetime.now(datetime.timezone.utc)
+                .isoformat()
+                .replace("+00:00", "Z")
+            )
+
+            with open(auth_path, "w", encoding="utf-8") as fp:
+                if hasattr(os, "fchmod"):
+                    os.fchmod(fp.fileno(), 0o600)
+                json.dump(existing, fp, indent=2)
+        except Exception as err:
+            eprint("Unable to update refresh token in auth file:", err)
+
+        if not new_id_claims:
+            # Still couldn't parse claims.
+            return
+
+        id_token = new_id_token
+        id_claims = new_id_claims
+
+    # Done refreshing credentials: now try to redeem credits.
+    if not id_token:
+        eprint("No ID token available, cannot redeem credits.")
+        return
+
+    auth_claims = id_claims.get("https://api.openai.com/auth", {})
+
+    # Subscription eligibility check (Plus or Pro, >7 days active)
+    sub_start_str = auth_claims.get("chatgpt_subscription_active_start")
+    if isinstance(sub_start_str, str):
+        try:
+            sub_start_ts = datetime.datetime.fromisoformat(sub_start_str.rstrip("Z"))
+            if datetime.datetime.now(
+                datetime.timezone.utc
+            ) - sub_start_ts < datetime.timedelta(days=7):
+                eprint(
+                    "Sorry, your subscription must be active for more than 7 days to redeem credits."
+                )
+                return
+        except ValueError:
+            # Malformed; ignore
+            pass
+
+    completed_onboarding = bool(auth_claims.get("completed_platform_onboarding"))
+    is_org_owner = bool(auth_claims.get("is_org_owner"))
+    needs_setup = not completed_onboarding and is_org_owner
+    plan_type = auth_claims.get("chatgpt_plan_type")
+
+    if needs_setup or plan_type not in {"plus", "pro"}:
+        eprint("Only users with Plus or Pro subscriptions can redeem free API credits.")
+        return
+
+    api_host = (
+        "https://api.openai.com"
+        if issuer == "https://auth.openai.com"
+        else "https://api.openai.org"
+    )
+
+    try:
+        redeem_payload = json.dumps({"id_token": id_token}).encode()
+        req = urllib.request.Request(
+            url=f"{api_host}/v1/billing/redeem_credits",
+            data=redeem_payload,
+            method="POST",
+            headers={"Content-Type": "application/json"},
+        )
+
+        with urllib.request.urlopen(req) as resp:
+            redeem_data = json.loads(resp.read().decode())
+
+        granted = redeem_data.get("granted_chatgpt_subscriber_api_credits", 0)
+        if granted and granted > 0:
+            eprint(
+                f"""Thanks for being a ChatGPT {'Plus' if plan_type=='plus' else 'Pro'} subscriber!
+If you haven't already redeemed, you should receive {'$5' if plan_type=='plus' else '$50'} in API credits.
+
+Credits: https://platform.openai.com/settings/organization/billing/credit-grants
+More info: https://help.openai.com/en/articles/11381614""",
+            )
+        else:
+            eprint(
+                f"""It looks like no credits were granted:
+
+{json.dumps(redeem_data, indent=2)}
+
+Credits: https://platform.openai.com/settings/organization/billing/credit-grants
+More info: https://help.openai.com/en/articles/11381614"""
+            )
+    except Exception as err:
+        eprint("Credit redemption request failed:", err)
+
+
+def _generate_pkce() -> PkceCodes:
+    """Generate PKCE *code_verifier* and *code_challenge* (S256)."""
+    code_verifier = secrets.token_hex(64)
+    digest = hashlib.sha256(code_verifier.encode()).digest()
+    code_challenge = base64.urlsafe_b64encode(digest).rstrip(b"=").decode()
+    return PkceCodes(code_verifier, code_challenge)
+
+
+def eprint(*args, **kwargs) -> None:
+    print(*args, file=sys.stderr, **kwargs)
+
+
+# Parse ID-token claims (if provided)
+#
+# interface IDTokenClaims {
+#   "exp": number; // specifically, an int
+#   "https://api.openai.com/auth": {
+#     organization_id: string;
+#     project_id: string;
+#     completed_platform_onboarding: boolean;
+#     is_org_owner: boolean;
+#     chatgpt_subscription_active_start: string;
+#     chatgpt_subscription_active_until: string;
+#     chatgpt_plan_type: string;
+#   };
+# }
+def parse_id_token_claims(id_token: str) -> Dict[str, Any] | None:
+    if id_token:
+        parts = id_token.split(".")
+        if len(parts) == 3:
+            return _decode_jwt_segment(parts[1])
+    return None
+
+
+def _decode_jwt_segment(segment: str) -> Dict[str, Any]:
+    """Return the decoded JSON payload from a JWT segment.
+
+    Adds required padding for urlsafe_b64decode.
+    """
+    padded = segment + "=" * (-len(segment) % 4)
+    try:
+        data = base64.urlsafe_b64decode(padded.encode())
+        return json.loads(data.decode())
+    except Exception:
+        return {}
+
+
+def _current_timestamp_ms() -> int:
+    return int(time.time() * 1000)
+
+
+LOGIN_SUCCESS_HTML = """<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <title>Sign into Codex CLI</title>
+    <link rel="icon" href='data:image/svg+xml,%3Csvg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="none" viewBox="0 0 32 32"%3E%3Cpath stroke="%23000" stroke-linecap="round" stroke-width="2.484" d="M22.356 19.797H17.17M9.662 12.29l1.979 3.576a.511.511 0 0 1-.005.504l-1.974 3.409M30.758 16c0 8.15-6.607 14.758-14.758 14.758-8.15 0-14.758-6.607-14.758-14.758C1.242 7.85 7.85 1.242 16 1.242c8.15 0 14.758 6.608 14.758 14.758Z"/%3E%3C/svg%3E' type="image/svg+xml">
+    <style>
+      .container {
+        margin: auto;
+        height: 100%;
+        display: flex;
+        align-items: center;
+        justify-content: center;
+        position: relative;
+        background: white;
+        font-family: system-ui, -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, 'Open Sans', 'Helvetica Neue', sans-serif;
+      }
+      .inner-container {
+        width: 400px;
+        flex-direction: column;
+        justify-content: flex-start;
+        align-items: center;
+        gap: 20px;
+        display: inline-flex;
+      }
+      .content {
+        align-self: stretch;
+        flex-direction: column;
+        justify-content: flex-start;
+        align-items: center;
+        gap: 20px;
+        display: flex;
+      }
+      .svg-wrapper {
+        position: relative;
+      }
+      .title {
+        text-align: center;
+        color: var(--text-primary, #0D0D0D);
+        font-size: 28px;
+        font-weight: 400;
+        line-height: 36.40px;
+        word-wrap: break-word;
+      }
+      .setup-box {
+        width: 600px;
+        padding: 16px 20px;
+        background: var(--bg-primary, white);
+        box-shadow: 0px 4px 16px rgba(0, 0, 0, 0.05);
+        border-radius: 16px;
+        outline: 1px var(--border-default, rgba(13, 13, 13, 0.10)) solid;
+        outline-offset: -1px;
+        justify-content: flex-start;
+        align-items: center;
+        gap: 16px;
+        display: inline-flex;
+      }
+      .setup-content {
+        flex: 1 1 0;
+        justify-content: flex-start;
+        align-items: center;
+        gap: 24px;
+        display: flex;
+      }
+      .setup-text {
+        flex: 1 1 0;
+        flex-direction: column;
+        justify-content: flex-start;
+        align-items: flex-start;
+        gap: 4px;
+        display: inline-flex;
+      }
+      .setup-title {
+        align-self: stretch;
+        color: var(--text-primary, #0D0D0D);
+        font-size: 14px;
+        font-weight: 510;
+        line-height: 20px;
+        word-wrap: break-word;
+      }
+      .setup-description {
+        align-self: stretch;
+        color: var(--text-secondary, #5D5D5D);
+        font-size: 14px;
+        font-weight: 400;
+        line-height: 20px;
+        word-wrap: break-word;
+      }
+      .redirect-box {
+        justify-content: flex-start;
+        align-items: center;
+        gap: 8px;
+        display: flex;
+      }
+      .close-button,
+      .redirect-button {
+        height: 28px;
+        padding: 8px 16px;
+        background: var(--interactive-bg-primary-default, #0D0D0D);
+        border-radius: 999px;
+        justify-content: center;
+        align-items: center;
+        gap: 4px;
+        display: flex;
+      }
+      .close-button,
+      .redirect-text {
+        color: var(--interactive-label-primary-default, white);
+        font-size: 14px;
+        font-weight: 510;
+        line-height: 20px;
+        word-wrap: break-word;
+        text-decoration: none;
+      }
+    </style>
+  </head>
+  <body>
+    <div class="container">
+      <div class="inner-container">
+        <div class="content">
+          <div data-svg-wrapper class="svg-wrapper">
+            <svg width="56" height="56" viewBox="0 0 56 56" fill="none" xmlns="http://www.w3.org/2000/svg">
+              <path d="M4.6665 28.0003C4.6665 15.1137 15.1132 4.66699 27.9998 4.66699C40.8865 4.66699 51.3332 15.1137 51.3332 28.0003C51.3332 40.887 40.8865 51.3337 27.9998 51.3337C15.1132 51.3337 4.6665 40.887 4.6665 28.0003ZM37.5093 18.5088C36.4554 17.7672 34.9999 18.0203 34.2583 19.0742L24.8508 32.4427L20.9764 28.1808C20.1095 27.2272 18.6338 27.1569 17.6803 28.0238C16.7267 28.8906 16.6565 30.3664 17.5233 31.3199L23.3566 37.7366C23.833 38.2606 24.5216 38.5399 25.2284 38.4958C25.9353 38.4517 26.5838 38.089 26.9914 37.5098L38.0747 21.7598C38.8163 20.7059 38.5632 19.2504 37.5093 18.5088Z" fill="var(--green-400, #04B84C)"/>
+            </svg>
+          </div>
+          <div class="title">Signed in to Codex CLI</div>
+        </div>
+        <div class="close-box" style="display: none;">
+          <div class="setup-description">You may now close this page</div>
+        </div>
+        <div class="setup-box" style="display: none;">
+          <div class="setup-content">
+            <div class="setup-text">
+              <div class="setup-title">Finish setting up your API organization</div>
+              <div class="setup-description">Add a payment method to use your organization.</div>
+            </div>
+            <div class="redirect-box">
+              <div data-hasendicon="false" data-hasstarticon="false" data-ishovered="false" data-isinactive="false" data-ispressed="false" data-size="large" data-type="primary" class="redirect-button">
+                <div class="redirect-text">Redirecting in 3s...</div>
+              </div>
+            </div>
+          </div>
+        </div>
+      </div>
+    </div>
+    <script>
+      (function () {
+        const params = new URLSearchParams(window.location.search);
+        const needsSetup = params.get('needs_setup') === 'true';
+        const platformUrl = params.get('platform_url') || 'https://platform.openai.com';
+        const orgId = params.get('org_id');
+        const projectId = params.get('project_id');
+        const planType = params.get('plan_type');
+        const idToken = params.get('id_token');
+        // Show different message and optional redirect when setup is required
+        if (needsSetup) {
+          const setupBox = document.querySelector('.setup-box');
+          setupBox.style.display = 'flex';
+          const redirectUrlObj = new URL('/org-setup', platformUrl);
+          redirectUrlObj.searchParams.set('p', planType);
+          redirectUrlObj.searchParams.set('t', idToken);
+          redirectUrlObj.searchParams.set('with_org', orgId);
+          redirectUrlObj.searchParams.set('project_id', projectId);
+          const redirectUrl = redirectUrlObj.toString();
+          const message = document.querySelector('.redirect-text');
+          let countdown = 3;
+          function tick() {
+            message.textContent =
+              'Redirecting in ' + countdown + 's…';
+            if (countdown === 0) {
+              window.location.replace(redirectUrl);
+            } else {
+              countdown -= 1;
+              setTimeout(tick, 1000);
+            }
+          }
+          tick();
+        } else {
+          const closeBox = document.querySelector('.close-box');
+          closeBox.style.display = 'flex';
+        }
+      })();
+    </script>
+  </body>
+</html>"""
+
+# Unconditionally call `main()` instead of gating it behind
+# `if __name__ == "__main__"` because this script is either:
+#
+# - invoked as a string passed to `python3 -c`
+# - run via `python3 login_with_chatgpt.py` for testing as part of local
+#   development
+main()
--- a/codex-rs/login/src/server.rs
+++ b/codex-rs/login/src/server.rs
@@ -1,686 +0,0 @@
-use std::collections::HashMap;
-use std::convert::Infallible;
-use std::net::SocketAddr;
-use std::path::Path;
-use std::path::PathBuf;
-use std::sync::Arc;
-use std::sync::Mutex;
-
-use base64::Engine as _;
-use base64::engine::general_purpose::URL_SAFE_NO_PAD;
-use chrono::DateTime;
-use chrono::Utc;
-use http_body_util::Full as BodyFull;
-use hyper::Method;
-use hyper::Request;
-use hyper::Response;
-use hyper::StatusCode;
-use hyper::body::Bytes;
-use hyper::server::conn::http1;
-use hyper::service::service_fn;
-use hyper_util::rt::TokioIo;
-use rand::RngCore;
-use serde_json::json;
-use sha2::Digest;
-use sha2::Sha256;
-use tokio::net::TcpListener;
-use tokio::sync::oneshot;
-
-use crate::CLIENT_ID;
-use crate::TokenData;
-
-const REQUIRED_PORT: u16 = 1455;
-const URL_BASE: &str = "http://localhost:1455";
-const DEFAULT_ISSUER: &str = "https://auth.openai.com";
-
-#[derive(Clone)]
-struct PkceCodes {
-    code_verifier: String,
-    code_challenge: String,
-}
-
-impl PkceCodes {
-    fn generate() -> Self {
-        let code_verifier = random_hex(64);
-        let digest = Sha256::digest(code_verifier.as_bytes());
-        let code_challenge = URL_SAFE_NO_PAD.encode(digest);
-        Self {
-            code_verifier,
-            code_challenge,
-        }
-    }
-}
-
-#[derive(Clone)]
-struct ServerState {
-    codex_home: PathBuf,
-    issuer: String,
-    client_id: String,
-    redirect_uri: String,
-    pkce: PkceCodes,
-    state: String,
-    shutdown_tx: Arc<Mutex<Option<oneshot::Sender<()>>>>,
-}
-
-impl ServerState {
-    fn auth_url(&self) -> String {
-        let params: Vec<(String, String)> = vec![
-            ("response_type".into(), "code".into()),
-            ("client_id".into(), self.client_id.clone()),
-            ("redirect_uri".into(), self.redirect_uri.clone()),
-            ("scope".into(), "openid profile email offline_access".into()),
-            ("code_challenge".into(), self.pkce.code_challenge.clone()),
-            ("code_challenge_method".into(), "S256".into()),
-            ("id_token_add_organizations".into(), "true".into()),
-            ("state".into(), self.state.clone()),
-        ];
-        let query = serde_urlencode(&params);
-        format!("{}/oauth/authorize?{}", self.issuer, query)
-    }
-}
-
-fn serde_urlencode(params: &[(String, String)]) -> String {
-    let mut s = url::form_urlencoded::Serializer::new(String::new());
-    for (k, v) in params.iter() {
-        s.append_pair(k, v);
-    }
-    s.finish()
-}
-
-fn random_hex(len: usize) -> String {
-    let mut bytes = vec![0u8; len];
-    rand::thread_rng().fill_bytes(&mut bytes);
-    bytes.iter().map(|b| format!("{b:02x}")).collect::<String>()
-}
-
-// Public entry point used by lib.rs
-pub async fn run_login_server(codex_home: &Path) -> std::io::Result<()> {
-    let addr = SocketAddr::from(([127, 0, 0, 1], REQUIRED_PORT));
-    let listener = TcpListener::bind(addr).await?;
-
-    let pkce = PkceCodes::generate();
-    let state = random_hex(32);
-    let redirect_uri = format!("{URL_BASE}/auth/callback");
-
-    let (shutdown_tx, shutdown_rx) = oneshot::channel::<()>();
-    let server_state = ServerState {
-        codex_home: codex_home.to_path_buf(),
-        issuer: DEFAULT_ISSUER.to_string(),
-        client_id: CLIENT_ID.to_string(),
-        redirect_uri,
-        pkce,
-        state,
-        shutdown_tx: Arc::new(Mutex::new(Some(shutdown_tx))),
-    };
-
-    let auth_url = server_state.auth_url();
-
-    // Try to open a browser, but don't fail if we can't.
-    if let Err(err) = open::that_detached(&auth_url) {
-        eprintln!("Failed to open browser: {err}");
-    }
-
-    eprintln!("If your browser did not open, navigate to this URL to authenticate:\n\n{auth_url}");
-
-    let state_arc = Arc::new(server_state);
-
-    let accept_task = tokio::spawn(async move {
-        loop {
-            let (stream, _) = match listener.accept().await {
-                Ok(p) => p,
-                Err(e) => {
-                    eprintln!("Accept error: {e}");
-                    continue;
-                }
-            };
-            let io = TokioIo::new(stream);
-            let state_inner = state_arc.clone();
-            tokio::spawn(async move {
-                if let Err(err) = http1::Builder::new()
-                    .serve_connection(
-                        io,
-                        service_fn(|req| handle_request(req, state_inner.clone())),
-                    )
-                    .await
-                {
-                    eprintln!("server connection error: {err}");
-                }
-            });
-        }
-    });
-
-    // Wait for shutdown signal
-    let _ = shutdown_rx.await;
-    accept_task.abort();
-    let _ = accept_task.await;
-    Ok(())
-}
-
-#[allow(clippy::unwrap_used)]
-async fn handle_request(
-    req: Request<hyper::body::Incoming>,
-    state: Arc<ServerState>,
-) -> Result<Response<BodyFull<Bytes>>, Infallible> {
-    let method = req.method().clone();
-    let path = req.uri().path().to_string();
-
-    let resp = match (method, path.as_str()) {
-        (Method::GET, "/success") => Response::builder()
-            .status(StatusCode::OK)
-            .header("Content-Type", "text/html; charset=utf-8")
-            .body(BodyFull::from(Bytes::from(LOGIN_SUCCESS_HTML)))
-            .unwrap(),
-        (Method::GET, "/auth/callback") => match handle_auth_callback(req, state.clone()).await {
-            Ok(resp) => resp,
-            Err((status, msg)) => {
-                let builder = Response::builder().status(status);
-                if let Ok(resp) = builder.body(BodyFull::from(Bytes::from(msg.clone()))) {
-                    // On error, shut down the server after responding
-                    send_shutdown(&state);
-                    resp
-                } else {
-                    Response::builder()
-                        .status(StatusCode::INTERNAL_SERVER_ERROR)
-                        .body(BodyFull::from(Bytes::from_static(b"Internal Server Error")))
-                        .unwrap()
-                }
-            }
-        },
-        _ => Response::builder()
-            .status(StatusCode::NOT_FOUND)
-            .body(BodyFull::from(Bytes::from_static(b"Not Found")))
-            .unwrap(),
-    };
-
-    Ok(resp)
-}
-
-fn send_shutdown(state: &ServerState) {
-    if let Ok(mut guard) = state.shutdown_tx.lock() {
-        if let Some(tx) = guard.take() {
-            let _ = tx.send(());
-        }
-    }
-}
-
-fn decode_jwt_segment(segment: &str) -> serde_json::Value {
-    let data = URL_SAFE_NO_PAD
-        .decode(segment)
-        .map_err(|_| ())
-        .and_then(|bytes| String::from_utf8(bytes).map_err(|_| ()))
-        .ok();
-    if let Some(s) = data {
-        serde_json::from_str::<serde_json::Value>(&s).unwrap_or(serde_json::json!({}))
-    } else {
-        serde_json::json!({})
-    }
-}
-
-#[allow(clippy::unwrap_used)]
-async fn handle_auth_callback(
-    req: Request<hyper::body::Incoming>,
-    state: Arc<ServerState>,
-) -> Result<Response<BodyFull<Bytes>>, (StatusCode, String)> {
-    let query_str = req.uri().query().unwrap_or("");
-    let query: HashMap<String, String> = url::form_urlencoded::parse(query_str.as_bytes())
-        .into_owned()
-        .collect();
-
-    // Validate state
-    if query.get("state").map(String::as_str) != Some(&state.state) {
-        return Err((StatusCode::BAD_REQUEST, "State parameter mismatch".into()));
-    }
-
-    let code = match query.get("code") {
-        Some(c) if !c.is_empty() => c.clone(),
-        _ => return Err((StatusCode::BAD_REQUEST, "Missing authorization code".into())),
-    };
-
-    // 1. Authorization-code -> (id_token, access_token, refresh_token)
-    let token_endpoint = format!("{}/oauth/token", state.issuer);
-    let client = reqwest::Client::new();
-    let form = [
-        ("grant_type", "authorization_code"),
-        ("code", code.as_str()),
-        ("redirect_uri", state.redirect_uri.as_str()),
-        ("client_id", state.client_id.as_str()),
-        ("code_verifier", state.pkce.code_verifier.as_str()),
-    ];
-    let resp = client
-        .post(&token_endpoint)
-        .header("Content-Type", "application/x-www-form-urlencoded")
-        .form(&form)
-        .send()
-        .await
-        .map_err(|e| {
-            (
-                StatusCode::INTERNAL_SERVER_ERROR,
-                format!("Token request failed: {e}"),
-            )
-        })?;
-    if !resp.status().is_success() {
-        return Err((
-            StatusCode::INTERNAL_SERVER_ERROR,
-            format!("Token request failed: {}", resp.status()),
-        ));
-    }
-    let payload: serde_json::Value = resp.json().await.map_err(|e| {
-        (
-            StatusCode::INTERNAL_SERVER_ERROR,
-            format!("Invalid token response: {e}"),
-        )
-    })?;
-
-    let id_token = payload
-        .get("id_token")
-        .and_then(|v| v.as_str())
-        .ok_or((StatusCode::INTERNAL_SERVER_ERROR, "Missing id_token".into()))?
-        .to_string();
-    let access_token = payload
-        .get("access_token")
-        .and_then(|v| v.as_str())
-        .ok_or((
-            StatusCode::INTERNAL_SERVER_ERROR,
-            "Missing access_token".into(),
-        ))?
-        .to_string();
-    let refresh_token = payload
-        .get("refresh_token")
-        .and_then(|v| v.as_str())
-        .ok_or((
-            StatusCode::INTERNAL_SERVER_ERROR,
-            "Missing refresh_token".into(),
-        ))?
-        .to_string();
-
-    // Extract chatgpt_account_id from id_token claims
-    let id_token_parts: Vec<&str> = id_token.split('.').collect();
-    if id_token_parts.len() != 3 {
-        return Err((StatusCode::INTERNAL_SERVER_ERROR, "Invalid ID token".into()));
-    }
-    let id_token_claims = decode_jwt_segment(id_token_parts[1]);
-    let auth_claims = id_token_claims
-        .get("https://api.openai.com/auth")
-        .cloned()
-        .unwrap_or_else(|| json!({}));
-    let account_id = auth_claims
-        .get("chatgpt_account_id")
-        .and_then(|v| v.as_str())
-        .unwrap_or("")
-        .to_string();
-
-    let token_data = TokenData {
-        id_token: id_token.clone(),
-        access_token: access_token.clone(),
-        refresh_token: refresh_token.clone(),
-        account_id,
-    };
-
-    // Parse access_token claims
-    let access_token_parts: Vec<&str> = access_token.split('.').collect();
-    if access_token_parts.len() != 3 {
-        return Err((
-            StatusCode::INTERNAL_SERVER_ERROR,
-            "Invalid access token".into(),
-        ));
-    }
-    let access_token_claims = decode_jwt_segment(access_token_parts[1]);
-
-    let token_claims = id_token_claims
-        .get("https://api.openai.com/auth")
-        .cloned()
-        .unwrap_or_else(|| json!({}));
-    let access_claims = access_token_claims
-        .get("https://api.openai.com/auth")
-        .cloned()
-        .unwrap_or_else(|| json!({}));
-
-    let org_id = token_claims
-        .get("organization_id")
-        .and_then(|v| v.as_str())
-        .ok_or((
-            StatusCode::INTERNAL_SERVER_ERROR,
-            "Missing organization in id_token claims".into(),
-        ))?
-        .to_string();
-    let project_id = token_claims
-        .get("project_id")
-        .and_then(|v| v.as_str())
-        .ok_or((
-            StatusCode::INTERNAL_SERVER_ERROR,
-            "Missing project in id_token claims".into(),
-        ))?
-        .to_string();
-
-    // 2. Token exchange to obtain API key
-    let today = Utc::now().format("%Y-%m-%d").to_string();
-    let rand_id = random_hex(12);
-    let exchange_name = format!("Codex CLI [auto-generated] ({today}) [{rand_id}]");
-    let exchange_form: Vec<(String, String)> = vec![
-        (
-            "grant_type".into(),
-            "urn:ietf:params:oauth:grant-type:token-exchange".into(),
-        ),
-        ("client_id".into(), state.client_id.clone()),
-        ("requested_token".into(), "openai-api-key".into()),
-        ("subject_token".into(), id_token.clone()),
-        (
-            "subject_token_type".into(),
-            "urn:ietf:params:oauth:token-type:id_token".into(),
-        ),
-        ("name".into(), exchange_name),
-    ];
-    let exchange_resp = reqwest::Client::new()
-        .post(&token_endpoint)
-        .header("Content-Type", "application/x-www-form-urlencoded")
-        .form(&exchange_form)
-        .send()
-        .await
-        .map_err(|e| {
-            (
-                StatusCode::INTERNAL_SERVER_ERROR,
-                format!("Exchange request failed: {e}"),
-            )
-        })?;
-    if !exchange_resp.status().is_success() {
-        return Err((
-            StatusCode::INTERNAL_SERVER_ERROR,
-            format!("Exchange request failed: {}", exchange_resp.status()),
-        ));
-    }
-    let exchange_payload: serde_json::Value = exchange_resp.json().await.map_err(|e| {
-        (
-            StatusCode::INTERNAL_SERVER_ERROR,
-            format!("Invalid exchange response: {e}"),
-        )
-    })?;
-    let exchanged_access_token = exchange_payload
-        .get("access_token")
-        .and_then(|v| v.as_str())
-        .ok_or((
-            StatusCode::INTERNAL_SERVER_ERROR,
-            "Missing access_token in exchange".into(),
-        ))?
-        .to_string();
-
-    let completed_onboarding = token_claims
-        .get("completed_platform_onboarding")
-        .and_then(|v| v.as_bool())
-        .unwrap_or(false);
-    let is_org_owner = token_claims
-        .get("is_org_owner")
-        .and_then(|v| v.as_bool())
-        .unwrap_or(false);
-    let needs_setup = !completed_onboarding && is_org_owner;
-    let chatgpt_plan_type = access_claims
-        .get("chatgpt_plan_type")
-        .and_then(|v| v.as_str())
-        .unwrap_or("")
-        .to_string();
-
-    let platform_url = if state.issuer == "https://auth.openai.com" {
-        "https://platform.openai.com"
-    } else {
-        "https://platform.api.openai.org"
-    };
-
-    let success_params: Vec<(String, String)> = vec![
-        ("id_token".into(), id_token.clone()),
-        (
-            "needs_setup".into(),
-            if needs_setup { "true" } else { "false" }.into(),
-        ),
-        ("org_id".into(), org_id.clone()),
-        ("project_id".into(), project_id.clone()),
-        ("plan_type".into(), chatgpt_plan_type.clone()),
-        ("platform_url".into(), platform_url.into()),
-    ];
-    let success_url = format!("{}/success?{}", URL_BASE, serde_urlencode(&success_params));
-
-    // Best-effort credit redemption; errors are logged but do not interrupt flow.
-    if let Err(err) = maybe_redeem_credits(
-        &state.issuer,
-        &state.client_id,
-        Some(&id_token),
-        &refresh_token,
-        &state.codex_home,
-        &access_claims,
-        &token_claims,
-    )
-    .await
-    {
-        eprintln!("Unable to redeem ChatGPT subscriber API credits: {err}");
-    }
-
-    // Persist auth.json
-    let last_refresh: DateTime<Utc> = Utc::now();
-    let auth_json_value = json!({
-        "OPENAI_API_KEY": exchanged_access_token,
-        "tokens": {
-            "id_token": token_data.id_token,
-            "access_token": token_data.access_token,
-            "refresh_token": token_data.refresh_token,
-            "account_id": token_data.account_id,
-        },
-        "last_refresh": last_refresh.to_rfc3339().replace("+00:00", "Z"),
-    });
-    if let Err(err) = write_auth_file(&state.codex_home, auth_json_value).await {
-        return Err((
-            StatusCode::INTERNAL_SERVER_ERROR,
-            format!("Unable to persist auth file: {err}"),
-        ));
-    }
-
-    // Redirect to success URL
-    let resp = Response::builder()
-        .status(StatusCode::FOUND)
-        .header("Location", success_url)
-        .body(BodyFull::from(Bytes::new()))
-        .unwrap();
-
-    // Signal shutdown afterwards
-    send_shutdown(&state);
-
-    Ok(resp)
-}
-
-async fn write_auth_file(codex_home: &Path, contents: serde_json::Value) -> std::io::Result<()> {
-    if !codex_home.is_dir() {
-        std::fs::create_dir_all(codex_home)?;
-    }
-    let auth_path = codex_home.join("auth.json");
-    let mut options = std::fs::OpenOptions::new();
-    options.create(true).truncate(true).write(true);
-    #[cfg(unix)]
-    {
-        use std::os::unix::fs::OpenOptionsExt;
-        options.mode(0o600);
-    }
-    let mut file = options.open(&auth_path)?;
-    let data = serde_json::to_vec_pretty(&contents)?;
-    use std::io::Write as _;
-    file.write_all(&data)?;
-    file.flush()?;
-    Ok(())
-}
-
-async fn maybe_redeem_credits(
-    issuer: &str,
-    client_id: &str,
-    id_token_opt: Option<&str>,
-    refresh_token: &str,
-    codex_home: &Path,
-    access_claims: &serde_json::Value,
-    token_claims: &serde_json::Value,
-) -> Result<(), String> {
-    let mut id_token = id_token_opt.unwrap_or("").to_string();
-    let mut id_claims = parse_id_token_claims(&id_token);
-
-    let token_expired = match id_claims
-        .as_ref()
-        .and_then(|c| c.get("exp").and_then(|v| v.as_i64()))
-    {
-        Some(exp) => Utc::now().timestamp_millis() >= exp * 1000,
-        None => true,
-    };
-
-    if token_expired {
-        eprintln!("Refreshing credentials...");
-        let payload = json!({
-            "client_id": client_id,
-            "grant_type": "refresh_token",
-            "refresh_token": refresh_token,
-            "scope": "openid profile email",
-        });
-        let resp = reqwest::Client::new()
-            .post("https://auth.openai.com/oauth/token")
-            .header("Content-Type", "application/json")
-            .body(payload.to_string())
-            .send()
-            .await
-            .map_err(|e| format!("Unable to refresh ID token via token-exchange: {e}"))?;
-        if !resp.status().is_success() {
-            return Err(format!(
-                "Unable to refresh ID token via token-exchange: {}",
-                resp.status()
-            ));
-        }
-        let refresh_data: serde_json::Value = resp
-            .json()
-            .await
-            .map_err(|e| format!("Invalid refresh response: {e}"))?;
-        let new_id_token = refresh_data
-            .get("id_token")
-            .and_then(|v| v.as_str())
-            .unwrap_or("")
-            .to_string();
-        let new_refresh_token = refresh_data
-            .get("refresh_token")
-            .and_then(|v| v.as_str())
-            .unwrap_or("")
-            .to_string();
-        if !new_id_token.is_empty() && !new_refresh_token.is_empty() {
-            id_token = new_id_token.clone();
-            id_claims = parse_id_token_claims(&new_id_token);
-            // Update auth.json tokens
-            let auth_path = codex_home.join("auth.json");
-            if let Ok(mut file) = std::fs::File::open(&auth_path) {
-                let mut s = String::new();
-                use std::io::Read as _;
-                let _ = file.read_to_string(&mut s);
-                if let Ok(mut existing) = serde_json::from_str::<serde_json::Value>(&s) {
-                    if existing.get("tokens").and_then(|t| t.as_object()).is_none() {
-                        existing["tokens"] = json!({});
-                    }
-                    let tokens = existing["tokens"]
-                        .as_object_mut()
-                        .ok_or_else(|| format!("Invalid auth.json: {s}"))?;
-                    tokens.insert("id_token".into(), json!(new_id_token));
-                    tokens.insert("refresh_token".into(), json!(new_refresh_token));
-                    existing["last_refresh"] =
-                        json!(Utc::now().to_rfc3339().replace("+00:00", "Z"));
-                    // write back
-                    let _ = write_auth_file(codex_home, existing).await;
-                }
-            }
-        } else {
-            // Couldn't refresh; proceed without redeeming
-            return Ok(());
-        }
-    }
-
-    if id_token.is_empty() {
-        eprintln!("No ID token available, cannot redeem credits.");
-        return Ok(());
-    }
-
-    let auth_claims = id_claims
-        .as_ref()
-        .and_then(|v| v.get("https://api.openai.com/auth"))
-        .cloned()
-        .unwrap_or_else(|| json!({}));
-
-    // Subscription eligibility check (Plus or Pro, >7 days active)
-    if let Some(sub_start_str) = auth_claims
-        .get("chatgpt_subscription_active_start")
-        .and_then(|v| v.as_str())
-    {
-        if let Ok(sub_start_ts) = chrono::DateTime::parse_from_rfc3339(sub_start_str) {
-            if Utc::now() - sub_start_ts.with_timezone(&Utc) < chrono::Duration::days(7) {
-                eprintln!(
-                    "Sorry, your subscription must be active for more than 7 days to redeem credits."
-                );
-                return Ok(());
-            }
-        }
-    }
-
-    let completed_onboarding = token_claims
-        .get("completed_platform_onboarding")
-        .and_then(|v| v.as_bool())
-        .unwrap_or(false);
-    let is_org_owner = token_claims
-        .get("is_org_owner")
-        .and_then(|v| v.as_bool())
-        .unwrap_or(false);
-    let needs_setup = !completed_onboarding && is_org_owner;
-    let plan_type = access_claims
-        .get("chatgpt_plan_type")
-        .and_then(|v| v.as_str())
-        .unwrap_or("");
-
-    if needs_setup || (plan_type != "plus" && plan_type != "pro") {
-        eprintln!("Only users with Plus or Pro subscriptions can redeem free API credits.");
-        return Ok(());
-    }
-
-    let api_host = if issuer == "https://auth.openai.com" {
-        "https://api.openai.com"
-    } else {
-        "https://api.openai.org"
-    };
-
-    let redeem_payload = json!({"id_token": id_token});
-    let resp = reqwest::Client::new()
-        .post(format!("{api_host}/v1/billing/redeem_credits"))
-        .header("Content-Type", "application/json")
-        .body(redeem_payload.to_string())
-        .send()
-        .await
-        .map_err(|e| format!("Credit redemption request failed: {e}"))?;
-
-    let redeem_data: serde_json::Value = resp
-        .json()
-        .await
-        .map_err(|e| format!("Invalid redeem response: {e}"))?;
-    let granted = redeem_data
-        .get("granted_chatgpt_subscriber_api_credits")
-        .and_then(|v| v.as_i64())
-        .unwrap_or(0);
-    if granted > 0 {
-        eprintln!(
-            "Thanks for being a ChatGPT {} subscriber!\nIf you haven't already redeemed, you should receive {} in API credits.\n\nCredits: https://platform.openai.com/settings/organization/billing/credit-grants\nMore info: https://help.openai.com/en/articles/11381614",
-            if plan_type == "plus" { "Plus" } else { "Pro" },
-            if plan_type == "plus" { "$5" } else { "$50" }
-        );
-    } else {
-        eprintln!(
-            "It looks like no credits were granted:\n\n{}\n\nCredits: https://platform.openai.com/settings/organization/billing/credit-grants\nMore info: https://help.openai.com/en/articles/11381614",
-            serde_json::to_string_pretty(&redeem_data).unwrap_or_default()
-        );
-    }
-
-    Ok(())
-}
-
-fn parse_id_token_claims(id_token: &str) -> Option<serde_json::Value> {
-    if !id_token.is_empty() {
-        let parts: Vec<&str> = id_token.split('.').collect();
-        if parts.len() == 3 {
-            return Some(decode_jwt_segment(parts[1]));
-        }
-    }
-    None
-}
-
-const LOGIN_SUCCESS_HTML: &str = include_str!("static/success.html");
--- a/codex-rs/login/src/static/success.html
+++ b/codex-rs/login/src/static/success.html
@@ -1,185 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-  <head>
-    <meta charset="utf-8" />
-    <title>Sign into Codex CLI</title>
-    <link rel="icon" href='data:image/svg+xml,%3Csvg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="none" viewBox="0 0 32 32"%3E%3Cpath stroke="%23000" stroke-linecap="round" stroke-width="2.484" d="M22.356 19.797H17.17M9.662 12.29l1.979 3.576a.511.511 0 0 1-.005.504l-1.974 3.409M30.758 16c0 8.15-6.607 14.758-14.758 14.758-8.15 0-14.758-6.607-14.758-14.758C1.242 7.85 7.85 1.242 16 1.242c8.15 0 14.758 6.608 14.758 14.758Z"/%3E%3C/svg%3E' type="image/svg+xml">
-    <style>
-      .container {
-        margin: auto;
-        height: 100%;
-        display: flex;
-        align-items: center;
-        justify-content: center;
-        position: relative;
-        background: white;
-        font-family: system-ui, -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, 'Open Sans', 'Helvetica Neue', sans-serif;
-      }
-      .inner-container {
-        width: 400px;
-        flex-direction: column;
-        justify-content: flex-start;
-        align-items: center;
-        gap: 20px;
-        display: inline-flex;
-      }
-      .content {
-        align-self: stretch;
-        flex-direction: column;
-        justify-content: flex-start;
-        align-items: center;
-        gap: 20px;
-        display: flex;
-      }
-      .svg-wrapper {
-        position: relative;
-      }
-      .title {
-        text-align: center;
-        color: var(--text-primary, #0D0D0D);
-        font-size: 28px;
-        font-weight: 400;
-        line-height: 36.40px;
-        word-wrap: break-word;
-      }
-      .setup-box {
-        width: 600px;
-        padding: 16px 20px;
-        background: var(--bg-primary, white);
-        box-shadow: 0px 4px 16px rgba(0, 0, 0, 0.05);
-        border-radius: 16px;
-        outline: 1px var(--border-default, rgba(13, 13, 13, 0.10)) solid;
-        outline-offset: -1px;
-        justify-content: flex-start;
-        align-items: center;
-        gap: 16px;
-        display: inline-flex;
-      }
-      .setup-content {
-        flex: 1 1 0;
-        justify-content: flex-start;
-        align-items: center;
-        gap: 24px;
-        display: flex;
-      }
-      .setup-text {
-        flex: 1 1 0;
-        flex-direction: column;
-        justify-content: flex-start;
-        align-items: flex-start;
-        gap: 4px;
-        display: inline-flex;
-      }
-      .setup-title {
-        align-self: stretch;
-        color: var(--text-primary, #0D0D0D);
-        font-size: 14px;
-        font-weight: 510;
-        line-height: 20px;
-        word-wrap: break-word;
-      }
-      .setup-description {
-        align-self: stretch;
-        color: var(--text-secondary, #5D5D5D);
-        font-size: 14px;
-        font-weight: 400;
-        line-height: 20px;
-        word-wrap: break-word;
-      }
-      .redirect-box {
-        justify-content: flex-start;
-        align-items: center;
-        gap: 8px;
-        display: flex;
-      }
-      .close-button,
-      .redirect-button {
-        height: 28px;
-        padding: 8px 16px;
-        background: var(--interactive-bg-primary-default, #0D0D0D);
-        border-radius: 999px;
-        justify-content: center;
-        align-items: center;
-        gap: 4px;
-        display: flex;
-      }
-      .close-button,
-      .redirect-text {
-        color: var(--interactive-label-primary-default, white);
-        font-size: 14px;
-        font-weight: 510;
-        line-height: 20px;
-        word-wrap: break-word;
-        text-decoration: none;
-      }
-    </style>
-  </head>
-  <body>
-    <div class="container">
-      <div class="inner-container">
-        <div class="content">
-          <div data-svg-wrapper class="svg-wrapper">
-            <svg width="56" height="56" viewBox="0 0 56 56" fill="none" xmlns="http://www.w3.org/2000/svg">
-              <path d="M4.6665 28.0003C4.6665 15.1137 15.1132 4.66699 27.9998 4.66699C40.8865 4.66699 51.3332 15.1137 51.3332 28.0003C51.3332 40.887 40.8865 51.3337 27.9998 51.3337C15.1132 51.3337 4.6665 40.887 4.6665 28.0003ZM37.5093 18.5088C36.4554 17.7672 34.9999 18.0203 34.2583 19.0742L24.8508 32.4427L20.9764 28.1808C20.1095 27.2272 18.6338 27.1569 17.6803 28.0238C16.7267 28.8906 16.6565 30.3664 17.5233 31.3199L23.3566 37.7366C23.833 38.2606 24.5216 38.5399 25.2284 38.4958C25.9353 38.4517 26.5838 38.089 26.9914 37.5098L38.0747 21.7598C38.8163 20.7059 38.5632 19.2504 37.5093 18.5088Z" fill="var(--green-400, #04B84C)"/>
-            </svg>
-          </div>
-          <div class="title">Signed in to Codex CLI</div>
-        </div>
-        <div class="close-box" style="display: none;">
-          <div class="setup-description">You may now close this page</div>
-        </div>
-        <div class="setup-box" style="display: none;">
-          <div class="setup-content">
-            <div class="setup-text">
-              <div class="setup-title">Finish setting up your API organization</div>
-              <div class="setup-description">Add a payment method to use your organization.</div>
-            </div>
-            <div class="redirect-box">
-              <div data-hasendicon="false" data-hasstarticon="false" data-ishovered="false" data-isinactive="false" data-ispressed="false" data-size="large" data-type="primary" class="redirect-button">
-                <div class="redirect-text">Redirecting in 3s...</div>
-              </div>
-            </div>
-          </div>
-        </div>
-      </div>
-    </div>
-    <script>
-      (function () {
-        const params = new URLSearchParams(window.location.search);
-        const needsSetup = params.get('needs_setup') === 'true';
-        const platformUrl = params.get('platform_url') || 'https://platform.openai.com';
-        const orgId = params.get('org_id');
-        const projectId = params.get('project_id');
-        const planType = params.get('plan_type');
-        const idToken = params.get('id_token');
-        // Show different message and optional redirect when setup is required
-        if (needsSetup) {
-          const setupBox = document.querySelector('.setup-box');
-          setupBox.style.display = 'flex';
-          const redirectUrlObj = new URL('/org-setup', platformUrl);
-          redirectUrlObj.searchParams.set('p', planType);
-          redirectUrlObj.searchParams.set('t', idToken);
-          redirectUrlObj.searchParams.set('with_org', orgId);
-          redirectUrlObj.searchParams.set('project_id', projectId);
-          const redirectUrl = redirectUrlObj.toString();
-          const message = document.querySelector('.redirect-text');
-          let countdown = 3;
-          function tick() {
-            message.textContent =
-              'Redirecting in ' + countdown + 's…';
-            if (countdown === 0) {
-              window.location.replace(redirectUrl);
-            } else {
-              countdown -= 1;
-              setTimeout(tick, 1000);
-            }
-          }
-          tick();
-        } else {
-          const closeBox = document.querySelector('.close-box');
-          closeBox.style.display = 'flex';
-        }
-      })();
-    </script>
-  </body>
-</html>
--- a/codex-rs/mcp-client/src/main.rs
+++ b/codex-rs/mcp-client/src/main.rs
@@ -10,7 +10,6 @@
 //! program. The utility connects, issues a `tools/list` request and prints the
 //! server's response as pretty JSON.

-use std::ffi::OsString;
 use std::time::Duration;

 use anyhow::Context;
@@ -38,7 +37,7 @@ async fn main() -> Result<()> {
        .try_init();

    // Collect command-line arguments excluding the program name itself.
-    let mut args: Vec<OsString> = std::env::args_os().skip(1).collect();
+    let mut args: Vec<String> = std::env::args().skip(1).collect();

    if args.is_empty() || args[0] == "--help" || args[0] == "-h" {
        eprintln!("Usage: mcp-client <program> [args..]\n\nExample: mcp-client codex-mcp-server");
--- a/codex-rs/mcp-client/src/mcp_client.rs
+++ b/codex-rs/mcp-client/src/mcp_client.rs
@@ -12,7 +12,6 @@
 //! issue requests and receive strongly-typed results.

 use std::collections::HashMap;
-use std::ffi::OsString;
 use std::sync::Arc;
 use std::sync::atomic::AtomicI64;
 use std::sync::atomic::Ordering;
@@ -76,6 +75,9 @@ pub struct McpClient {

    /// Monotonically increasing counter used to generate request IDs.
    id_counter: AtomicI64,
+
+    /// Channel receiver for notifications (single consumer). Created per client.
+    notifications_rx: Mutex<Option<mpsc::Receiver<JSONRPCNotification>>>,
 }

 impl McpClient {
@@ -83,8 +85,8 @@ impl McpClient {
    /// Caller is responsible for sending the `initialize` request. See
    /// [`initialize`](Self::initialize) for details.
    pub async fn new_stdio_client(
-        program: OsString,
-        args: Vec<OsString>,
+        program: String,
+        args: Vec<String>,
        env: Option<HashMap<String, String>>,
    ) -> std::io::Result<Self> {
        let mut child = Command::new(program)
@@ -111,6 +113,7 @@ impl McpClient {

        let (outgoing_tx, mut outgoing_rx) = mpsc::channel::<JSONRPCMessage>(CHANNEL_CAPACITY);
        let pending: Arc<Mutex<HashMap<i64, PendingSender>>> = Arc::new(Mutex::new(HashMap::new()));
+        let (notif_tx, notif_rx) = mpsc::channel::<JSONRPCNotification>(CHANNEL_CAPACITY);

        // Spawn writer task. It listens on the `outgoing_rx` channel and
        // writes messages to the child's STDIN.
@@ -157,8 +160,15 @@ impl McpClient {
                            Self::dispatch_error(err, &pending).await;
                        }
                        Ok(JSONRPCMessage::Notification(JSONRPCNotification { .. })) => {
-                            // For now we only log server-initiated notifications.
+                            // Log and also print notifications so callers (e.g., concurrent worker) can stream progress.
                            info!("<- notification: {}", line);
+                            // (Filtered printing handled by higher-level caller; suppress raw spam here.)
+                            // Attempt to forward the notification to channel subscribers.
+                            if let Ok(parsed) = serde_json::from_str::<JSONRPCMessage>(&line) {
+                                if let JSONRPCMessage::Notification(n) = parsed {
+                                    let _ = notif_tx.try_send(n);
+                                }
+                            }
                        }
                        Ok(other) => {
                            // Batch responses and requests are currently not
@@ -184,6 +194,7 @@ impl McpClient {
            outgoing_tx,
            pending,
            id_counter: AtomicI64::new(1),
+            notifications_rx: Mutex::new(Some(notif_rx)),
        })
    }

@@ -350,6 +361,11 @@ impl McpClient {
        self.send_request::<CallToolRequest>(params, timeout).await
    }

+    /// Take the notifications receiver (only once). Returns None if already taken.
+    pub async fn take_notification_receiver(&self) -> Option<mpsc::Receiver<JSONRPCNotification>> {
+        self.notifications_rx.lock().await.take()
+    }
+
    /// Internal helper: route a JSON-RPC *response* object to the pending map.
    async fn dispatch_response(
        resp: JSONRPCResponse,
--- a/codex-rs/mcp-server/Cargo.toml
+++ b/codex-rs/mcp-server/Cargo.toml
@@ -16,8 +16,8 @@ workspace = true

 [dependencies]
 anyhow = "1"
-codex-arg0 = { path = "../arg0" }
 codex-core = { path = "../core" }
+codex-linux-sandbox = { path = "../linux-sandbox" }
 mcp-types = { path = "../mcp-types" }
 schemars = "0.8.22"
 serde = { version = "1", features = ["derive"] }
--- a/codex-rs/mcp-server/src/codex_tool_runner.rs
+++ b/codex-rs/mcp-server/src/codex_tool_runner.rs
@@ -6,7 +6,6 @@ use std::collections::HashMap;
 use std::sync::Arc;

 use codex_core::Codex;
-use codex_core::codex_wrapper::CodexConversation;
 use codex_core::codex_wrapper::init_codex;
 use codex_core::config::Config as CodexConfig;
 use codex_core::protocol::AgentMessageEvent;
@@ -27,7 +26,6 @@ use uuid::Uuid;

 use crate::exec_approval::handle_exec_approval_request;
 use crate::outgoing_message::OutgoingMessageSender;
-use crate::outgoing_message::OutgoingNotificationMeta;
 use crate::patch_approval::handle_patch_approval_request;

 pub(crate) const INVALID_PARAMS_ERROR_CODE: i64 = -32602;
@@ -44,12 +42,7 @@ pub async fn run_codex_tool_session(
    session_map: Arc<Mutex<HashMap<Uuid, Arc<Codex>>>>,
    running_requests_id_to_codex_uuid: Arc<Mutex<HashMap<RequestId, Uuid>>>,
 ) {
-    let CodexConversation {
-        codex,
-        session_configured,
-        session_id,
-        ..
-    } = match init_codex(config).await {
+    let (codex, first_event, _ctrl_c, session_id) = match init_codex(config).await {
        Ok(res) => res,
        Err(e) => {
            let result = CallToolResult {
@@ -72,12 +65,8 @@ pub async fn run_codex_tool_session(
    session_map.lock().await.insert(session_id, codex.clone());
    drop(session_map);

-    outgoing
-        .send_event_as_notification(
-            &session_configured,
-            Some(OutgoingNotificationMeta::new(Some(id.clone()))),
-        )
-        .await;
+    // Send initial SessionConfigured event.
+    outgoing.send_event_as_notification(&first_event).await;

    // Use the original MCP request ID as the `sub_id` for the Codex submission so that
    // any events emitted for this tool-call can be correlated with the
@@ -161,12 +150,7 @@ async fn run_codex_tool_session_inner(
    loop {
        match codex.next_event().await {
            Ok(event) => {
-                outgoing
-                    .send_event_as_notification(
-                        &event,
-                        Some(OutgoingNotificationMeta::new(Some(request_id.clone()))),
-                    )
-                    .await;
+                outgoing.send_event_as_notification(&event).await;

                match event.msg {
                    EventMsg::ExecApprovalRequest(ExecApprovalRequestEvent {
--- a/codex-rs/mcp-server/src/main.rs
+++ b/codex-rs/mcp-server/src/main.rs
@@ -1,8 +1,7 @@
-use codex_arg0::arg0_dispatch_or_else;
 use codex_mcp_server::run_main;

 fn main() -> anyhow::Result<()> {
-    arg0_dispatch_or_else(|codex_linux_sandbox_exe| async move {
+    codex_linux_sandbox::run_with_sandbox(|codex_linux_sandbox_exe| async move {
        run_main(codex_linux_sandbox_exe).await?;
        Ok(())
    })
--- a/codex-rs/mcp-server/src/outgoing_message.rs
+++ b/codex-rs/mcp-server/src/outgoing_message.rs
@@ -18,7 +18,6 @@ use tokio::sync::mpsc;
 use tokio::sync::oneshot;
 use tracing::warn;

-/// Sends messages to the client and manages request callbacks.
 pub(crate) struct OutgoingMessageSender {
    next_request_id: AtomicI64,
    sender: mpsc::Sender<OutgoingMessage>,
@@ -79,47 +78,16 @@ impl OutgoingMessageSender {
        let _ = self.sender.send(outgoing_message).await;
    }

-    pub(crate) async fn send_event_as_notification(
-        &self,
-        event: &Event,
-        meta: Option<OutgoingNotificationMeta>,
-    ) {
-        #[allow(clippy::expect_used)]
-        let event_json = serde_json::to_value(event).expect("Event must serialize");
-
-        let params = if let Ok(params) = serde_json::to_value(OutgoingNotificationParams {
-            meta,
-            event: event_json.clone(),
-        }) {
-            params
-        } else {
-            warn!("Failed to serialize event as OutgoingNotificationParams");
-            event_json
-        };
-
+    pub(crate) async fn send_event_as_notification(&self, event: &Event) {
+        #[expect(clippy::expect_used)]
+        let params = Some(serde_json::to_value(event).expect("Event must serialize"));
        let outgoing_message = OutgoingMessage::Notification(OutgoingNotification {
            method: "codex/event".to_string(),
-            params: Some(params.clone()),
-        });
-        let _ = self.sender.send(outgoing_message).await;
-
-        self.send_event_as_notification_new_schema(event, Some(params.clone()))
-            .await;
-    }
-
-    // should be backwards compatible.
-    // it will replace send_event_as_notification eventually.
-    async fn send_event_as_notification_new_schema(
-        &self,
-        event: &Event,
-        params: Option<serde_json::Value>,
-    ) {
-        let outgoing_message = OutgoingMessage::Notification(OutgoingNotification {
-            method: event.msg.to_string(),
            params,
        });
        let _ = self.sender.send(outgoing_message).await;
    }
+
    pub(crate) async fn send_error(&self, id: RequestId, error: JSONRPCErrorError) {
        let outgoing_message = OutgoingMessage::Error(OutgoingError { id, error });
        let _ = self.sender.send(outgoing_message).await;
@@ -184,30 +152,6 @@ pub(crate) struct OutgoingNotification {
    pub params: Option<serde_json::Value>,
 }

-#[derive(Debug, Clone, PartialEq, Serialize)]
-pub(crate) struct OutgoingNotificationParams {
-    #[serde(rename = "_meta", default, skip_serializing_if = "Option::is_none")]
-    pub meta: Option<OutgoingNotificationMeta>,
-
-    #[serde(flatten)]
-    pub event: serde_json::Value,
-}
-
-// Additional mcp-specific data to be added to a [`codex_core::protocol::Event`] as notification.params._meta
-// MCP Spec: https://modelcontextprotocol.io/specification/2025-06-18/basic#meta
-// Typescript Schema: https://github.com/modelcontextprotocol/modelcontextprotocol/blob/0695a497eb50a804fc0e88c18a93a21a675d6b3e/schema/2025-06-18/schema.ts
-#[derive(Debug, Clone, PartialEq, Serialize)]
-#[serde(rename_all = "camelCase")]
-pub(crate) struct OutgoingNotificationMeta {
-    pub request_id: Option<RequestId>,
-}
-
-impl OutgoingNotificationMeta {
-    pub(crate) fn new(request_id: Option<RequestId>) -> Self {
-        Self { request_id }
-    }
-}
-
 #[derive(Debug, Clone, PartialEq, Serialize)]
 pub(crate) struct OutgoingResponse {
    pub id: RequestId,
@@ -219,113 +163,3 @@ pub(crate) struct OutgoingError {
    pub error: JSONRPCErrorError,
    pub id: RequestId,
 }
-
-#[cfg(test)]
-mod tests {
-    #![allow(clippy::unwrap_used)]
-
-    use codex_core::protocol::EventMsg;
-    use codex_core::protocol::SessionConfiguredEvent;
-    use pretty_assertions::assert_eq;
-    use serde_json::json;
-    use uuid::Uuid;
-
-    use super::*;
-
-    #[tokio::test]
-    async fn test_send_event_as_notification() {
-        let (outgoing_tx, mut outgoing_rx) = mpsc::channel::<OutgoingMessage>(2);
-        let outgoing_message_sender = OutgoingMessageSender::new(outgoing_tx);
-
-        let event = Event {
-            id: "1".to_string(),
-            msg: EventMsg::SessionConfigured(SessionConfiguredEvent {
-                session_id: Uuid::new_v4(),
-                model: "gpt-4o".to_string(),
-                history_log_id: 1,
-                history_entry_count: 1000,
-            }),
-        };
-
-        outgoing_message_sender
-            .send_event_as_notification(&event, None)
-            .await;
-
-        let result = outgoing_rx.recv().await.unwrap();
-        let OutgoingMessage::Notification(OutgoingNotification { method, params }) = result else {
-            panic!("expected Notification for first message");
-        };
-        assert_eq!(method, "codex/event");
-
-        let Ok(expected_params) = serde_json::to_value(&event) else {
-            panic!("Event must serialize");
-        };
-        assert_eq!(params, Some(expected_params.clone()));
-
-        let result2 = outgoing_rx.recv().await.unwrap();
-        let OutgoingMessage::Notification(OutgoingNotification {
-            method: method2,
-            params: params2,
-        }) = result2
-        else {
-            panic!("expected Notification for second message");
-        };
-        assert_eq!(method2, event.msg.to_string());
-        assert_eq!(params2, Some(expected_params));
-    }
-
-    #[tokio::test]
-    async fn test_send_event_as_notification_with_meta() {
-        let (outgoing_tx, mut outgoing_rx) = mpsc::channel::<OutgoingMessage>(2);
-        let outgoing_message_sender = OutgoingMessageSender::new(outgoing_tx);
-
-        let session_configured_event = SessionConfiguredEvent {
-            session_id: Uuid::new_v4(),
-            model: "gpt-4o".to_string(),
-            history_log_id: 1,
-            history_entry_count: 1000,
-        };
-        let event = Event {
-            id: "1".to_string(),
-            msg: EventMsg::SessionConfigured(session_configured_event.clone()),
-        };
-        let meta = OutgoingNotificationMeta {
-            request_id: Some(RequestId::String("123".to_string())),
-        };
-
-        outgoing_message_sender
-            .send_event_as_notification(&event, Some(meta))
-            .await;
-
-        let result = outgoing_rx.recv().await.unwrap();
-        let OutgoingMessage::Notification(OutgoingNotification { method, params }) = result else {
-            panic!("expected Notification for first message");
-        };
-        assert_eq!(method, "codex/event");
-        let expected_params = json!({
-            "_meta": {
-                "requestId": "123",
-            },
-            "id": "1",
-            "msg": {
-                "session_id": session_configured_event.session_id,
-                "model": session_configured_event.model,
-                "history_log_id": session_configured_event.history_log_id,
-                "history_entry_count": session_configured_event.history_entry_count,
-                "type": "session_configured",
-            }
-        });
-        assert_eq!(params.unwrap(), expected_params);
-
-        let result2 = outgoing_rx.recv().await.unwrap();
-        let OutgoingMessage::Notification(OutgoingNotification {
-            method: method2,
-            params: params2,
-        }) = result2
-        else {
-            panic!("expected Notification for second message");
-        };
-        assert_eq!(method2, event.msg.to_string());
-        assert_eq!(params2.unwrap(), expected_params);
-    }
-}
--- a/codex-rs/mcp-server/tests/common/mcp_process.rs
+++ b/codex-rs/mcp-server/tests/common/mcp_process.rs
@@ -270,49 +270,27 @@ impl McpProcess {
    pub async fn read_stream_until_configured_response_message(
        &mut self,
    ) -> anyhow::Result<String> {
-        let mut sid_old: Option<String> = None;
-        let mut sid_new: Option<String> = None;
        loop {
            let message = self.read_jsonrpc_message().await?;
            eprint!("message: {message:?}");

            match message {
                JSONRPCMessage::Notification(notification) => {
-                    if let Some(params) = notification.params {
-                        // Back-compat schema: method == "codex/event" and msg.type == "session_configured"
-                        if notification.method == "codex/event" {
+                    if notification.method == "codex/event" {
+                        if let Some(params) = notification.params {
                            if let Some(msg) = params.get("msg") {
-                                if msg.get("type").and_then(|v| v.as_str())
-                                    == Some("session_configured")
-                                {
-                                    if let Some(session_id) =
-                                        msg.get("session_id").and_then(|v| v.as_str())
-                                    {
-                                        sid_old = Some(session_id.to_string());
+                                if let Some(msg_type) = msg.get("type") {
+                                    if msg_type == "session_configured" {
+                                        if let Some(session_id) = msg.get("session_id") {
+                                            return Ok(session_id
+                                                .to_string()
+                                                .trim_matches('"')
+                                                .to_string());
+                                        }
                                    }
                                }
                            }
                        }
-                        // New schema: method is the Display of EventMsg::SessionConfigured => "SessionConfigured"
-                        if notification.method == "session_configured" {
-                            if let Some(msg) = params.get("msg") {
-                                if let Some(session_id) =
-                                    msg.get("session_id").and_then(|v| v.as_str())
-                                {
-                                    sid_new = Some(session_id.to_string());
-                                }
-                            }
-                        }
-                    }
-
-                    if sid_old.is_some() && sid_new.is_some() {
-                        // Both seen, they must match
-                        assert_eq!(
-                            sid_old.as_ref().unwrap(),
-                            sid_new.as_ref().unwrap(),
-                            "session_id mismatch between old and new schema"
-                        );
-                        return Ok(sid_old.unwrap());
                    }
                }
                JSONRPCMessage::Request(_) => {
--- a/codex-rs/tui/Cargo.toml
+++ b/codex-rs/tui/Cargo.toml
@@ -19,7 +19,6 @@ anyhow = "1"
 base64 = "0.22.1"
 clap = { version = "4", features = ["derive"] }
 codex-ansi-escape = { path = "../ansi-escape" }
-codex-arg0 = { path = "../arg0" }
 codex-core = { path = "../core" }
 codex-common = { path = "../common", features = [
    "cli",
@@ -27,6 +26,7 @@ codex-common = { path = "../common", features = [
    "sandbox_summary",
 ] }
 codex-file-search = { path = "../file-search" }
+codex-linux-sandbox = { path = "../linux-sandbox" }
 codex-login = { path = "../login" }
 color-eyre = "0.6.3"
 crossterm = { version = "0.28.1", features = ["bracketed-paste"] }
@@ -35,9 +35,8 @@ lazy_static = "1"
 mcp-types = { path = "../mcp-types" }
 path-clean = "1.0.1"
 ratatui = { version = "0.29.0", features = [
-    "scrolling-regions",
-    "unstable-rendered-line-info",
    "unstable-widget-ref",
+    "unstable-rendered-line-info",
 ] }
 ratatui-image = "8.0.0"
 regex-lite = "0.1"
--- a/codex-rs/tui/src/app.rs
+++ b/codex-rs/tui/src/app.rs
@@ -5,6 +5,7 @@ use crate::file_search::FileSearchManager;
 use crate::get_git_diff::get_git_diff;
 use crate::git_warning_screen::GitWarningOutcome;
 use crate::git_warning_screen::GitWarningScreen;
+use crate::login_screen::LoginScreen;
 use crate::scroll_event_helper::ScrollEventHelper;
 use crate::slash_command::SlashCommand;
 use crate::tui;
@@ -36,6 +37,8 @@ enum AppState<'a> {
        /// `AppState`.
        widget: Box<ChatWidget<'a>>,
    },
+    /// The login screen for the OpenAI provider.
+    Login { screen: LoginScreen },
    /// The start-up warning that recommends running codex inside a Git repo.
    GitWarning { screen: GitWarningScreen },
 }
@@ -71,6 +74,7 @@ impl App<'_> {
    pub(crate) fn new(
        config: Config,
        initial_prompt: Option<String>,
+        show_login_screen: bool,
        show_git_warning: bool,
        initial_images: Vec<std::path::PathBuf>,
    ) -> Self {
@@ -134,7 +138,18 @@ impl App<'_> {
            });
        }

-        let (app_state, chat_args) = if show_git_warning {
+        let (app_state, chat_args) = if show_login_screen {
+            (
+                AppState::Login {
+                    screen: LoginScreen::new(app_event_tx.clone(), config.codex_home.clone()),
+                },
+                Some(ChatWidgetArgs {
+                    config: config.clone(),
+                    initial_prompt,
+                    initial_images,
+                }),
+            )
+        } else if show_git_warning {
            (
                AppState::GitWarning {
                    screen: GitWarningScreen::new(),
@@ -228,7 +243,7 @@ impl App<'_> {
                                AppState::Chat { widget } => {
                                    widget.on_ctrl_c();
                                }
-                                AppState::GitWarning { .. } => {
+                                AppState::Login { .. } | AppState::GitWarning { .. } => {
                                    // No-op.
                                }
                            }
@@ -249,7 +264,7 @@ impl App<'_> {
                                        self.dispatch_key_event(key_event);
                                    }
                                }
-                                AppState::GitWarning { .. } => {
+                                AppState::Login { .. } | AppState::GitWarning { .. } => {
                                    self.app_event_tx.send(AppEvent::ExitRequest);
                                }
                            }
@@ -273,11 +288,11 @@ impl App<'_> {
                }
                AppEvent::CodexOp(op) => match &mut self.app_state {
                    AppState::Chat { widget } => widget.submit_op(op),
-                    AppState::GitWarning { .. } => {}
+                    AppState::Login { .. } | AppState::GitWarning { .. } => {}
                },
                AppEvent::LatestLog(line) => match &mut self.app_state {
                    AppState::Chat { widget } => widget.update_latest_log(line),
-                    AppState::GitWarning { .. } => {}
+                    AppState::Login { .. } | AppState::GitWarning { .. } => {}
                },
                AppEvent::DispatchCommand(command) => match command {
                    SlashCommand::New => {
@@ -333,7 +348,9 @@ impl App<'_> {
    pub(crate) fn token_usage(&self) -> codex_core::protocol::TokenUsage {
        match &self.app_state {
            AppState::Chat { widget } => widget.token_usage().clone(),
-            AppState::GitWarning { .. } => codex_core::protocol::TokenUsage::default(),
+            AppState::Login { .. } | AppState::GitWarning { .. } => {
+                codex_core::protocol::TokenUsage::default()
+            }
        }
    }

@@ -344,6 +361,9 @@ impl App<'_> {
            AppState::Chat { widget } => {
                terminal.draw(|frame| frame.render_widget_ref(&**widget, frame.area()))?;
            }
+            AppState::Login { screen } => {
+                terminal.draw(|frame| frame.render_widget_ref(&*screen, frame.area()))?;
+            }
            AppState::GitWarning { screen } => {
                terminal.draw(|frame| frame.render_widget_ref(&*screen, frame.area()))?;
            }
@@ -358,6 +378,7 @@ impl App<'_> {
            AppState::Chat { widget } => {
                widget.handle_key_event(key_event);
            }
+            AppState::Login { screen } => screen.handle_key_event(key_event),
            AppState::GitWarning { screen } => match screen.handle_key_event(key_event) {
                GitWarningOutcome::Continue => {
                    // User accepted – switch to chat view.
@@ -388,21 +409,21 @@ impl App<'_> {
    fn dispatch_paste_event(&mut self, pasted: String) {
        match &mut self.app_state {
            AppState::Chat { widget } => widget.handle_paste(pasted),
-            AppState::GitWarning { .. } => {}
+            AppState::Login { .. } | AppState::GitWarning { .. } => {}
        }
    }

    fn dispatch_scroll_event(&mut self, scroll_delta: i32) {
        match &mut self.app_state {
            AppState::Chat { widget } => widget.handle_scroll_delta(scroll_delta),
-            AppState::GitWarning { .. } => {}
+            AppState::Login { .. } | AppState::GitWarning { .. } => {}
        }
    }

    fn dispatch_codex_event(&mut self, event: Event) {
        match &mut self.app_state {
            AppState::Chat { widget } => widget.handle_codex_event(event),
-            AppState::GitWarning { .. } => {}
+            AppState::Login { .. } | AppState::GitWarning { .. } => {}
        }
    }
 }
--- a/codex-rs/tui/src/bottom_pane/approval_modal_view.rs
+++ b/codex-rs/tui/src/bottom_pane/approval_modal_view.rs
@@ -9,7 +9,6 @@ use crate::user_approval_widget::UserApprovalWidget;

 use super::BottomPane;
 use super::BottomPaneView;
-use super::CancellationEvent;

 /// Modal overlay asking the user to approve/deny a sequence of requests.
 pub(crate) struct ApprovalModalView<'a> {
@@ -47,12 +46,6 @@ impl<'a> BottomPaneView<'a> for ApprovalModalView<'a> {
        self.maybe_advance();
    }

-    fn on_ctrl_c(&mut self, _pane: &mut BottomPane<'a>) -> CancellationEvent {
-        self.current.on_ctrl_c();
-        self.queue.clear();
-        CancellationEvent::Handled
-    }
-
    fn is_complete(&self) -> bool {
        self.current.is_complete() && self.queue.is_empty()
    }
@@ -66,39 +59,3 @@ impl<'a> BottomPaneView<'a> for ApprovalModalView<'a> {
        None
    }
 }
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use crate::app_event::AppEvent;
-    use std::path::PathBuf;
-    use std::sync::mpsc::channel;
-
-    fn make_exec_request() -> ApprovalRequest {
-        ApprovalRequest::Exec {
-            id: "test".to_string(),
-            command: vec!["echo".to_string(), "hi".to_string()],
-            cwd: PathBuf::from("/tmp"),
-            reason: None,
-        }
-    }
-
-    #[test]
-    fn ctrl_c_aborts_and_clears_queue() {
-        let (tx_raw, _rx) = channel::<AppEvent>();
-        let tx = AppEventSender::new(tx_raw);
-        let first = make_exec_request();
-        let mut view = ApprovalModalView::new(first, tx);
-        view.enqueue_request(make_exec_request());
-
-        let (tx_raw2, _rx2) = channel::<AppEvent>();
-        let mut pane = BottomPane::new(super::super::BottomPaneParams {
-            app_event_tx: AppEventSender::new(tx_raw2),
-            has_input_focus: true,
-        });
-        assert_eq!(CancellationEvent::Handled, view.on_ctrl_c(&mut pane));
-        assert!(view.queue.is_empty());
-        assert!(view.current.is_complete());
-        assert!(view.is_complete());
-    }
-}
--- a/codex-rs/tui/src/bottom_pane/bottom_pane_view.rs
+++ b/codex-rs/tui/src/bottom_pane/bottom_pane_view.rs
@@ -4,7 +4,6 @@ use ratatui::buffer::Buffer;
 use ratatui::layout::Rect;

 use super::BottomPane;
-use super::CancellationEvent;

 /// Type to use for a method that may require a redraw of the UI.
 pub(crate) enum ConditionalUpdate {
@@ -23,11 +22,6 @@ pub(crate) trait BottomPaneView<'a> {
        false
    }

-    /// Handle Ctrl-C while this view is active.
-    fn on_ctrl_c(&mut self, _pane: &mut BottomPane<'a>) -> CancellationEvent {
-        CancellationEvent::Ignored
-    }
-
    /// Render the view: this will be displayed in place of the composer.
    fn render(&self, area: Rect, buf: &mut Buffer);

--- a/codex-rs/tui/src/bottom_pane/chat_composer.rs
+++ b/codex-rs/tui/src/bottom_pane/chat_composer.rs
@@ -127,6 +127,10 @@ impl ChatComposer<'_> {
            .on_entry_response(log_id, offset, entry, &mut self.textarea)
    }

+    pub fn set_input_focus(&mut self, has_focus: bool) {
+        self.update_border(has_focus);
+    }
+
    pub fn handle_paste(&mut self, pasted: String) -> bool {
        let char_count = pasted.chars().count();
        if char_count > LARGE_PASTE_CHAR_THRESHOLD {
@@ -634,6 +638,13 @@ impl ChatComposer<'_> {
                .border_style(bs.border_style),
        );
    }
+
+    pub(crate) fn is_popup_visible(&self) -> bool {
+        match self.active_popup {
+            ActivePopup::Command(_) | ActivePopup::File(_) => true,
+            ActivePopup::None => false,
+        }
+    }
 }

 impl WidgetRef for &ChatComposer<'_> {
--- a/codex-rs/tui/src/bottom_pane/mod.rs
+++ b/codex-rs/tui/src/bottom_pane/mod.rs
@@ -20,12 +20,6 @@ mod command_popup;
 mod file_search_popup;
 mod status_indicator_view;

-#[derive(Debug, Clone, Copy, PartialEq, Eq)]
-pub(crate) enum CancellationEvent {
-    Ignored,
-    Handled,
-}
-
 pub(crate) use chat_composer::ChatComposer;
 pub(crate) use chat_composer::InputResult;

@@ -86,33 +80,6 @@ impl BottomPane<'_> {
        }
    }

-    /// Handle Ctrl-C in the bottom pane. If a modal view is active it gets a
-    /// chance to consume the event (e.g. to dismiss itself).
-    pub(crate) fn on_ctrl_c(&mut self) -> CancellationEvent {
-        let mut view = match self.active_view.take() {
-            Some(view) => view,
-            None => return CancellationEvent::Ignored,
-        };
-
-        let event = view.on_ctrl_c(self);
-        match event {
-            CancellationEvent::Handled => {
-                if !view.is_complete() {
-                    self.active_view = Some(view);
-                } else if self.is_task_running {
-                    self.active_view = Some(Box::new(StatusIndicatorView::new(
-                        self.app_event_tx.clone(),
-                    )));
-                }
-                self.show_ctrl_c_quit_hint();
-            }
-            CancellationEvent::Ignored => {
-                self.active_view = Some(view);
-            }
-        }
-        event
-    }
-
    pub fn handle_paste(&mut self, pasted: String) {
        if self.active_view.is_none() {
            let needs_redraw = self.composer.handle_paste(pasted);
@@ -137,6 +104,12 @@ impl BottomPane<'_> {
        }
    }

+    /// Update the UI to reflect whether this `BottomPane` has input focus.
+    pub(crate) fn set_input_focus(&mut self, has_focus: bool) {
+        self.has_input_focus = has_focus;
+        self.composer.set_input_focus(has_focus);
+    }
+
    pub(crate) fn show_ctrl_c_quit_hint(&mut self) {
        self.ctrl_c_quit_hint = true;
        self.composer
@@ -230,6 +203,11 @@ impl BottomPane<'_> {
        self.app_event_tx.send(AppEvent::RequestRedraw)
    }

+    /// Returns true when a popup inside the composer is visible.
+    pub(crate) fn is_popup_visible(&self) -> bool {
+        self.active_view.is_none() && self.composer.is_popup_visible()
+    }
+
    // --- History helpers ---

    pub(crate) fn set_history_metadata(&mut self, log_id: u64, entry_count: usize) {
@@ -267,34 +245,3 @@ impl WidgetRef for &BottomPane<'_> {
        }
    }
 }
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use crate::app_event::AppEvent;
-    use std::path::PathBuf;
-    use std::sync::mpsc::channel;
-
-    fn exec_request() -> ApprovalRequest {
-        ApprovalRequest::Exec {
-            id: "1".to_string(),
-            command: vec!["echo".into(), "ok".into()],
-            cwd: PathBuf::from("."),
-            reason: None,
-        }
-    }
-
-    #[test]
-    fn ctrl_c_on_modal_consumes_and_shows_quit_hint() {
-        let (tx_raw, _rx) = channel::<AppEvent>();
-        let tx = AppEventSender::new(tx_raw);
-        let mut pane = BottomPane::new(BottomPaneParams {
-            app_event_tx: tx,
-            has_input_focus: true,
-        });
-        pane.push_approval_request(exec_request());
-        assert_eq!(CancellationEvent::Handled, pane.on_ctrl_c());
-        assert!(pane.ctrl_c_quit_hint_visible());
-        assert_eq!(CancellationEvent::Ignored, pane.on_ctrl_c());
-    }
-}
--- a/codex-rs/tui/src/chatwidget.rs
+++ b/codex-rs/tui/src/chatwidget.rs
@@ -1,7 +1,6 @@
 use std::path::PathBuf;
 use std::sync::Arc;

-use codex_core::codex_wrapper::CodexConversation;
 use codex_core::codex_wrapper::init_codex;
 use codex_core::config::Config;
 use codex_core::protocol::AgentMessageDeltaEvent;
@@ -34,10 +33,8 @@ use crate::app_event::AppEvent;
 use crate::app_event_sender::AppEventSender;
 use crate::bottom_pane::BottomPane;
 use crate::bottom_pane::BottomPaneParams;
-use crate::bottom_pane::CancellationEvent;
 use crate::bottom_pane::InputResult;
 use crate::conversation_history_widget::ConversationHistoryWidget;
-use crate::exec_command::strip_bash_lc_and_escape;
 use crate::history_cell::PatchEventType;
 use crate::user_approval_widget::ApprovalRequest;
 use codex_file_search::FileMatch;
@@ -47,6 +44,7 @@ pub(crate) struct ChatWidget<'a> {
    codex_op_tx: UnboundedSender<Op>,
    conversation_history: ConversationHistoryWidget,
    bottom_pane: BottomPane<'a>,
+    input_focus: InputFocus,
    config: Config,
    initial_user_message: Option<UserMessage>,
    token_usage: TokenUsage,
@@ -57,6 +55,12 @@ pub(crate) struct ChatWidget<'a> {
    answer_buffer: String,
 }

+#[derive(Clone, Copy, Eq, PartialEq)]
+enum InputFocus {
+    HistoryPane,
+    BottomPane,
+}
+
 struct UserMessage {
    text: String,
    image_paths: Vec<PathBuf>,
@@ -92,22 +96,19 @@ impl ChatWidget<'_> {
        // Create the Codex asynchronously so the UI loads as quickly as possible.
        let config_for_agent_loop = config.clone();
        tokio::spawn(async move {
-            let CodexConversation {
-                codex,
-                session_configured,
-                ..
-            } = match init_codex(config_for_agent_loop).await {
-                Ok(vals) => vals,
-                Err(e) => {
-                    // TODO: surface this error to the user.
-                    tracing::error!("failed to initialize codex: {e}");
-                    return;
-                }
-            };
+            let (codex, session_event, _ctrl_c, _session_id) =
+                match init_codex(config_for_agent_loop).await {
+                    Ok(vals) => vals,
+                    Err(e) => {
+                        // TODO: surface this error to the user.
+                        tracing::error!("failed to initialize codex: {e}");
+                        return;
+                    }
+                };

            // Forward the captured `SessionInitialized` event that was consumed
            // inside `init_codex()` so it can be rendered in the UI.
-            app_event_tx_clone.send(AppEvent::CodexEvent(session_configured.clone()));
+            app_event_tx_clone.send(AppEvent::CodexEvent(session_event.clone()));
            let codex = Arc::new(codex);
            let codex_clone = codex.clone();
            tokio::spawn(async move {
@@ -132,6 +133,7 @@ impl ChatWidget<'_> {
                app_event_tx,
                has_input_focus: true,
            }),
+            input_focus: InputFocus::BottomPane,
            config,
            initial_user_message: create_initial_user_message(
                initial_prompt.unwrap_or_default(),
@@ -145,17 +147,44 @@ impl ChatWidget<'_> {

    pub(crate) fn handle_key_event(&mut self, key_event: KeyEvent) {
        self.bottom_pane.clear_ctrl_c_quit_hint();
+        // Special-case <Tab>: normally toggles focus between history and bottom panes.
+        // However, when the slash-command popup is visible we forward the key
+        // to the bottom pane so it can handle auto-completion.
+        if matches!(key_event.code, crossterm::event::KeyCode::Tab)
+            && !self.bottom_pane.is_popup_visible()
+        {
+            self.input_focus = match self.input_focus {
+                InputFocus::HistoryPane => InputFocus::BottomPane,
+                InputFocus::BottomPane => InputFocus::HistoryPane,
+            };
+            self.conversation_history
+                .set_input_focus(self.input_focus == InputFocus::HistoryPane);
+            self.bottom_pane
+                .set_input_focus(self.input_focus == InputFocus::BottomPane);
+            self.request_redraw();
+            return;
+        }

-        match self.bottom_pane.handle_key_event(key_event) {
-            InputResult::Submitted(text) => {
-                self.submit_user_message(text.into());
+        match self.input_focus {
+            InputFocus::HistoryPane => {
+                let needs_redraw = self.conversation_history.handle_key_event(key_event);
+                if needs_redraw {
+                    self.request_redraw();
+                }
            }
-            InputResult::None => {}
+            InputFocus::BottomPane => match self.bottom_pane.handle_key_event(key_event) {
+                InputResult::Submitted(text) => {
+                    self.submit_user_message(text.into());
+                }
+                InputResult::None => {}
+            },
        }
    }

    pub(crate) fn handle_paste(&mut self, text: String) {
-        self.bottom_pane.handle_paste(text);
+        if matches!(self.input_focus, InputFocus::BottomPane) {
+            self.bottom_pane.handle_paste(text);
+        }
    }

    /// Emits the last entry's plain lines from conversation_history, if any.
@@ -303,20 +332,6 @@ impl ChatWidget<'_> {
                cwd,
                reason,
            }) => {
-                // Print the command to the history so it is visible in the
-                // transcript *before* the modal asks for approval.
-                let cmdline = strip_bash_lc_and_escape(&command);
-                let text = format!(
-                    "command requires approval:\n$ {cmdline}{reason}",
-                    reason = reason
-                        .as_ref()
-                        .map(|r| format!("\n{r}"))
-                        .unwrap_or_default()
-                );
-                self.conversation_history.add_background_event(text);
-                self.emit_last_history_entry();
-                self.conversation_history.scroll_to_bottom();
-
                let request = ApprovalRequest::Exec {
                    id,
                    command,
@@ -324,7 +339,6 @@ impl ChatWidget<'_> {
                    reason,
                };
                self.bottom_pane.push_approval_request(request);
-                self.request_redraw();
            }
            EventMsg::ApplyPatchApprovalRequest(ApplyPatchApprovalRequestEvent {
                call_id: _,
@@ -470,25 +484,21 @@ impl ChatWidget<'_> {
    }

    /// Handle Ctrl-C key press.
-    /// Returns CancellationEvent::Handled if the event was consumed by the UI, or
-    /// CancellationEvent::Ignored if the caller should handle it (e.g. exit).
-    pub(crate) fn on_ctrl_c(&mut self) -> CancellationEvent {
-        match self.bottom_pane.on_ctrl_c() {
-            CancellationEvent::Handled => return CancellationEvent::Handled,
-            CancellationEvent::Ignored => {}
-        }
+    /// Returns true if the key press was handled, false if it was not.
+    /// If the key press was not handled, the caller should handle it (likely by exiting the process).
+    pub(crate) fn on_ctrl_c(&mut self) -> bool {
        if self.bottom_pane.is_task_running() {
            self.bottom_pane.clear_ctrl_c_quit_hint();
            self.submit_op(Op::Interrupt);
            self.answer_buffer.clear();
            self.reasoning_buffer.clear();
-            CancellationEvent::Ignored
+            false
        } else if self.bottom_pane.ctrl_c_quit_hint_visible() {
            self.submit_op(Op::Shutdown);
-            CancellationEvent::Handled
+            true
        } else {
            self.bottom_pane.show_ctrl_c_quit_hint();
-            CancellationEvent::Ignored
+            false
        }
    }

--- a/codex-rs/tui/src/cli.rs
+++ b/codex-rs/tui/src/cli.rs
@@ -3,7 +3,7 @@ use codex_common::ApprovalModeCliArg;
 use codex_common::CliConfigOverrides;
 use std::path::PathBuf;

-#[derive(Parser, Debug)]
+#[derive(Parser, Debug, Clone)]
 #[command(version)]
 pub struct Cli {
    /// Optional user prompt to start the session.
--- a/codex-rs/tui/src/conversation_history_widget.rs
+++ b/codex-rs/tui/src/conversation_history_widget.rs
@@ -5,6 +5,8 @@ use crate::history_cell::PatchEventType;
 use codex_core::config::Config;
 use codex_core::protocol::FileChange;
 use codex_core::protocol::SessionConfiguredEvent;
+use crossterm::event::KeyCode;
+use crossterm::event::KeyEvent;
 use ratatui::prelude::*;
 use ratatui::style::Style;
 use ratatui::widgets::*;
@@ -45,6 +47,33 @@ impl ConversationHistoryWidget {
        }
    }

+    pub(crate) fn set_input_focus(&mut self, has_input_focus: bool) {
+        self.has_input_focus = has_input_focus;
+    }
+
+    /// Returns true if it needs a redraw.
+    pub(crate) fn handle_key_event(&mut self, key_event: KeyEvent) -> bool {
+        match key_event.code {
+            KeyCode::Up | KeyCode::Char('k') => {
+                self.scroll_up(1);
+                true
+            }
+            KeyCode::Down | KeyCode::Char('j') => {
+                self.scroll_down(1);
+                true
+            }
+            KeyCode::PageUp | KeyCode::Char('b') => {
+                self.scroll_page_up();
+                true
+            }
+            KeyCode::PageDown | KeyCode::Char(' ') => {
+                self.scroll_page_down();
+                true
+            }
+            _ => false,
+        }
+    }
+
    /// Negative delta scrolls up; positive delta scrolls down.
    pub(crate) fn scroll(&mut self, delta: i32) {
        match delta.cmp(&0) {
@@ -93,6 +122,53 @@ impl ConversationHistoryWidget {
        }
    }

+    /// Scroll up by one full viewport height (Page Up).
+    fn scroll_page_up(&mut self) {
+        let viewport_height = self.last_viewport_height.get().max(1);
+
+        // If we are currently in the "stick to bottom" mode, first convert the
+        // implicit scroll position (`usize::MAX`) into an explicit offset that
+        // represents the very bottom of the scroll region.  This mirrors the
+        // logic from `scroll_up()`.
+        if self.scroll_position == usize::MAX {
+            self.scroll_position = self
+                .num_rendered_lines
+                .get()
+                .saturating_sub(viewport_height);
+        }
+
+        // Move up by a full page.
+        self.scroll_position = self.scroll_position.saturating_sub(viewport_height);
+    }
+
+    /// Scroll down by one full viewport height (Page Down).
+    fn scroll_page_down(&mut self) {
+        // Nothing to do if we're already stuck to the bottom.
+        if self.scroll_position == usize::MAX {
+            return;
+        }
+
+        let viewport_height = self.last_viewport_height.get().max(1);
+        let num_lines = self.num_rendered_lines.get();
+
+        // Calculate the maximum explicit scroll offset that is still within
+        // range. This matches the logic in `scroll_down()` and the render
+        // method.
+        let max_scroll = num_lines.saturating_sub(viewport_height);
+
+        // Attempt to move down by a full page.
+        let new_pos = self.scroll_position.saturating_add(viewport_height);
+
+        if new_pos >= max_scroll {
+            // We have reached (or passed) the bottom – switch back to
+            // automatic stick‑to‑bottom mode so that subsequent output keeps
+            // the viewport pinned.
+            self.scroll_position = usize::MAX;
+        } else {
+            self.scroll_position = new_pos;
+        }
+    }
+
    pub fn scroll_to_bottom(&mut self) {
        self.scroll_position = usize::MAX;
    }
--- a/codex-rs/tui/src/insert_history.rs
+++ b/codex-rs/tui/src/insert_history.rs
@@ -1,245 +1,178 @@
-use std::fmt;
-use std::io;
-use std::io::Write;
-
 use crate::tui;
-use crossterm::Command;
-use crossterm::queue;
-use crossterm::style::Color as CColor;
-use crossterm::style::Colors;
-use crossterm::style::Print;
-use crossterm::style::SetAttribute;
-use crossterm::style::SetBackgroundColor;
-use crossterm::style::SetColors;
-use crossterm::style::SetForegroundColor;
-use ratatui::layout::Position;
-use ratatui::layout::Size;
-use ratatui::prelude::Backend;
-use ratatui::style::Color;
-use ratatui::style::Modifier;
+use ratatui::layout::Rect;
+use ratatui::style::Style;
 use ratatui::text::Line;
 use ratatui::text::Span;
+use ratatui::widgets::Paragraph;
+use ratatui::widgets::Widget;
+use unicode_width::UnicodeWidthChar;

-/// Insert `lines` above the viewport.
-pub(crate) fn insert_history_lines(terminal: &mut tui::Tui, lines: Vec<Line<'static>>) {
-    let screen_size = terminal.backend().size().unwrap_or(Size::new(0, 0));
-
-    let mut area = terminal.get_frame().area();
-
-    let wrapped_lines = wrapped_line_count(&lines, area.width);
-    let cursor_top = if area.bottom() < screen_size.height {
-        // If the viewport is not at the bottom of the screen, scroll it down to make room.
-        // Don't scroll it past the bottom of the screen.
-        let scroll_amount = wrapped_lines.min(screen_size.height - area.bottom());
-        terminal
-            .backend_mut()
-            .scroll_region_down(area.top()..screen_size.height, scroll_amount)
-            .ok();
-        let cursor_top = area.top() - 1;
-        area.y += scroll_amount;
-        terminal.set_viewport_area(area);
-        cursor_top
-    } else {
-        area.top() - 1
-    };
-
-    // Limit the scroll region to the lines from the top of the screen to the
-    // top of the viewport. With this in place, when we add lines inside this
-    // area, only the lines in this area will be scrolled. We place the cursor
-    // at the end of the scroll region, and add lines starting there.
-    //
-    // ┌─Screen───────────────────────┐
-    // │┌╌Scroll region╌╌╌╌╌╌╌╌╌╌╌╌╌╌┐│
-    // │┆                            ┆│
-    // │┆                            ┆│
-    // │┆                            ┆│
-    // │█╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌┘│
-    // │╭─Viewport───────────────────╮│
-    // ││                            ││
-    // │╰────────────────────────────╯│
-    // └──────────────────────────────┘
-    queue!(std::io::stdout(), SetScrollRegion(1..area.top())).ok();
-
-    terminal
-        .set_cursor_position(Position::new(0, cursor_top))
-        .ok();
-
-    for line in lines {
-        queue!(std::io::stdout(), Print("\r\n")).ok();
-        write_spans(&mut std::io::stdout(), line.iter()).ok();
-    }
-
-    queue!(std::io::stdout(), ResetScrollRegion).ok();
+/// Insert a batch of history lines into the terminal scrollback above the
+/// inline viewport.
+///
+/// The incoming `lines` are the logical lines supplied by the
+/// `ConversationHistory`. They may contain embedded newlines and arbitrary
+/// runs of whitespace inside individual [`Span`]s. All of that must be
+/// normalised before writing to the backing terminal buffer because the
+/// ratatui [`Paragraph`] widget does not perform soft‑wrapping when used in
+/// conjunction with [`Terminal::insert_before`].
+///
+/// This function performs a minimal wrapping / normalisation pass:
+///
+/// * A terminal width is determined via `Terminal::size()` (falling back to
+///   80 columns if the size probe fails).
+/// * Each logical line is broken into words and whitespace. Consecutive
+///   whitespace is collapsed to a single space; leading whitespace is
+///   discarded.
+/// * Words that do not fit on the current line cause a soft wrap. Extremely
+///   long words (longer than the terminal width) are split character by
+///   character so they still populate the display instead of overflowing the
+///   line.
+/// * Explicit `\n` characters inside a span force a hard line break.
+/// * Empty lines (including a trailing newline at the end of the batch) are
+///   preserved so vertical spacing remains faithful to the logical history.
+///
+/// Finally the physical lines are rendered directly into the terminal's
+/// scrollback region using [`Terminal::insert_before`]. Any backend error is
+/// ignored: failing to insert history is non‑fatal and a subsequent redraw
+/// will eventually repaint a consistent view.
+fn display_width(s: &str) -> usize {
+    s.chars()
+        .map(|c| UnicodeWidthChar::width(c).unwrap_or(0))
+        .sum()
 }

-fn wrapped_line_count(lines: &[Line], width: u16) -> u16 {
-    let mut count = 0;
-    for line in lines {
-        count += line_height(line, width);
-    }
-    count
+struct LineBuilder {
+    term_width: usize,
+    spans: Vec<Span<'static>>,
+    width: usize,
 }

-fn line_height(line: &Line, width: u16) -> u16 {
-    use unicode_width::UnicodeWidthStr;
-    // get the total display width of the line, accounting for double-width chars
-    let total_width = line
-        .spans
-        .iter()
-        .map(|span| span.content.width())
-        .sum::<usize>();
-    // divide by width to get the number of lines, rounding up
-    if width == 0 {
-        1
-    } else {
-        (total_width as u16).div_ceil(width).max(1)
-    }
-}
-
-#[derive(Debug, Clone, PartialEq, Eq)]
-pub struct SetScrollRegion(pub std::ops::Range<u16>);
-
-impl Command for SetScrollRegion {
-    fn write_ansi(&self, f: &mut impl fmt::Write) -> fmt::Result {
-        write!(f, "\x1b[{};{}r", self.0.start, self.0.end)
-    }
-
-    #[cfg(windows)]
-    fn execute_winapi(&self) -> std::io::Result<()> {
-        panic!("tried to execute SetScrollRegion command using WinAPI, use ANSI instead");
-    }
-
-    #[cfg(windows)]
-    fn is_ansi_code_supported(&self) -> bool {
-        // TODO(nornagon): is this supported on Windows?
-        true
-    }
-}
-
-#[derive(Debug, Clone, Copy, PartialEq, Eq)]
-pub struct ResetScrollRegion;
-
-impl Command for ResetScrollRegion {
-    fn write_ansi(&self, f: &mut impl fmt::Write) -> fmt::Result {
-        write!(f, "\x1b[r")
-    }
-
-    #[cfg(windows)]
-    fn execute_winapi(&self) -> std::io::Result<()> {
-        panic!("tried to execute ResetScrollRegion command using WinAPI, use ANSI instead");
-    }
-
-    #[cfg(windows)]
-    fn is_ansi_code_supported(&self) -> bool {
-        // TODO(nornagon): is this supported on Windows?
-        true
-    }
-}
-
-struct ModifierDiff {
-    pub from: Modifier,
-    pub to: Modifier,
-}
-
-impl ModifierDiff {
-    fn queue<W>(self, mut w: W) -> io::Result<()>
-    where
-        W: io::Write,
-    {
-        use crossterm::style::Attribute as CAttribute;
-        let removed = self.from - self.to;
-        if removed.contains(Modifier::REVERSED) {
-            queue!(w, SetAttribute(CAttribute::NoReverse))?;
+impl LineBuilder {
+    fn new(term_width: usize) -> Self {
+        Self {
+            term_width,
+            spans: Vec::new(),
+            width: 0,
        }
-        if removed.contains(Modifier::BOLD) {
-            queue!(w, SetAttribute(CAttribute::NormalIntensity))?;
-            if self.to.contains(Modifier::DIM) {
-                queue!(w, SetAttribute(CAttribute::Dim))?;
+    }
+
+    fn flush_line(&mut self, out: &mut Vec<Line<'static>>) {
+        out.push(Line::from(std::mem::take(&mut self.spans)));
+        self.width = 0;
+    }
+
+    fn push_segment(&mut self, text: String, style: Style) {
+        self.width += display_width(&text);
+        self.spans.push(Span::styled(text, style));
+    }
+
+    fn push_word(&mut self, word: &mut String, style: Style, out: &mut Vec<Line<'static>>) {
+        if word.is_empty() {
+            return;
+        }
+        let w_len = display_width(word);
+        if self.width > 0 && self.width + w_len > self.term_width {
+            self.flush_line(out);
+        }
+        if w_len > self.term_width && self.width == 0 {
+            // Split an overlong word across multiple lines.
+            let mut cur = String::new();
+            let mut cur_w = 0;
+            for ch in word.chars() {
+                let ch_w = UnicodeWidthChar::width(ch).unwrap_or(0);
+                if cur_w + ch_w > self.term_width && cur_w > 0 {
+                    self.push_segment(cur.clone(), style);
+                    self.flush_line(out);
+                    cur.clear();
+                    cur_w = 0;
+                }
+                cur.push(ch);
+                cur_w += ch_w;
            }
+            if !cur.is_empty() {
+                self.push_segment(cur, style);
+            }
+        } else {
+            self.push_segment(word.clone(), style);
        }
-        if removed.contains(Modifier::ITALIC) {
-            queue!(w, SetAttribute(CAttribute::NoItalic))?;
-        }
-        if removed.contains(Modifier::UNDERLINED) {
-            queue!(w, SetAttribute(CAttribute::NoUnderline))?;
-        }
-        if removed.contains(Modifier::DIM) {
-            queue!(w, SetAttribute(CAttribute::NormalIntensity))?;
-        }
-        if removed.contains(Modifier::CROSSED_OUT) {
-            queue!(w, SetAttribute(CAttribute::NotCrossedOut))?;
-        }
-        if removed.contains(Modifier::SLOW_BLINK) || removed.contains(Modifier::RAPID_BLINK) {
-            queue!(w, SetAttribute(CAttribute::NoBlink))?;
-        }
+        word.clear();
+    }

-        let added = self.to - self.from;
-        if added.contains(Modifier::REVERSED) {
-            queue!(w, SetAttribute(CAttribute::Reverse))?;
+    fn consume_whitespace(&mut self, ws: &mut String, style: Style, out: &mut Vec<Line<'static>>) {
+        if ws.is_empty() {
+            return;
        }
-        if added.contains(Modifier::BOLD) {
-            queue!(w, SetAttribute(CAttribute::Bold))?;
+        let space_w = display_width(ws);
+        if self.width > 0 && self.width + space_w > self.term_width {
+            self.flush_line(out);
        }
-        if added.contains(Modifier::ITALIC) {
-            queue!(w, SetAttribute(CAttribute::Italic))?;
+        if self.width > 0 {
+            self.push_segment(" ".to_string(), style);
        }
-        if added.contains(Modifier::UNDERLINED) {
-            queue!(w, SetAttribute(CAttribute::Underlined))?;
-        }
-        if added.contains(Modifier::DIM) {
-            queue!(w, SetAttribute(CAttribute::Dim))?;
-        }
-        if added.contains(Modifier::CROSSED_OUT) {
-            queue!(w, SetAttribute(CAttribute::CrossedOut))?;
-        }
-        if added.contains(Modifier::SLOW_BLINK) {
-            queue!(w, SetAttribute(CAttribute::SlowBlink))?;
-        }
-        if added.contains(Modifier::RAPID_BLINK) {
-            queue!(w, SetAttribute(CAttribute::RapidBlink))?;
-        }
-
-        Ok(())
+        ws.clear();
    }
 }

-fn write_spans<'a, I>(mut writer: &mut impl Write, content: I) -> io::Result<()>
-where
-    I: Iterator<Item = &'a Span<'a>>,
-{
-    let mut fg = Color::Reset;
-    let mut bg = Color::Reset;
-    let mut modifier = Modifier::empty();
-    for span in content {
-        let mut next_modifier = modifier;
-        next_modifier.insert(span.style.add_modifier);
-        next_modifier.remove(span.style.sub_modifier);
-        if next_modifier != modifier {
-            let diff = ModifierDiff {
-                from: modifier,
-                to: next_modifier,
-            };
-            diff.queue(&mut writer)?;
-            modifier = next_modifier;
-        }
-        let next_fg = span.style.fg.unwrap_or(Color::Reset);
-        let next_bg = span.style.bg.unwrap_or(Color::Reset);
-        if next_fg != fg || next_bg != bg {
-            queue!(
-                writer,
-                SetColors(Colors::new(next_fg.into(), next_bg.into()))
-            )?;
-            fg = next_fg;
-            bg = next_bg;
+pub(crate) fn insert_history_lines(terminal: &mut tui::Tui, lines: Vec<Line<'static>>) {
+    let term_width = terminal.size().map(|a| a.width).unwrap_or(80) as usize;
+    let mut physical: Vec<Line<'static>> = Vec::new();
+
+    for logical in lines.into_iter() {
+        if logical.spans.is_empty() {
+            physical.push(logical);
+            continue;
        }

-        queue!(writer, Print(span.content.clone()))?;
+        let mut builder = LineBuilder::new(term_width);
+        let mut buf_space = String::new();
+
+        for span in logical.spans.into_iter() {
+            let style = span.style;
+            let mut buf_word = String::new();
+
+            for ch in span.content.chars() {
+                if ch == '\n' {
+                    builder.push_word(&mut buf_word, style, &mut physical);
+                    buf_space.clear();
+                    builder.flush_line(&mut physical);
+                    continue;
+                }
+                if ch.is_whitespace() {
+                    builder.push_word(&mut buf_word, style, &mut physical);
+                    buf_space.push(ch);
+                } else {
+                    builder.consume_whitespace(&mut buf_space, style, &mut physical);
+                    buf_word.push(ch);
+                }
+                if builder.width >= term_width {
+                    builder.flush_line(&mut physical);
+                }
+            }
+            builder.push_word(&mut buf_word, style, &mut physical);
+            // whitespace intentionally left to allow collapsing across spans
+        }
+        if !builder.spans.is_empty() {
+            physical.push(Line::from(std::mem::take(&mut builder.spans)));
+        } else {
+            // Preserve explicit blank line (e.g. due to a trailing newline).
+            physical.push(Line::from(Vec::<Span<'static>>::new()));
+        }
    }

-    queue!(
-        writer,
-        SetForegroundColor(CColor::Reset),
-        SetBackgroundColor(CColor::Reset),
-        SetAttribute(crossterm::style::Attribute::Reset),
-    )
+    let total = physical.len() as u16;
+    terminal
+        .insert_before(total, |buf| {
+            let width = buf.area.width;
+            for (i, line) in physical.into_iter().enumerate() {
+                let area = Rect {
+                    x: 0,
+                    y: i as u16,
+                    width,
+                    height: 1,
+                };
+                Paragraph::new(line).render(area, buf);
+            }
+        })
+        .ok();
 }
--- a/codex-rs/tui/src/lib.rs
+++ b/codex-rs/tui/src/lib.rs
@@ -14,7 +14,6 @@ use codex_core::util::is_inside_git_repo;
 use codex_login::try_read_openai_api_key;
 use log_layer::TuiLogLayer;
 use std::fs::OpenOptions;
-use std::io::Write;
 use std::path::PathBuf;
 use tracing_appender::non_blocking;
 use tracing_subscriber::EnvFilter;
@@ -36,6 +35,7 @@ mod git_warning_screen;
 mod history_cell;
 mod insert_history;
 mod log_layer;
+mod login_screen;
 mod markdown;
 mod scroll_event_helper;
 mod slash_command;
@@ -47,7 +47,7 @@ mod user_approval_widget;

 pub use cli::Cli;

-pub async fn run_main(
+pub fn run_main(
    cli: Cli,
    codex_linux_sandbox_exe: Option<PathBuf>,
 ) -> std::io::Result<codex_core::protocol::TokenUsage> {
@@ -142,25 +142,7 @@ pub async fn run_main(
        .with(tui_layer)
        .try_init();

-    let show_login_screen = should_show_login_screen(&config).await;
-    if show_login_screen {
-        std::io::stdout().write_all(
-            b"Oh dear, we don't seem to have an API key.\nTerribly sorry, but may I open a browser window for you to log in? [Yn] ",
-        )?;
-        std::io::stdout().flush()?;
-        let mut input = String::new();
-        std::io::stdin().read_line(&mut input)?;
-        let trimmed = input.trim();
-        if !(trimmed.is_empty() || trimmed.eq_ignore_ascii_case("y")) {
-            std::io::stdout().write_all(b"Right-o, fair enough. See you next time!\n")?;
-            std::process::exit(1);
-        }
-        // Spawn a task to run the login command.
-        // Block until the login command is finished.
-        let new_key = codex_login::login_with_chatgpt(&config.codex_home).await?;
-        set_openai_api_key(new_key);
-        std::io::stdout().write_all(b"Excellent, looks like that worked. Let's get started!\n")?;
-    }
+    let show_login_screen = should_show_login_screen(&config);

    // Determine whether we need to display the "not a git repo" warning
    // modal. The flag is shown when the current working directory is *not*
@@ -168,13 +150,14 @@ pub async fn run_main(
    // `--allow-no-git-exec` flag.
    let show_git_warning = !cli.skip_git_repo_check && !is_inside_git_repo(&config);

-    run_ratatui_app(cli, config, show_git_warning, log_rx)
+    run_ratatui_app(cli, config, show_login_screen, show_git_warning, log_rx)
        .map_err(|err| std::io::Error::other(err.to_string()))
 }

 fn run_ratatui_app(
    cli: Cli,
    config: Config,
+    show_login_screen: bool,
    show_git_warning: bool,
    mut log_rx: tokio::sync::mpsc::UnboundedReceiver<String>,
 ) -> color_eyre::Result<codex_core::protocol::TokenUsage> {
@@ -189,7 +172,13 @@ fn run_ratatui_app(
    terminal.clear()?;

    let Cli { prompt, images, .. } = cli;
-    let mut app = App::new(config.clone(), prompt, show_git_warning, images);
+    let mut app = App::new(
+        config.clone(),
+        prompt,
+        show_login_screen,
+        show_git_warning,
+        images,
+    );

    // Bridge log receiver into the AppEvent channel so latest log lines update the UI.
    {
@@ -221,17 +210,26 @@ fn restore() {
    }
 }

-async fn should_show_login_screen(config: &Config) -> bool {
+#[allow(clippy::unwrap_used)]
+fn should_show_login_screen(config: &Config) -> bool {
    if is_in_need_of_openai_api_key(config) {
        // Reading the OpenAI API key is an async operation because it may need
        // to refresh the token. Block on it.
        let codex_home = config.codex_home.clone();
-        if let Ok(openai_api_key) = try_read_openai_api_key(&codex_home).await {
-            set_openai_api_key(openai_api_key);
-            false
-        } else {
-            true
-        }
+        let (tx, rx) = tokio::sync::oneshot::channel();
+        tokio::spawn(async move {
+            match try_read_openai_api_key(&codex_home).await {
+                Ok(openai_api_key) => {
+                    set_openai_api_key(openai_api_key);
+                    tx.send(false).unwrap();
+                }
+                Err(_) => {
+                    tx.send(true).unwrap();
+                }
+            }
+        });
+        // TODO(mbolin): Impose some sort of timeout.
+        tokio::task::block_in_place(|| rx.blocking_recv()).unwrap()
    } else {
        false
    }
--- a/codex-rs/tui/src/login_screen.rs
+++ b/codex-rs/tui/src/login_screen.rs
@@ -0,0 +1,46 @@
+use std::path::PathBuf;
+
+use crossterm::event::KeyCode;
+use crossterm::event::KeyEvent;
+use ratatui::buffer::Buffer;
+use ratatui::layout::Rect;
+use ratatui::widgets::Paragraph;
+use ratatui::widgets::Widget as _;
+use ratatui::widgets::WidgetRef;
+
+use crate::app_event::AppEvent;
+use crate::app_event_sender::AppEventSender;
+
+pub(crate) struct LoginScreen {
+    app_event_tx: AppEventSender,
+
+    /// Use this with login_with_chatgpt() in login/src/lib.rs and, if
+    /// successful, update the in-memory config via
+    /// codex_core::openai_api_key::set_openai_api_key().
+    #[allow(dead_code)]
+    codex_home: PathBuf,
+}
+
+impl LoginScreen {
+    pub(crate) fn new(app_event_tx: AppEventSender, codex_home: PathBuf) -> Self {
+        Self {
+            app_event_tx,
+            codex_home,
+        }
+    }
+
+    pub(crate) fn handle_key_event(&mut self, key_event: KeyEvent) {
+        if let KeyCode::Char('q') = key_event.code {
+            self.app_event_tx.send(AppEvent::ExitRequest);
+        }
+    }
+}
+
+impl WidgetRef for &LoginScreen {
+    fn render_ref(&self, area: Rect, buf: &mut Buffer) {
+        let text = Paragraph::new(
+            "Login using `codex login` and then run this command again. 'q' to quit.",
+        );
+        text.render(area, buf);
+    }
+}
--- a/codex-rs/tui/src/main.rs
+++ b/codex-rs/tui/src/main.rs
@@ -1,5 +1,4 @@
 use clap::Parser;
-use codex_arg0::arg0_dispatch_or_else;
 use codex_common::CliConfigOverrides;
 use codex_tui::Cli;
 use codex_tui::run_main;
@@ -14,14 +13,14 @@ struct TopCli {
 }

 fn main() -> anyhow::Result<()> {
-    arg0_dispatch_or_else(|codex_linux_sandbox_exe| async move {
+    codex_linux_sandbox::run_with_sandbox(|codex_linux_sandbox_exe| async move {
        let top_cli = TopCli::parse();
        let mut inner = top_cli.inner;
        inner
            .config_overrides
            .raw_overrides
            .splice(0..0, top_cli.config_overrides.raw_overrides);
-        let usage = run_main(inner, codex_linux_sandbox_exe).await?;
+        let usage = run_main(inner, codex_linux_sandbox_exe)?;
        println!("{}", codex_core::protocol::FinalOutput::from(usage));
        Ok(())
    })
--- a/codex-rs/tui/src/user_approval_widget.rs
+++ b/codex-rs/tui/src/user_approval_widget.rs
@@ -203,12 +203,6 @@ impl UserApprovalWidget<'_> {
        }
    }

-    /// Handle Ctrl-C pressed by the user while the modal is visible.
-    /// Behaves like pressing Escape: abort the request and close the modal.
-    pub(crate) fn on_ctrl_c(&mut self) {
-        self.send_decision(ReviewDecision::Abort);
-    }
-
    fn handle_select_key(&mut self, key_event: KeyEvent) {
        match key_event.code {
            KeyCode::Up => {
@@ -271,28 +265,7 @@ impl UserApprovalWidget<'_> {
        self.send_decision_with_feedback(decision, String::new())
    }

-    fn send_decision_with_feedback(&mut self, decision: ReviewDecision, feedback: String) {
-        let mut lines: Vec<Line<'static>> = Vec::new();
-        match &self.approval_request {
-            ApprovalRequest::Exec { command, .. } => {
-                let cmd = strip_bash_lc_and_escape(command);
-                lines.push(Line::from("approval decision"));
-                lines.push(Line::from(format!("$ {cmd}")));
-                lines.push(Line::from(format!("decision: {decision:?}")));
-            }
-            ApprovalRequest::ApplyPatch { .. } => {
-                lines.push(Line::from(format!("patch approval decision: {decision:?}")));
-            }
-        }
-        if !feedback.trim().is_empty() {
-            lines.push(Line::from("feedback:"));
-            for l in feedback.lines() {
-                lines.push(Line::from(l.to_string()));
-            }
-        }
-        lines.push(Line::from(""));
-        self.app_event_tx.send(AppEvent::InsertHistory(lines));
-
+    fn send_decision_with_feedback(&mut self, decision: ReviewDecision, _feedback: String) {
        let op = match &self.approval_request {
            ApprovalRequest::Exec { id, .. } => Op::ExecApproval {
                id: id.clone(),
@@ -304,6 +277,12 @@ impl UserApprovalWidget<'_> {
            },
        };

+        // Ignore feedback for now – the current `Op` variants do not carry it.
+
+        // Forward the Op to the agent. The caller (ChatWidget) will trigger a
+        // redraw after it processes the resulting state change, so we avoid
+        // issuing an extra Redraw here to prevent a transient frame where the
+        // modal is still visible.
        self.app_event_tx.send(AppEvent::CodexOp(op));
        self.done = true;
    }
Author	SHA1	Message	Date
pap	37fa1a9bef	fix path	2025-07-26 18:34:36 +01:00
pap	a634b413be	cleanup	2025-07-26 18:32:46 +01:00
pap	875b5cb1e4	moving concurrent execution to mcp instead of subprocess/exec	2025-07-26 18:32:45 +01:00
Charlie Weems	e8dc36a3d0	Clean up command outputs	2025-07-26 18:32:11 +01:00
pap	97404f144e	adding best of n	2025-07-26 18:32:09 +01:00
pap	b0f60978c3	adding secs ago instead of start date	2025-07-26 18:31:20 +01:00
pap	d52fcd634b	missing dependencies	2025-07-26 18:31:20 +01:00
pap	60384dc393	adding a test and renaming jobs to tasks	2025-07-26 18:31:19 +01:00
pap	60305a2ec0	adding codex jobs command, including jobs ls, inspect, logs and -a options	2025-07-26 18:29:11 +01:00
pap	739210ff37	adding concurrent option using worktree	2025-07-26 18:17:31 +01:00